Re: [T(A)ILS-dev] Feature Request: TOR config to exit out of…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: Anne Onime
CC: The T\(A\)ILS public development discussion list
Subject: Re: [T(A)ILS-dev] Feature Request: TOR config to exit out of only known good exit nodes
Hi,

Anne Onime wrote (28 Nov 2010 23:44:05 GMT) :
> I noticed that the /etc/torrc does not define good exit nodes. There
> have been some problems in the past with bad exit nodes. They go
> offline once discovered, but while undiscovered they can do a lot of
> damage.


> There is a tutorial on how to configure TOR to use only known good
> exit nodes. Unfortunately, it is in German, but it should be easy
> enough to follow, given the very good knowledge of torrc config
> scripts by this development community.
> https://www.awxcnx.de/handbuch_24n.htm


As far as I understand this tutorial it suggests using a very small
subset of existing Tor exit nodes. It seems to me Tor developpers are
strongly warning against that on or-talk because doing so rather than
using the normal Tor circuit selection process leads to using far more
predictible circuits, and thus weakens the torified Internet activity
possibly more than a few quickly detected rogue exit nodes.

If I understand clearly this tutorial it actually suggests only using
exit nodes that are run by a very low number of organizations. Doing
so means investing a huge amount of trust into these organizations and
the individuals who run these exit nodes. I am not sure we want
T(A)ILS users privacy to depend on this.

I would of course be happy to stand corrected.

IMHO the only protection against rogue exit nodes is the use of
end-to-end strong cryptography, and authenticating peers/servers using
ways that don't depend on DNS and/or (possibly rogue) certification
authorities (see the Monkeysphere project[1] and our dedicated todo
item[2]). Tor provides anonymity, but for any other kind of security
we need other complementary tools.

[1] http://web.monkeysphere.info/
[2] https://amnesia.boum.org/todo/monkeysphere/

Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| So what?