Is "gatereloaded" a Bad Exit?

Gregory Maxwell gmaxwell at gmail.com
Fri Feb 11 06:47:45 UTC 2011


On Fri, Feb 11, 2011 at 12:58 AM, John Case <case at sdf.lonestar.org> wrote:
>
> I think these reasons should be worked around or ignored.
>
> I think you, and others on that side of this argument have a very, very
> myopic view of the constraints and non-technical decisions that go into
> running a particular node - exit or not.
>
> Rich white people in the north can just trade some dollars for co-location,
> exercise their free speech, and argue back at the police, as their equals,
> when they come calling.
>
> That's not the case for everyone - and even in those rich, white countries,
> there are political and economic ramifications for running a Tor node, exit
> or otherwise, that seem to have not occurred to you.


As far as I can tell this is a completely spurious strawman argument.

Where is this person with a legitimate reason why they can allow :80
and not :443? What is their reason?

If anyone was showing up expressing this as a serious constraint with
a legitimate cause, then it might be reasonable to reconsider.
Certainly if there were many of them.

If you want myopia, you need to look no further than this obsession
with some speculative hypothetical universe where someone is going to
be gravely injured by the tor network not choosing to use their ":80
but not :443" exit. There are a great many ways to contribute to the
tor network, so it isn't even as though their contributions are being
turned away completely.

Tor already has a great many tweaks and heuristics. Why are you not
complaining about the exit load-balancing heuristic that denies the
exit flag to nodes which don't exit to at least a /8 of several
important ports?  It impacts a great many more nodes.  Or why not
complain about the countermeasures against one hop usage that make
nodes seizure targets and takes an unfair share of the bandwidth?

Why are you not outraged about the hundreds and hundreds of bridge
operators who are getting no use _at all_ because their identities are
being held in reserve in order to build up decent pools of bridges for
use with differentiated distribution?

Will this contingent next be advocating not blacklisting exits known
to insert malware or advertisements in the traffic because without
this activity the exit operator can not afford to keep their exit
going?

If running an exit is somehow so imposing on someone that they feel
the need to impose bizarre (even inexplicable) restrictions on its
behaviour then they really should be helping the tor network in some
other way — by running a bridge or a regular middle node. Or finding
something else to do with their scarce resources.  Tor needs people's
help, sure, but it doesn't demand their blood. Why not let the "rich
white people in the north" that you seem to have so much disdain for
take a larger part of the exit burden?

> No, there is no _technical_ reason to operate an exit in this fashion. There
> is no reason, from a myopic, borderline autistic view of the externalities
> involved, to run an exit in this fashion.
>
> However, I can think of many, many reasons to:
>
> - run a node with no contact information
> - run a node with an odd set of exits
> - run a node with plain (unencrypted) exits
> - run a node with odd (non standard port) exits

I personally run a node with an oddball exit policy (well, it's down
at the moment due to a hardware failure). I wouldn't have any issue
explaining the exit policy to someone who asked. (basically I have a
node that exists to a collection of hand selected 'read only'
websites, plus tcp dns to some dns servers, and a number of other
assorted things that I know should will be free of complaint
generating outcomes)

But I don't care that it barely gets used as an exit (due to various
technical details), nor would I care if tor changed in a way that
would prevent it from it ever being used as an exit.

Do you really think that someone who doesn't provide contact
information is more likely to care about this sort of thing than me?



> You have absolutely NO FUCKING IDEA what a node has been deployed for, who is using it, and how many layers of subterfuge are > being employed between the external function and the true function underneath.

You could employ that same argument against _every_ _single_ technical
or policy decision in the design and operation of the tor software and
network. It's an information free argument.

Ultimately the tor network is _not_ anyone's personal spy-business
playground. It provides a real anonymity service to a great many
people, and real censorship avoidance to a great many people.  If it's
also useful for things outside of this, then great, but you don't get
to argue in favour of these non-primary uses when you can't even
disclose what they are.

There are too many real constraints on Tor already for people to worry
about imaginary much less unimaginable ones!

>at arbitrary levels of complexity - and you are chopping those off at the knees.

I am greatly disappointed by Tor's failure to steganographically embed
all cells in pseudo-random LOLcat pictures. My unimaginable plans for
world domination have been chopped off at the knees, for sure.  Yet
I'm here complaining about it, so certainly we should put a higher
priority on implementing LOLcat steganography than on the unimaginable
requirements of people who can't don't even bother showing up here to
express them. No?

On Thu, Feb 10, 2011 at 5:15 PM, grarpamp <grarpamp at gmail.com> wrote:
[snip]
> Some have suggested various node ranking metrics... Country,
> 'suspicious' strings in the nickname, 'suspicious' CIDR blocks,
> PTR's, ISP's etc, the preselected metrics and exit set of the
> 'badtornodes' guy, Scott and others, node keysigning parties,
> importable wiki [.onion] node config lists, and so on.

Why do people keep bringing this up without even making the slightest
attempt to explain why these things aren't terrible from a network
partitioning perspective?

Tor is for anonymity. Anonymity doesn't work for one person alone, it
requires many different people with many different kinds of uses too
all look _the same_ to an outside observer.  If only the FBI used tor,
then every user coming out of tor would be the FBI (which is probably
all you really care to know about them).  Likewise, if users pick
subsets of exits based on all those crazy factors they become much
more identifiable.

As a result tor will always need to lean a bit towards the least
common denominator a bit, just so that everyone can stay consistent.
This is, e.g. why nodes that inject ads/malware manipulate into
cleartext http traffic or forge DNS results must be handled even
though a sizeable portion of the tor userbase probably does not care
about these things and would happily use these nodes.

The exact boundary on how much behavioural conformity is required is
unclear and could be debated (or better, studied) but it is absolutely
infuriating to see these dismissive strawman arguments placed over and
over again without even an attempt at having that debate.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list