Is "gatereloaded" a Bad Exit?

Jan Weiher jan at buksy.de
Mon Jan 31 00:10:03 UTC 2011


>> I'm aware of the fact that it is not recommended to use tor without
>> additional encryption, but some users do. And I dont see any reason for
>> only allowing unencrypted traffic than snooping?

[...]

> I don't see why any of this really matters. Anyone running tor should have 
> the good sense to realize that if you login to webmail.example.com over 
> plaintext then the node operator could grab your details. It states this 
> repeatedly on torproject IIRC. Furthermore anything really important like 
> financial logins are typically done over SSL anyway.

Yes, we all know that, hopefully the average user knows that. But in my
opinion this has nothing to do with having an exitpolicy that "attracts"
unencrypted traffic. Just the fact that everyone (hopefully) knows that
the traffic can be recorded, it does not make it better if I do? I would
have asked the specific operator about his exitpolicy, but as I noted,
there is no contact info given, which makes it even more suspicious. Not
the fact that there is no contact info - there are many nodes without
contact infos - but I thought the combination is odd.

> If some guy gets his facebook account hijacked because he didn't read
> the FAQ I don't see the issue.

I totally disagree. Of course, you could argue that it's his fault and
so forth. I would agree to that, but on the other hand, should accept to
make this even easier? Additionally, if some guy gets his account
somewhere hacked after having used tor, it looks bad. And at that point,
the user does not really care about "I told you so!!!". He is going to
tell his friends "I used tor and my account got hacked.".

These nodes are marked as BadExits for now, which does not hurt, because
if the operators of these nodes care about Tor, they are going to ask
"why is my node marked as bad exit" and you could have a discussion
about it. The operators can tell us why they choose these exitpolicy or
we can help to improve them. If those nodes - which have sometimes been
up for several months - silently disappear, I know what I'll think.

best regards,
Jan
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list