[tor-talk] Making TOR exit-node IP address configurable
Gregory Maxwell
gmaxwell at gmail.com
Wed Mar 9 22:58:16 UTC 2011
On Wed, Mar 9, 2011 at 5:29 PM, Fabio Pietrosanti (naif)
<lists at infosecurity.ch> wrote:
> Yes but that's more complex, with iptables you can redirect TCP ports,
> but from your TOR node not all traffic going for example to port 80 is
> http, but a lot of it it's TOR.
>
> If you redirect it to a transparent proxy you'll break intra-tor
> communications, and so you can't just make an easy redirect with iptables.
>
> Still, don't judge good intentions.
> It's not censorship but a chance to attract more TOR exit node
> maintainer by simplifying the costs and risks in running a TOR exit node.
> And that's still an experiment where to look at, it may be useful for a
> lot of persons looking to run a less risky exit-node . :-)
Tor has currently has no facility for those users who are happy to
have random third parties screw with their traffic to opt-into it, or
those who would want to avoid it to opt out. This means that anything
you to the traffic will have random inexplicable effects on tor users.
Even if such a facility existed its use would likely reduce the
anonymity provided by ... partitioning the userbase (is there an echo
in here?)
The tor system does have a facility for dealing with this— flagging
the trouble nodes so that no one will use the exit at all. If you are
lucky this is all that will be done to your node(s).
If you are unlucky tor users who have been harmed by your tampering
with their traffic may begin legal action against you, and/or people
harmed by traffic exiting your node may argue that your traffic
tampering has deprived you of any applicable legal protections as a
neutral service provider...
More information about the tor-talk
mailing list