[tor-talk] Tor exit+proxy

hmoh at Safe-mail.net hmoh at Safe-mail.net
Sat Jan 7 06:04:36 UTC 2012


> On Sat, Jan 7, 2012 at 03:30,  <hmoh at safe-mail.net> wrote:
> > It's not recommend. And for cleartext http (not https) there will be now not one, but two servers who can log and tamper your cleartext traffic.
> 
> So there is no principal difference from a security standpoint.
> 
> > There is a paper where they explain the changes they made to Firefox.
> 
> Can't find it, can you provide a reference?

Okay, my information might have been outdated. Many firefox patches have been already merged into the mainstream firefox branch. Not sure if all.

https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton
https://www.torproject.org/torbutton/en/design/index.html.en
https://trac.torproject.org/projects/tor/ticket/2871
https://blog.torproject.org/category/tags/firefox-updates

At least this set of patches they applied seam still current....

https://blog.torproject.org/blog/new-tor-browser-bundles-5

But if you are interested in those patches then you'll have now hopefully a point to start.
 
> > Indeed. But i think the Tor devs do not like that idea much. 1. because of mentioned earlier [1].
> > 2. because the list of Tor exit servers is available to the open public. That is good. See https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates#CommentForumSpam
> 
> There is nothing "good" about the list of Tor exist being available.
> It's an unfortunate result of Tor's network design, and not something
> that one could easily prevent in any type of anonymizing network, so
> why not provide a list of exit nodes upfront? That prevents people
> hogging the network with exit node scanners.

You are right, good point.

> > Now imagine the idea Tor + open proxy gets promoted because the devs encourage that with a new option like Tor + your personal extra proxy chain... That wouldn't give Tor more credibility as it would be even harder to stop abuse form it.
> 
> Don't see why a Tor user should care about Tor's credibility in this scenario.

I meant not the users but the exit servers and the developers. In any way, I shouldn't try to guess what other people might think.

However, I do not think this feature is likely to come from one of the current developers. In the mailing list they stated that Tor + extra proxy isn't a good idea because it's bad for anonymity. That's why I deduct that this feature will not come, unless maybe someone sponsors a patch. Not many people and even less devs discuss this topic.


More information about the tor-talk mailing list