[tor-talk] Mulihomed flag for nodes (from Re: why are some exit IPs missing from Exit IP DB?)

sh-expires-12-2015 at quantentunnel.de sh-expires-12-2015 at quantentunnel.de
Tue Oct 13 01:20:57 UTC 2015


On Sun, Oct 11, 2015 at 01:12:53PM -0400, grarpamp wrote:
> No, I'd consider it a technique to avoid having
> your exit put on braindead tor-hating consensus
> scraping blacklists... a feature not a bug... with

Tor users aren't entitled to special treatment,
and another false conclusion one could draw from
that is one is being MITMed. If you get the
impression a service like Tor isn't honest to
you, you may consider it open the usual FUD
from parties who don't like Tor.

Honestly, you don't want that.

Since Tor is available to everyone, it shoud be
easy to not to unwillingly participate too. The
rationale behind this, is for example a Site offers
services that stores user data and ip-addresses,
that information could be made or become available 
to 3rd parties.

It could be a site-ops choice, not to allow users
to use his services, since it may compromise them.

Ever thought of that?

> the great side effect that such exits are usable to
> circumvent similar braindead / hating censorship
> directed at tor users.

Have you ever considered, that people who
operate hidden services for websites, like to redirect
people to said hidden services instead of relying
on exits? How can we do that without relying on tors
internal information or query other services?

> Exonerator is for operators, that's their choice there.

Exonerator is available to everyone, and some assumptions
Karsten has, like storing IPs forever aren't even in the
best interests of all operators. And I feel the tor-project
should be much more open and aware of possible impacts and
sideeffects from all the information it stores longterm.

Sorry, if that sounds scary, but some relay operators
I met the this year hat quite a negative relay experience.

> I'd rather add a blurb on check.tpo to hit newnym
> and check again if user has reason to believe they're
> using tor than start booting relays because of this.
> (Or "fixing" exit DB / check.tpo by scanning).

The consensus enables us to build circuits, and the Exit
_*FLAG*_ that this node could be an endpoint for a circuit.

Basically, were a packet leaves isn't relevant to operate,
since it uses circuits and nodes participating doesn't need
to know. ;)

I am currently wrapping my head around this, trying
to figure out if it makes correlation attacks easier
or MITMing and inserting convert channels between
arbitrary nodes harder.

Any other conclusion we draw from that, shows a lack of
understanding in either the consensus or Tor.

While we are at it, I consider having the exit ip for
multihomed nodes in the consensus beneficary. If
you like to start including additional information into
the consensus consider the AS too.

The data is available form the RIRs, I am using it with
a Tor monitor, that isn't libre and I am not sure how the
RIRs would like to have their services put under load.

Anyway, I am moving this to tor-talk with the intention 
to discuss, at least, a multihomed flag.

Could be provided like the Family-Information.

TYVM.


More information about the tor-talk mailing list