On Wed, Nov 25, 2009 at 12:21:39PM -0500, Gregory Maxwell wrote: > On Tue, Nov 24, 2009 at 8:05 PM, Ted Smith <[email protected]> wrote: > > On Tue, 2009-11-24 at 19:49 -0500, Roger Dingledine wrote: > >> See especially point #1: "even if we didn't tell clients about the > >> list of > >> relays directly, somebody could still make a lot of connections > >> through > >> Tor to a test site and build a list of the addresses they see." > >> > >> I guess we could perhaps add support for configuring your own secret > >> exit node that your buddy runs for you. But at that point the > >> anonymity > >> that Tor can provide in that situation gets pretty fuzzy. > > > > It's like a bridge, but for exits. They would probably have to be a lot > > less friend-to-friend than bridges, but it might still be doable. I > > think this is what the original poster meant, anyways. > > So non-disclosed bridges work because the entrance node always knows who > you are, so having to arrange something with someone doesn't disclose > much more information. It doesn't disclose where you are going. > > In the case of an exit the knows where you're going but not who you are. > If you must arrange for access to the exit then the exit gets the opportunity > to learn who you are. Once the exit knows who you are than the whole purpose > of tor is defeated. > > I can imagine a couple of possible cryptographic methods which would make a > private exit unusable until there is a sufficiently large clique of people > who could use the exit... but everything I can think of would be highly > vulnerable to attack by setting up additional conspiring nodes. >
Two words: Hidden service Some more words: If you set up a hidden service to function as a Tor exit, then your above concern about defeating the point of Tor goes away. I haven't done any thorough analysis but it seems obvious that there are lots of ways to attack this, such as quoted from Roger above. As usual you would need to specify what your threat model is to know if this is adequate for intended purposes. -Paul *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
