Hi Arturo, On 18 April 2012 17:47, Arturo Filastò <[email protected]> wrote: > On 4/18/12 5:33 PM, Andrew Clausen wrote: >> Do .exit addresses already do what you had in mind? For example, if >> you add "AllowDotExit 1" to your torrc, you can type an address like >> this > > No, .exit notation is a bad idea because it allows people > to force you to exit through a particular exit node of their > choosing.
I suppose this is true, according to the spec. (When I tested this out, the implementation seemed to match my proposal below rather than the spec. I haven't had a chance to look at it.) However, it would be easy to change Tor slightly. If Tor used four ORs rather than three with .exit addresses, then there would be no problem. The only difference between using "http://myserver.exit"; rather than "https://myserver.com"; would be that the last hop would use the Tor protocol rather than HTTP. > For example I can place a <img src=""> tag on a website > and de-anonymize every user by getting them to go through my > address. The situation for <img src="http://myserver.exit";> would be no worse than for <img src="http://myserver.com";> Cheers, Andrew _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
