How easy is it to get ahold of a list of Tor exit nodes? In a nightmare scenario, would wikimedia's list of blocked IPs be something an oppressive government might covet?
Knowing that open proxies have been a source of problems for e.g. IRC and email services, the designers of Tor intentionally made it technically impossible to hide an exit node to help mitigate the potential for abuse.
There are so many things wrong with this comment I do not know where to begin.
"The list is already public" is the understatement of the year. If the list was not public it would be impossible for clients to build a circuit.
"There are many mirrors of it" is the runner up for understatement of the year. Every running instance of tor has the capability to publish the list of exit nodes.
I am not going to pretend to understand anonymous mixes as well as arma, Nick and Paul and I would like to suggest that you do the same. The designers of tor did not make it "technically impossible to hide an exit node to help mitigate the potential for abuse."
It is "technically impossible to hide the exit node list" because without the list clients would not be able to build functioning circuits. But don't take my word for it:
"We can't help but make the information available, since Tor clients need to use it to pick their paths. So if the "blockers" want it, they can get it anyway. Further, even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see." [1]
Two of the other sides of tptacek's 50 sided die are censorship resistance and abuse resistance. Anonymity is hard enough as it is. Do everyone a favor and refrain from telling us what arma, nick and paul intended...
Its the entry nodes that the oppressive government would like to block access to. If you can build functioning circuits you can connect to "hidden services" that people have set up with tor. This is how the Silk Road operated.
How do you protect against the oppressive government blocking clients from connecting to the network?
In addition to the entry nodes published by the directory servers Tor nodes can be configured as bridges[1]. Bridges do not show up in the authoritative list of tor nodes. There is no public authoritative list of all the bridges so the oppressive government can not easily prevent clients from connecting to all of the bridges.
remember that tor is more than a transit network (traffic exiting out exit nodes). Tor's real strength is hidden services (.onion stuff). These services do not require you to "leave" the tor network, thus are much harder to track down, censor, or block.
pretty trivial from what I can tell. check.torproject.org has basically that, and I think that is derived from the network directory information itself.
kronusaturn|14 years ago
Knowing that open proxies have been a source of problems for e.g. IRC and email services, the designers of Tor intentionally made it technically impossible to hide an exit node to help mitigate the potential for abuse.
dfc|14 years ago
"The list is already public" is the understatement of the year. If the list was not public it would be impossible for clients to build a circuit.
"There are many mirrors of it" is the runner up for understatement of the year. Every running instance of tor has the capability to publish the list of exit nodes.
I am not going to pretend to understand anonymous mixes as well as arma, Nick and Paul and I would like to suggest that you do the same. The designers of tor did not make it "technically impossible to hide an exit node to help mitigate the potential for abuse."
It is "technically impossible to hide the exit node list" because without the list clients would not be able to build functioning circuits. But don't take my word for it:
"We can't help but make the information available, since Tor clients need to use it to pick their paths. So if the "blockers" want it, they can get it anyway. Further, even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see." [1]
Two of the other sides of tptacek's 50 sided die are censorship resistance and abuse resistance. Anonymity is hard enough as it is. Do everyone a favor and refrain from telling us what arma, nick and paul intended...
[1] https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#You....
dfc|14 years ago
How do you protect against the oppressive government blocking clients from connecting to the network?
In addition to the entry nodes published by the directory servers Tor nodes can be configured as bridges[1]. Bridges do not show up in the authoritative list of tor nodes. There is no public authoritative list of all the bridges so the oppressive government can not easily prevent clients from connecting to all of the bridges.
[1] https://www.torproject.org/docs/bridges.html.en
throwaway32|14 years ago
rcxdude|14 years ago