a little bird told me
Jay Listo
jay.listo at gmail.com
Fri Dec 9 02:54:01 PST 2005
Eugen Leitl wrote:
>On Tue, Dec 06, 2005 at 08:29:52PM +0700, Jay Listo wrote:
>
>
>
>>well, not sure if Tor has a mechanism to find out who's operating the
>>
>>
>
>How can you find out who's operating the exit nodes, unless you
>know the operators personally? The system is designed to
>tolerate a certain fraction of Mallory operators.
>
>
hmm, a couple of weeks ago, i did a traceroute of my packets while
running a tor client. It was 'comforting' to know that my isp was
courteously operating an exit node...just 1-2 hops away. Well, i just
re-started my tor client and the 'problem' went away...i felt like i was
playing the lotto with my tor client.
>>'exit' nodes, and the ability to choose a specific exit node.
>>
>IIRC, the client builds the circuits.
>
>
what's to stop a group of malloric tor routers from communicating
out-of-band with each other and with the mallory exit node as an accomplice?
well, users (the humans using the tor client) have absolutely no idea,
where those circuits are being switched through. unless, users take the
time to trace each http request (each of which go through a different
circuit)...and also having to do whois queries on each hop.
perhaps a mechanism (maybe a gui console showing each hop, ip and whois
query ) for users to monitor the circuits that their tor client has chosen.
This will give users awareness (or the option to exercise that) about
the confidentiality of their communications.
>>This way, any govt (or many govts) could put up a bunch of exit nodes
>>
>>
>
>Tapping and traffic analysis upstream of existing nodes are far
>less instrusive.
>
>What I'm wondering is whether the claimed attack is due to a
>design fault, or just by throwing resources at it. If it's a design
>issue, it can be fixed. If it's a brute force approach, it shows
>how much they're willing to deploy on very little incentive.
>If it's a canard, they're trying to stall and destabilize.
>
>Knowing which would be useful.
More information about the cypherpunks-legacy
mailing list