Kyle Williams wrote: > On Nov 8, 2007 3:54 PM, Jacob Appelbaum <[EMAIL PROTECTED]> wrote: > >> Kyle Williams wrote: >>>>> (This requires some changes to the torrc and tor >>>>> source, so I'd like to add it to the feature >>>>> request list in case somebody has free time) >>> That would be a hidden service. Tor already does that. >>> What we are talking about is secure defaults for exit nodes. >>> >>> That's a horrible idea. You do NOT want everyone to be able to >> anonymously >>> fuck with your router's admin page. >>> You don't need to redirect that specific request either. It needs to be >>> dropped. If you want to offer up a website, then use the hidden service >>> feature of Tor. >>> >> I agree that you don't want someone to mess with my admin page. I don't >> have an admin page, I have a service. >> >> I think that it's a feature that in your presented case has an >> unintended consequence. It's not as useless as you think. Furthermore, >> it's *not* a hidden service. Hidden services are often slower than any >> other Tor network function. You could *also* use a hidden service if you >> wanted but that's not the same thing. >> >> Something useful you could do with the exit enclave: >> Run a mixmaster server >> Run Tor with the ability to exit to your mixmaster server >> Now all people who can use Tor could use mixmaster, even if mixmaster >> was blocked and without exiting through a node you don't trust. >> >> >> ( Yes, I realize you could possibly exit and use the mixmaster network >> without this setup. And yes I realize that mixmaster is able to be >> observed without worry, I think this setup is useful anyway. ) >> >>> If you want to run a hidden server, such as a web site over a .onion >>> address, then that's fine. >>> If your router is disallowing people to access the admin webpage >> interface >>> from the Internet, that's probably a good thing. >>> But if running a Tor exit node opens up that admin webpage to the rest >> of >>> the Tor network, that's not good. At that point, anyone could >> anonymously >>> try and hack your router. God help you if they do get in, then your >> really >>> in trouble. >> Exit enclaves aren't .onions. They're two different things. They're also >> used differently and with different threat models. Furthermore, one is >> very reliable and the other isn't always so reliable at times. It's also >> a known and documented issue. >>
You forgot to address the above comments that you quoted. It has relevance to the next question you did address. >> Do you also think Tor should automatically block access to all RFC 1918 >> address space unless otherwise enabled? Why should Tor be so automatic >> about your specific preferences? >> > > How about you not restrict all the RFC 1918 address spaces in your network, > tell which exit node you run, and let me have some fun playing inside your > network anonymously. > I think that's the case right now. Perhaps you could share some of your finding to help people understand your concerns? Regards, Jacob