Phish filters on exit nodes
Hi, I work in antiphishing, and use Tor to access some phish sites. Today I got an OpenDNS Phish Warning page instead of the phish I was trying to see. The site was visible with Tor switched off. Is there a policy regarding content filtering at exit nodes? I recorded the 'Connections' data at the time, is there any point in trying to work out the exit node involved and trying to contact them? Regards, downie
Re: Phish filters on exit nodes
On Sun, Jun 08, 2008 at 07:10:46PM +0100, Geoff Down wrote: Hi, I work in antiphishing, and use Tor to access some phish sites. Today I got an OpenDNS Phish Warning page instead of the phish I was trying to see. The site was visible with Tor switched off. Is there a policy regarding content filtering at exit nodes? I recorded the 'Connections' data at the time, is there any point in trying to work out the exit node involved and trying to contact them? It sounds to me that either the exit node or its provider has decided to be proactive about phishing by deploying filtering technology either at the edge or in the network, respectively. While it is great that they have decided to fight phishing, it is somewhat troubling that they would mess with network neutrality by providing filtered access (if it is the exit node, then to the Tor users, if it is the Internet access provider of the exit node, then to its customers). It might be interesting to coordinate with the exit node operator; some Tor routers have email addresses in their descriptors. See, e.g.: http://cassandra.eecs.harvard.edu/cgi-bin/exit.py and click on the nicknames of the nodes to see the descriptors. A more general solution would be to try to understand how the service offered by different exit nodes actually differs. This could potentially lead to a way in which Tor clients could make smarter choices about their exit nodes... or perhaps a way in which Tor directory authorities could tag them. Geoff signature.asc Description: Digital signature
Re: Phish filters on exit nodes
Geoff Down wrote: Hi, I work in antiphishing, and use Tor to access some phish sites. Today I got an OpenDNS Phish Warning page instead of the phish I was trying to see. The site was visible with Tor switched off. Is there a policy regarding content filtering at exit nodes? I recorded the 'Connections' data at the time, is there any point in trying to work out the exit node involved and trying to contact them? Try visiting the OpenDNS preferences page from that node. Someone other than the Admin of the node may have enabled the OpenDNS anti-phishing features. You may also just want to email the admin of the Exit node and ask in the first place... (Disclaimer, once in another lifetime, I worked on OpenDNS and it may not even be possible to change the preferences of a given IP address in such a way anymore...) Regards, Jacob Appelbaum
Re: Torbutton 1.2.0rc1 released
On Wednesday 04 June 2008 19:52:15 Curious Kid wrote: Thank you so much! Have you thought about having an option to set the initial starting state of TorButton? Mine starts in the state it was in when I last exited Firefox. That has led to me browsing to hidden services in the clear without initially realizing that Tor was not enabled. I am thinking that a radio button to select from Default (Starts in previous state), Starts Enabled, and Starts Disabled. I second this feature request! A command line argument would be ideal.. signature.asc Description: This is a digitally signed message part.
Re: Phish filters on exit nodes
Jacob Appelbaum wrote: Try visiting the OpenDNS preferences page from that node. Someone other than the Admin of the node may have enabled the OpenDNS anti-phishing features. You may also just want to email the admin of the Exit node and ask in the first place... (Disclaimer, once in another lifetime, I worked on OpenDNS and it may not even be possible to change the preferences of a given IP address in such a way anymore...) To change your prefs, you have to be logged in, and you can do it from any IP address. (The prefs are still applied based on your IP address(es), of course.) Regards, Jacob Appelbaum --
Re: Phish filters on exit nodes
Thanks for the feedback, the Connections info at the time was charlesbabbage,minotor,plotin schatten,dieter,Lifuka charlesbabbage,gizmo,mxr ixxosdiwlfkyqz,SEC,Webdvdr charlesbabbage,RMLAnonSrv2,kyirong How do I tell from this which was the exit node ? The page http://cassandra.eecs.harvard.edu/cgi-bin/exit.py was down momentarily but is back online now. TIA, downie On 8 Jun 2008, at 23:57, Matt Nordhoff wrote: Jacob Appelbaum wrote: Try visiting the OpenDNS preferences page from that node. Someone other than the Admin of the node may have enabled the OpenDNS anti-phishing features. You may also just want to email the admin of the Exit node and ask in the first place... (Disclaimer, once in another lifetime, I worked on OpenDNS and it may not even be possible to change the preferences of a given IP address in such a way anymore...) To change your prefs, you have to be logged in, and you can do it from any IP address. (The prefs are still applied based on your IP address(es), of course.) Regards, Jacob Appelbaum --
Re: Phish filters on exit nodes
On Mon, Jun 09, 2008 at 03:18:38AM +0100, Geoff Down wrote: Thanks for the feedback, the Connections info at the time was charlesbabbage,minotor,plotin schatten,dieter,Lifuka charlesbabbage,gizmo,mxr ixxosdiwlfkyqz,SEC,Webdvdr charlesbabbage,RMLAnonSrv2,kyirong The exit node is the last one in each circuit. What frightens me more is that you told us your entry guards, which tend not to change (though people watching you will be able to observe these over time...) How do I tell from this which was the exit node ? The page http://cassandra.eecs.harvard.edu/cgi-bin/exit.py was down momentarily but is back online now. cassandra did not crash; perhaps it was just slow or you had a problem on your end? Geoff signature.asc Description: Digital signature