Silk Road forums

Discussion => Security => Topic started by: chemdog on November 16, 2012, 01:50 am

Title: Exit Nodes and TorRC
Post by: chemdog on November 16, 2012, 01:50 am
It's a bit late, so this will lack detail...

Having spoken a little with tootiefrootie about the TorRC config and the wisdom of perhaps excluding certain exit nodes from being used, you may want to append (ie: add them to the bottom - not overwrite) some lines.

Goto: Vidalia Control Panel -> Settings ->Advanced - Edit Current TorRC
Or: Open the TorRC file in Notepad found in the App\Data\Tor of your Tor Browser Bundle folder.

Put these lines at the bottom of the config, save and restart Tor:

StrictExitNodes 1
ExcludeExitNodes {us},{gb}

The first line informs Tor to always follow the Exit Node policy in the config file.

The second line excludes all Tor exit relays where the country code is listed as either GB or USA from being used.

Whilst not all threats to our safety come from these points of origin and whilst there are servers with dubious country codes that could exist in either of our chosen excluded countries, we have to start somewhere.

And that's what this is, a start.

I've got a list of exit nodes in a few spreadsheets, which will be moved to a db so I can beat it up with queries. Then I'll start to pull out known government subnets, questionable providers of data services etc.

Basically, I would like to see a community built and verified Tor exit node exclusion list. It might be hard and there are disadvantages, but that does not mean it is not worth doing.

As much as this site has freed the market for substances, we need to make sure the information that allows us to access and use that free market SAFELY is as "open source" and as freely available as possible, whilst keeping what matters most secret.

A big thanks to tootiefrootie - it has been a most enlightening evening looking at the background info to this stuff.... (I'm so tired, I can't even tell if that sounds sarcastic, but really, it has been interesting :-) )

Title: Re: Exit Nodes and TorRC
Post by: Caitu on November 16, 2012, 02:58 am
I don't know where I read this, but I've heard that a lot of exit nodes from Japan are monitored as well. I don't know if that is true or not but it may be worth looking into at the very least.
An extremely relevant clearnet article: http://www.andrewlih.com/blog/2007/09/11/using-tor-assume-exit-nodes-are-monitored/
An excerpt from that article:
Quote
Ars Technica is reporting that a security specialist was able to grab a bunch of login/passwords after running Tor nodes to illustrate proper and improper use of the widely-used anonymity network. In this particular case, Dan Egerstad volunteered to be part of the Tor network by running “exit nodes,” and boy did he grab a bunch of sensitive logins and passwords.
Title: Re: Exit Nodes and TorRC
Post by: kmfkewm on November 16, 2012, 07:00 am
It is not a good idea to block any exit nodes. Also it is strange that you would want to block US exit nodes, ISP's in USA log less than most other countries. Most countries have laws requiring ISPs to log information, in the US there are no such laws.