Comment by londons_explore

Comment by londons_explore a day ago

11 replies

View on Hacker News

You only need to control the entry and exit node - since you know the next and previous hop for all traffic you touch, and default chains are 3 long. With circuits changing every 10 mins, within a few days you would have deanonymized at least some percentage of traffic for nearly every user.

I'd call tor broken against any adversary with a little technical skill and willingness to spend $5000.

I'm 80% sure Tor is designed as a US supported project to focus those needing anonymity into a service only governments with global security apparatus (who can grab a good chunk of internet traffic) can access.

bdw5204 a day ago

I imagine most exit nodes are likely controlled by the US government and/or its close allies. Who else wants to have their IP address banned from most of the internet and potentially get visits from their country's equivalent of the FBI?

If most Tor users ran exit nodes and most people used Tor, it would effectively make internet traffic anonymous. But without those network effects, it is vulnerable by design to deanonymization attacks by state actors.

Reply View 5 replies
  • basedrum a day ago

    I run an exit node, and I know several people who do, I dont suspect any of them to be anything but people who care about privacy, surveillance, and helping people get access to the free internet from restrictive locations. I admit, I bristled at your comment, because I do not like myself, the EFF, and many of my close friends being imagined as part of the US Government.

    Reply View 4 replies
    • londons_explore a day ago

      I ran an exit node for a while, and found myself auto-banned from so many services that I stopped running the node and threw away my IP range (which now would be worth $$$ - oh well!)

      Reply View 3 replies
      • iancarroll a day ago

        I ran Tor nodes, had a bunch of blacklisted IPs, and just stopped running them and it was fine? Blacklisting Tor nodes requires updating the data often, so it falls off pretty quickly. To discard an entire /24 would be pretty funny over that!

        Reply View 1 reply
        • noirscape 14 hours ago

          Most people just use a DNSBL to block Tor exit nodes. They're pretty trivial to find online and presumably, very easy to set up because the list of Tor exit nodes is publicly available.

          This also means the expiry time is usually tied to however long a Tor exit node stays on the DNSBL + 3 or so days (depends on how long the software is configured, but 3 days is typically the assumed default for IPs that tend to get mixed up with automated spam, of which Tor is also a massive purveyor.)

          Reply View 0 replies
      • immibis 21 hours ago

        It's recommended to put an exit node on its own dedicated IP address.

        Reply View 0 replies
k__ a day ago

How do you control an exit node?

I had the impression, with onion services they are a thing of the past.

Reply View 4 replies
  • londons_explore a day ago

    https://blog.torproject.org/tips-running-exit-node/

    Reply View 2 replies
    • k__ a day ago

      Ah, there are people who use Tor to access non-onion services. Got it.

      Seemed like onion services were created to solve the security issues that exit nodes bring, so I assumed people stopped using them and started running onion services instead.

      Reply View 1 reply
      • AstralStorm a day ago

        For the more scummier or illegal elements on the network, that is true. For onion services, lasering attacks and takeovers plus honeypot are the chief danger.

        Reply View 0 replies
  • [removed] a day ago
    [deleted]
    Reply View 0 replies