The unbearable situation with Google's reCAPTCHA motivated this email (but it is not limited to this specific case). This idea came up when seeing a similar functionality in unbound (which has it for a different reason).
Assumption: There are systems that block some tor exit IP addresses (most likely the bigger once), but they are not blocked due to the fact that they are tor exits. It just occurred that the IP got flagged because of "automated / malicious" requests and IP reputation systems.
What if every circuit had its "own" IP address at the exit relay to avoid causing collateral damage to all users of the exit if one was bad? (until the exit runs out of IPs and starts to recycle previously used IPs again) The goal is to avoid accumulating a bad "reputation" for the single used exit IP address that affects all tor users of that exit.
Instead of doing it on the circuit level you could do it based on time. Change the exit IP every 5 minutes (but do _not_ change the exit IPs for _existing_ circuits even if they live longer than 5 minutes).
Yes, no one has that many IPv4 addresses but with the increasing availability of IPv6 at exits and destinations, this could be feasible to a certain extend, depending on how many IPv6 addresses the exit operator has. There are exit operators that have entire /48 IPv6 blocks.
problems: - will not solve anything since reputation will shift to netblocks as well (How big of a netblock are you willing to block?) - you can tell two tor users easily apart from each other even if they use the same exit (or more generally: you can tell circuits apart). There might be all kinds of bad implications that I'm not thinking off right now. - check.tpo would no longer be feasible - how can do we still provide the list of exit IPs for easy blocking? Exits could signal their used netblock via their descriptor. What if they don't? (that in turn opens new kinds of attacks where an exit claims to be /0 and the target effectively blocks everything) - more state to track and store at the exit -...
some random thoughts, nusenu
You may also be interested in - newnym exit bucketing (in trac somewhere), this guarantees cycling through all exits before reusing one - openvpn exit termination (in tor-relays somewhere), this gives non-tor IP to clients that initiate a termination
Would it help to write a short proposal to move this forward?
Would there be someone to actually implement it?
According to nickm: "This wouldn't be too hard, actually." [1]
As more platforms (i.e. youtube) are more strictly blocking IPs with bad reputation this would be a crucial feature to make the internet more accessible to Tor users.
thanks, nusenu
[1] https://trac.torproject.org/projects/tor/ticket/3847#comment:6
On 03/07/2020 03:36 PM, nusenu wrote:
Would it help to write a short proposal to move this forward?
Would there be someone to actually implement it?
According to nickm: "This wouldn't be too hard, actually." [1]
As more platforms (i.e. youtube) are more strictly blocking IPs with bad reputation this would be a crucial feature to make the internet more accessible to Tor users.
thanks, nusenu
[1] https://trac.torproject.org/projects/tor/ticket/3847#comment:6
While I have no skills to implement this, it is a damn good idea!
Would these be IPv6 addresses?
While I have no skills to implement this, it is a damn good idea!
Would these be IPv6 addresses?
As the ticket says, the idea is to support it for IPv4 and IPv6.
In practice big blocks of IPv4 are likely to expensive for most operators but IPv6 addresses basically don't cost anything.
signal NEWNYM exit bucketing - Make circuit isolation isolate exits? https://trac.torproject.org/projects/tor/ticket/6256
Hi,
On 8 Mar 2020, at 08:36, nusenu nusenu-lists@riseup.net wrote:
Would it help to write a short proposal to move this forward?
Yes, proposals help us know what to implement, when we have time.
The proposal can be short, but it needs to describe the feature in enough detail, that a developer could implement it: https://gitweb.torproject.org/torspec.git/tree/proposals/001-process.txt#n39
Would there be someone to actually implement it?
If there's a good proposal, some volunteer or staff member may decide to implement it, when they have time.
We can also include proposals in grant applications. (It's much harder to include an idea in a grant application, we don't have enough details.)
Perhaps it might fit into some of our existing anti-censorship grants. But that's something for the anti-censorship team to decide. Again, a proposal makes that decision much easier.
According to nickm: "This wouldn't be too hard, actually." [1]
As more platforms (i.e. youtube) are more strictly blocking IPs with bad reputation this would be a crucial feature to make the internet more accessible to Tor users.
Yes, I agree.
Unfortunately, there are lots of really useful and important things we can do. And never enough people to do them.
But a proposal is a good step forward.
[1] https://trac.torproject.org/projects/tor/ticket/3847#comment:6
T
-
grarpamp -
Mirimir -
nusenu -
teor