On 08/28/2013 12:08 AM, Jon Gardner wrote:
Then why have exit policies? Exit nodes regularly block "unwelcome" traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question).
I do not wish to comment on the morality or desirability of traffic filters, but on the implementation:
It is much easier to block the majority of BitTorrent traffic than it is to block specific content served through HTTP. Torrent traffic can be blocked by the reduced exit policy https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy, which is a static whitelist of ports to allow. To do the same thing for content over HTTP, one would have to maintain a dynamic blacklist of IPs (or IP/port combinations) to block, which is much more challenging. An even more challenging alternative would be to implement deep packet inspection https://en.wikipedia.org/wiki/Deep_packet_inspection at the exit nodes---I think this is completely unpalatable to most Tor developers and exit node operators (and maybe illegal under US wiretapping laws).
Vincent