That's my point. The logic applies to either both or none.
Plus the logic starts to get warped when you wonder "So do you BadExit every node that runs on an ISP that caches traffic?"
What about ISP's (and openDNS) that NXDOMAIN trap to insert advertising?
Regarding 'cached evidence', logs are short term for diagnostic purposes and shredded. Nothing identifiable is logged, which would be annoying to get to due to LUKS encryption of the entire filesystem.
The exit node burns through about 20mb/s continuously. Fundamentals of tor design and sheer volume of noise make this a toughie.
On Fri, Jan 9, 2015 at 8:35 PM, Zack Weinberg zackw@cmu.edu wrote:
On Fri, Jan 9, 2015 at 9:18 PM, cacahuatl cacahuatl@autistici.org wrote:
If you're caching exit traffic and a very naughty person uses your exit, you've potentially cached "evidence" (to be seized).
That logic applies equally to DNS; indeed, it is why the CMU Tor exit *doesn't* run a DNS cache.
(It talks to CMU's DNS servers, which do cache, but for the entire network.)
(If you can't trust your network provider's DNS resolver, the tradeoff may be different.)
zw _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays