On 2/25/16, blacklight . pandakaasftw@gmail.com wrote:

hello there! i don't know if this mailing list works but i thought of giving it a try.

i was lately reading an article ( http://www.pcworld.com/article/3037180/security/tor-users-increasingly-treat... ) and it was about tor users getting blocked from accessing alot of website. but after giving this some thought i think i came up with a possible solution to the problem :there is a thing called bridges, they are used to access the tor network without your isp knowing that you use tor, but if you can use those proxies to enter the network, it might also be possible to exit the network with them. But then we face a second challenge, the exit nodes have to be configured in such a way that it will relay traffic to such a bridge, so the exit node owners also need to know the ip of the bridge. While this doesn't seem difficult to do, it can become difficult. You see if the bridges are published on a public list(like normal bridges are) then the blocking sites in question will be able to block those address too. While this also posses a problem, a possible solution could be found in something called flashproxies, flashproxies are bridges with a really short life span, they are created and destroyed fairly swiftly, when this is done in a rapid pace, they become really hard to block because the ip changes all the time. So if the exit nodes can be configured to make use of such flash proxies, then the problem could be solved. I Must admit that not an expert on this or anything, and it needs alot of more thought, but it could work. so i was wondering if there are any experts who could help me with thinking out this subject and maybe confirm if this idea could work.

Skipping that whoever wants to enumerate, test, block, and share lists of the IP of your final hop will find a way to do so...

"flashproxies" - are essentially illegal to use as the operator got stupid, and didn't gave permission. - are unstable as were never intentionally provisioned, and the operators get smart when abuse reports and shut them off. - proxy lists are going to be a pain for you to scrape and maintain

Options - run your own volunteer network of last hop "proxies" / bridges - buy them from AWS or wherever "meek" style - partner with or plug into already existing networks of those - get tor relays or bridges to do this

I previously wrote in archives that exit relays could bind OpenVPN to extra IP's they configure on their exit relay boxes. Tor daemon has nothing to do with those IP so they never appear in tor's easily blacklistable consensus. Users then OpenVPN over tor to those via use of the relay fingerprint to reach vpn terminator IP over relay localhost to save bandwidth, and on out to clearnet.

You can OpenVPN to some list of onions if you don't feel like listing the relay fingerprints / extra input IP's on wikis. But it's not going to stop dedicated blacklisters, and onion doubles bandwidth use. However it could also be used by non-exits that for whatever reason didn't want to be a tor-exit but did want to offer exit via some remote third party vpn service. And strictly social sharing on forums etc could happen for distribution.

There are already some exits that for various reasons, intentional or other, do not exit from their OR IP. That is a feature that some tor users do now find and use. And relays don't offer OpenVPN yet which would also give users more than just IPv4-TCP exit scheme.

Though it is integrated somewhat, I2P has this manual sort of exit offering model with false.i2p and a few other nodes.

[Doesn't seem to require daemon dev work, updated subject, continuing thread reply to relays and talk.]