> I have a concern regarding exit nodes in Tor. In my mind it is possible for > an attacker to run a malicious exit server that gathers information at the > exit point. Of course, this does not compromise anonymity per se, but it > still can reveal sensitive data to malicious people. I think the JonDonym > project handles this question better. To run a JonDonym exit server you need > to be certified. Thus it is much harder to run a malicious JonDonym exit > server. Why donĀ“t you offer better protection against malicious exit > servers? I think safety of exit nodes is a serious concern.
What are you certifying? Against what? Monitored, protected and enforced by what? Here is $1,000,000 and/or a baseball bat... you wouldn't mind typing a few keystrokes for me or turning your head for a moment would you now? Ahh, yes, thank you Mr. Exit, and a splendid friendship it is. If you are concerned you may sample some exits, endeavour to review their bona fides and then use one that meets your liking. You may even form a project to wikify such reviews. You should now understand why the Tor project cannot and will not make such certifications, and why you should not trust JD's either. [Off to recruit/deploy 10 more 'certified' employees/servers] _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
