Hacker News new | ask | show | jobs
by neutered_knot 263 days ago
I think the point is that exit node operators can filter traffic they don’t want to support. Guard and middle nodes are not given the same choice; they apparently must support all traffic or get booted. Why can’t other nodes have freedom to decide how they want to participate?
1 comments
ranger_danger 263 days ago
> Why can’t other nodes have freedom to decide how they want to participate?

Because the network was explicitly designed to not allow this... otherwise it becomes subject to censorship, which is one of the main goals they try to prevent.

The (onion) address itself is never transmitted in plaintext through the Tor network... when you access an onion site, your Tor client encrypts the traffic multiple times, literally like an onion. No relay in the circuit knows the final destination.

link
neutered_knot 263 days ago
It is absolutely a design decision. I don’t understand though how allowing exit nodes to filter (by port and IP) doesn’t permit censorship but allowing internal nodes to not complete connections to onion sites does. I do understand that early nodes on the path are unaware of what the traffic but it seems pretty straightforward to allow nodes to not become rendezvous points for onion sites.
link
iamnothere 263 days ago
You are welcome to fork Tor and create a version that uses this approach, but good luck getting people to use it.

Conversely, even if the official project implemented an onion blacklist, a fork would quickly appear to remove it. And node operators would likely prefer that one.

Anyone with any sense understands that introducing a node blacklist creates the capability to expand the use of that blacklist in the interest of political and/or military censorship. The Tor project, Tor devs, and node operators are adamantly opposed to any such censorship capabilities. Therefore it will not happen, period.

link
neutered_knot 263 days ago
That’s not at all what I proposed. Not even close.

Edit: on second look I can see how you could think it was. I’m just proposing that if you run a node you be allowed to not become a rendezvous point for onion sites.

link
iamnothere 263 days ago
Ah, I misunderstood. In any case, onion traffic is not flagged as such, so nobody but the last hop would even know that onion traffic is being passed. Allowing the last node to kill the whole circuit seems like it would cause routing problems and/or contribute towards deanonymization, as would flagging onion traffic at every step of the journey.
link