[CoffeeDregs]

[Might I hijack this thread? Yes? Thank you.]

OT: I looked at adding a TOR proxy to my personal VPS and pretty quickly decided against it* since it's tough to limit the proxy to legitimate traffic. By "legitimate traffic", I mean traffic for people who really need privacy. By "really need", I don't mean Bittorrent (yes, I use it, too, but I'll deal with the consequences), porn, etc.

I'm really not interested in running a bunch of not-mine-but-pisses-off-Comcast traffic on my cable modem, but I'd love to run a TOR proxy. Anyone got any pointers on running an effective, not-annoying proxy?

Back on topic: if I can sort the question of how to limit not-awesome traffic, I'd happily run a TOR exit node on my Linode and I'd buy a Rasperry Pi to run one at home.

* https://forum.linode.com/viewtopic.php?t=7328

[dfc]

If node operators could pick and choose whose traffic they carried tor would not be what it is.

If you dont want to handle the stress of dealing with exit traffic run a relay only node:

https://www.torproject.org/docs/faq.html.en#ExitPolicies

[CoffeeDregs]

Agreed, but one can hope, yes? For example, if I could probably kill not-interesting traffic if I could traffic-shape the traffic (e.g. you can't run more than 10kB/s averaged over 60 seconds through my node, which is plenty to browse the web securely but isn't enough to download Star Trek 2.) The question remains: are there ways to manage (not prevent) this issue?

[dfc]

No, I don't hope. If relay operators can "peel back the layers of my onions" and see the traffic the entire security model is out the window.

Edit: I just saw your restatement of your question. Check out the bandwidth management features and set your relay to only allow exit traffic to port 443. More info on the bandwidth management can be found here:

https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Wha...

[gizmo686]

The security model of Tor allows the exit nodes to see all the traffic in 'plaintext' (indeed, the design of Tor requires it). What the security model requires is that the exit nodes not be able to identify who sent the packets originally.

I put "plaintext" in quotes because they can only see what you want to send to the server, which could be encrypted outside of the context of Tor.

Although I think it is illegal to spy on the data you pass as an exit node, a point that is often not said is that by the design of Tor, you are showing some random person the content of all of your requests, which opens up a whole new attack vector for eavesdropping and man-in-the-middle attacks.

[CoffeeDregs]

Thank you. Your suggestion is very helpful. I'll have a gander at that link.