GameboyRMH's Journal: How to bring the cops to Tor exit node operators' doors using the .exit feature

So today I ran across an interesting feature of Tor. You probably know about .onion sites, basically a freenet-like feature. Well there's another special Tor domain called .exit. This allows you to directly access a peer over the Tor network (so you could, say, access their FTP server (if they've made the port available over this service) over Tor when it isn't open to the Internet otherwise or is blocked from your country) and it also allows you to specify the exit node that your traffic goes out through, by going to something like http://google.com.peername.exit.

You can see the problem with this, right?

Normally when you connect to Tor your exit node changes randomly every few minutes. With the ability to specify which node your traffic exits through, you could do a large number of illegal things through a single exit node, destroying the exit node operator's plausible deniability that it was some random guy. Or even just one very illegal thing done through a node could ruin the exit node operator's life - uploading child porn to a government web site for instance. This feature is poorly documented and not many people know about it - it's on the Wikipedia article about .onion sites but not mentioned in the Tor documentation as far as I can tell!

Even if its existence were better-known, it increases the risk of running a Tor exit node, and there's apparently no way to disable .exit access through your node entirely. Cycling peer names and disabling the published contact email will make it harder for someone to pin you down but isn't a surefire countermeasure.

After all this gloom and doom about Tor I should mention that I also found a potentially useful little-known feature: the Bridge Relay setting. This allows you to help the Tor network somewhat without putting yourself at any legal risk whatsoever or risk of being banned from sites that ban Tor exit nodes. When set as a bridge relay, your node will act as an intermediary between other Tor nodes only. Not as useful as running an exit node but it could be a good option for many people, businesses could even safely allow bridge nodes to run after hours. So anyone who's been afraid to run an exit node but wants to help the network, at least do this.

Re:

[GameboyRMH]

The idea is that by running a disproportionately huge number of illegal activities through a single exit node you can force a response from law enforcement. Without this feature there would be an effective limit on the traffic you could run through any one node. No Tor exit node operator user would normally have sustained high-profile illegal activies running through their connection for a week straight. With this feature, that's possible.