Opened 8 years ago

Closed 8 years ago

#4041 closed defect (duplicate)

Default Relay Exit Policy

Reported by: ancientmariner Owned by: chiiph
Priority: Medium Milestone:
Component: Archived/Vidalia Version:
Severity: Keywords: relay exit
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There are two opposite points of view as to what should be the default setting for running a Relay: Either no exits should be allowed (a no-exit Relay) or all the exits should be allowed.

Less than half of all Relays are exit Relays considerably diminishing Tor's capabilities. So setting the default Relay configuration to no-exit would be counter-productive to Tor's purpose. On the other hand, permitting all exits does expose Relay operators to increased risk. It appears then a compromise of setting the default Relay configuration to exits for unsecure and secure websites would let Relay operators provide a valuable and essential service while at the same time reducing the risk to themselves.

Child Tickets

Change History (2)

comment:1 Changed 8 years ago by tmpname0901

I assume the reluctance to run an exit relay is related to abuse issues.

How about if the default policy is to allow POP3(S) and IMAP(S)? Or some subset of all ports that won't cause a skittish relay operator to get threatening messages from their ISP?

comment:2 Changed 8 years ago by atagar

Resolution: duplicate
Status: newclosed

Less than half of all Relays are exit Relays considerably diminishing Tor's capabilities.

Not necessarily. For rarer exit ports (like outbound email traffic) the bottleneck will probably be at the exit, but for other uses it's not really clear if exits are a bottleneck or not. One peculiar thing about relays is that the big gigabit relays (blutmagie, torservers, and amunet) are all exits. I'm not sure if making an effort to employ residential connections (which have tiny upload rates) as exits would really benefit the network compared to letting them take the middle hop position.

Regardless, open exit policies are a lightning rod for abuse complaints and even restricted policies risk getting an individual in trouble with their ISP. We want exit operators to know what they're getting into and be prepared to deal with abuse issues that come their way, so making relays exits by default would be a very bad idea.

It appears then a compromise of setting the default Relay configuration to exits for unsecure and secure websites would let Relay operators provide a valuable and essential service while at the same time reducing the risk to themselves.

Web traffic is not abuse-free. We (amunet) mostly get complaints about spam/nastygrams from web email services, forum spam, and content scraping (all from ports 80/443).

Or some subset of all ports that won't cause a skittish relay operator to get threatening messages from their ISP?

An exit will be pretty useless if it doesn't contain some common ports (especially 80/443) but unfortunately those are the ones that are likely to get a person in hot water.

The question of being an exit by default is discussed in...
https://trac.torproject.org/projects/tor/ticket/2644

and the default policy discussion is on...
https://trac.torproject.org/projects/tor/ticket/3469

Resolving as a duplicate. -Damian

Note: See TracTickets for help on using tickets.