Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was curious about this, so I started googling for how to do this. Sure enough, it's a bitch and the only way to really do it easily is to use a GUI like Tork. Not to mention I can't seem to figure out how you find his nodes in order to BadExit them, and I very seriously doubt his nodes will get listed in anything official.

Anyone got good instructions on how to actually BadExit his nodes? I want to post them so people actually can.



If you add this to your torrc:

    ExcludeNodes $0AD3FA884D18F89EEA2D89C019379E0E7FD94417,$3100A70862157E5F9136B6AAEB7571745D4DC055,$49E2C345FDA5E9ADFE13320690BF2C77EA803E6C,$4A0CCD2DDC7995083D73F5D667100C8A5831F16D,$5FABB67A4C229ECACD53F5E02B62C87E5300728D,$62665FD8A07D2E0F6ABDB4A36283A5A8824C0128,$6AF64BD1DF8B92D5194760C2256EBF80F70273DD,$71B7F2406DDAE829979B53963B952E17CD021125,$8522EB98C91496E80EC238E732594D1509158E77,$D67C5F501DAA0EE65AF9422A36385217D8AD3927,$EFE02E652CA2EB6FD96B30DC77EA55ABF7EFC1A5
Then your traffic will never pass through any Tor node that Jacob has publicly admitted to controlling.

To verify this:

Check https://www.torproject.org/docs/tor-manual-dev.html.en for the ExcludeNodes directive. There is an ExcludeExitNodes option, if you're willing to tolerate him as a middle-man, and just not exit out his nodes.

Check one of the online directory servers (e.g. http://torstatus.blutmagie.de/) and use the Advanced Query Options to find all the nodes where "Contact" - "Contains" - "appelbaum.net" to find which nodes he administers. Then add the fingerprint of every node you want to avoid to the ExcludeNodes entry.

You should obviously confirm the list above with other sources, because one or all of the following might be true:

1. I may be in cahoots with Jacob, plotting to hack your codez.

2. The directory server I linked to may be a co-conspirator. Fortunately, there are other directory servers you can query.

3. There is no three. Anybody can put up a node and declare anything. If Jacob, or I, are using Tor nodes nefariously, do you really think we'll put our names on them?

P.S. Don't forget to restart Tor after you change the torrc.


WOW. So usable. I'm sure everyone who doesn't trust his affiliation with Wikileaks will just sit right down and punch that in.


Why would you even want to BadExit his nodes? Using Tor you're vulnerable anyway. Any exit node can snoop on your traffic or even change it.

Enumerating some bad nodes does not substantially improve this. The above can only be prevented by using something like SSL plus a trusted certificate on top of Tor.


Right, and the people who are running malicious Tor exit nodes won't tell you that either. Good luck with that.


It's up to the Tor user to encrypt her end-to-end traffic. If that's what she wants.


> Why would you even want to BadExit his nodes?

To further malign him of course.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: