On 09/09/2007, Gregory Maxwell gmaxwell@gmail.com wrote:
These are LVS VIPs. I suspect that we could put in some sort of rewrite rules on the LVS hosts to redirect TOR traffic to some dedicated tor exit nodes which only allow traffic to reach back to the local LVS.
I.e. to the outside world the TOR exits would look they are on 145.97.39.155 (knams), 66.230.200.100 (tampa), and 203.212.189.253 (yaseo), and 66.230.200.219 (secure). They would really be on other addresses. Their exit policies would allow traffic to :80 and :443 on their apparent external addresses. This should be enough to cause TOR to send all Wikipedia traffic to these exits.
We could apply whatever blocking policy we want for TOR to the 3-4 actual exit source IPs.
This would have the following advantages:
- Less tor blocking inconsistency. (We often have only half the
active Tor exists blocked from, which means that regular tor users can't edit via tor but sneaky trolls can... some exist are soft blocked, some are hard blocked, many are not blocked at all)
Simply use the Python exitlist code or TorDNSEL, both provided courtesy of the Tor developers. http://exitlist.torproject.org/ http://cvs.seul.org/viewcvs/viewcvs.cgi/tor/trunk/contrib/exitlist?rev=10402... These may also be of interest: http://www.imperialviolet.org/binary/mediawiki-1.4.4-tor-block.patch http://archives.seul.org/or/talk/May-2005/msg00128.html http://archives.seul.org/or/talk/Sep-2005/msg00312.html http://en.wikipedia.org/wiki/Wikipedia:Requests_for_adminship/TawkerbotTorA
- Improved security for users who use tor. No more
risk of sniffing by naughty exit node operators.
For a logged in Tor user (an admin, I guess). Or one could theoretically set up a hidden service, which offers end-to-end encryption.
- Improved performance for tor users since there will be low latency
between the exit and our caches.
Not my primary concern, but Tor is getting better.
Even though allowing editing from Tor is a matter which rational people can debate... allowing people to read via tor is something we should support as strongly as possible.
: )