[tor-relays] RFC: does a private exit would work?

tl;dr;
restricted access + usage of an exit

longer:
An exit is sooner or later abused. A reduced exit policy does not prevent that.

What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?

Having an access line like for bridges would restrict the access. An alternative could be a port knockig + iptables solution.

Objections and comments are welcome.

What's the goal? To have a private exit that only you can use?

There is this very interesting paper and project called HebTor:

This paper introduces HebTor, a new and robust architecture for exit
bridges---short-lived proxies that serve as alternative egress points
for Tor. A key insight of HebTor is that exit bridges can operate as Tor
onion services, allowing any device that can create outbound TCP
connections to serve as an exit bridge, regardless of the presence of
NATs and/or firewalls. HebTor employs a micropayment system that
compensates exit bridge operators for their services, and a
privacy-preserving reputation scheme that prevents freeloading. We show
that HebTor effectively thwarts server-side blocking of Tor, and we
describe the security, privacy, and legal implications of our design.

If you're interested on playing with it -- for educational purposes only
--, I can share some instructions in private.

Gus

> longer:
> An exit is sooner or later abused. A reduced exit policy does not prevent
> that.
>
> What about setup a tor exit relay with 'PublishServerDescriptor = 0' ?
>
> Having an access line like for bridges would restrict the access. An
> alternative could be a port knockig + iptables solution.
>
> Objections and comments are welcome.

What's the goal? To have a private exit that only you can use?

I asked myself the same.
Maybe an anonymously paid server with wireguard is an alternative.
BuyVM or privex.io KVM, paid with Monero or Paysafecard.

Or toralf, you can use freifunk: https://hamburg.freifunk.net/

There is this very interesting paper and project called HebTor:
https://dl.acm.org/doi/10.1145/3372297.3417245

Thanx, I'll have to take a closer look.

What's the goal? To have a private exit that only you can use?

Indeed, similar goal as for private bridges.

There is this very interesting paper and project called HebTor:
https://dl.acm.org/doi/10.1145/3372297.3417245

Thx, so I have sth to read.

I can only speak with anonymity in mind, since this would mean you run a
"vpn" service (having a "quad-vpn", but actually one that makes sence in
that its not just 4 different servers of one company). Having an access
line would either mean you'd need to identify yourself (and of course it
takes way more efford than just downloading the browser and getting right
to it) or you'd still have people going to access lines and afterwards
abusing the exit node.I'm not sure how you would implement port knocking
and iptables tbh. Still, I think it's technically a good idea, I
personally just wouldn't know how to implement it correctly.

Best,
shruub

Be aware that attacks against you will be possible, since any traffic coming from that IP is only used by you. Unlike normal Tor users where they blend and hide amongst each other. You will be the only exit user.

A personal VPN might provide similar anonymity and be easier to manage and run.