Comments on: Analyzing TOR-exitnodes for anomalies

By: The Linux Magazine, TOR and bigotry « IT, life and me

The Linux Magazine, TOR and bigotry « IT, life and me — Sun, 08 Oct 2006 00:29:06 +0000

[...] Update 2 (Wednesday): Something doesn’t seem to be so right, more people are complaining about the same problem on various websites so that i started an analysis if there’s something wrong with the Tor-system itself. [...]

By: TT

TT — Thu, 05 Oct 2006 12:00:40 +0000

“Later i found a posting on the or-talk mailinglist about someone who was suspecting that certain TOR-nodes might alter webpages and include advertising of some sort.”

If this is right enough then malicious use is obviously something TOR users would like to know about but i think it could be a good thing if the developers of TOR want to start generating some revenue to help fund TOR. I mean theres alot of new applications kicking about that have TOR built in (TORPark Web Browser, AnonOS) that all take its toll on the total bandwidth available. If the developers were to code a small banner into the top of all pages received by the exit node it would help fund more servers for the network.

I wonder whether the developer have thought about that.

By: Freemor

Freemor — Wed, 04 Oct 2006 23:54:03 +0000

I think you’ll find this is some sort of blocking/filtering at the websites end I was getting the same “SUSPECTED+UNDESIRABLE+BOT” results from Google.ca the other day (via tor). all it took to get rid of it was to close out the browser and then upen it again so a new route/exit node was established.

With seeing your, and others, experience with this it sounds like only certian exit nodes are blocked/filtered.. I certianly haven’t seen any thing that looks like a determined attempt to inject advertising yet… But the ability of an exit node to inject content is certianly a valid concern, and I applaud you efforts to check it out.

By: Alexander W. Janssen

Alexander W. Janssen — Wed, 04 Oct 2006 18:46:33 +0000

quix0r: Heck no! *laugh*
That would be a bit too much work. I automated the process. I fetched all nodes known to my personal node through the localhost-URL and for every TOR-node mentioned in my node’s routing table i send a request to one certain webpage and store the result to disk.
You can control what exit-node to use if you append a $nodename.exit to an url; for example, if you want the URL http://www.showmyip.com/ to go through the TOR-node with the nickname “wormhole” (mine), you tell your browser to load http://www.showmyip.com.wormhole.exit/.
That’s basically what I’m doing; requesting the same page over and over again through all exit-nodes. When I’m through all the nodes (several hundreds) I check which of those nodes don’t show the original page (simple search for keywords). If i find suspicious content, i investigate further.
Hope that clarifies it a bit,
Alex.

By: quix0r

quix0r — Wed, 04 Oct 2006 18:38:11 +0000

What you want to say here is: call that localhost URL and reload it when you see that ads-page (domainsponsor) again? Good idea… :-)

I will make it here and report that guy’s data here. :-)