I was checking a friend network over Tor and I was curious about the country that would show in his logs so I checked where my exit node was from…
It got me thinking, it’s well known most exit nodes are in the hands of governments, so people deep in OpSec using Tor network, do they check if the exit node they are using is not in a 14 Eyes country (or other places depending on their threat model)? And if this is a practice, do you believe countries controlling exit nodes for intel and surveillance might actually be connecting their nodes to servers in other unsuspecting countries, VPN-like, just to not reveal that node is actually feeding data to their country?
People who are seriously invested in OpSec absolutely do control their nodes. There’s a few settings in the Tor conf that allow you to exclude countries out of exit (and entry) nodes.
But given their resources and the knowledge that people they want data the most will avoid exit nodes in their home countries, how likely do you think agencies might have just rented some room in Albania and Morocco, or just got a room in their own country embassies, and put their exit nodes there instead? (if they can’t just “VPN” an IP from other country)
I’ve drunk too much conspiracy juice this morning.
That might be, but if they’ve choose their nodes carefully that will make correlation attacks very difficult.
Is it relatively straightforward to blacklist countries just based on IP address? I’ve seen it discussed before, and I swear it was never described as uncomplicated.
You don’t need to blacklist based on IP. You can specify the country directly.
See
man 5 tor.conf:ExcludeNodesandExcludeExitNodesas well as the node definition underNodeFamily:This option can be used multiple times. In addition to nodes, you can also list IP address and ranges and country codes in {curly braces}.
If you doing opsec right then it shouldn’t matter if exit node is in 14 eye country. Their AI won’t be able to distinguish your connection from the others.
