Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be abused to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine. However if the exit traffic is unencrypted and contains identifying information then an exit node can be abused.
The torproject therefore is dependent on a diverse and wide range of exit nodes. This update to an older page is where I attempt to display the exit nodes diversity in a Google map with Geolocation. The map was built using Google Maps API v3, with Marker Clusterer.
Understand the Technology, Understand the Risks
Use of the Tor Project by activists and Human Rights Defenders can be a valuable tool in avoiding surveillance; however you should always have a good understanding of the risks and keep your traffic encrypted end to end, as any of these exit nodes could be watching your traffic flows.
At the most basic level unless you are using encrypted protocols (HTTPS / SSH / TLS), the Tor traffic could be monitored. Here are two simple examples:
- Using a forum that does not use HTTPS your login, password, session cookie and posts could all be captured.
- If you send an email using SMTP (no TLS) then the email could be intercepted.
To gain an understanding of the technology the Tor Project website is the best place to start.
Tor Exit Nodes Geo-Located on a Google Map
These nodes are from February 27, I am working on scripting this up so that it is updated daily with the latest list of exit nodes. The list was downloaded from Blutmagie in csv format. Geolocation was performed against the IP addresses using the Free GeoIP API which seemed to have better coverage than MaxMind Geocities Lite.
From the map it is clear to see the high concentration of Tor exit nodes within Europe, once you start to zoom in and see the European nodes it is clear there is quite a spread of locations where the Tor nodes are operating.
Taking a closer look at the Internet Providers
Using the Shadowserver Whois service I also mapped the Tor exit node IP addresses against the ASN and Netblock.
The Internet service providers from the chart are the top 25 with the highest concentrations of Tor exit nodes.
In this post I have touched on some of the security threats and benefits of the Tor network. I encourage anyone intending to use the Tor network, to do some solid research around Operational security. If you are using Tor to bypass a proxy you should understand the risks to your traffic. If you are an activist using Tor to avoid monitoring by oppressive regimes, you really need to have a solid understanding of the technology, without knowing the threats you are putting yourself and perhaps others at risk.