Tor Exit Nodes are the gateways where encrypted Tor traffic hits the Internet. This means an exit node can be abused to monitor Tor traffic (after it leaves the onion network). It is in the design of the Tor network that locating the source of that traffic through the network should be difficult to determine. However if the exit traffic is unencrypted and contains identifying information then an exit node can be abused.
The torproject therefore is dependent on a diverse and wide range of exit nodes. As with any technology you will gain the most benefit and keep your information safe by at least having a basic understanding of how it works. With an understanding you will be better positioned to evaluate your risk.
[box type="note"]The majority of exit nodes are likely not monitored and are "safe", they are managed by good Internet citizens who believe in the aims of the Tor project. However even a handful of bad nodes could be a threat as exit nodes are periodically changed as you use the Tor network.[/box]
Understand the Technology, Understand the Risks
Use of the Tor Project by activists and Human Rights Defenders can be a valuable tool in avoiding surveillance; however you should always have a good understanding of the risks and keep your traffic encrypted end to end, as any of these exit nodes could be watching your traffic flows.
At the most basic level unless you are using encrypted protocols (HTTPS / SSH / TLS), the Tor traffic could be monitored. Here are two simple examples:
- Using a forum that does not use HTTPS your login, password, session cookie and posts could all be captured.
- If you send an email using SMTP (no TLS) then the email could be intercepted.
To gain an understanding of the technology the Tor Project website is the best place to start.
Tor Exit Nodes Geo-Located and Mapped
This map is updated daily. The list of exit nodes was downloaded from Blutmagie in csv format. Geolocation was performed against the IP addresses using MaxMind Geocities Lite (https://maxmind.com).
These charts are updated daily with detected attacks from the last 48 hours.
Tor Exit Nodes By Country
Tor Exit Nodes by Country (Top 20)
From the map and chart above you can see the high concentration of Tor exit nodes within Europe.
Taking a closer look at the Internet Providers
Using the Shadowserver Whois service I also mapped the Tor exit node IP addresses against the ASN and Netblock.
Tor Exit Nodes By ASN - Internet Service Provider (Top 20)
The Internet service providers from the chart are the top 20 with the highest concentrations of Tor exit nodes.
In this post I have touched on some of the security threats and benefits of the Tor network. I encourage anyone intending to use the Tor network, to do some solid research around operational security. If you are using Tor to bypass a proxy you should understand the risks to your traffic. If you are an activist using Tor to avoid monitoring by oppressive regimes, you really need to have a solid understanding of the technology, without knowing the threats you are putting yourself and perhaps others at risk.