Recently I've got many questions about BADONIONS so I thought I could write this small blog post telling what's happening since I first published my results. First some FAQs:
Q: Are you still scanning for sniffing exitnodes?
A: No, not at this right moment. I did some scanning a few weeks after the first published results and noticed that the number of sniffing nodes decreased dramatically. This could depend on many factors, like that exit operators found out about this and was more cautious.
Q: Why did you not use exitmap?
A: I did and still do! But BADONIONS was about setting up websites that looks legit and then just login with unique credentials with every exitnode. There was no rush and I did around 2-5 nodes per 10 seconds so the only advantage of using exitmap would be speed. However, it's worth to mention that I used exitmap to deploy other methods to find bad exitnodes.
Q: How did you report the sniffing relays?
A: I emailed Philipp Winter but due to lack of actual proof there was not much to discuss.
Q: What would you do differently if you started this project today?
A: I would continue to scan for a longer period of time and reported every node to bad-relays. I would also go harder and set up more phishing websites and make the algorithm more complex. There is a few things that could be better, for example the passwords were too random. I would also like to test this against a real site if they allowed me to.
Q: Do you think your research have changed the way people look at Tor?
A: I hope not. Like I wrote in the original blog post - this is no new research but I would like to see it be more used because it's an ongoing issue. Some people told me that this was a new issue but it's the complete opposite. The Tor Project have always been aware of this and work hard to get this fixed, but this issue can be resolved at many parts; sysadmins, web browser developers and user. Together we can fix this.
Hopefully we will see more website with HTTPS now when Let's Encrypt launches.
I will continue to scan for sniffing exit nodes in the very near future. Due to personal issues I've not been able to continue my research as I wanted. When I start again I will use other methods to find sniffing exit nodes and hopefully this can be an fully automated process.
It would be great to see other also deploying this kind of techniques to find sniffing exit nodes and report them to bad-relays[at]lists.torproject.org.
I would like to thank The Tor Project for being very responsive, all nice exit operators and Philipp Winter for publishing great code for us to use.