Detect exit nodes running 'transparent' HTTP proxies
One Tor exit node operator has stated that he intends to route Tor exit node traffic through a 'transparent' HTTP proxy, and that this HTTP proxy would censor non-HTTP traffic on port 80 (including SSL/TLS). The exit scanner should be improved to detect exit nodes that divert port 80 traffic through a censoring proxy so that they can be promptly marked with the BadExit flag.
Connecting to an SSL/TLS server running on port 80 should be enough to detect many of these hostile exit nodes, but we should eventually add more subtle/thorough detection methods (e.g. sending an HTTP request in which the Host HTTP header does not match the TCP address which the Tor exit node was told to connect to).