[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why TOR Operators SHOULD always sniff their exit traffic...

No chris I dont think you shall have that information.. AT present ANYONE can run a tor server and does.. this includes US government agencies to the best of my knowledge.. as far as what I do for a living.. you
really dont have a clue. Come to think of this if EFF is now relying upon laws to protect anonymity instead of technology and thinking that evil tor operators will submit their servername for excludenode inclusion then your organization is NOT giving good anonymity advice.

oh and BTW chris.. your BIO as well as your title says nothing about a juris doctor(n.b. a law degree) nor do you carry an Esq. suffix on your name(neither do I but I do have the advantage of having a actually paid a criminal law specialist for examination of my businesses legal position in running a server, have YOU??)

suffice to say that you have NO legal training to make the claim my advice is stupid, and I have run a medium sized ISP as well as a Phone company with the legal advice I had to pay for, not obtain from someone who simply has the virtue of posting from an eff.org address and who is most definitely NOT a lawyer nuff said in the meanwhile chris and the rest of the tor community that believe evil server operators will announce themselves will indeed have a few sleepless nights over this email.
Invisible IRC inside of TOR is one way of further protecting oneself on IRC.

ECPA and related case law is something I am VERY familiar with from the government investigator viewpoint BTW
I havent given ANYONE legal advice here,only stated how I run my server(s) and the legal basis on which I perform monitoring of traffic exiting my property. You may not like it ,too bad, hopefully yours and others usage patterns of tor and associated software will become mature so that traffic analysis and monitoring are not a threat to you personally, but they are done and NOT by myself alone. This is one of the initial threats we examined when the 2 NRL folks who invented tor approached myself and lucky at financial crypto in Anguilla to introduce tor and its inventors to the cypherpunk community.(It was a vastly different design in those days, solaris based :( and lots of other gotchas), I tend to implement EVERY attack possible at my node(s) to know what issues tor still has so I can avoid usage patterns that would tend to expose my true name as well as advise clients on its strengths/weaknesses.

         a "possibly evil" tor operator

ps prior to calling someone stupid in public really should know who you are talking to / calling out other wise one risks making "stoopid" errors.

ps the pgp/cypherpunk/remailer community was not really evolving until David Sternlight provided LOTS irritation to us and Detweiler and others thoroughly exploited every weakness the various nym servers and remailers had to offer.
I hope I can force this group to evolve as fast as the above forced the cypherpunk community to alter their code and practices for more anonymity than laws can offer maybe then tor and eff can offer real resistance to the onrushing faith based police state


..Chris Palmer wrote:

tor wrote:

yet another reason sniffing is a GOOD thing for tor operators...

You are not a lawyer, you don't fully understand ECPA or ECPA-related case law, and you are giving stupid advice. Please stop doing this.

Also, can you please tell me what the nickname of your Tor server is?
I'd like to put it in my ExcludeNodes directive.