[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why TOR Operators SHOULD always sniff their exit traffic...


I'm new to the list, forgive me if this has been discussed already,
but this discussion is very apropos to a few things I've been thinking

I just installed a Tor server and I can see what the process is doing
in terms of CPU/bandwidth/memory pretty easily, but those stats aren't
all that interesting.  What would be more interesting would be to
collect statistics on the type of traffic exiting from my node, as
well as destinations.  This might be perfectly reasonable, for
example, if I were an academic researching anonymous
communication/free speech and took proper precautions to protect users
from identification.

My question is, what kinds of traffic analysis are legal (and ethical,
if you wish to speak to that), and would this be dependent on context?
 For example, would it be legal for an academic in the course of
research, but illegal for an ISP?  And if there are cases where it's
appropriate to treat Tor as more than a black box, are there
recommended/"approved" methods/tools for analyzing traffic.

And second, on a different track, the possibly evil operator in this
thread suggests that security through nobility is not good policy; it
leads to undiscovered vulnerabilities and a false sense of security. 
In general I tend to agree with this statement.  I don't advocate
breaking the law, but do think the network should be robust in the
face of isolated hostile operators.  That said, I think the network
could benefit from good operators doing their best to find
vulnerabilities  that an actual evil operator could find/exploit.

May I ask, do you agree that hostility, within the law or subject to
some (yet defined) set of ethical guidelines should be encouraged?  I
know you guys like to wax philosophical over there (and then blog it).
 I would be very interested in a legal/ethical/technical analysis of
this issue if someone is up for commenting on it.



On 6/8/05, Chris Palmer <chris@xxxxxxx> wrote:
> tor wrote:
> > yet another reason sniffing is a GOOD thing for tor operators...
> You are not a lawyer, you don't fully understand ECPA or ECPA-related
> case law, and you are giving stupid advice. Please stop doing this.
> Also, can you please tell me what the nickname of your Tor server is?
> I'd like to put it in my ExcludeNodes directive.

Parker Thompson