Re: Why TOR Operators SHOULD always sniff their exit traffic...

[Chris Palmer <chris@xxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Parker Thompson wrote:

> I'm not so interested in specific legal advice, more a high level
> discussion of when it is good to be a bad guy, and when you're being
> bad for the sake of being good what are the ethical considerations
> and, with respect to Tor (it'll differ case to case) legal
> implications of doing so.
> 
> I would think this would be a perfect discussion to have in the
> context of Tor, and perhaps the kind of thing the EFF could turn into
> a compelling policy paper to guide the development of this and other
> projects.  Further, I see this as far preferable to letting operators
> develop their own best practices on an ad-hoc basis.

I understand the need, and I'll fly it past our lawyers to see what they
think about drafting such a policy paper. They are unlikely to make
strong, specific, forward-looking legal statements, of course.

I can tell you what I do, which I regard as reasonably safe and polite.

I run three Tor servers: one at EFF (confidence), one on a machine some
friends and I share (explosivenoodle), and one on my home DSL line
(livingcolour). confidence and explosivenoodle I run in middleman mode,
to minimize annoyance and potential liability for my employer and
friends (respectively). (EFF is considering running an exit server, but
we aren't yet.) livingcolour uses the default exit policy. All three
servers are rate-limited to about 20Kb/s because bandwidth is either
donated and I want to be nice (explosivenoodle), or limited (confidence
and livingcolour). I don't sniff traffic on any of these three hosts,
and I log at warn level, using debug level only for limited times when I
actually am trying to debug something (rarely). All three machines are
kept up-to-date and run only services I actually use.

I don't commit abuse through Tor when I use it. That's easy -- "Oops, I
didn't troll on IRC again!"

I sometimes drive around in the Tor source tree for fun and learning,
but I haven't found any security bugs. If I did, I would simply tell
Roger and Nick. I have reported a few security-irrelevant bugs (and, I
sheepishly admit, non-bugs) to R and N and they have fixed them fast.
There was once a problem with bad interaction between two configuration
directives, for example, which caused Tor not to start. Nick fixed it in
minutes.

Hence, for basic operation and examination, the existing norms of the
competent sys admin and white hat security researcher communities apply.

As for passing "bad" traffic, so far I haven't heard from my ISP about
any problems with my exit node. Maybe I'm just lucky. There are various
types of complaints, and different responses are called for in different
circumstances. Get legal counsel, possibly the EFF. See also the Legal
FAQ and our DMCA response template
(http://tor.eff.org/eff/tor-dmca-response.html). Everyone has different
responses to complaints, resulting from the specifics of their
situation, their beliefs and temperaments, the nature of the complaint,
their relationship with the complainant and with their connectivity
provider, various jursidictional issues, and so on. It's hard to make
any general a priori statements about what to do, other than "Call
EFF!". That's obviously what I would do. :)

I don't know if that helps you or answers your question. I'll state
again that the non-dangerous techniques I mentioned in my previous email
have proven helpful in finding bugs in other software products. Roger
and Nick welcome substantive bug reports, and they take security very
seriously.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD4DBQFCqMJ1sobNj2jkCc0RAleWAJY+UhsSszpQWcMSo8V/xorMc91zAKDRmuR2
Q9qiIx4IazCtchqaajqN9A==
=Q78H
-----END PGP SIGNATURE-----