[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: More GSoC Ideas
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: More GSoC Ideas
- From: "Jonathan Addington" <madjon@xxxxxxxxx>
- Date: Fri, 21 Mar 2008 15:09:52 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 21 Mar 2008 16:09:59 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=SuBXQWf7ZSZI5BzZfBzlWGZjGvn1CqHvXqN0s0XYtfY=; b=iAi/mWeAMit1k/4gopuWudv2Ic13iY6JSdS0gLkbpqQlFLr8mOM9/nISWk5VCbfOYs6NTUJ11zZLQOVzzDEERD3j3DUMqHWrh7DhCZM5UR4K8boDnCa3hclTXGsqzTbILRWrMWXYzxqoYAzPx59NB1obdpj1qzalKkfeaXgv71Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Q/mT1W0I/M8ngoSzwAszRBTa6ynNcur6bJML8J+Q30IjLlnsJEejtisazun7/2B6kvYsDmfIbwHeeb8nVA63vz6ALUqXmQCz/D0a3GlwwYP6i5O7L0d+amZNOWXlYmuU5GzLzl2RBSHFb7ZknEzI8YE/3rrSOXiSIggDt1IKVK4=
- In-reply-to: <47E40D43.6020608@xxxxxxxxxxxxx>
- References: <1da45f2a0803211222g6fc07497l1b4e7ff66e0c1cf1@xxxxxxxxxxxxxx> <47E40D43.6020608@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I didn't expect a very warm response, glad to see I wasn't disappointed!
On Fri, Mar 21, 2008 at 2:32 PM, Ben Wilhelm <zorba-tor@xxxxxxxxxxxxx> wrote:
> Various comments on these, regarding why some of these are dubious ideas:
> > A. I had at least one connection to legal-preteen.com. I am willing
> > to take some chances of getting into trouble with the law for the sake
> > of avoiding internet censoship, but not to that end. Child pornography
> > and The Great Firewall of China are two completely separate things.
> You will never, ever, ever block all child porn websites. It's simply
> impossible. To make things worse, in the US there's at least some
> possibility that filtering things by content leaves you open for
> lawsuits based on what you didn't filter - meaning that blocking child
> porn websites might leave you liable for the ones you missed. From a
> purely PR perspective, people might also argue "well, he clearly knew
> child porn was being viewed through his server, and he kept his srever
> up! Burn him, he's a witch!"
I don't expect to ever block all such traffic.
> > B. I've had to block Google because my roomates were getting the
> > nasty "this might be spyware" page and weren't all too happy about
> > that.
> I don't really have a problem with this one :) (Although if you can get
> a second IP from your ISP, this can be solved neatly - I have all Tor
> traffic going through its own special IP. Still, this is often impractical.)
I can't even get a static IP without being nickeled and dimed to death.
> > C. I've blocked The Pirate Bay, and when I have time, will block
> > other such sites. (See idea 2). If operators want to let tor users go
> > through to those sites that's fine, I don't even care all that much
> > except that I think the limited tor bandwidth can go to better uses.
> The Pirate Bay itself uses extraordinarily little bandwidth, and to my
> knowledge nobody has ever been prosecuted for downloading .torrent
> files. The actual process of running the torrent doesn't necessarily
> even touch TPB (what with distributed hash tables and the like) and even
> the parts that do touch TPB use a minimal amount of bandwidth.
> Essentially, this doesn't do what you might think it does.
Yeah, I don't care much about the .torrent files because they are so
small. It just makes it a little bit harder for them to start running
a torrent through my server in the first place.
> > 2. On *nix systems, make it easy for snort to filter out tor traffic
> > on a protocol level. I realize there are plenty of legal uses for
> > BitTorrent, Gnutella, etc., but most of them do not require anonymity
> > in a strong sense. That is, they can get the same content through http
> > (most of the time) anyway, and downloading a Linux distribution (or
> > whatever) won't be flagged by most governments/agencies/whatever. It's
> > my bandwidth, I have the right to let *others'* use it as I see fit.
> First off, it's nearly impossible to make Tor capable of filtering on
> this sort of a level - the Tor client simply doesn't know what kind of
> traffic may be sent through it until the connection is already made, and
> thus it can't possibly avoid servers that disallow certain protocols.
> The only thing you could do here is sever connections as soon as you
> determine that it's the "wrong type" and this obviously has severe
> usability implications.
> Second, an increasing number of protocols are encrypted, thanks to the
> efforts of Verizon and co - I certainly turn on encryption on my
> bittorrent client whenever I use it, and I don't even use it to download
> illegal stuff. Obviously anything encrypted will pass straight through
> your clever protocol filter.
Not looking for perfection, and not looking for *tor* to do any
filtering (in either of the cases I described), programs such as snort
and squid can be configured to do just that, but it's not easy.
> > However, the last thing my parents
> > need is the FBI knocking on their door wondering why they are visiting
> > legal-preteen.com.
> I think they may be even more irritated when you assure them that
> legal-preteen.com is blocked, and then the FBI shows up wanting to know
> why they're visiting hot-hot-hot-15-and-under.com :)
I am not looking for perfection in any of this. Tor is not perfect, it
isn't even made to be (every time I start up my server it reminds me
not to rely on it for "strong anonymity." I am looking at changing
*probabilities*. If running an exit node is perceived as "safer" for
more people, it might be easier to get non-techies/geeks to run (exit)
I'd love to see the idea at least discussed (if somewhat informally)
before simple dismissal.