[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR on Academic networks (problem)

we are essentially saying that it's impossible to do research with
anonymity tools in this kind of environment.  We have the benefit of
having a receptive ear amongst the security folks on campus who would
like to do away with IP-based authentication. -Joe

On 5/16/06, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:

On May 16, 2006, at 4:32 PM, Michael Holstein wrote:

>> Specifically, we're arguing to various administrative and technical
>> committees that the whole damn network shouldn't be trusted by
>> services that we subscribe to... and instead, the proxy service that
>> berkeleyites use to connect to library services off campus should be
>> used on campus too (so that a much smaller segment of our network is
>> "trusted").
> We actually already have this as well .. a proxy that allows
> internal users to breeze through, and external ones to
> authenticate. Why the journals think it fit to trust a /16 or
> greater is beyond me.
Are the on-campus proxies really necessary in that case?
> Problem is .. I don't think they'll buy the argument "you need to
> change your way of doing things so I can offer an anonymous proxy
> and not cause you problems". They'll just say "why run the proxy at
> all?".
> For the short-term, I wrote a script that wgets the library's list
> of subscriptions, and munges that to get the unique domain links,
> and puts those into /etc/hosts with bogus addresses that are denied
> by the exit policy (eg: some.domain). Yes, I realize this
> doesn't prevent access by IP, but if I can keep out 95% of the
> miscreants, that's fine by me.
> I hate to break things on purpose, but I do have to dance around a
> bit to keep this going.
> My biggest mistake perhaps was actually giving the library folks an
> honest answer when they asked .. had I just said "oh .. I'll look
> into that" and fixed it, they'd have happily gone away. Instead, I
> sent them the boiler-plate response about TOR and they started
> asking questions.
> Lesson learned : don't call TOR an "anonymous proxy". It's a
> "privacy router designed to help the Chinese".
Try making up some other excuse, like being able to track who is
accessing journal articles and with what frequency.  I think that
will work.
> /mike.

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information