Re: German data rentention law

[Roger Dingledine <arma@xxxxxxx>]

On Sat, Oct 18, 2008 at 06:43:34PM -0400, 7v5w7go9ub0o wrote:
> Roger Dingledine wrote:
> 
> 
> <snip>
> 
> >>Otherwise, all german nodes have to switch to middle man.
> >
> <snip>

To be clear, I didn't write the above line.

> 1. Given that the ISP will have logs anyway, why disallow German exit 
> nodes?

A fine question. Hopefully as we learn more about what ISPs will log,
we will come to decide that having Tor exit relays in Germany doesn't
pose much risk -- as long as we take appropriate other steps to make
sure the other end of the circuit isn't logged by German ISPs too.

> 2. How about changing all TOR port useage - including relays and entry
> ports - to 443?
> 
> 'Twould be hard to know which are entry nodes, which are relays, and 
> which is browser traffic. That ought to make "mapping" the onion, and 
> ISP log analysis a little more challenging :-) .

It isn't just a matter of what port they listen on. So long as there's
a public list of Tor relays, then people can just compare IP addresses
they see to the public relay list. And that public relay list isn't
going away anytime soon, since Tor clients need it when picking a path.

But that said, hiding your first hop by using an entry guard that isn't
in the public relay list may be a fine strategy. We call these non-public
relays "bridges":
https://www.torproject.org/bridges

--Roger