Am 31.10.2008 um 06:03 schrieb Roger Dingledine:
I'm still surprised at all the people who think the choice is between keeping their Tor relay without logs or adding logging. The choice is to keep the relay running with no logs, or to shut down the relay. Let's beat it here and now, rather than letting them gnaw us to death.
I will also not log even after January 1st. And I am fighting against the law. But I was talking about the last resort, if a court will decide that Tor operators have to log.
To your fours reasons:
First, Tor isn't actually that bulletproof against a distributed attacker (see all the recent papers we've been adding to http://freehaven.net/anonbib/ as well as the upcoming attack papers we keep hearing rumors about), and we don't want to make the job even easier by making each of these relays into a juicy data target.
Unfortunately I don't have time now to go through the papers in detail now, but what about Racoons calculations? Don't they apply to these papers?
Second, the rest of the Tor community would not easily believe that trading off network security for network capacity in this way is a tradeoff they want.
How do you know that?
Third, if Tor tolerates this law because its network architecture resists it, and we let the law survive, then the next iteration of the law willbe better adapted to Tor's threat model.
If we switch off the Tor nodes, it's like the law was well adapted from the beginning. So at least we gain more time. (If Tor "tolerates" the law or not will not influence legislation.)
Fourth, we don't want to undermine the effort to make this data retentionlaw go away, by showing "oh, the law isn't so bad".
I didn't suggest that. I'm talking about the time _after_ we lost the fight against it.
Regards, Sven
Attachment:
smime.p7s
Description: S/MIME cryptographic signature