[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Protecting exit-nodes by GeoIP based policy



Hello,

I just had the idea which can help to protect exit-nodes against some
kinds of legal prosecution. Basically, it would be policy to Tor servers
which says "do not connect into country XY". Such a rule does not increase
anonymity but would require that legal actions (e.g. confiscations) must
be performed in another country than this where the crime happened. This
is a much higher hurdle, especially for lower delinquencies.

I see two steps how this policy can be implemented:

A. On client side

 1. add a new option, e.g. 'Jurisdiction' with possible values of
    * 'other'  ... when set, do not use an exit-node when it is the same
                   jurisdiction as the target-ip; this should be the
                   default on new installations
    * 'same'   ... use an exit-node only, when it is in the same
                   jurisdiction (just for completeness...)
    * 'ignore' ... ignore jurisdiction (same behavior as now)
    * a country code  ...  use only exit-nodes within this country; a
                   negated format should exist too

 2. when choosing path, use only exit-nodes which are following the
    constraint above


B. On (exit-)node side

 1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
    codes and perhaps special values like '%same'. Behavior is similar
    to the client side option mentioned above

 2. Tor protocol/meta data must be changed to transmit this option

 3. node forbids connections which are violating the policy


The decision whether a node and a target are in the same jurisdiction can
be done e.g. by a GeoIP like service. A problem might be the license:
GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
and Tor has to implement own parsing routines. Perhaps, similar projects
exist.



Enrico

Attachment: pgpfpV77qurSY.pgp
Description: PGP signature