[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re[2]: Protecting exit-nodes by GeoIP based policy

There is a flaw with this, which has been discussed before.

What keeps the chinese government from running a server in the US or
anywhere else? They are not limited by their borders.


Sunday, September 10, 2006, 5:04:07 PM, you wrote:

> This is a good idea.
> I had nearly the same.

> Maybe it could be solved even easier.
> The server-config just needs an option to set "mycountry".

> when establishing an onion-route the client should
> simply choose an exitnode where mycountry is not equal
> to the country of the server he wants to connect.

> so.. exitnodes of country a will connect to targets in country b and c
> and vice versa.

> basically what you suggested, but forced.

> Enrico Scholz schrieb:
>> Hello,
>> I just had the idea which can help to protect exit-nodes against some
>> kinds of legal prosecution. Basically, it would be policy to Tor servers
>> which says "do not connect into country XY". Such a rule does not increase
>> anonymity but would require that legal actions (e.g. confiscations) must
>> be performed in another country than this where the crime happened. This
>> is a much higher hurdle, especially for lower delinquencies.
>> I see two steps how this policy can be implemented:
>> A. On client side
>>  1. add a new option, e.g. 'Jurisdiction' with possible values of
>>     * 'other'  ... when set, do not use an exit-node when it is the same
>>                    jurisdiction as the target-ip; this should be the
>>                    default on new installations
>>     * 'same'   ... use an exit-node only, when it is in the same
>>                    jurisdiction (just for completeness...)
>>     * 'ignore' ... ignore jurisdiction (same behavior as now)
>>     * a country code  ...  use only exit-nodes within this country; a
>>                    negated format should exist too
>>  2. when choosing path, use only exit-nodes which are following the
>>     constraint above
>> B. On (exit-)node side
>>  1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
>>     codes and perhaps special values like '%same'. Behavior is similar
>>     to the client side option mentioned above
>>  2. Tor protocol/meta data must be changed to transmit this option
>>  3. node forbids connections which are violating the policy
>> The decision whether a node and a target are in the same jurisdiction can
>> be done e.g. by a GeoIP like service. A problem might be the license:
>> GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
>> and Tor has to implement own parsing routines. Perhaps, similar projects
>> exist.
>> Enrico