[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [PATCH] contrib/tor-exit-notice.html url fix



On Mon, 22 Feb 2010 at 15:24, Sebastian Hahn wrote:
> Simply adding the doctype won't make something valid xhtml. The file is
> far from being valid, so we should fix that first before declaring our
> compliance.

Yes, I should've clarified: after fixing the URL I used tidy[0] and it 
spotted only two warnings:

# tidy -e contrib/tor-exit-notice.html 
line 1 column 1 - Warning: missing <!DOCTYPE> declaration
line 40 column 1 - Warning: <img> lacks "alt" attribute

After fixing these two, I assumed the document was now valid, but your 
comment made me double check with the "official" validator[1] - and it
failed miserably :-\

After playing around with a newer version of "tidy" and a lot of editing,
the document appears to be valid now. As the patch is rather big now (due
to line breaks, the content did not change), I've attached the .html as 
well.

Thanks,
Christian.

[0] http://tidy.sourceforge.net/
[1] http://validator.w3.org/

Signed-off-by: Christian Kujau <lists@xxxxxxxxxxxxxxx>

 tor-exit-notice.html |   67 +++++++++++++++++++++++++--------------------------
 1 file changed, 34 insertions(+), 33 deletions(-)

diff --git a/tor-exit-notice.html.orig b/tor-exit-notice.html
index 4ab028f..68218a5 100644
--- a/tor-exit-notice.html.orig
+++ b/tor-exit-notice.html
@@ -1,5 +1,9 @@
-<html>
+<?xml version="1.0"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
 <head>
+<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <title>This is a Tor Exit Router</title>
 
 <!--
@@ -19,29 +23,29 @@ They are marked with FIXME.
 -->
 
 </head>
-<body bgcolor=white text=black>
+<body>
 
-<center><h1>This is a Tor Exit Router</h1></center>
+<p style="text-align:center; font-size:xx-large; font-weight:bold">This is a Tor Exit Router</p>
 
-<p>Most likely you are accessing this website because you had some issue with
+<p>
 the traffic coming from this IP. This router is part of the <a
 href="https://www.torproject.org/";>Tor Anonymity Network</a>, which is
-dedicated to <a href="https://www.torproject.org/30seconds.html.en";>providing
+dedicated to <a href="https://www.torproject.org/overview.html";>providing
 privacy</a> to people who need it most: average computer users. This
 router IP should be generating no other traffic, unless it has been
-compromised.
-
-<p>
+compromised.</p>
 
 
 <!-- FIXME: you should probably grab your own copy of how_tor_works_thumb.png
-and serve it locally -->
-<center><a href="https://www.torproject.org/overview.html";>
-<img src="https://www.torproject.org/images/how_tor_works_thumb.png";></a></center>
+     and serve it locally -->
 
-<p>
+<p style="text-align:center">
+<a href="https://www.torproject.org/overview.html";>
+<img src="https://www.torproject.org/images/how_tor_works_thumb.png"; alt="How Tor works" style="border-style:none"/>
+</a></p>
 
-Tor sees use by <a href="https://www.torproject.org/torusers.html.en";>many
+<p>
+Tor sees use by <a href="https://www.torproject.org/torusers.html";>many
 important segments of the population</a>, including whistle blowers,
 journalists, Chinese dissidents skirting the Great Firewall and oppressive
 censorship, abuse victims, stalker targets, the US military, and law
@@ -59,44 +63,41 @@ powerful networks</a> than Tor on a daily basis. Thus, in the mind of this
 operator, the social need for easily accessible censorship-resistant private,
 anonymous communication trumps the risk of unskilled bad actors, who are
 almost always more easily uncovered by traditional police work than by
-extensive monitoring and surveillance anyway.
+extensive monitoring and surveillance anyway.</p>
 
 <p>
-
 In terms of applicable law, the best way to understand Tor is to consider it a
 network of routers operating as common carriers, much like the Internet
 backbone. However, unlike the Internet backbone routers, Tor routers
 explicitly do not contain identifiable routing information about the source of
 a packet, and no single Tor node can determine both the origin and destination
-of a given transmission.
+of a given transmission.</p>
 
 <p>
-
 As such, there is little the operator of this router can do to help you track
 the connection further. This router maintains no logs of any of the Tor
 traffic, so there is little that can be done to trace either legitimate or
 illegitimate traffic (or to filter one from the other).  Attempts to
-seize this router will accomplish nothing.
-<p>
+seize this router will accomplish nothing.</p>
 
-<!--- FIXME: US-Only section. Remove if you are a non-US operator -->
+<!-- FIXME: US-Only section. Remove if you are a non-US operator -->
 
+<p>
 Furthermore, this machine also serves as a carrier of email, which means that
 its contents are further protected under the ECPA. <a
 href="http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002707----000-.html";>18
 USC 2707</a> explicitly allows for civil remedies ($1000/account
-<i><b><u>plus</u></b></i>  legal fees)
+<i><b>plus</b></i>  legal fees)
 in the event of a seizure executed without good faith or probable cause (it
 should be clear at this point that traffic with an originating IP address of
 FIXME_DNS_NAME should not constitute probable cause to seize the
 machine). Similar considerations exist for 1st amendment content on this
-machine.
-
-<p>
+machine.</p>
 
 <!-- FIXME: May or may not be US-only. Some non-US tor nodes have in
-fact reported DMCA harassment... -->
+     fact reported DMCA harassment... -->
 
+<p>
 If you are a representative of a company who feels that this router is being
 used to violate the DMCA, please be aware that this machine does not host or
 contain any illegal content. Also be aware that network infrastructure
@@ -106,35 +107,35 @@ href="http://www4.law.cornell.edu/uscode/html/uscode17/usc_sec_17_00000512----00
 "safe harbor" provisions</a>. In other words, you will have just as much luck
 sending a takedown notice to the Internet backbone providers. Please consult
 <a href="https://www.torproject.org/eff/tor-dmca-response.html";>EFF's prepared
-response</a> for more information on this matter.
+response</a> for more information on this matter.</p>
 
-<p>For more information, please consult the following documentation:
+<p>For more information, please consult the following documentation:</p>
 
 <ol>
 <li><a href="https://www.torproject.org/overview.html";>Tor Overview</a></li>
 <li><a href="https://www.torproject.org/faq-abuse.html";>Tor Abuse FAQ</a></li>
 <li><a href="https://www.torproject.org/eff/tor-legal-faq.html";>Tor Legal FAQ</a></li>
 </ol>
-<p>
 
+<p>
 That being said, if you still have a complaint about the router,  you may
 email the <a href="mailto:FIXME_YOUR_EMAIL_ADDRESS";>maintainer</a>. If
 complaints are related to a particular service that is being abused, I will
 consider removing that service from my exit policy, which would prevent my
 router from allowing that traffic to exit through it. I can only do this on an
 IP+destination port basis, however. Common P2P ports are
-already blocked.
+already blocked.</p>
 
-<p>You also have the option of blocking this IP address and others on
+<p>
+You also have the option of blocking this IP address and others on
 the Tor network if you so desire. The Tor project provides a <a
-href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/exitlist";>python script</a> to
+href="https://check.torproject.org/cgi-bin/TorBulkExitList.py";>python script</a> to
 extract all IP addresses of Tor exit nodes, and an official <a
 href="https://www.torproject.org/tordnsel/";>DNSRBL</a> is also available to
 determine if a given IP address is actually a Tor exit server. Please
 be considerate
 when using these options. It would be unfortunate to deny all Tor users access
-to your site indefinitely simply because of a few bad apples.
+to your site indefinitely simply because of a few bad apples.</p>
 
 </body>
 </html>
-
-- 
BOFH excuse #445:

Browser's cookie is corrupted -- someone's been nibbling on it.
Title: This is a Tor Exit Router

This is a Tor Exit Router

the traffic coming from this IP. This router is part of the Tor Anonymity Network, which is dedicated to providing privacy to people who need it most: average computer users. This router IP should be generating no other traffic, unless it has been compromised.

How Tor works

Tor sees use by many important segments of the population, including whistle blowers, journalists, Chinese dissidents skirting the Great Firewall and oppressive censorship, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. While Tor is not designed for malicious computer users, it is true that they can use the network for malicious ends. In reality however, the actual amount of abuse is quite low. This is largely because criminals and hackers have significantly better access to privacy and anonymity than do the regular users whom they prey upon. Criminals can and do build, sell, and trade far larger and more powerful networks than Tor on a daily basis. Thus, in the mind of this operator, the social need for easily accessible censorship-resistant private, anonymous communication trumps the risk of unskilled bad actors, who are almost always more easily uncovered by traditional police work than by extensive monitoring and surveillance anyway.

In terms of applicable law, the best way to understand Tor is to consider it a network of routers operating as common carriers, much like the Internet backbone. However, unlike the Internet backbone routers, Tor routers explicitly do not contain identifiable routing information about the source of a packet, and no single Tor node can determine both the origin and destination of a given transmission.

As such, there is little the operator of this router can do to help you track the connection further. This router maintains no logs of any of the Tor traffic, so there is little that can be done to trace either legitimate or illegitimate traffic (or to filter one from the other). Attempts to seize this router will accomplish nothing.

Furthermore, this machine also serves as a carrier of email, which means that its contents are further protected under the ECPA. 18 USC 2707 explicitly allows for civil remedies ($1000/account plus legal fees) in the event of a seizure executed without good faith or probable cause (it should be clear at this point that traffic with an originating IP address of FIXME_DNS_NAME should not constitute probable cause to seize the machine). Similar considerations exist for 1st amendment content on this machine.

If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA "safe harbor" provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please consult EFF's prepared response for more information on this matter.

For more information, please consult the following documentation:

  1. Tor Overview
  2. Tor Abuse FAQ
  3. Tor Legal FAQ

That being said, if you still have a complaint about the router, you may email the maintainer. If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however. Common P2P ports are already blocked.

You also have the option of blocking this IP address and others on the Tor network if you so desire. The Tor project provides a python script to extract all IP addresses of Tor exit nodes, and an official DNSRBL is also available to determine if a given IP address is actually a Tor exit server. Please be considerate when using these options. It would be unfortunate to deny all Tor users access to your site indefinitely simply because of a few bad apples.