Re: Suggestion: Many OR-ports would improve the network

[Cat Okita <cat@xxxxxxxxxxxx>]

On Fri, 15 Jun 2007, vikingserver@xxxxxxxxx wrote:
> Decentralized popular P2P with a wide variety of ports and
> "hubs/nodes/servers" are more successfull then Tor at helping persons in
> oppressed countries.

Let me ask a different question[0] - how do you think that "decentralized
popular P2P" helps people in oppressed countries?

> Tor has to become better in order to allow users in the whole world to
> reach every website in the world. But perhaps the goals is just to allow
> traffic in the western world from non restrictive networks?

I think you're mistaking my question here :)  There needs to be a balance
between privacy and freedom of access;  A piece of software that circumvents
any security checks that I've got in my environment is a great conduit
for incidents like the following[1]:

	http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxo
nomyName=security&articleId=9024491

	By Jaikumar Vijayan
	June 12, 2007
	Computerworld

	A Pfizer Inc. employee who installed unauthorized file-sharing software
	on a company laptop provided for use at her home has exposed the Social
	Security numbers and other personal data belonging to about 17,000
	current and former employees at the drug maker.

	Of that group, about 15,700 individuals actually had their data accessed
	and copied by an unknown number of persons on a peer-to-peer network,
	the company said in letters sent to affected employees and to state
	attorneys general alerting them of the breach.

I'd like to see some discussion around how privacy is preserved, and how
Tor continues to be a Good Thing (tm) for those of us that are in the
position of justifying why Tor should be allowed -for business reasons-,
rather than feel good reasons.

cheers!
[0] Yes, seriously - I don't know what your definition of "help" is...
[1] I'm aware that Tor isn't p2p file sharing software - but when Tor
takes on similar characteristics to p2p software, the results from the 
point of view of many infosec folk aren't that different.

> Cat Okita skrev:
> > On Thu, 14 Jun 2007, Nick Mathewson wrote:
> > > On Sat, Jun 09, 2007 at 03:28:09PM +0200, vikingserver@xxxxxxxxx wrote:
> > > > Is there a plan for TOR servers to be able to announce several OR-ports
> > > > and DIR-ports?
> > >
> > > There sorta is.  It's been a "nice-to-have" for a while, and I think
> > > it's a good idea.  Somebody should specify and implement it.  If
> > > there's a decent spec and patch on an 0.2.0.x timeframe, I'd love to
> > > check it in.
> > >
> > > Here's what would need to be in the proposal:
> > >
> > >  - Some way to configure which address:port combinations to listen
> > >    on, and/or which to advertise.
> >
> > I'd also like to see some discussion of the effect this is likely to have
> > in environments that need to ban or limit Tor.  Speaking only for
> > myself, in an environment where I need to keep a lid on Tor usage,
> > having to chase port settings around makes it more likely that I'm
> > going to
> > move from limiting Tor to just plain banning it.
> >
> > cheers!
> > ==========================================================================
> >
> > "A cat spends her life conflicted between a deep, passionate and profound
> > desire for fish and an equally deep, passionate and profound desire to
> > avoid getting wet.  This is the defining metaphor of my life right now."

==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."