[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Danish data retention on steroids

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Danish data retention on steroids
From: Niels Elgaard Larsen <elgaard@xxxxxxx>
Date: Fri, 29 Jan 2016 16:57:11 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Jan 2016 11:14:42 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I come from a meeting in the Danish ministry of Justice this afternoon,

They plan to reintroduce the data retention of Internet sessions.

It was scrapped in 2014 after the European Data Retention Directive was
declared invalid by the Court of Justice of the European Union.

But now Denmark plans to require data retention much more invasive than
both the old directive and the pre 2014 danish implementation of.

The most technical interestion points are:

* Logging of session (e.g. a TCP connection), IP addresses and ports in
boths ends.
* Timestamps
* NAT mapping
* Session volume (number of bytes)
* Geo position of mobile data sessions

The volume logging is a new idea.

So for TOR:

1. Tor would kill this right at the entry-node? Even a user fired up
TorBrowser, typed in http://example.com/foo.mp4, watched the video and
closed the brower, there would be enough negoitiation to obfuscate the
bytecount?

2. If a Tor user in Denmark, even using all non-Danish Tor nodes post
something using HTTP POST to a public blog, even one outside Denmark:
could the TOR user be identified given that probably what he posted is
public as well as the timestamp and that the size of POST can be
trivially calculated?

3. How many Danish Tor nodes in a circuit would you be comfortable with?

-- 
Niels Elgaard Larsen
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Danish data retention on steroids
  - From: aka
- Re: [tor-talk] Danish data retention on steroids
  - From: Anders Andersson

Prev by Author: Re: [tor-talk] Funding Tor Development trough Referral/Affiliate Marketing
Next by Author: [tor-talk] Danish data retention on steroids
Previous by thread: Re: [tor-talk] OT: Bitmessage
Next by thread: Re: [tor-talk] Danish data retention on steroids
Index(es):
- Author
- Thread