Re: Why TOR Operators SHOULD always sniff their exit traffic...

[tor <tor@xxxxxxxxxxxxxxx>]

No  chris I dont think you shall have that information.. AT present 
ANYONE can run a tor server and does.. this includes US government 
agencies to the best of my knowledge.. as far as what I do for a 
living.. you
really dont have a clue. Come to think of this if EFF is now relying 
upon laws to protect anonymity  instead of technology and thinking that 
evil tor operators will submit their servername for excludenode 
inclusion then your organization is NOT giving good anonymity advice.

oh and BTW chris.. your BIO as well as your title says nothing about a 
juris doctor(n.b. a law degree) nor do you carry an Esq. suffix on your 
name(neither do I but I do have the advantage of having a actually paid 
a criminal law specialist for examination of my businesses legal 
position in running a server, have YOU??)  


suffice to say that you have NO legal training to  make the claim my 
advice is stupid, and I have run a medium sized ISP as well as a Phone 
company with the legal advice I had to pay for, not obtain from someone 
who simply has the virtue of posting from an eff.org address and who is 
most definitely NOT a lawyer  nuff said in the meanwhile chris and the 
rest of the tor community that believe evil server operators will 
announce themselves  will indeed have a few sleepless nights over this 
email.
Invisible IRC inside of TOR is one way of further protecting oneself on IRC.

ECPA and related case law is something I am VERY familiar with from the 
government investigator viewpoint BTW
I havent given ANYONE legal advice here,only stated how I run  my 
server(s) and the legal basis on which I perform monitoring of traffic 
exiting my property. You may not like it ,too bad, hopefully yours and 
others usage patterns of tor and associated software will become mature 
so that traffic analysis and monitoring are not a threat to you 
personally, but they are done and NOT by myself alone. This is one of 
the initial threats we examined when the 2 NRL folks who invented tor  
approached myself and lucky at financial crypto in Anguilla to introduce 
tor and its inventors to the cypherpunk community.(It was a vastly 
different design in those days, solaris based :( and lots of other 
gotchas), I tend to implement EVERY attack possible at my node(s) to 
know what issues tor still has so I can avoid usage patterns that would 
tend to expose my true name as well as advise clients on its 
strengths/weaknesses.





         a "possibly evil" tor operator

ps prior to calling someone stupid in public really should know who you 
are talking to / calling out other wise one risks making "stoopid" errors.

ps the pgp/cypherpunk/remailer community was not really evolving until 
David Sternlight provided LOTS irritation to us and Detweiler and others 
thoroughly exploited every weakness the various nym servers and 
remailers had to offer.
I hope I can force this group to evolve as fast as the above forced the 
cypherpunk community to alter their code and practices for more 
anonymity than laws can offer maybe then tor and eff can offer real 
resistance to the onrushing faith based police state
snoops.

sheesh!


..Chris Palmer wrote:

> tor wrote:
>
>  
>
> > yet another reason sniffing is a GOOD thing for tor operators...
> >    
>
> You are not a lawyer, you don't fully understand ECPA or ECPA-related
> case law, and you are giving stupid advice. Please stop doing this.
>
> Also, can you please tell me what the nickname of your Tor server is?
> I'd like to put it in my ExcludeNodes directive.
>