[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why TOR Operators SHOULD always sniff their exit traffic...



[Please forgive me if I sound like an ass below.]

Guys, could we please be a bit more polite on the list?  This isn't
alt.privacy.anon-server.  Let's start applying the principle of
charity, okay?  Chris is not stupid.  If you are who I suspect you may
be, you aren't stupid either.

On Wed, Jun 08, 2005 at 09:50:21PM -0700, tor wrote:
 [...]
> Come to think of this if EFF is now relying 
> upon laws to protect anonymity  instead of technology and thinking that 
> evil tor operators will submit their servername for excludenode 
> inclusion then your organization is NOT giving good anonymity advice.

I don't believe that this is what Chris was saying.  Your response
would be reasonable if he had said "don't worry about hostile exit
nodes because they would be breaking the law."  Sure, that would be
stupid advice, but that's not what he said.  Instead, he said
something like "don't be a hostile exit node; eavesdropping on exit
node traffic may be against the law and may expose you to additional
liability for what you transport."  IMO, that's good advice.  (Yes, I
know, in your opinion, that's bad advice.  But it is advice about what
server ops should do, not about how clients should get anonymity.)

An analogy.  Chris has said "Don't steal from people's cars; it would
be illegal."  You have replied with "You must lock your car and not
leave valuables in it; laws are not enough to protect you."  You are
both right, but your response does not invalidate his statement.

> oh and BTW chris.. your BIO as well as your title says nothing about a 
> juris doctor(n.b. a law degree) nor do you carry an Esq. suffix on your 
> name(neither do I but I do have the advantage of having a actually paid 
> a criminal law specialist for examination of my businesses legal 
> position in running a server, have YOU??)

Chris works at EFF.  Chris spends all day talking with some of the
best lawyers I know.  Even if you are, say, the computer security
chief of a law office or another organization that needs to deal with
lawyers a lot, I would be quite surprised if you have received *more*
or *better* legal advice about your Tor node than he has about his, or
if the lawyers you spoke to understand Tor as well as those Chris
works with.

 [...]
>                                       in the meanwhile chris and the 
> rest of the tor community that believe evil server operators will 
> announce themselves  will indeed have a few sleepless nights over this 
> email.

There's a difference between these propositions:
   * All jerks will announce themselves as jerks.
   * There is no need to defend ourselves against unannounced jerks.
   * It is a good idea to limit the damage that known jerks can do.
   * When somebody announces, "I intend to be a jerk", it is a good idea
     to limit the damage he can do.

I don't think anyone here is naive enough to believe either of the
first two propositions.  Contrariwise, there is much to be said for
the second two.

>                       when the 2 NRL folks who invented tor  
> approached myself and lucky at financial crypto in Anguilla to introduce 
> tor and its inventors to the cypherpunk community.

Your anonymity set has just gotten very small.  :)

>                                                     (It was a vastly 
> different design in those days, solaris based :( and lots of other 
> gotchas), I tend to implement EVERY attack possible at my node(s) to 
> know what issues tor still has so I can avoid usage patterns that would 
> tend to expose my true name as well as advise clients on its 
> strengths/weaknesses.

Um.  Is there any advice that you can give us about how to improve
Tor, or how to improve the advice we give people about how to use Tor,
on the basis of your research?  Even knowing more about which attacks
work (or don't work) would help us resist them better.

Feel free to email the developers privately, if you'd prefer.

> ps prior to calling someone stupid in public really should know who you
> are talking to / calling out other wise one risks making "stoopid" errors.

Chris called your advice stupid, not you.  Even if he's right, you
would not be the first smart person to give people a bad impression of
the law on the Internet.  And despite what you say your lawyer has
told you, enough lawyers have told me otherwise that I do not think
that I would feel safe doing what you say you are doing.

 [...]
> I hope I can force this group to evolve as fast as the above forced the
> cypherpunk community to alter their code and practices for more
> anonymity than laws can offer maybe then tor and eff can offer real
> resistance to the onrushing faith based police state
> snoops.

Your approach is kinda pointless here wrt the Tor developers.  We
*know* that hostile nodes are possible and probably existent.  We
don't deny this, even though we encourage people to be honest.  If we
haven't addressed a particular threat, it isn't because of laziness or
complacency -- it's because we don't know about the threat, or don't
know how to fix it.  If you can tell us about specific threats we
don't know about, or ways to overcome threats that we *do* know about,
hooray.

Of course, if you think that the Tor developers have gotten lazy or
complacent, you could start by telling us so.

your friend,
-- 
Nick Mathewson

Attachment: pgpWNtAaahG56.pgp
Description: PGP signature