[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: relay tidbits...



phobos@xxxxxxxxxxxxx wrote:
On Tue, Jun 03, 2008 at 03:41:26PM -0700, kyle.kwilliams@xxxxxxxxx wrote 6.1K bytes in 130 lines about:
: > I wonder if he's in the United States? If so, he could face serious
: > legal problems by having relayed child porn, and knowing about it
: > (instead of keeping his nose out, as a node operator always should).

Under Section 230 of the CDA, Tor should be protected as a provider of
an interactive computer service.  As there hasn't been a court case,
that I know of, this is unproven at this point.  There is plenty of
precedent to support this conclusion, however.

http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act


If Tor operators were protected by law, I would run a dozen Tor nodes. However, that is not the case in this day and age.

: I would rather know the truth and be able to make a decision about what I
: want to support than be blind sided by cops randomly showing up at my house
: claiming I did something bad and taking all my stuff.
: : Recall the gentlemen from Germany that went through a huge amount of
: bullshit because someone abused his node.
: I don't want to be that guy.

And this is the classic "chilling effect".  If you don't want Tor to
exist in the world, harass those that do by arrest and confiscation.  I
believe in the incidents in Germany, every node operator was found not
guilty and in most cases, their computers were returned.
If you personally don't want to fight for online anonymity, that's fine.
I hope you won't discourage those that do.


Oh, I encourage people all the time to use Tor, but along with that I encourage them to be secure and use the best Tor implementation possible. I don't want my friends and family being affected by some new bug.

Perhaps it is time for people to step back and realize what I've said for awhile now. Fighting vulnerabilities in Layer 7 of the OSI model will always be a reactive situation to new 0-days. We you are in a reactive situation to a 0-day, you've already lost and must scramble to get a patch out. By adapting Tor in layer 3 or layer 1 of the OSI model, or by putting into a completely separate OSI environment (VM), we can reduce the surface area of attacks on our anonymity from 0-days dramatically.

My old boss taught me a valuable lesson: Work smarter, not harder.

And for the record, I do fight for anonymity online by providing the most secure and 0-day resistant Tor implementation out there. Likewise, I've contributed my fair share of security bugs to Mike Perry, Roger, and Nick in a responsible manner.

So to say that I "personally don't want to fight for online anonymity", is fucking bullshit.

I'm starting to feel like the anti-hero of Tor. I change my views from full disclosure to responsible disclosure. I've helped in projects of others. I've given Roger my honest opinion when he asks for it. I've given away free software that is way more secure than all the other implementations out there.

<sarcasm with an angry tone>
WHAT THE FUCK MORE DO YOU WANT FROM ME?! Another 0-day?!
</sarcasm with an angry tone>