i am not a lawyer either, but i can say something about the legal
situation in germany. but please don't try to hold me responsible for
my guesswork. also note that german law changes quite rapidly,
terrorism and foreigners and all.
the ANON project (anon.inf.tu-dresden.de) is running pretty fat
anonymizing exit points and thus has fequent contact with offended
webmasters and the law. three things that are potentially bad for you
as an exit point operator can happen:
1) a fraction of the random people pissed off through your node, will
piss off people in your organisation in return, e.g. by writing
aggressive e-mails. this *may* have unpleasant political
implications, for instance if you are a university and your
facutly dean doesn't understand what your research project is
about.
2) you may receive a fax from the police requesting the contents of
access logs. given a time and source IP, you are requested to
reveal the name and address of the responsibel user. if you
explain to them that you don't have that kind of information, they
tend to give up gently. most of the people in the german police
forces working on internet crime have by now learned about this
technology.
(if you are running a DSL node, the police is likely to contact
you as the suspect right away, if anybody finds out how that goes
i'd really like to know. my bet would be that if you don't have
any explosives stashed under your bed and they can find an
operational tor server installed on your confiscated PC you should
be reasonably safe. just keep an old backup PC at your friend's
place... :-)
3) in very rare cases, you may receive a request for surveillance of
future traffic. reasons for this may be offenses like child
pornography or terrorism (i guess). if that happens to you, you
still have time to change your exit policy to "nothing exits", if
you can't come up with a better plan.
german police tried this once in dresden, and they got burned
badly: a court ordered the deletion of the obtained IP address and
punishment of the involved policemen.
any more guesswork or stories anyone? any other countries?
cheers,
matthias
On Tue, Mar 01, 2005 at 03:03:51PM -0700, jeff wrote:
> To: or-talk@xxxxxxxxxxxxx
> From: jeff <moe@xxxxxxxxxxxxxxxx>
> Subject: "cracks" via tor
> Organization: Brixton Linux Action Group
> Reply-To: or-talk@xxxxxxxxxxxxx
>
> I just got a complaint from someone who said one of my servers
> (running a tor daemon) had a "hacker" on it trying to break
> into his website. He sent me some log entries, which had some
> pretty tame "foo.pl?user=bill" type of hits.
>
> While this doesn't look like the crack of the century, it does
> pose an interesting question in that if someone is trying to do
> web exploits via tor, how can such a thing be prevented? I
> can't think of any way.
>
> Could this have some dodgy legal implications for people running
> tor servers? I'm sure EFF has something to say about this. ;)
>
> Thanks,
>
> -Jeff
>
> P.S. Fedora Core 3 tor RPMs @
> ftp://ftp.blagblagblag.org/pub/BLAG/linux/30000/en/os/i386/BLAG/RPMS/
Attachment:
signature.asc
Description: Digital signature