i am not a lawyer either, but i can say something about the legal situation in germany. but please don't try to hold me responsible for my guesswork. also note that german law changes quite rapidly, terrorism and foreigners and all. the ANON project (anon.inf.tu-dresden.de) is running pretty fat anonymizing exit points and thus has fequent contact with offended webmasters and the law. three things that are potentially bad for you as an exit point operator can happen: 1) a fraction of the random people pissed off through your node, will piss off people in your organisation in return, e.g. by writing aggressive e-mails. this *may* have unpleasant political implications, for instance if you are a university and your facutly dean doesn't understand what your research project is about. 2) you may receive a fax from the police requesting the contents of access logs. given a time and source IP, you are requested to reveal the name and address of the responsibel user. if you explain to them that you don't have that kind of information, they tend to give up gently. most of the people in the german police forces working on internet crime have by now learned about this technology. (if you are running a DSL node, the police is likely to contact you as the suspect right away, if anybody finds out how that goes i'd really like to know. my bet would be that if you don't have any explosives stashed under your bed and they can find an operational tor server installed on your confiscated PC you should be reasonably safe. just keep an old backup PC at your friend's place... :-) 3) in very rare cases, you may receive a request for surveillance of future traffic. reasons for this may be offenses like child pornography or terrorism (i guess). if that happens to you, you still have time to change your exit policy to "nothing exits", if you can't come up with a better plan. german police tried this once in dresden, and they got burned badly: a court ordered the deletion of the obtained IP address and punishment of the involved policemen. any more guesswork or stories anyone? any other countries? cheers, matthias On Tue, Mar 01, 2005 at 03:03:51PM -0700, jeff wrote: > To: or-talk@xxxxxxxxxxxxx > From: jeff <moe@xxxxxxxxxxxxxxxx> > Subject: "cracks" via tor > Organization: Brixton Linux Action Group > Reply-To: or-talk@xxxxxxxxxxxxx > > I just got a complaint from someone who said one of my servers > (running a tor daemon) had a "hacker" on it trying to break > into his website. He sent me some log entries, which had some > pretty tame "foo.pl?user=bill" type of hits. > > While this doesn't look like the crack of the century, it does > pose an interesting question in that if someone is trying to do > web exploits via tor, how can such a thing be prevented? I > can't think of any way. > > Could this have some dodgy legal implications for people running > tor servers? I'm sure EFF has something to say about this. ;) > > Thanks, > > -Jeff > > P.S. Fedora Core 3 tor RPMs @ > ftp://ftp.blagblagblag.org/pub/BLAG/linux/30000/en/os/i386/BLAG/RPMS/
Attachment:
signature.asc
Description: Digital signature