[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: reconsidering default exit policy

At 15:24 -0500 on 2005/03/11, Jonathan D. Proulx wrote:
> On Fri, Mar 11, 2005 at 11:44:53AM -0800, Chris Palmer wrote:
> :To demonstrate this principle, set your firewall to block port 80.
> While I mostly agree with you, and admint there's a class of
> administrator that some how seems to miss the fact that they server
> their users not the othe way around, in this case I think it is fair
> to class them as distinct audiences.

I think you're conflating tor users with lusers (local users).

The abuse teams at various organizations will have to handle the complaints
about "bad" activity coming through tor nodes.  The tor users will not be
the local users the teams are supposed to support, but will rather be
outsiders creating annoyances and distractions from real work.  The user
communities and relative standings are distinct.

The balance needed is between a default exit policy that makes tor useful
and one that doesn't get too many tor nodes shut down when the operator
gets a nasty call from the provost, the ISP support desk, or a corporate

I answer abuse@ at a few places, and will be setting up tor nodes.  But
before I set up with an exit policy that allows anything, I have to
convince counsel, in advance, that the DMCA safe harbor terms apply and
protect the organization sufficiently.  Then I have to convince the rest of
the abuse team to tolerate the increased uselessgoddamnednoise.  The latter
will be more difficult in the long term :-).

Of course, not everyone who we want to have running a tor node can be in as
central a position.  Nor will most be as careful in advance.

Thus, instead of an ideologically pure 'allow everything we possibly can'
stance right now (with which I agree in principle), perhaps the default
exit policy should be tailored to minimizing shock and surprise when
higher-ups find out that someone is running a tor exit node.

Being more restrictive at the start may help maintain a more robust tor
network.  That kind of strategy can give us more time and chances to
convince people net-wide that IP-address-as-authenticator is no more useful
than CNID-as-authenticator.  The end goal of an open tor network can be
served, but more robustly.