Re: More GSoC Ideas

[Ben Wilhelm <zorba-tor@xxxxxxxxxxxxx>]

Various comments on these, regarding why some of these are dubious ideas:

>   A. I had at least one connection to legal-preteen.com. I am willing
> to take some chances of getting into trouble with the law for the sake
> of avoiding internet censoship, but not to that end. Child pornography
> and The Great Firewall of China are two completely separate things.

You will never, ever, ever block all child porn websites. It's simply 
impossible. To make things worse, in the US there's at least some 
possibility that filtering things by content leaves you open for 
lawsuits based on what you didn't filter - meaning that blocking child 
porn websites might leave you liable for the ones you missed. From a 
purely PR perspective, people might also argue "well, he clearly knew 
child porn was being viewed through his server, and he kept his srever 
up! Burn him, he's a witch!"

>   B. I've had to block Google because my roomates were getting the
> nasty "this might be spyware" page and weren't all too happy about
> that.

I don't really have a problem with this one :) (Although if you can get 
a second IP from your ISP, this can be solved neatly - I have all Tor 
traffic going through its own special IP. Still, this is often impractical.)

>   C. I've blocked The Pirate Bay, and when I have time, will block
> other such sites. (See idea 2). If operators want to let tor users go
> through to those sites that's fine, I don't even care all that much
> except that I think the limited tor bandwidth can go to better uses.

The Pirate Bay itself uses extraordinarily little bandwidth, and to my 
knowledge nobody has ever been prosecuted for downloading .torrent 
files. The actual process of running the torrent doesn't necessarily 
even touch TPB (what with distributed hash tables and the like) and even 
the parts that do touch TPB use a minimal amount of bandwidth. 
Essentially, this doesn't do what you might think it does.

> 2. On *nix systems, make it easy for snort to filter out tor traffic
> on a protocol level. I realize there are plenty of legal uses for
> BitTorrent, Gnutella, etc., but most of them do not require anonymity
> in a strong sense. That is, they can get the same content through http
> (most of the time) anyway, and downloading a Linux distribution (or
> whatever) won't be flagged by most governments/agencies/whatever. It's
> my bandwidth, I have the right to let *others'* use it as I see fit.

First off, it's nearly impossible to make Tor capable of filtering on 
this sort of a level - the Tor client simply doesn't know what kind of 
traffic may be sent through it until the connection is already made, and 
thus it can't possibly avoid servers that disallow certain protocols. 
The only thing you could do here is sever connections as soon as you 
determine that it's the "wrong type" and this obviously has severe 
usability implications.

Second, an increasing number of protocols are encrypted, thanks to the 
efforts of Verizon and co - I certainly turn on encryption on my 
bittorrent client whenever I use it, and I don't even use it to download 
illegal stuff. Obviously anything encrypted will pass straight through 
your clever protocol filter.

> However, the last thing my parents
> need is the FBI knocking on their door wondering why they are visiting
> legal-preteen.com.

I think they may be even more irritated when you assure them that 
legal-preteen.com is blocked, and then the FBI shows up wanting to know 
why they're visiting hot-hot-hot-15-and-under.com :)

-Ben