[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor use, online registration and plausible deniability


I read the thread about email providers blocking registration/signup
through Tor, and I have experienced the same problem on some forums.

But the regime often seems to be arbitrarily enforced -- you can't
register from a Tor exit node, but a VPN or simple web proxy will do. 
Alsosome services flag sign up from certain geographical locations or
IP ranges belonging to hosting providers but don't mind ordinary use
through Tor,
VPN or web proxies.

I have for some time thought that the solution might be a project
similar to BugMeNot or people collaborating across borders.

For example, a European or Asian needs an account on a social network,
email service or forum but doesn't want his IP exposed and and doesn't
want expose
to the admins that he is using Tor. He may want to have the signup go
through a residential IP in country X, because he for one reason or
another needs
plausible deniability.

If the signup goes through a "normal" residential non-Tor IP, but
ordinary use goes through Tor, the user can later claim plausible

- Yes, I signed up for the account several years ago, but I don't
recognize subsequent logins through Tor so the subversive political or
social commentary
was not by me but made by someone abusing my account.

if the registration and ordinary use is divided over multiple legal
jurisdictions with differing data retention regimes, it will be very
hard and expensive
to prove anything.

Add to this that legally an IP address is not a person, and that the
owner of the IP from which the signup was done would not necessarily
be held responsible
for how the account is used. 
Some countries either have no mandatory data retention or nonly very

I can see several benefits in such an approach, plausible deniability
for both the person using the account and plausible deniability for
the one "lending"
out his IP.

Only a forensic examination conducted on all equipment owned by the
lender of the IP shortly after the signup would reveal anything.

Is there any reason why such a privacy service does not exist?

People could make it profittable by doing registration on demand for

If you dont want your own home IP associated with your collaboration,
possible solutions include: Doing the registration from public
libraries, disposable
sim cards with internet access, neighbor's/friend's wifi, workplace,
school or other institution with an IP not likely to be flagged as
problematic by
the service.

What's your thoughts?
tor-talk mailing list