[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Marketing Tor (Was Re: For those using Tor with windows)

On Wed, Nov 16, 2005 at 08:24:13AM -0500, Jeffrey F. Bloss wrote:
> Hash: SHA1
> On Wednesday 16 November 2005 12:48 am, Nick Mathewson wrote:
> <snippage>
> >      unless I'm missing something, this is in violation of clause 3 of
> >      the GPL.
> Speaking of the law, what would be your legal and/or ethical 'spin'
> on the proposition that someone would set up multiple Tor clients
> and sell access to them as a feature of a subscription "anonymity"
> service?  This scenario assumes none of these "access points" are
> giving anything back to the Tor network. That clients' SSH
> connections are simply being piped through a local copy of Tor
> running in client mode.

Legally: I'm not a lawyer, but as far as I know nothing in the Tor license
would keep you from doing this.  (You mention the GPL below, but
that's irrelevant: Tor isn't licensed under the GPL.  When I mentioned
the GPL above, I was talking above about a program called wget.)

Ethically: I think it's a little bit dubious to re-sell bandwidth that
others are giving away for free and contribute nothing in return.

Strategically: It's self-defeating.  If the service remains small, it
probably won't be very profitable. If it becomes large, then it will
strain the network, performance will degrade, and their users will
leave.  Of course, there's a tragedy-of-the-commons scenario here,
where everybody has it in their interest to extract more than they
contribute, but our design has this problem anyway. (See summary in
3.3. of http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf .)

> I don't see where this would be "illegal" under the GPL or your own LICENSE, 
> but maybe I'm missing something. I believe it's ethically abhorrent to use 
> free software for profit like this, but I don't see any real
> recourse.

Well, I'd disagree.  It's indeed abhorrent to steal people's work
without permission, but it seems a bit silly to call people evil for
doing with Tor what the software developers have explicitly given them
permission to do.  The Tor license does not restrict our software from
being used as part of proprietary commercial products, so long as the
conditions are met.

This isn't to say that anything goes, of course.  The license is
pretty explicit: No taking our names off it, no taking the license off
it, no pretending we endorse you.  I'd also call it slimy to release
less-secure variants and pretend they're as good, or not to
acknowledge publicly where the software came from.  (Releasing a
proprietary version would also be bad PR IMO.  On the one hand, only
clueless people would trust it.  On the other hand, why bother
building off Tor if you're only trying to sell to clueless customers?
Give them a one-hop proxy with a trustworthy-looking model on the box.)

Nick Mathewson

Attachment: pgpI94GkiVYFQ.pgp
Description: PGP signature