On Wed, Nov 16, 2005 at 08:24:13AM -0500, Jeffrey F. Bloss wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 16 November 2005 12:48 am, Nick Mathewson wrote: > > <snippage> > > > unless I'm missing something, this is in violation of clause 3 of > > the GPL. > > Speaking of the law, what would be your legal and/or ethical 'spin' > on the proposition that someone would set up multiple Tor clients > and sell access to them as a feature of a subscription "anonymity" > service? This scenario assumes none of these "access points" are > giving anything back to the Tor network. That clients' SSH > connections are simply being piped through a local copy of Tor > running in client mode. Legally: I'm not a lawyer, but as far as I know nothing in the Tor license would keep you from doing this. (You mention the GPL below, but that's irrelevant: Tor isn't licensed under the GPL. When I mentioned the GPL above, I was talking above about a program called wget.) Ethically: I think it's a little bit dubious to re-sell bandwidth that others are giving away for free and contribute nothing in return. Strategically: It's self-defeating. If the service remains small, it probably won't be very profitable. If it becomes large, then it will strain the network, performance will degrade, and their users will leave. Of course, there's a tragedy-of-the-commons scenario here, where everybody has it in their interest to extract more than they contribute, but our design has this problem anyway. (See summary in 3.3. of http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf .) > I don't see where this would be "illegal" under the GPL or your own LICENSE, > but maybe I'm missing something. I believe it's ethically abhorrent to use > free software for profit like this, but I don't see any real > recourse. Well, I'd disagree. It's indeed abhorrent to steal people's work without permission, but it seems a bit silly to call people evil for doing with Tor what the software developers have explicitly given them permission to do. The Tor license does not restrict our software from being used as part of proprietary commercial products, so long as the conditions are met. This isn't to say that anything goes, of course. The license is pretty explicit: No taking our names off it, no taking the license off it, no pretending we endorse you. I'd also call it slimy to release less-secure variants and pretend they're as good, or not to acknowledge publicly where the software came from. (Releasing a proprietary version would also be bad PR IMO. On the one hand, only clueless people would trust it. On the other hand, why bother building off Tor if you're only trying to sell to clueless customers? Give them a one-hop proxy with a trustworthy-looking model on the box.) yrs, -- Nick Mathewson
Attachment:
pgpI94GkiVYFQ.pgp
Description: PGP signature