Good overview Karsten, thanks.
Tor developers: I demand to ban all german tor server per /1/1/2009 from the tor network. Don' t trust the german regulators.
country.sh
#!/bin/sh
# Set one or another, but not both, alphabetical order plz:
#COUNTRIES_TO_REJECT="CN|FR|GB|HK"; # Those countries will be rejected.
COUNTRIES_TO_ACCEPT="AR|US"; # All other countries will be rejected, those only will be accepted.
# Where to find a routers list:
ROUTERS="http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1";
# Location of your torrc file:
TORRC=/etc/tor/torrc
# Command to reload your torrc:
RELOAD="/etc/init.d/tor restart"
#### No need to modify nothing after this line ####
set -e
LOCRC=".tmp_torrc"
LOCROUT=".routers.txt"
test -z $TORRC && exit
0
# create a backup of the torrc file
cp $TORRC ${LOCRC}.bak
# Remove ExcludeNodes line from torrc
cat $TORRC | grep -vi Excludenodes > $LOCRC
# Download routers list.
wget -O $LOCROUT $ROUTERS || exit 0
# Write list of actual countries to a text file for reference
file=Countries.txt
echo -n "Countries " > $file
for i in `cat $LOCROUT | cut -f 1 -d " "| grep -v Tor | sort -u`; do
echo -n "$i " >> $file
done
file=$LOCRC
echo -n "ExcludeNodes " >> $file
if [ "$COUNTRIES_TO_ACCEPT" != "" ]; then
for i in `cat $LOCROUT | egrep -v "^($COUNTRIES_TO_ACCEPT)" | cut -f 2 \
-d " " | egrep -v "^(\[|Network)" | sed s/*//`; do
echo -n "$i, " >> $file
done
elif [ "$COUNTRIES_TO_REJECT" != "" ]; then
for i in `cat $LOCROUT | egrep
"^($COUNTRIES_TO_REJECT)" | cut -f 2 -d \
" " | egrep -v "^\[" | sed s/*//`; do
echo -n "$i, " >> $file
done
else exit 0
fi
echo finished >> $file
cp $LOCRC $TORRC
# Have Tor to reload its config
$RELOAD
Regards
-dieter
--- On Sat, 10/18/08, Karsten N. <tor-admin@xxxxxxxxxxxxxxxxxxxx> wrote:
From: Karsten N. <tor-admin@xxxxxxxxxxxxxxxxxxxx>
Subject: German data rentention law
To: or-talk@xxxxxxxxxxxxx
Date: Saturday, October 18, 2008, 1:49 AM
Hi,
I. part: A short overview about the data rentention law in Germany.
1: ISPs have to log the start and end of a user dial-in with
time stamp and IP address. They have not to log any content.
2: Public provider
of electronic mail have to log all connections of
users with time stamp, IP address, login account and the email
addresses of sender and recipient for every mail (send and
receive).
3: VoIP provider have to log all connections with timestamp,
IP address and phone number of caller and recipient.
4: Fon and mobile fon provider have to log all connections and
tries with timestamp, phone number and location.
5: Anon services have to log the rewrite of any information, which
will be logged by a third party. (Thats all, not very clear.)
At the moment, it seems not clear, how tor is affected by this law.
I read some papers from the gouverment: "An anon service (like tor or
JAP) has to log, because the law will be useless otherwise."
Some papers of non-gouverment organizations like ULD: "Tor and JAP are
not affected by the telecommunication law, because it is
not a
telecommunication service (in the case of law) and tor nodes have NOT
to log."
Together with the JonDos GmbH (JAP) the GPF try to get a legal
non-logging solution for tor, but the result is open and we are late.
(May be too late?)
II. part: suggestion of a technical solution
May be, tor can use geoip and divide the world in a logging area and a
non-logging area. If the target host is inside the logging area
(Germany), the exit node has to be outside. Otherwise a german node
can be an exit too.
In this case, we have two possibilities:
1: the target host is outside the logging area -> no logging
2: the target host is inside the logging area -> the exit is
outside and writes no logs -> an german entry or middle man
has to log nothing, because it routes to a not logging exit.
Because not all clients will update to a new version very quickly,
we
need a feature for german exit nodes to reject all routes from old
clients, when the node is the exit of the route.
Or, if it was more simple for the developer, a feature for exit nodes
to define a country (based on geoip) to reject all exit routes. If all
german relays used this feature, it may work.
Otherwise, all german nodes have to switch to middle man.
It is only one suggestion, not the really best solution.
Karsten N.
|