[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: German data rentention law

Roger Dingledine wrote:
On Sat, Oct 18, 2008 at 06:43:34PM -0400, 7v5w7go9ub0o wrote:
Roger Dingledine wrote:


Otherwise, all german nodes have to switch to middle man.

To be clear, I didn't write the above line.

1. Given that the ISP will have logs anyway, why disallow German exit nodes?

A fine question. Hopefully as we learn more about what ISPs will log,
we will come to decide that having Tor exit relays in Germany doesn't
pose much risk -- as long as we take appropriate other steps to make
sure the other end of the circuit isn't logged by German ISPs too.

2. How about changing all TOR port useage - including relays and entry
ports - to 443?

'Twould be hard to know which are entry nodes, which are relays, and which is browser traffic. That ought to make "mapping" the onion, and ISP log analysis a little more challenging :-) .

It isn't just a matter of what port they listen on. So long as there's
a public list of Tor relays, then people can just compare IP addresses
they see to the public relay list. And that public relay list isn't
going away anytime soon, since Tor clients need it when picking a path.

Am presuming that some on that list are "multi-function" servers!?

Guess I'm thinking along the line of a PC that has a TOR relay and bridge (both) that's being logged by its ISP.

If all inbound and outbound TOR circuits were port 443, all the ISP would log is a bewildering collection of inbound, SSL-encrypted connections to 443, and outbound, SSL-encrypted connections to 443 - hard to know if any given inbound is an entry-connection, or relay-connection.

Likewise, outbound connections to 443 somewhere else might be TOR, or it might be the operator browsing his bank account.

If nothing else, defaulting to 443 would allow a greater number of "hotspot" laptops access to TOR from HTTP/S-only networks.