Hello, I just had the idea which can help to protect exit-nodes against some kinds of legal prosecution. Basically, it would be policy to Tor servers which says "do not connect into country XY". Such a rule does not increase anonymity but would require that legal actions (e.g. confiscations) must be performed in another country than this where the crime happened. This is a much higher hurdle, especially for lower delinquencies. I see two steps how this policy can be implemented: A. On client side 1. add a new option, e.g. 'Jurisdiction' with possible values of * 'other' ... when set, do not use an exit-node when it is the same jurisdiction as the target-ip; this should be the default on new installations * 'same' ... use an exit-node only, when it is in the same jurisdiction (just for completeness...) * 'ignore' ... ignore jurisdiction (same behavior as now) * a country code ... use only exit-nodes within this country; a negated format should exist too 2. when choosing path, use only exit-nodes which are following the constraint above B. On (exit-)node side 1. add a new option, e.g. 'JurisdictionPolicy' which accepts country codes and perhaps special values like '%same'. Behavior is similar to the client side option mentioned above 2. Tor protocol/meta data must be changed to transmit this option 3. node forbids connections which are violating the policy The decision whether a node and a target are in the same jurisdiction can be done e.g. by a GeoIP like service. A problem might be the license: GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely and Tor has to implement own parsing routines. Perhaps, similar projects exist. Enrico
Attachment:
pgpfpV77qurSY.pgp
Description: PGP signature