[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Protecting exit-nodes by GeoIP based policy



This is a good idea.
I had nearly the same.

Maybe it could be solved even easier.
The server-config just needs an option to set "mycountry".

when establishing an onion-route the client should
simply choose an exitnode where mycountry is not equal
to the country of the server he wants to connect.

so.. exitnodes of country a will connect to targets in country b and c
and vice versa.

basically what you suggested, but forced.

Enrico Scholz schrieb:
> Hello,
> 
> I just had the idea which can help to protect exit-nodes against some
> kinds of legal prosecution. Basically, it would be policy to Tor servers
> which says "do not connect into country XY". Such a rule does not increase
> anonymity but would require that legal actions (e.g. confiscations) must
> be performed in another country than this where the crime happened. This
> is a much higher hurdle, especially for lower delinquencies.
> 
> I see two steps how this policy can be implemented:
> 
> A. On client side
> 
>  1. add a new option, e.g. 'Jurisdiction' with possible values of
>     * 'other'  ... when set, do not use an exit-node when it is the same
>                    jurisdiction as the target-ip; this should be the
>                    default on new installations
>     * 'same'   ... use an exit-node only, when it is in the same
>                    jurisdiction (just for completeness...)
>     * 'ignore' ... ignore jurisdiction (same behavior as now)
>     * a country code  ...  use only exit-nodes within this country; a
>                    negated format should exist too
> 
>  2. when choosing path, use only exit-nodes which are following the
>     constraint above
> 
> 
> B. On (exit-)node side
> 
>  1. add a new option, e.g. 'JurisdictionPolicy' which accepts country
>     codes and perhaps special values like '%same'. Behavior is similar
>     to the client side option mentioned above
> 
>  2. Tor protocol/meta data must be changed to transmit this option
> 
>  3. node forbids connections which are violating the policy
> 
> 
> The decision whether a node and a target are in the same jurisdiction can
> be done e.g. by a GeoIP like service. A problem might be the license:
> GeoIP is GPL, Tor is BSD. Dunno, whether the database can be used freely
> and Tor has to implement own parsing routines. Perhaps, similar projects
> exist.
> 
> 
> 
> Enrico