[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Filtering traffic from your node - for exit points
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Filtering traffic from your node - for exit points
- From: "vikingserver@xxxxxxxxx" <vikingserver@xxxxxxxxx>
- Date: Tue, 11 Sep 2007 15:37:33 +0200
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 11 Sep 2007 09:37:54 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=zeuM5p+XkO6zzHEAxDvmClWfyGK648DGGRPxqOv+ldE=; b=TAX3AswrKG2VaZVsawonkPdnlSyc0QlCc7oE5AQHew8F12f1b+keg3ZN5/91QyBRnoLSSn3iuHKoNyYck2N8u7EJsTTNPFqDSQzqeIJSj49xucx8hmy9+iVNRShBGtyF1O7+pBAQ1bhJlINE/XYObkIpM/5T0F4Pit6OZPt3QfI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=p/cO5ev1q8STE0Iv0z4GNhHY1z7My5iEORxb1usxiZ314OOVwkt4NwEv27NpdLPPh397tooZWsLKzOIfpF4fOQGN/Z1Wu2XseRRsKF7uUhPLft3k5Ifl5+NYX4YPxb6cHsMwVngMoCxN1phfuvtDtQs3rNH1Mu9OaBEE8Y+dHtc=
- In-reply-to: <131475.54231.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <131475.54231.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.6 (Windows/20070728)
Torified User,
It's possible to block certain IP addresses and ports in the torrc.
Please continue to run an exit server that blocks certain IPs and ports,
that will improve the network as Tor will only rout allowed traffic
through your node.
But blocking by content without the possibility to configure it in the
torrc file will make the Tor network slower and will make some downloads
and browsing fail from your exit server. If Tor in the future allows
content filters, then it will be possible to run a filtered exit server
without slowing down the network.
I hope Tor will allow content filer in the future as it would make more
people run exit servers. Of course I hope there will always be exit
nodes running without any blocking at all, as content blocking often
block good things too.
It must be the Tor users choice and not the exit server admins choice
what the users will do or not do. And it must be the criminal users the
are taken by the police, not the exit server admins. And it must be the
exit server admin's choice wheter or not he/she will take the risk of
getting his equipment confiscated by the police. Combining these
important things is difficult, but as long as exit servers with
different configurations exist in many countries with different laws it
will be possible to have access to the full internet from any country
through the Tor network.
I myself live in the EU and I don't dare to run an exit server because
the torrc would get really huge if I added all the IPs I would like to
block to be sure to not get my computer confiscated by the police. And
still I wouldn't be secure as new child porn sites, and terrorist sites
appear all the time.
My main reason to run a server is to be an entry server on a common SSL
port in order for people behind restrictive firewalls to get access to
the internet. But I would probably run an exit server if I was sure not
to get a policeman knocking on my door one day.
/Viking server admin
Torified User skrev:
>
>
> */jeffery statin <jeffstatin@xxxxxxxxx>/* wrote:
>
> What is the nic or key of your exit node? I'd like to
> put it in my excludenodes list.
>
> Don't worry. It has been taken offline after I've tested that the setup
> I've described does work. It seems to me that it will be offline
> permanently from now on.
>
> Personally, I'd prefer that you do not run an exit
> node while acting as prosecutor, judge and executioner
> for download/upload of perfectly legal files such as:
>
> Come on. You're being childish now. I am just filtering out content that
> may be illegal under my jurisdiction.
>
> (a) .rar file; report on human rights abuses
>
> Quite honestly, it's been ages since I've seen a .rar file being used
> for something else than warez.
>
> (b) .mpeg file; video about the Dali Lama (re: China)
> (c) .iso file; image of a Tor configured liveCD
>
> You have a point with those two. Due to what is on the line here, I'd
> still prefer to err on the too-much-filtering side.
>
> If your so concerned about what your node is passing
> then run an entry, middle-man or bridge node, not an
> exit node.
>
> I am, and I will put your advice into use by not running a tor node any
> longer. I do suggest that this bit is put into the FAQ then.
>
> And again, who are you to decide what is legal for all
> persons living in many different countries? What is
> illegal in one country may be legal in another
> country. For example, in many countries cannabis is
> illegal yet in other countries cannabis perfectly
> legal and is used as a medicine.
>
> Well. I am just someone whose fingerprints will be on the gun, if the
> fit hits the shan. I don't know about where you live, but over here it
> can prove rather cumbersome to prove your innocence once the police
> busts in and takes out your equipment. You have to realize, that we're
> not living in a tor-governed universe, but rather each of us in his own
> country with it's own set of rules.
>
> If tor wants to do something for the operators give them the ability to
> filter out traffic they don't want (via a plugin) and reroute the
> outgoing connection via a node in a country where the material in
> question is legal.
>
> In summation: I agree with your motivation but not
> your rationalization or execution. There are going to
> be bad apples in each bunch; always have been and
> always will be.
>
> Well. Going in line with the premise that all information should be free
> I've decided to post here the solution that can be applied - and as said
> in the first mail, each operator can decide for himself whether he will
> apply it or not. At least the "tor can't be filtered" dogma is out of
> the way.
>
> D.
>
> ------------------------------------------------------------------------
> Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user
> panel
> <http://us.rd.yahoo.com/evt=48516/*http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
>> and lay it on us.