[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What do you think about this exit policy for germany?

Your idea is good. Perhaps EU police also don't have enough time and
energy to decrypt SSL traffic. While it's easier for them to monitor
non-SSL traffic. But I guess EU police probably will be very interested
in IP numbers if they seize a mail server, so they might still get upset
if you run an exit server.
But as an addition to your suggestion, it would be good to have an IP
filter that blocks child porn and terrorism.
Perhaps the Tor programmers could implement an option for exit servers
to only allow SSL traffic (and other options not based on the port
number but content)? And also the possibility to have huge IP filters,
or compatibility with other existing IP filters. (There is already a
possibility to block IPs in the torrc, but does it work with enormous IP

Why the police in EU, China, Saudi Arabia and other countries believe
they have the right to monitor people's Internet activities is another
question. To me it's a matter of personal judgment and honesty what
content you access on the Internet. The governments shouldn't spend tax
payers money on spying on it's own citizens. But when the reality is
that we have governments that seize people's computers and/or prosecute
them if they run a Tor exit server, use P2P, or access "illegal"
websites, then we have to protect ourselves against the abuse from the
governments. The possibility to run a Tor exit server without getting
caught will most likely make the number of Tor servers increase.

Thomas Hluchnik skrev:
> Last year I was running my torserver (baphomet) as exit for port 80/443. The
> results were interesting: first a DOS attack, then later my box was seized by
> the german Staatsanwalt because of childporn. OK, I got my box back from them
> but this took 3 months. Then I got trouble with my ISP who told me that it were
> forbidden to run a tor exit (bullshit).
> So I configured my meanwhile 2 nodes (baphomet & info4all) to run as middleman,
> I only allowed them to be exit for DNS requests over tor. But I am not
> satisfied with that. These days I read about Dan Egerstad and his mailsniffer
> experience and I started thinking:
> If I open exit ports for only those that do encrypted access to mailservers
> (465,993,995), I should be save from the Staatsanwaltschaft. If they seize a
> mailserver, they should be interested in getting the realname of the account
> owner, not of the IP, from where the traffic came. Is that right? On the other
> hand I support those protocols that work with encryption. If lots of people
> close their unencrypted mail ports, users experience that it is slow over tor
> and (hopefully) switch to secure protocols and cannot be sniffed anymore.
> Last not least: how great, do you think, is the danger of supporting spammers
> when setting up my node for 465,993,995?
> Kind Regards
> Thomas Hluchnik