[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Europaen Cybercrime Convention



just run tor on a dedecated server, install a truecrypt.org container and make if portable only in this container.
if the power is off, the tor installation has gone.
But I guess you mean a password protection while running?

2007/11/25, TOR Admin (gpfTOR1) <tor-admin@xxxxxxxxxxxxxxxxxxxx>:
Hi onion guys,

we want to write about a few points of the European Cybercrime
Convention, which became real by law in Germany last time.

Sorry - we didnt read the or-talk very carefully last time. May be, it
was always discussed here.

By the European Cybercrime Convention anon servers are something like
telephone providers. The following is important because of this fact:

1: data retention (was discussed here, in Germany real by §113 StPO)

2: Realtime surveillance by European Cybercrime Convention (article 20)
    The traffic data (not the traffic itself) has to be provided for the
    governments and secret services in REALTIME by a defined interface.
    Anon servers have to provide all data, which have to be logged in
    realtime too! Admins of anon servers have to cooperate.

    (In Germany this is real by the new § 100g StPO, the realtime
     surveillance can run for up to 3 days without asking a judge.)

3: Online-searching of servers by European Cybercrime Convention:
    An online searching (Online-Durchsuchung) of an anon server may be
    run before investigation to save relevant data, which may be not
    accessible after investigation. This online searching depends not on
    the cooperation of the admins and may be reached by repressions.

    (In Germany this is real by the new § 110 (3) StPO.)

Thanks to K. Raven for feature out this new laws.

For point 3 we recommend to be prepared. It may be possible to create a
high secured account with only read access to relevant data and no read
access to any important key. If someone login with this account, it may
be possible to run several actions.

If the situation appears, you may decide, what you want to do (give them
the account data or take the repressions). But you will not have the
time to create such an account carefully.

Can anyone write a shot tutorial for creation of a high secured
only-read-account?

Greetings