<br><br><div><span class="gmail_quote">On 9/10/07, <b class="gmail_sendername"><a href="mailto:phobos@rootme.org">phobos@rootme.org</a></b> <<a href="mailto:phobos@rootme.org">phobos@rootme.org</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Mon, Sep 10, 2007 at 04:43:17PM -0700, <a href="mailto:torified00@yahoo.com">torified00@yahoo.com</a> wrote 16K bytes in 169 lines about:<br>: Up to now I thought it was impossible to filter out what tor users do from our tor exit nodes. A little experimentation later I've found a way how to limit what users can or cannot do. Please do check if filtering content is legal according to the laws of your country. Personally I have decided that I'd rather be investigated because of filtering illegal materials than to be investigated because I was helping a criminal. Do whatever you wish with the information provided. You may not like the filtering - but every exitpoint operator can decide for himself what he wants to do.
<br><br>I am not a lawyer, but I believe by doing this you're actually opening<br>yourself up to more liability than you'll ever correct.<br><a href="https://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping">https://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping
</a> is<br>effectively what you're doing.<br><br>This topic has been visited, re-visited, and most recently,<br>re-re-visited. <a href="http://archives.seul.org/or/talk/Mar-2007/msg00082.html">http://archives.seul.org/or/talk/Mar-2007/msg00082.html
</a><br>is the latest round of visits.<br><br>--<br>Andrew<br></blockquote></div><br>I spoke with several attorneys and a couple of FBI agents at DefCon this year about this. I'll try and summerize what I was told. Keep in mind, this is in the US. It may vary in your country or state.
<br><br>As a Tor node operator, you are providing a free "service". As a "service" provider, you are entitled to monitor your traffic for suspicious activity, bandwidth usage, and/or attacks against you or your "customers" (Tor users). Basically you get some of the rights, if not all, that an ISP does since you are providing a free internet "service". Just because it's free to everyone else doesn't make it less of a internet service; in fact, if you are paying for your connection to your ISP (which everyone is) then upi have a "invested interest". Most people want to, and have the right to know what is going on with their investments.
<br><br>"Monitoring" traffic that comes in or out of your connection can consist of many things. <br>If you are a "monitoring" bandwidth usage, packets are still being looked at, but only the size and total number of packets in a given period is what is being "monitored".
<br>There is Intrusion Detection Systems, or IDS, that does packet inspection to "monitor" if there is malicious content in the packet/s. In this case, the entire packet is being looked over by a piece of software for anything it might consider malicious.
<br><br>I put it this way to the FBI agents I spoke with (who were really cool btw). I told them that I operated a Tor exit node and I used iptraf and driftnet to monitor what my connection was being used for. (They just grinned when I said this.) I asked them if this was wrong or illegal of me to do. They said no, and that I have rights (mentioned above) as a "service" provider to protect my "invested" interest.
<br><br>Because there was so much porn, nasty porn at that, I decided to shutdown my exit node. I for one welcome the idea of filtering out porn on my exit node. I'm paying for my connection, not Tor users, so as far as I am concerned, I have the right to say what goes into and out of my node. IF you disagree, then take a look at your torrc file, and if you are blocking ANY port and not allowing ALL traffic to leave your node, then you too are filtering traffic.
<br><br>So really, what's the difference between blocking websites and blocking ports? <br>Nothing, they both are considered filtering.<br>