<br><br><div class="gmail_quote">On Fri, Jun 12, 2009 at 3:28 PM, Andrew Lewman <span dir="ltr"><<a href="mailto:andrew@torproject.org">andrew@torproject.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">grarpamp wrote:<br>
> 3 - Further, there needs to be an understanding of what the traffic<br>
> ACTUALLY IS. Operators should be using tools such as wireshark,<br>
> tcpdump, bro, etc to determine the content. And if it turns out to<br>
> be encrypted to destinations and services unknown, NO such determination<br>
> can be made. The only thing left to go on is impact as in #2 above.<br>
<br>
</div>I wasn't going to comment on this thread in general because I have<br>
nothing new to add to the conversation.<br>
<br>
However, I feel compelled to mention this #3 is possibly very bad advice<br>
for those in the USA. Our Legal FAQ clearly states this is probably<br>
illegal; <a href="https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping" target="_blank">https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping</a>.<br>
<br>
Until such a case determines it legal or not, some very savvy lawyers<br>
recommend against doing exactly what you suggest. If your lawyer<br>
suggests otherwise, we're happy to talk to them.<br>
<br>
"Should I snoop on the plaintext that exits through my Tor relay?<br>
<br>
No. You may be technically capable of modifying the Tor source code or<br>
installing additional software to monitor or log plaintext that exits<br>
your node. However, Tor relay operators in the U.S. can create legal and<br>
possibly even criminal liability for themselves under state or federal<br>
wiretap laws if they affirmatively monitor, log, or disclose Tor users'<br>
communications, while non-U.S. operators may be subject to similar laws.<br>
Do not examine the contents of anyone's communications without first<br>
talking to a lawyer."<br>
<font color="#888888"><br>
--<br>
Andrew Lewman<br>
The Tor Project<br>
pgp 0x31B0974B<br>
<br>
Website: <a href="https://torproject.org/" target="_blank">https://torproject.org/</a><br>
Blog: <a href="https://blog.torproject.org/
Identica/Twitter" target="_blank">https://blog.torproject.org/<br>
Identica/Twitter</a>: torproject</font></blockquote><div><br></div><div><br></div><div>I think "snooping" and "statistical information" should be treated differently. Take Scott's case here. He is making a claim that by using the exit policy outlined above, it would reduce the amount of traffic on tor by 70% or whatever. What I would like to see proof of is that the IP addresses that are now being blocked are NOT running a WHOIS services. How do we know for sure that they are not in fact a valid WHOIS service?</div>
</div><br><div>So, Andrew, would running 'iptraf' on a exit node to see the amount of bandwidth that is being used or what IP/ports are being connected be considered "wire tapping"?</div><div>I'm not trying to start an argument, I'm just trying to figure out how a researcher can do his/her work, get real answers, without crossing the line of "wire tapping". That's all.</div>
<div><br></div><div><br></div><div>Best regards,</div><div><br></div><div>Kyle</div>