-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 21/07/2014 6:21 AM, Thomas White wrote:
Also note, botnets in this sense are not the topic. The proposal is an easy mechanism to censor hidden services and let it not be portrayed as anything other than that. ...
So to state clearly:
Should Tor Project develop a system to filter hidden services?
The simple fact of the matter is this: However good and pure our intentions may be ("We'll only block malware and child porn!"), a system would have to be developed to allow us to block arbitrary services.
Something I have noticed which trips up most people is their inability to see beyond themselves. YOU may have only the best intentions. YOU may never countenance blocking inconvenient truths on Twitter / Slashdot / news-feed-of-the-day. But once a system is created that can block arbitrary services, it's only a matter of time before somebody with intentions less pure than your own decide to start blocking other things. Maybe somebody with an upright moral standing decides it would be better to block everything PG-13 and up. Maybe somebody decides their government is taking too much flack on an issue, and tries to "help out" by filtering some news sites they feel are particularly biased. Maybe I decide that tabloid magazines are total trash, and nobody should be allowed to give them business so they'll just die off in the end.
Why would we want to replace a system of government censorship with censorship-by-the-masses? I thought we wanted to decide for ourselves--what we read, to whom we listen, what we do, and with whom we associate.
(Never mind the legal fact that, if we CAN filter / exert legitimate control over the traffic flowing over the network, somebody will figure out a way to MAKE us do so--and it may not be what we personally agree should be blocked.)
Insofar as botnets create an infrastructure problem with Tor (ie. the HSDir mobbing issue), that's something that we can work on addressing. Maybe a more load-tolerant design or what-have-you. Filtering things is not the answer.
(I should add as a final note: filtering ports is not the same as filtering sites or traffic. I don't care what traffic passes over port 80, nor should I. But traffic on port 25 gets me marked as a spammer and shuts down my exit nodes, so I can't have that. Anybody who wants to change that traffic to tunnel over port 80 or 22 or whatever is free to do so, and I do not and should not know about it. If I can find a provider within my budget range who allows full exits and lets me handle all the abuse issues myself, I dare say I'll allow all ports through that exit.)
-Lance