Everyone is running a reduced exit policy ... I only allow HTTP + HTTPS and I know nobody who allows port 25 .... at the end of the day we all shape our exit traffic.
Markus
2016-10-04 21:42 GMT+02:00 Roger Dingledine arma@mit.edu:
On Tue, Oct 04, 2016 at 10:21:14AM -0500, BlinkTor wrote:
The technical problem is that implementing IPS in Tor would be massively non-trivial.[...]
The political problem is, what gets blocked by TIPS and what doesn???t? Who gets to decide? What if some of those brute-force SSH or DOS attacks are ???good guys??? trying to crack the ???bad guy??? servers? Is that legitimate Tor traffic? Who gets to decide who are the good/bad guys? Could we agree on a base level of protection, perhaps by relay operator consensus? Etc.
Another challenge here is that many lawyers have told us that you change your legal situation if you start choosing which traffic to allow through. Specifically, if you just pass bytes back and forth, you're essentially in the common carrier situation, like backbone telcos and backbone Internet providers. But if you make a list of topics or messages or patterns to block, then it becomes your responsibility to make that list perfect, and your fault if you leave something out of your list.
So it would seem that using an IPS is fundamentally dangerous for relay operators.
I've heard that this logic applies both in the US and in Europe. But it's been a while since we've had an actual lawyer look at the topic. Maybe this is a great question for each of the torservers.net umbrella orgs to ask their friendly nearby lawyers who are wanting to help them?
There is also the separate but related question of wiretapping: blocking some traffic based on patterns in the request content implies looking at the traffic, which relay operators typically do not have permission to do. While ISPs typically make their customers sign an agreement that they will be surveilled (and I guess they ignore the concept of jurisdictions that require consent from both sides), Tor relay operators do not have that agreement -- and they can't really get it, because their 'users' are all the Tor users.
In summary, I totally get why hosting providers would want to ask relay operators to monitor their traffic and block certain activities by examining connection payloads, and that's to make their lives easier, not for any legal requirement. But it would appear there are some legal reasons why Tor relay operators might (should?) hesitate to deploy an IPS on their traffic, and those legal reasons are probably not as well-understood as they could be.
Do any of the torservers umbrella orgs want to pick this one up and do something with it? I remember hearing Pepijn cite a specific EU law that says European relay operators aren't liable for their traffic so long as they don't mess with it.
One of the goals would be for relay operators to better understand the tradeoff they should consider when deciding whether to do the thing that their ISP asks for. Another goal would be for the ISP to better understand what they're asking from the relay operators.
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays