Legal situation of tor in Europe
Hi, Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country. Best, John
On March 9, 2015 7:17:20 AM oneofthem@riseup.net wrote: Hi John,
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I don't think that we have something like that anywhere, sorry. The only offered list is this one, afaik: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
From what i hear a few countries are starting to crack down on Tor or Encryption more generally and some are planning to do so in the near future. Hard to keep up with the changing laws.
-- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach ----------------------------------------- Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. ----------------------------------------- Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 3/9/2015 1:17 PM, Sebastian Urbach wrote:
On March 9, 2015 7:17:20 AM oneofthem@riseup.net wrote:
Hi John,
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I don't think that we have something like that anywhere, sorry.
The only offered list is this one, afaik:
https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
From what i hear a few countries are starting to crack down on Tor or Encryption more generally and some are planning to do so in the near future. Hard to keep up with the changing laws.
What is the source for this? In the European Union Tor running a Tor exit relay _is legal_, and the rights for privacy and anonymity are guaranteed by European Court. I can't find the source now to give exact data, but about one year ago declared the laws from multiple EU member countries enforcing to retain user navigation data or metadata of communications (who calls who and when, internet browsing history) as incompatible with the universal human rights which guarantee the right to privacy and private life. Majority of Tor exit power in is Europe. We have no reports of relay operators being prosecuted or punished by any means for running Tor exit relays. Which countries started to "crack down on Tor" and which ones are planning to do so in the near future? This is a speculation and it's not backed up by anything real. Can you define "crack down on Tor"? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available. All the bugs and flaws discovered until now were fixed, and this only made Tor stronger, so I want to thank this way for everyone who is doing research and tries to find flaws in Tor, assuming they do this in a transparent and fair way and share the results with everyone. I only know of one case, outside the European Union, in Russia to be exact, where they've put a bounty of $100.000 or $150.000 9can't remember the exact amount) for whoever manages to crack Tor. This is under no circumstances reason to worry. Still there are many exit relays in Russia, so not even there Tor is illegal. P.S. Not everything is illegal, except what is authorized and regulated by law. It's the other way around, anything is legal and permitted unless clearly prohibited by law. At least theoretically speaking :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJU/aqTAAoJEIN/pSyBJlsRmiQH/0sxOlVVkN/7RvAIBFmAJbIQ B0yAHXgKCc0cut/KYUmJXzeoE+/M+KPw6g+dpGytNVGwbJ5TNVg6en5IXSJqrAhb yIywEOYawyP1HROUrSm/qygQGeMGsIMMGyOAoWKTYsLPq45ahmwsUuHLGMYf+BDF ikMms9CUSg+IUpXzTIZJmWgZtoTxN6Tb0ZIbV3vba/zu+jsMJkIaImbJhSr/asIt h1UxRv6S7cwdhQAoLX/fBiCUA+xW7xqgMauyrWBgxJKI7e8WFS5EbFN0mZVBpVQe Q6/KLAyC6/JAwC4OqsIuNjS1PH9V65dJWk6Zya23UZt4gi2aJ26EHEnDQqo6lhA= =1Vcd -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 09.03.2015 um 15:13 schrieb s7r:
This is a speculation and it's not backed up by anything real. Can you define "crack down on Tor"? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available.
One flaw which IMHO has to be solved sooner or later is the openess to abuse. Like port scans, like malware distribution, like spamming, you name it. Right now this task is left to the regular website operators and they don't like it, often resulting in general blocking of Tor exits. To what I understand, Tor's goal is to make flow of information free and to allow this freedom, anonymous. This doesn't include abuse, so implementing at least basic anti-abuse measures would make this network much more general website friendly and accordingly get it closer to its goals. Markus - -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU/bC3AAoJEKuzOwuAbzo++9UIAIUzj4XTaQcquR1JxczxrA03 bKkZ/6QOPfjJeDOSHgz/bMfWk6jyfN5Mg7In/EyDOU4235TE5CUefTSrp5NQkVaA 2T4CFjJP3kulA2RNvLovEz+zeRRQLQ7asUahwUB7y21r2vIN0w88eJg+qYwI3cEu /G8aw0q2+ywd8E+VlEnAtDQ2Zwv1CkDr1Msgu/lyGKOj7ABdlBaYw0oMvXsCfZB/ IEumeZ2Nbyzo33Tovqmg8sqDMvhtUrOn169fi1Y3hz24TnBga7ckKmfyxRpXgeiW BYV6vG8jzTmb7009imBuFnUs/GGNdKDw3mMh1KrTPkZHnugiv7TiMG4hIuOiNqM= =HauB -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Markus, Your arguments are fair and correct and mostly I tend to agree. But, the port scans, malware distribution and spamming existed before Tor, exist in parallel with Tor and will continue to exist even if Tor will disappear. I admin a lot of servers opened to the public internet and I have noticed, for q quick example, that if you don't change the default SSH port (22) and implement ssh-key based authentication, the server will be flooded with failed login attempts (password brute forcing). The SSH logs also save the remote IP address - you will be amazed that almost all of those IP addresses do not belong to Tor exit relays. The percent of Tor-IP addresses in these logs is very small and insignificant, compared to other non-Tor IP addresses. A basic web server running Apache2, its access log will have tens of thousands of requests for /phpmyadmin or /wp-admin or other paths, from scripts which try to brute force phpmyadmin or other CMS web apps (such as wordpress, joomla). Again, the logs also include the remote IP address - we see here IP addresses of Tor exit relays in a very small percent compared to other non-Tor IP addresses. When port scanning or brute forcing, doing it through Tor has many disadvantages, such as being very slow (can't handle too many concurrent requests), exit relays IP addresses being blacklisted and so on. It's much more practical to just use a compromised computer with good bandwidth which can handle many requests per second and has a not-blacklisted IP address. There are hundreds of thousands of such computers on the internet. Secondly, there are infected computers which can be used as proxies, all these represent a better solution than Tor for port scanning and brute forcing. I totally agree on some good and sane anti-abuse measures, but without undermining the freedom and anonymity of the users. Port scanning is just 'the noise of the internet' - in almost all cases it's irrelevant if someone performs a port scan on a server, as long as the server is properly secured. If your SSH port is 22, password authentication enabled, and your root password is 12345 ..... ta-ta. On 3/9/2015 4:40 PM, Markus Hitter wrote:
Am 09.03.2015 um 15:13 schrieb s7r:
This is a speculation and it's not backed up by anything real. Can you define "crack down on Tor"? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available.
One flaw which IMHO has to be solved sooner or later is the openess to abuse. Like port scans, like malware distribution, like spamming, you name it. Right now this task is left to the regular website operators and they don't like it, often resulting in general blocking of Tor exits.
To what I understand, Tor's goal is to make flow of information free and to allow this freedom, anonymous. This doesn't include abuse, so implementing at least basic anti-abuse measures would make this network much more general website friendly and accordingly get it closer to its goals.
Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBCAAGBQJU/bYGAAoJEIN/pSyBJlsRf9IH/2HQmj4vn6j8JVaBKrUSjeoW wzEF6eap+Pig7DS6aGbK4RZK3rhV1k6hvuUbD98wz3BDD32thzJ9xekR9PFhr2cY MxaWFeAmNwwd2metpPob5cQGJ34Sb7qbvVCHF9Hdx6SH8QlUYlsIk5pc4+DWSxPv st5wGSQTYEqGs2Nz93sLnP3q64EScmcBfaLwiHkO/vS7pfLWtVT1rYVxr6dcm7s+ anIvpPb7+rMsIdk4c7xCssIWY89sBfB7dmi4/PciHGHXGpWi2YuxXrGm7nqXbHjO KQPBmjpOEmDOqYmooKESmpyNVgLynRft6gk1FEuDwIq1U497SvwMZvEr7+Wh39M= =ohul -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 09.03.2015 um 16:02 schrieb s7r:
Your arguments are fair and correct and mostly I tend to agree.
But, the port scans, malware distribution and spamming existed before Tor, exist in parallel with Tor and will continue to exist even if Tor will disappear.
Searching for excuses or pointing to others doesn't help. Many websites consider Tor to be a threat and block all Tor traffic: https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlocking... https://trac.torproject.org/projects/tor/wiki/doc/BlockingIrc http://stackoverflow.com/questions/9780038/is-it-possible-to-block-tor-users To get these sites back one has to stop the spam. That's the only helpful argument. If Tor is too slow for port scans already, all the better. Markus - -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJU/egsAAoJEKuzOwuAbzo+dPoH/1Ab/ThVYCmlfvsaT/TvOj5T KvsQ1dF3cnGvr5OdpoeRVjR13xmyi/lzubMATSr5M6OhHRY2d5wCqkmFiKgQsRxK fxDpRV+rd2T3fNsTTT6Oj2oXgJzCDcFkDDwh5AoUspcpndGDijD41vUKDXaaEjr4 I/3O7+Y9XKt/8zMBdALc3PvcO8Wt1+DgGEaa49o368olcedtPhENNFrTVqoeIfD9 D76rzyKQmbMvg7pakd2C8DioNl88JnNCwSUgUB7XIxlK66gWx2LJ87OmXujYbGuh mgNZPYHog1KpLKcklBrMNeL7Jbnmrx0pbRSGQFleslVUgZ5zjqdL03W/rmjwL+Y= =JUYZ -----END PGP SIGNATURE-----
On Monday, March 9, 2015 10:40am, "Markus Hitter" <mah@jump-ing.de> said:
Am 09.03.2015 um 15:13 schrieb s7r: [snip] One flaw which IMHO has to be solved sooner or later is the openess to abuse. Like port scans, like malware distribution, like spamming, you name it. Right now this task is left to the regular website operators and they don't like it, often resulting in general blocking of Tor exits. [snip]
There is no solution to malware distribution because that would involve inspecting the traffic running through the relays. Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Good point! Markus -- - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
On Mon, Mar 9, 2015 at 2:40 PM, Markus Hitter <mah@jump-ing.de> wrote:
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Good point!
Two censors high five-ing themselves over ways to ban entire peoples freedom to communicate using webmail. Amazing. Yet you do not call your ISP demanding they block your webmail for the same and greater spam reason. I hear internets is bad, you should ban it too. Please die from clue bat first.
On Monday, March 9, 2015 3:33pm, "grarpamp" <grarpamp@gmail.com> said:
On Mon, Mar 9, 2015 at 2:40 PM, Markus Hitter <mah@jump-ing.de> wrote:
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Good point!
Two censors high five-ing themselves over ways to ban entire peoples freedom to communicate using webmail. Amazing. Yet you do not call your ISP demanding they block your webmail for the same and greater spam reason. I hear internets is bad, you should ban it too. Please die from clue bat first.
I my mind such a capability would be optional, like opening POP3 and IMAP ports are today. Thus *your* relay could support all services while someone with a more timid ISP could still run an exit node, albeit an exit node that is less useful than yours.
Am 09.03.2015 um 20:33 schrieb grarpamp:
On Mon, Mar 9, 2015 at 2:40 PM, Markus Hitter <mah@jump-ing.de> wrote:
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Good point! Two censors high five-ing themselves over ways to ban entire peoples freedom to communicate using webmail. Amazing.
It certainly wasn't meant this way. The point of these considerations is: of what use is an anonymous network if virtually no website accepts connections from it? Right: it's of not much use, with most of the public internet blocked you can communicate inside the network, only. To take your webmail example: if the site admin decides there's too much spam coming from Tor connections and blocks the entire network, then you're done with your webmailing, even with full freedom inside Tor its self. As such the only solution can be to play nice with public sites. I don't mean to have all answers to all problems here. Opening only selected ports, a common practice, could also be seen as censoring, still it's generally considered to be acceptable. Apparently it's not enough to gain a good reputation. Just look at this mail sent to the list by Josef Stautner a couple of minutes ago. Service providers fear Tor enough to demand an entire shutdown, risking loosing a customer, for just one abuse message. This isn't going to fly long term, admins have to loose this fear and the pretty much only way to get there is to get rid of the abuse. Get them to recognize that Tor users are actually the well behaving ones and you win the much needed freedom. Finding a good balance isn't easy, of course. That's why discussion is needed. Markus -- - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
Am 09.03.2015 um 22:53 schrieb Markus Hitter:
It certainly wasn't meant this way. The point of these considerations is: of what use is an anonymous network if virtually no website accepts connections from it? Right: it's of not much use, with most of the public internet blocked you can communicate inside the network, only.
To take your webmail example: if the site admin decides there's too much spam coming from Tor connections and blocks the entire network, then you're done with your webmailing, even with full freedom inside Tor its self.
So wouldn't the correct solution also be to educate the administrators of such services? I mean the only reason, why there is more Tor-Exit-IPs in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit. I had such a case some days ago on an exit relay, someone with an Google account complained that there where abusive logins from the Tor Exits IP, so what should I do then? Block the whole login page domain of Google in my exit? Surely that is not the right solution if there is a few thousand users not trying to brute force that one account. I didn't even get any more reply from the Google user when I asked if this was only a single event or if it was multiple repeated.
As such the only solution can be to play nice with public sites. I don't mean to have all answers to all problems here. Opening only selected ports, a common practice, could also be seen as censoring, still it's generally considered to be acceptable. Apparently it's not enough to gain a good reputation.
Sure, but always answer to the abuse emails and try to explain, if you receive a few a week then prepare some text modules that you just copy an paste, make it look unique and many people will understand. Yours, yl
On March 9, 2015 11:16:34 PM yl <tor@yl.ms> wrote:
Am 09.03.2015 um 22:53 schrieb Markus Hitter:
It certainly wasn't meant this way. The point of these considerations is: of what use is an anonymous network if virtually no website accepts connections from it? Right: it's of not much use, with most of the public internet blocked you can communicate inside the network, only.
To take your webmail example: if the site admin decides there's too much spam coming from Tor connections and blocks the entire network, then you're done with your webmailing, even with full freedom inside Tor its self.
So wouldn't the correct solution also be to educate the administrators of such services? I mean the only reason, why there is more Tor-Exit-IPs in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit.
+1
I had such a case some days ago on an exit relay, someone with an Google account complained that there where abusive logins from the Tor Exits IP, so what should I do then? Block the whole login page domain of Google in my exit? Surely that is not the right solution if there is a few thousand users not trying to brute force that one account. I didn't even get any more reply from the Google user when I asked if this was only a single event or if it was multiple repeated.
As such the only solution can be to play nice with public sites. I don't
mean to have all answers to all problems here. Opening only selected ports, a common practice, could also be seen as censoring, still it's generally considered to be acceptable. Apparently it's not enough to gain a good reputation.
Sure, but always answer to the abuse emails and try to explain, if you receive a few a week then prepare some text modules that you just copy an paste, make it look unique and many people will understand.
+1 -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach ----------------------------------------- Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. ----------------------------------------- Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic.
Am 09.03.2015 um 23:09 schrieb yl:
So wouldn't the correct solution also be to educate the administrators of such services?
Yes, of course. With the _also_ underlined.
I mean the only reason, why there is more Tor-Exit-IPs in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit.
If this claim could be substantiated by some numbers it'd certainly help. Markus -- - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
Am 09.03.2015 um 23:39 schrieb Markus Hitter:
I mean the only reason, why there is more Tor-Exit-IPs
in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit. If this claim could be substantiated by some numbers it'd certainly help.
I fully agree to that, it would be helpful to get some more analytic data like this. Not necessarily on my exit, but some general numbers, some facts. I just assumed that number above, but actually have no idea. I got to list more carefully to Roger and Jacob next Winter in Hamburg. Greetings yl
On 03/11/2015 10:57 PM, yl wrote:
I mean the only reason, why there is more Tor-Exit-IPs
in the abuse log than any other single unique IP is that there is tens of thousand of users using each Tor-Exit. If this claim could be substantiated by some numbers it'd certainly help. I fully agree to that, it would be helpful to get some more analytic data like this. Not necessarily on my exit, but some general numbers, some facts. I just assumed that number above, but actually have no idea.
Nobody does. We don't have figures from other ISPs or larger carries to compare with either. Just from conversations with ISPs and VPN providers, we don't see more abuse than they do. Also, it fully depends on your definition of abuse (complaints). This is (still) a nice research question, and I'm happy to help with a nice database of complaints. I'm sure other torservers.net operators would help as well. Obviously one can't simply count the number of complaints, as you need to take (at least) throughput and exit policy into account. -- Moritz Bartl https://www.torservers.net/
Moritz Bartl <moritz@torservers.net> wrote Thu, 12 Mar 2015 09:58:00 +0100: | >>> I mean the only reason, why there is more Tor-Exit-IPs | >>>> in the abuse log than any other single unique IP is that there is tens | >>>> of thousand of users using each Tor-Exit. | >> If this claim could be substantiated by some numbers it'd certainly help. | > I fully agree to that, it would be helpful to get some more analytic | > data like this. Not necessarily on my exit, but some general numbers, | > some facts. | > I just assumed that number above, but actually have no idea. | | Nobody does. We don't have figures from other ISPs or larger carries to | compare with either. Just from conversations with ISPs and VPN | providers, we don't see more abuse than they do. Also, it fully depends | on your definition of abuse (complaints). | | This is (still) a nice research question, and I'm happy to help with a | nice database of complaints. I'm sure other torservers.net operators | would help as well. Obviously one can't simply count the number of | complaints, as you need to take (at least) throughput and exit policy | into account. DFRI would be interested in taking part in such research and should be able to contribute a couple of years worth of data on complaints from running 100-500 Mbps of exit traffic.
On 2015-03-09 18:40, Markus Hitter wrote:
Am 09.03.2015 um 16:08 schrieb Steve Snyder:
Being able to separate webmail from the parent web presence (e.g. gmail from google.com, Yahoo Mail from yahoo.com, etc.) would be a big step forward in curbing spam. This would allow the exit operation to refuse traffic to the webmail service while stilling allowing access to the parent presence.
Good point!
Markus
Ouch, what about people who use Tor to access webmail (due to censorship, or desire for location anonymity?)
On March 9, 2015 3:14:37 PM s7r <s7r@sky-ip.org> wrote: Hi,
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 3/9/2015 1:17 PM, Sebastian Urbach wrote:
On March 9, 2015 7:17:20 AM oneofthem@riseup.net wrote:
Hi John,
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I don't think that we have something like that anywhere, sorry.
The only offered list is this one, afaik:
https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
From what i hear a few countries are starting to crack down on Tor or Encryption more generally and some are planning to do so in the near future. Hard to keep up with the changing laws.
What is the source for this?
I read this on spiegel.de but since that was a few weeks ago i don't have the article at hand.
In the European Union Tor running a Tor exit relay _is legal_, and the rights for privacy and anonymity are guaranteed by European Court. I can't find the source now to give exact data, but about one year ago declared the laws from multiple EU member countries enforcing to retain user navigation data or metadata of communications (who calls who and when, internet browsing history) as incompatible with the universal human rights which guarantee the right to privacy and private life.
Majority of Tor exit power in is Europe. We have no reports of relay operators being prosecuted or punished by any means for running Tor exit relays.
Which countries started to "crack down on Tor" and which ones are planning to do so in the near future?
I recall that at least David Cameron (UK) talked about an key escrow, mass data storage and that the police / secret service should have access any time.
This is a speculation and it's not backed up by anything real. Can you define "crack down on Tor"? People and organizations are researching and trying to find a flaw in Tor since Tor was born - there is a good side here, being widely studied and getting a lot of attention makes it the best anonymity network available. All the bugs and flaws discovered until now were fixed, and this only made Tor stronger, so I want to thank this way for everyone who is doing research and tries to find flaws in Tor, assuming they do this in a transparent and fair way and share the results with everyone.
I only know of one case, outside the European Union, in Russia to be exact, where they've put a bounty of $100.000 or $150.000 9can't remember the exact amount) for whoever manages to crack Tor. This is under no circumstances reason to worry. Still there are many exit relays in Russia, so not even there Tor is illegal.
P.S. Not everything is illegal, except what is authorized and regulated by law. It's the other way around, anything is legal and permitted unless clearly prohibited by law. At least theoretically speaking :-)
You are right, the European Court ruled not to long ago in that matter. But since then, the german government at least wants to give the mass data storage another shot because they don't want to wait for a European Initiative any longer as they say. And no, thats not speculation as you can read here (german): http://spon.de/aer55 Just because the Eurooean Court ruled once it's not good forever. They just ruled that the system used before was against the law and as you can see different governments are trying to find ways around that. Im not sure though how serious some of these politicians are because in some countries (like UK) elections are coming up .... -- Sincerely yours / Sincères salutations / M.f.G. Sebastian Urbach ----------------------------------------- Religion is fundamentally opposed to everything I hold in veneration - courage, clear thinking, honesty, fairness, and, above all, love of the truth. ----------------------------------------- Henry Louis Mencken (1880 - 1956), American journalist, essayist, magazine editor, satirist and critic.
On Mon, Mar 9, 2015 at 7:17 AM, Sebastian Urbach <sebastian@urbach.org> wrote:
On March 9, 2015 7:17:20 AM oneofthem@riseup.net wrote:
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I don't think that we have something like that anywhere, sorry.
The only offered list is this one, afaik: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
From what i hear a few countries are starting to crack down on Tor or Encryption more generally and some are planning to do so in the near future. Hard to keep up with the changing laws.
You could create a user maintained wikitable of all countries in regard to line items of relavence to people in anonymizing networks, crypto, retention, etc.
On Mon, Mar 9, 2015 at 3:41 PM, grarpamp <grarpamp@gmail.com> wrote:
You could create a user maintained wikitable of all countries in regard to line items of relavence to people in anonymizing networks, crypto, retention, etc.
In fact, collaboration with researchers such as Koops to present the relavent info in such a more readily accessible format could be interesting. http://www.cryptolaw.org/
On Mon, 09 Mar 2015 06:16:25 +0000 oneofthem@riseup.net wrote:
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
Not exactly what you wanted, but this may be relevant: http://www.cryptolaw.org/
++ 09/03/15 06:16 +0000 - oneofthem@riseup.net:
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I can't really help you: I don't have the overview of Europe, nor I am a laywer. Having said that, in the Netherlands there would be two considerations to make when running an exit-relay. 1) Your provider may consider your use breaching their AUP. You may be held responsible by your provider for the traffic to the internet that is leaving your connection, even if in fact it is the traffic of others. So, if someone else using the Tor-network, is incidentally using your exit-node and is doing something your provider doesn't like (e.g. sending spam, doing hacking attempts), your provider may complain to you. As you are not in the position to stop this, your provider may disconnect you. However, there's this clause in the eCommerce directive stating that you can't held resonsible for what is leaving your connection if you are only relaying the information (provided you meet three criteria [1]). Whether this also applies to the operator of a Tor-node is unclear: it has never been tested in court. 2) The police may knock on your door and ask you to complain. If someone hacks into a computer while exiting the Tor-network using your relay, your IP-address would seem to be the source of the hack. It's not that unreasonable that the police would ask you to elaborate. This explains why you should never mix your own traffic with that of your exit-node. In the Netherlands, the police does know about Tor more and more. Consequently, the changes that the police will knocking at your door just before dawn is getting smaller and smaller. Most of the times, the police will be able to tell a exit-node is involved and instead will call you for a visit to the police station (to explain the situation). However, the police of course still needs to consider your involvement for a moment and so may make a different judgement in specific cases. To the best of my knowledge, the last time a house has been raided just because the IP-address of the Tor exit-node of the owner was the source of malicious traffic was a long time ago. More than six years ago. I have seen reports of people invited to the police station, but those invitations were much more friendly and mostly meant to get a statement on the exit-node the owner was running. If you do have a different experience, in the Netherlands, please let me know. I have written about this in Dutch: https://www.bof.nl/2014/12/17/juridische-risicos-van-het-draaien-van-een-tor... [1] You do no initiate the transmission, you do no select the receiver of the transmission and you do not select or modify the information contained in the transmission. -- Rejo Zenger E rejo@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J rejo@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF Signal 0507 A41B F4D6 5DB4 937D E8A1 29B6 AAA6 524F B68B 93D4 4C6E 8BAB 7C9E 17C9 FB28 03
In the UK: The darknet and online anonymity - POST Note Published 09 March 2015 It's a briefing from The Parliamentary Office of Science and Technology, mainly about Tor. http://www.parliament.uk/briefing-papers/POST-PN-488/the-darknet-and-online-... Jan
This is definitely a positive for the UK. One of many battles we could have easily lost to a conservative government pushing authoritarian policies. As long as it doesn't get pushed under the carpet this could help defend the cause of civil liberties. Here are two articles on it: http://bit.ly/199dQcI - The Daily Dot http://bbc.in/1xaP7d5 - BBC Technology On 10/03/15 10:02, Jan Reister wrote:
In the UK:
The darknet and online anonymity - POST Note Published 09 March 2015 It's a briefing from The Parliamentary Office of Science and Technology, mainly about Tor.
http://www.parliament.uk/briefing-papers/POST-PN-488/the-darknet-and-online-...
Jan _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Mar 09, 2015 at 06:16:25AM +0000, oneofthem@riseup.net wrote:
Hi,
Can someone point me to an overview of the different legal situations for running tor relays in European countries? I'm especially interested how the situation differs per country.
I'm from the luxembourgish tor operators organisation, Frënn vun der Ënn [0]. We asked a lawyer about the situation. The answer can be found in our wiki [1]. (Be aware it is french) We asked some questions: First of all, can we held reliable, when people are visiting illegal sites through one of our nodes. His answer was bascially not, as we are only operating as "proxy". In contrary to Google, we cannot held reliable, as we can't change the destination. Google can actively rank his links differently and so Google can be held liable, if users go to illegal sites, which they found on Google. We also asked if we need to store the IP-Addresses of users. We are not obligated to, as we are not an internet provider! And we don't have to store the information, to which site users go! I'm not a lawyer, so read for yourself and try to gather also other information. [0] http://enn.lu [1] http://wiki.enn.lu/doku.php?id=blog:legal_frame_of_our_organization Cheers, metalgamer
Best, John _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (15)
-
Aaron Gibson -
Corey Wood -
Dennis Fink -
grarpamp -
Jan Reister -
Linus Nordberg -
Markus Hitter -
Moritz Bartl -
oneofthem@riseup.net -
Rejo Zenger -
s7r -
Sebastian Urbach -
Stephen R Guglielmo -
Steve Snyder -
yl