Suggestion: Many OR-ports would improve the network

[Paul Syverson]

On Fri, Jun 15, 2007 at 10:01:52AM -0400, Cat Okita wrote:
> 
> I'd like to see some discussion around how privacy is preserved, and how
> Tor continues to be a Good Thing (tm) for those of us that are in the
> position of justifying why Tor should be allowed -for business reasons-,
> rather than feel good reasons.
> 

Amen to most of what you said about tradeoffs. An assumption that I
think is hidden behind this debate is the environment. There is a
difference between a country/an ISP user base/a research institution
and a corporation/a government enclave/etc. 

Designing Tor to get clients past restrictions (firewalls, etc.) that
keep them from the Tor network is not incompatible with its authorized
use in restricted environments.

One must decide what sort of environment one has however. Letting
people pretty much run whatever they want unless it is identified as
bad in a closed environment is a bit like using SSNs (SINs for Cat ;>)
as authorization tokens. It's a fine to permit this if your job is to
generally give people access to the world, but if you are letting them
do that on systems that are meant to protect sensitive or critical
data and services then you are just asking for trouble irrespective
of Tor.

There are plenty of legit reasons to run Tor both from a desktop and
from a firewall (i.e., traffic runs over Tor outside the firewall and
is as visible as it would otherwise be to admins inside). These have
been extensively discussed before, but to name a few: Firewall
configurations protect corporate communications from competitive
intelligence and other surveillance, desktop configurations provide
compartmentalization of trust and defense in depth, either can help
protect road warriors from targeting for intelligence or worse.

aloha,
Paul