Some legal trouble with TOR in France

glymr glymr_darkmoon at
Mon May 15 04:11:15 UTC 2006

Hash: RIPEMD160

I personally have stopped trying to use tor because latency has gone far
beyond my patience. Something needs to be done about tor's bandwidth
capability. Of course more bandwidth will mean more users... and I have
said this before and I will say it again - Tor needs to run a minimal
server capability by default, even a 2kb/s, and no more of this
middleman only business, the more people doing it, the less isolated
those who get targeted become, and the greater the pool of possible

I think it's a classic example of an opportunity for 'free riders' that
tor not being a pure p2p application that there is this bandwidth
problem, and this also makes those who have the intestinal fortitude to
run servers, especially exit nodes, have a much greater risk of getting
caught up in a legal problem. IMHO, the concept of middlemen nodes and
client-only connections needs to be done away with because it decreases
the 'lost in the crowd' solidarity that really SHOULD be a part of the
tor philosophy, I think there is a little too much pandering to the
lowest common denominator.

If those bad guys, eg terrorists and child pornographers, were not able
to use the tor network for risk of being caught in a legal problem
originating from an entirely different bad guy that would be better for
everyone. This would be simple to implement too, as a peer verification.
Before a node would accept traffic from another node, it would look up
the node's ip address in the directory, if it didn't find it, it would
refuse to carry traffic for it, and as a second test, it would attempt
to push a test packet through the node in a double-back loop (onion
route via a second known good node back to itself)... And to add more to
this, a peer-bandwidth reporting system, where nodes measure the traffic
they send through each different node, and report this back to the
servers (as opposed to self-reporting) and this would further make the
process of using tor without exposing yourself to some other bad guy's

Now I know that this would probably rattle a lot of people but we must
be serious about this. If you really care about your legal safety and
the anonymity of the network, you should be contributing, even if only
enough to permit half of a 56k dialup connection (ie 1-2kb/s) to relay
traffic. The random hop length is also a very good idea, I don't think
that random delays are neccessary, this is naturally introduced by
random hop lengths. Having the nodes construct a big number of circuit
paths would be good too, every http object request, for example, could
be sent out on a different circuit which may or may not be a different
length, it would certainly make the global adversary much more work to
try and track the endpoints. Another side point is that this reinforces
the value of such detachable persisting stream protocols as silc, which
allow the user to close the stream and reestablish it transparently.

my 2c


Ringo Kamens wrote:
> Also, they can put you on grand jury and give you obstruction of justice
> for refusing to talk.
> On 5/14/06, *Eric H. Jung* <eric.jung at
> <mailto:eric.jung at>> wrote:
>     Mike,
>     I don't have the time to respond to all the points of your email except
>     the first/
>     Federal Contempt of Court
>     "Although there is no statutory maximum limit regulating the amount of
>     time a contemnor can be ordered to spend in confinement (United States
>     v. Carpenter, 91 F.3d 1282, 1283 (9th Cir. 1996)), the requirement that
>     a jury trial be granted in criminal contempt cases involving sentences
>     over six months in jail acts as a check on this power." 67-79
>     --- Mike Perry <mikepery at <mailto:mikepery at>> wrote:
>     > Thus spake Eric H. Jung ( eric.jung at
>     <mailto:eric.jung at>):
>     >
>     > > > Tony's point was that you could arrange not to have the
>     > > authentication
>     > > > tokens anymore. You better hope they believe you when you say you
>     > > > don't have it, though.
>     > >
>     > > >Not having the authentication tokens counts as refusing to
>     > surrender
>     > > >them.
>     > >
>     > > Per US law, if a judge subpoenas you to hand them over and you
>     > refuse
>     > > and/or remain silent, it means indefinite jail time (until you hand
>     > > over the tokens) and/or fines.
>     >
>     > Where is your source on this? As I understand it, there are a few
>     > fundamental principles of the US legal system that should render this
>     > statement completely false. One is Habeas Corpus.. You can't just
>     > throw someone in jail indefinitely without a criminal charge and a
>     > trial.
>     >
>     > Though it seems Bush&Co are violating it with "enemy combatant"
>     > charges, I do not think they have the political power (at least
>     > anymore) to name an anonymity provider as an "enemy combatant"
>     > (especially if they are a natural born US citizen). The same applies
>     > to the 72 hour warrant deal, at least as far as I can tell from
>     >
>     >
>     > Second, if it is a criminal charge, you are not under any obligation
>     > to testify against yourself in a criminal court of law (5th
>     > ammendment). There are various exceptions to this, main one being if
>     > you are not the person charged of the crime (though I think you can
>     > still claim that such testimony may incriminate you for unrelated
>     > matters). I suppose it could also be argued that the passphrase does
>     > not count as testimony, but it sure seems like it is.
>     >
>     > Finally, some googling on subpoena compliance seems to indicate that
>     > punishment for subpoena non-compliance is 'contempt of court' charge
>     > and fines.
>     >
>     >
>     >
>     > That page advises you not to answer any subpoenas without challenging
>     > them first, among other things (ie one state's court cannot usually
>     > subpoena someone from another state). Contempt of court charges for
>     > non-compliance may be repeated, but any contempt law I can find on
>     > the web has some form of maximum limit. The longest I've seen so far
>     > is North Carolina, which is a max of 1yr in 90 day increments:
>     >
>     >
>     >
>     > Also, dunno how accurate it is, but Wikipedia seems to claim that the
>     > key disclosure provisions of the RIPA (Part III) are not yet in force
>     > in the UK:
>     >
>     >
>     <>
>     >
>     >
>     >
>     >
>     > We seriously have to watch our paranoia on this one. This is one of
>     > those situations that if we believe we have no rights, it will be
>     > very
>     > easy to knock us over, simply by playing off our fears and demanding
>     > keys without any legitimate basis to do so.
>     >
>     > If any Tor operator is arrested/detained in the US, they would do
>     > well
>     > to refuse to surrender any passphrase until they are actually in
>     > court
>     > and ordered to do so by a Judge (and then only after voicing protest,
>     > to allow for clear appeal to a higher court). Cops will probably just
>     > lie to you and try to convince you that you are required on the spot.
>     > Ask for a lawyer immediately.
>     >
>     > This is not just to protect the Tor network either. With computer
>     > laws
>     > as crazy as they are, and with the IPPA coming down the road, soon
>     > simply having something like an Open Source DVD player or archiver on
>     > your machine will be enough to land you in jail for a while, if it's
>     > not already...
>     >
>     > --
>     > Mike Perry
>     > Mad Computer Scientist
>     > <> evil labs
>     >

Version: GnuPG v1.4.3 (MingW32)


More information about the tor-talk mailing list