TOR on Academic networks (problem)

Watson Ladd watsonbladd at gmail.com
Tue May 16 22:54:34 UTC 2006 

On May 16, 2006, at 4:32 PM, Michael Holstein wrote:

>> Specifically, we're arguing to various administrative and technical
>> committees that the whole damn network shouldn't be trusted by
>> services that we subscribe to... and instead, the proxy service that
>> berkeleyites use to connect to library services off campus should be
>> used on campus too (so that a much smaller segment of our network is
>> "trusted").
>
> We actually already have this as well .. a proxy that allows  
> internal users to breeze through, and external ones to  
> authenticate. Why the journals think it fit to trust a /16 or  
> greater is beyond me.
Are the on-campus proxies really necessary in that case?
>
> Problem is .. I don't think they'll buy the argument "you need to  
> change your way of doing things so I can offer an anonymous proxy  
> and not cause you problems". They'll just say "why run the proxy at  
> all?".
>
> For the short-term, I wrote a script that wgets the library's list  
> of subscriptions, and munges that to get the unique domain links,  
> and puts those into /etc/hosts with bogus addresses that are denied  
> by the exit policy (eg: 127.0.0.2 some.domain). Yes, I realize this  
> doesn't prevent access by IP, but if I can keep out 95% of the  
> miscreants, that's fine by me.
>
> I hate to break things on purpose, but I do have to dance around a  
> bit to keep this going.
>
> My biggest mistake perhaps was actually giving the library folks an  
> honest answer when they asked .. had I just said "oh .. I'll look  
> into that" and fixed it, they'd have happily gone away. Instead, I  
> sent them the boiler-plate response about TOR and they started  
> asking questions.
>
> Lesson learned : don't call TOR an "anonymous proxy". It's a  
> "privacy router designed to help the Chinese".
Try making up some other excuse, like being able to track who is  
accessing journal articles and with what frequency.  I think that  
will work.
>
> /mike.

"Those who would give up Essential Liberty to purchase a little  
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

More information about the tor-talk mailing list