TOR on Academic networks (problem)

Joseph Lorenzo Hall joehall at gmail.com
Tue May 16 23:09:08 UTC 2006 

we are essentially saying that it's impossible to do research with
anonymity tools in this kind of environment.  We have the benefit of
having a receptive ear amongst the security folks on campus who would
like to do away with IP-based authentication. -Joe

On 5/16/06, Watson Ladd <watsonbladd at gmail.com> wrote:
>
> On May 16, 2006, at 4:32 PM, Michael Holstein wrote:
>
> >> Specifically, we're arguing to various administrative and technical
> >> committees that the whole damn network shouldn't be trusted by
> >> services that we subscribe to... and instead, the proxy service that
> >> berkeleyites use to connect to library services off campus should be
> >> used on campus too (so that a much smaller segment of our network is
> >> "trusted").
> >
> > We actually already have this as well .. a proxy that allows
> > internal users to breeze through, and external ones to
> > authenticate. Why the journals think it fit to trust a /16 or
> > greater is beyond me.
> Are the on-campus proxies really necessary in that case?
> >
> > Problem is .. I don't think they'll buy the argument "you need to
> > change your way of doing things so I can offer an anonymous proxy
> > and not cause you problems". They'll just say "why run the proxy at
> > all?".
> >
> > For the short-term, I wrote a script that wgets the library's list
> > of subscriptions, and munges that to get the unique domain links,
> > and puts those into /etc/hosts with bogus addresses that are denied
> > by the exit policy (eg: 127.0.0.2 some.domain). Yes, I realize this
> > doesn't prevent access by IP, but if I can keep out 95% of the
> > miscreants, that's fine by me.
> >
> > I hate to break things on purpose, but I do have to dance around a
> > bit to keep this going.
> >
> > My biggest mistake perhaps was actually giving the library folks an
> > honest answer when they asked .. had I just said "oh .. I'll look
> > into that" and fixed it, they'd have happily gone away. Instead, I
> > sent them the boiler-plate response about TOR and they started
> > asking questions.
> >
> > Lesson learned : don't call TOR an "anonymous proxy". It's a
> > "privacy router designed to help the Chinese".
> Try making up some other excuse, like being able to track who is
> accessing journal articles and with what frequency.  I think that
> will work.
> >
> > /mike.
>
> "Those who would give up Essential Liberty to purchase a little
> Temporary Safety deserve neither  Liberty nor Safety."
> -- Benjamin Franklin
>
>
>
>


-- 
Joseph Lorenzo Hall
PhD Student, UC Berkeley, School of Information
<http://josephhall.org/>

More information about the tor-talk mailing list