TOR on Academic networks (problem)

Watson Ladd watsonbladd at gmail.com
Tue May 16 23:33:53 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 16, 2006, at 7:09 PM, Joseph Lorenzo Hall wrote:

> we are essentially saying that it's impossible to do research with
> anonymity tools in this kind of environment.  We have the benefit of
> having a receptive ear amongst the security folks on campus who would
> like to do away with IP-based authentication. -Joe
So how does trusting 1 IP eliminate IP based authentication?
>
> On 5/16/06, Watson Ladd <watsonbladd at gmail.com> wrote:
>>
>> On May 16, 2006, at 4:32 PM, Michael Holstein wrote:
>>
>> >> Specifically, we're arguing to various administrative and  
>> technical
>> >> committees that the whole damn network shouldn't be trusted by
>> >> services that we subscribe to... and instead, the proxy service  
>> that
>> >> berkeleyites use to connect to library services off campus  
>> should be
>> >> used on campus too (so that a much smaller segment of our  
>> network is
>> >> "trusted").
>> >
>> > We actually already have this as well .. a proxy that allows
>> > internal users to breeze through, and external ones to
>> > authenticate. Why the journals think it fit to trust a /16 or
>> > greater is beyond me.
>> Are the on-campus proxies really necessary in that case?
>> >
>> > Problem is .. I don't think they'll buy the argument "you need to
>> > change your way of doing things so I can offer an anonymous proxy
>> > and not cause you problems". They'll just say "why run the proxy at
>> > all?".
>> >
>> > For the short-term, I wrote a script that wgets the library's list
>> > of subscriptions, and munges that to get the unique domain links,
>> > and puts those into /etc/hosts with bogus addresses that are denied
>> > by the exit policy (eg: 127.0.0.2 some.domain). Yes, I realize this
>> > doesn't prevent access by IP, but if I can keep out 95% of the
>> > miscreants, that's fine by me.
>> >
>> > I hate to break things on purpose, but I do have to dance around a
>> > bit to keep this going.
>> >
>> > My biggest mistake perhaps was actually giving the library folks an
>> > honest answer when they asked .. had I just said "oh .. I'll look
>> > into that" and fixed it, they'd have happily gone away. Instead, I
>> > sent them the boiler-plate response about TOR and they started
>> > asking questions.
>> >
>> > Lesson learned : don't call TOR an "anonymous proxy". It's a
>> > "privacy router designed to help the Chinese".
>> Try making up some other excuse, like being able to track who is
>> accessing journal articles and with what frequency.  I think that
>> will work.
>> >
>> > /mike.
>>
>> "Those who would give up Essential Liberty to purchase a little
>> Temporary Safety deserve neither  Liberty nor Safety."
>> -- Benjamin Franklin
>>
>>
>>
>>
>
>
> -- 
> Joseph Lorenzo Hall
> PhD Student, UC Berkeley, School of Information
> <http://josephhall.org/>

Sincerely,
Watson Ladd
- ---
"Those who would give up Essential Liberty to purchase a little  
Temporary Safety deserve neither  Liberty nor Safety."
- -- Benjamin Franklin 


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFEamFhGV+aWVfIlEMRApSIAJ0QzEAZVU7fG91VioGm31QhGHVsKACgo08a
fEDg5eH3ySWs9d84CWhMuCI=
=rHSh
-----END PGP SIGNATURE-----

More information about the tor-talk mailing list