Surveillance rules, feature suggestion

Eugen Leitl eugen at leitl.org
Sun Nov 25 20:47:33 UTC 2007


On Sun, Nov 25, 2007 at 08:19:26PM +0000, Smuggler wrote:

> Backbones etc. are excluded from the data retention laws. As well as any

Excluded by laws yet, but still monitored by TLAs. Yeah, I know,
it's not the threat model, but it still doesn't hurt to be pointed 
out now and then.

What about colos? I've asked Hetzner, and they said they're biding
their time, looking at what the whole industry does first. I guess
I'll ask them again in a year. Has anyone asked their ISPs yet?
Try to get an official position in writing, these telephone support
call assurances are usually worthless, and those "recorded for
training purposes" things just as easily erased.

> networks that are not available to the general public (like university

But as a middleman you're part of the infrastructure. As a judge/advocatus
diaboli, I would not be convinced that a relay station is excluded from legal
requirements for the connection info. I would be asking to why you think
you should be excluded from legal requirements. The exit nodes can be considered
customers, to whom you're offering telecommunications services, free of
charge.

> networks as well company networks).
> By having middleman-only nodes (or better, second hop only nodes) those
> would not be part of the "public" network but only infrastructure.

Why, you're still routing the evil packets. Let's say they have
obtained logs from an exit node, and you're the next hop. They want
your logs. You say you can't/won't log, so they cite you into court.
What's the maximum sentence? Up to 500 kEUR, and/or several years in jail?
Um, let's try to be really convincing here. If they want to get nasty,
a criminal record is your minimum. 

> That means that those nodes would not have to log at all. AND they wont
> be target to raids because those nodes would not be part of any records
> at all if all other nodes in the chain are also non-logging.

If the exit logs, or is otherwise monitored (ISP logs, or even TLAs
logs, or claims of such logs), and you're the next step in the chain, 
they'll come to you asking for logs.

> It would allow German operators to continue running Tor nodes (second
> hop only nodes) and other non-logging jurisdictions can provide entry
> and exit nodes. However some german node operators might choose to do
> entry/exit at their own risk.

I think the only safety is in larger numbers (reduces the fraction of
evil exits), and in increasing the number of hops in the circuit
(as a whole, broadband is getting faster, so adding a hop in two
years might not result in any performance penalty in comparison to
today), so logging becomes largely worthless.

Since I was probably not exactly clear with hints about disposable nodes: 
there are many rambling (industrial or federal) institutions, where 
accounting and documentation is very sloppy. It can become very difficult
and time-consuming to find a "rogue" host on the network, especially
if it is physically very small, and can be installed out of sight.
The ALIX boxes are quite optimal for that. Assuming you ever do any 
such evil deed, make sure you don't leave fingerprints and/or DNA on 
the device, and that the serial/MAC of the hardware can't be linked 
to you with the purchase. 

I would never do such a thing, of course. 

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE



More information about the tor-talk mailing list