relay tidbits...

[Kyle Williams]

On Mon, Jun 2, 2008 at 11:23 AM, Kyle Williams <kyle.kwilliams at gmail.com>
wrote:

>
>
> On Sun, Jun 1, 2008 at 4:44 PM, <phobos at freeshell.org> wrote:
>
>> On Sun, Jun 01, 2008 at 11:49:09PM +0100, luser456 at googlemail.com wrote
>> 1.2K bytes in 29 lines about:
>> > another reason is to provide a list of POP accounts (pop server IP and
>> > username, no password is captured) being accessed via tor, just in case
>> > any admins/users of these servers/accounts find it odd that they are
>> > being accessed over tor.
>>
>> If in the United States,
>> https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping
>> pertains to you.
>>
>
> "Should I snoop on the plaintext that exits through my Tor relay?<https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping>
>
> *No.* You may be technically capable of modifying the Tor source code or
> installing additional software to monitor or log plaintext that exits your
> node. However, Tor relay operators in the U.S. can create legal and possibly
> even criminal liability for themselves under state or federal wiretap laws
> if they affirmatively monitor, log, or disclose Tor users' communications,
> while non-U.S. operators may be subject to similar laws. Do not examine the
> contents of anyone's communications without first talking to a lawyer.
>
> "
> I just read that again, and I feel I must say a few words about this.
>
> First off, the facts.  Anyone who willing and knowingly sends their traffic
> to some random routers on the Internet (encrypted traffic or not) just
> waived their right to privacy. It is assumed that their traffic is protected
> by encryption, which brings back their privacy, but even that (Debian SSL
> bug) can come into question.  However, (s)he who uses Tor is still
> *INTENTIONALLY* sending what would be private to you and/or your ISP out to
> second and third parties.  To expect privacy when you are doing this is
> retarded, unless everything you do is using SSL (again, not Debian's
> derivative of SSL).  The best you are going to get is anonymity, but you
> gain anonymity by throwing away your privacy (in most cases, not all
> though).
>
> Second, I as a 'service provider', whether free to the public or not, do
> have the right to monitor what my service is being (ab)used for.  By sharing
> my bandwidth, which I pay for (NOT YOU), I have the right to say what is
> allowed and what is blocked.  As a Tor exit node, I get to choose which
> services (by port) I want to support.  As a service provider (in the USA), I
> have the right to watch *EVERYTHING* that goes through my service.  AT&T has
> done this, Comcast is hiring right now for people to do this, and the list
> goes on and on.  Where AT&T should be getting in trouble is they gave the
> information to second and third parties, but I'm not going into that here.
> The point is, as a service provider, you have the right to monitor your
> services to make sure that they are not being abused or used for anything
> which might be illegal.
>
> As for monitoring and logging my traffic, I have that right.  Now if I
> distribute those logs to other parties, then I should be in trouble.
> Here is a very real example that has happened in Germany.
> If someone used my node to make a bomb threat to local police, and the
> police come to my house to take my computers, a couple of things could
> happen.  But this is one possible take.
> If I told them "Wait a minute, I run this great anonymity software called
> Tor to help support people in oppressed countries, but I also logged
> everything just incase something like this happened.  Since I like you guys
> (the cops) so much, I'll give you guys full copies of my logs that I have
> been keeping record of since I started my node.  You do have a search
> warrent, right?"  I'm willing to bet that the (stupid) cops would be elated
> by your cooperation, not threatening to throw you in jail.  As it seems to
> be with all the data retention laws going into affect around the world, they
> would be very happy to have such a detailed level of co-operation.
>
> So to tell people that it "can create legal and possibly even criminal
> liability for themselves under state or federal wiretap laws if they
> affirmatively monitor, log, or disclose Tor users' communications" is a load
> of crap, in my opinion.  The disclosure part is the only place I see that
> would be crossing the line that would probably get you in trouble.
>
> After last years PoC at DefCon and talking with the EFF and FBI about it, I
> have a much different take on this.  The EFF attorney's were thinking worst
> case scenario, but the FBI agents laughed and basically said "be careful".
> I'm not in jail, nor was I ever arrested.  But at the same time, I didn't
> exposed people/groups/agencies/etc either.
>
> However the following weekend my house was broken into and someone
> obviously was looking for something I no longer had, but that's another
> story for another time.  (If that person(s) ever reads this, thanks for not
> breaking all my stuff and leaving everything in more or less the way you
> found it, minus your obvious calling card, which was kinda creepy and cool
> at the same time.)
>
> - Kyle
>

And just for the record, I choose not to run a Tor exit node because I have
seen first hand what types of filth it was being used for, and I don't
support that shit.
Seriously about %25 percent of my HTTP traffic was for porn...kiddy porn at
that....so I said "fuck that" and shut down my node a long, long time ago.

- Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080602/442f72f8/attachment.htm>