relay tidbits...

phobos at rootme.org phobos at rootme.org
Wed Jun 4 16:25:58 UTC 2008


On Tue, Jun 03, 2008 at 10:44:00PM -0700, kyle.kwilliams at gmail.com wrote 3.1K bytes in 67 lines about:
: phobos at freeshell.org wrote:

Another phobos, hi.

: If Tor operators were protected by law, I would run a dozen Tor nodes. 
: However, that is not the case in this day and age.

I believe Tor operators are prorected by US law.  In fact, we have a FAQ
about this, https://www.torproject.org/eff/tor-legal-faq.html.en.

: Oh, I encourage people all the time to use Tor, but along with that I 
: encourage them to be secure and use the best Tor implementation 
: possible.  I don't want my friends and family being affected by some new 
: bug.

My interpretation of what you said, and apparently others as well, was
that you were telling everyone Tor is too risky and therefore people
shouldn't be running nodes.  As for bugs, sure, bugs exist.  They exist
in everything.  My car has a bug where the cruise control won't disable,
so stepping on the brakes to stop results in a surprising outcome.  I'm
sure some bugs exist in Tor, too.  Good privacy and anonymity practices
online help mitigate the effects of bugs in Tor (and firefox and
torbutton, and remote sites).

: get a patch out.  By adapting Tor in layer 3 or layer 1 of the OSI 
: model, or by putting into a completely separate OSI environment (VM), we 
: can reduce the surface area of attacks on our anonymity from 0-days 
: dramatically.

We're happy to accept patches. ;)

: And for the record, I do fight for anonymity online by providing the 
: most secure and 0-day resistant Tor implementation out there.  Likewise, 
: I've contributed my fair share of security bugs to Mike Perry, Roger, 
: and Nick in a responsible manner.
:
: I'm starting to feel like the anti-hero of Tor.  I change my views from 
: full disclosure to responsible disclosure.  I've helped in projects of 
: others.  I've given Roger my honest opinion when he asks for it.  I've 
: given away free software that is way more secure than all the other 
: implementations out there.

This is great.  I encourage you to continue to do these things.

: <sarcasm with an angry tone>
: WHAT THE FUCK MORE DO YOU WANT FROM ME?! Another 0-day?!
: </sarcasm with an angry tone>



More information about the tor-talk mailing list