German data rentention law

Sat Oct 18 11:46:26 UTC 2008

Good overview Karsten, thanks.

Tor developers: I demand to ban all german tor server per /1/1/2009 from the tor network. Don' t trust the german regulators.

country.sh

#!/bin/sh

# Set one or another, but not both, alphabetical order plz:
#COUNTRIES_TO_REJECT="CN|FR|GB|HK"; # Those countries will be rejected.
COUNTRIES_TO_ACCEPT="AR|US"; # All other countries will be rejected, those only will be accepted.

# Where to find a routers list:
ROUTERS="http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1";

# Location of your torrc file:
TORRC=/etc/tor/torrc

# Command to reload your torrc:
RELOAD="/etc/init.d/tor restart"

####  No need to modify nothing after this line ####

set -e

LOCRC=".tmp_torrc"
LOCROUT=".routers.txt"

test -z $TORRC && exit 0

# create a backup of the torrc file
cp $TORRC ${LOCRC}.bak

# Remove ExcludeNodes line from torrc
cat $TORRC | grep -vi Excludenodes > $LOCRC

# Download routers list.
wget -O $LOCROUT $ROUTERS || exit 0

# Write list of actual countries to a text file for reference
file=Countries.txt
echo -n "Countries " > $file
for i in `cat $LOCROUT | cut -f 1 -d " "| grep -v Tor | sort -u`; do
    echo -n "$i " >> $file
done

file=$LOCRC
echo -n "ExcludeNodes " >> $file
if [ "$COUNTRIES_TO_ACCEPT" != "" ]; then
    for i in `cat $LOCROUT | egrep -v "^($COUNTRIES_TO_ACCEPT)" | cut -f 2 \
-d " " | egrep -v "^(\[|Network)" | sed s/*//`; do
        echo -n "$i, " >> $file
    done
elif [ "$COUNTRIES_TO_REJECT" != "" ]; then
    for i in `cat $LOCROUT | egrep "^($COUNTRIES_TO_REJECT)" | cut -f 2 -d \
" " | egrep -v "^\[" | sed s/*//`; do
        echo -n "$i, " >> $file
    done
else exit 0
fi
echo finished >> $file

cp $LOCRC $TORRC

# Have Tor to reload its config
$RELOAD

Regards
-dieter

--- On Sat, 10/18/08, Karsten N. <tor-admin at privacyfoundation.de> wrote:
From: Karsten N. <tor-admin at privacyfoundation.de>
Subject: German data rentention law
To: or-talk at freehaven.net
Date: Saturday, October 18, 2008, 1:49 AM

Hi,

I. part: A short overview about the data rentention law in Germany.

  1: ISPs have to log the start and end of a user dial-in with
     time stamp and IP address. They have not to log any content.

  2: Public provider of electronic mail have to log all connections of
     users with time stamp, IP address, login account and the email
     addresses of sender and recipient for every mail (send and
     receive).

  3: VoIP provider have to log all connections with timestamp,
     IP address and phone number of caller and recipient.

  4: Fon and mobile fon provider have to log all connections and
     tries with timestamp, phone number and location.

  5: Anon services have to log the rewrite of any information, which
     will be logged by a third party. (Thats all, not very clear.)

At the moment, it seems not clear, how tor is affected by this law.
I read some papers from the gouverment: "An anon service (like tor or
JAP) has to log, because the law will be useless otherwise."

Some papers of non-gouverment organizations like ULD: "Tor and JAP are
not affected by the telecommunication law, because it is not a
telecommunication service (in the case of law) and tor nodes have NOT
to log."

Together with the JonDos GmbH (JAP) the GPF try to get a legal
non-logging solution for tor, but the result is open and we are late.
(May be too late?)

II. part: suggestion of a technical solution

May be, tor can use geoip and divide the world in a logging area and a
non-logging area. If the target host is inside the logging area
(Germany), the exit node has to be outside. Otherwise a german node
can be an exit too.

In this case, we have two possibilities:

  1: the target host is outside the logging area -> no logging

  2: the target host is inside the logging area -> the exit is
     outside and writes no logs -> an german entry or middle man
     has to log nothing, because it routes to a not logging exit.

Because not all clients will update to a new version very quickly,
we need a feature for german exit nodes to reject all routes from old
clients, when the node is the exit of the route.

Or, if it was more simple for the developer, a feature for exit nodes
to define a country (based on geoip) to reject all exit routes. If all
german relays used this feature, it may work.

Otherwise, all german nodes have to switch to middle man.

It is only one suggestion, not the really best solution.

Karsten N.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081018/ad54750f/attachment.htm>