[tor-talk] Did we decide about bad exits ? Where does bittorrent fall ?

Jacob Appelbaum jacob at appelbaum.net
Fri Dec 16 08:48:05 UTC 2011

On 12/15/2011 12:10 PM, intrigeri wrote:
> Hi,
> Andrew Lewman wrote (15 Dec 2011 17:53:59 GMT) :
>> There are completely legitimate uses of bittorrent over Tor.
>> I've talked to people who want to get their ISO of Fedora or Ubuntu
>> from outside their country, so they bt over tor to do so.
> We've been refusing to include a BitTorrent client in Tails since the
> beginning due to some kind of common sense that was telling us it
> would harm the Tor network.

I'm not clear that it will harm the network if Tails includes a
BitTorrent client. I think that the harm comes when someone runs a few
seeding boxes through Tor and doesn't bother to add any capacity to the
network at all.

> Recently, we've been asked again -supposedly by a prominent member of
> the Tor community- to include Transmission; the request was sent with
> an offer to audit this piece of software for safeness in Tails usecase.

It seems like Transmission is a fine torrent client. On second thought,
I'd want to see what possible clients are written in Python or another
"safer" language. One challenge is that any security bug, and certainly
memory corruption bugs in C programs, may become an anonymity bug rather
quickly. So an audit is really two tasks - the first is to see if it's
proxy aware/obedient and the second is that the code base is generally
sanely written.

> This, added to reading this thread, makes me doubtful.
> What do you think? Shall we include a (carefully audited) BitTorrent
> client in Tails?

I think that you should do so if only to ensure that Tails is
need/intention complete. It's going to be a great day when someone can
easily and simply anonymize their entire computing experience without
needing to learn if they shot themselves in the foot, etc.

Speaking of which - did you see my recent list of tails comments?

All the best,

More information about the tor-talk mailing list