[tor-talk] Automatic vulnerability scanning of Tor Network?

Justin Aplin japlin at gmail.com
Thu Dec 22 02:59:08 UTC 2011

On Dec 20, 2011, at 6:52 PM, Mike Damm wrote:

> On Dec 20, 2011, at 2:54 PM, "Chris" <tmail299 at errtech.com> wrote:
>>>> Security trough obscurity doesn't scale, so what' the problem?
>>> The problem is that I don't know you, I don't know your intentions,
>>> and I haven't given you permission to do a security audit, free or
>>> otherwise, on my machine.  You need to GET PERMISSION FIRST or you're
>>> behaving exactly like those "Tor unfriendly person" you mentioned.
>> What are the ethics of the Internet?  
> A smart man once said "be conservative in what you do, be liberal in what you accept from others."

While I totally get both sides of this argument *in theory*, all of this sounds a lot to me like getting pissed off about someone ringing your doorbell because they didn't mail you an opt-in form first. Certainly I'd be pissed if someone decided to test my home security by trying to jimmy a lock or force a door (or even going around seeing if any doors are unlocked, despite that being my own bad), but if I'm going to provide a service (tor/doorbell) it has to be expected that occasionally someone unexpected is going to use it, whether this is a pleasant surprise (girl-scouts/friendly-researcher) or a hell of an annoyance (traveling-salesman/malicious-hacker).

/contrived analogy

At any rate, since you've found that your view of ethics clearly does not match many others' on the internet, and have since taken your node(s) down, why is this still an issue?

Mike's advice is really the best way to go here.

~Justin Aplin

More information about the tor-talk mailing list