[tor-talk] Risk of selectively enabling JavaScript

Michael Wolf mikewolf53 at gmail.com
Tue Jan 7 16:46:31 UTC 2014


On 1/7/2014 11:09 AM, Mark McCarron wrote:
> We're not discussing censorship, but the removal of potential exploitable data.  Its not a keyword system, it removes cookies, web bugs, adds jitter to timings, etc.  It can be disabled with a click.  
> 
> Regards,
> 
> Mark McCarron
> 

Tor exit nodes have to be completely blind for legal reasons.  The
moment they start inspecting or filtering out *any* type of content,
some government can pressure the Tor Project to filter out other
content.  I don't remember the specific legal terms, but inspecting or
filtering the data changes your status from being a simple network relay
to being a sort of content provider, and you can be held legally
responsible for any content that flows through your node at that point.

Jitter/timing could be done, since that would not require any inspection
or filtering.  However, IIRC, the amount of additional latency required
to make timing attacks non-trivial is far more than would be acceptable
to the typical user.  Someone who has studied this could give more insight.



More information about the tor-talk mailing list