Suggestion: Many OR-ports would improve the network

Cat Okita cat at reptiles.org
Fri Jun 15 14:01:52 UTC 2007


On Fri, 15 Jun 2007, vikingserver at gmail.com wrote:
> Decentralized popular P2P with a wide variety of ports and
> "hubs/nodes/servers" are more successfull then Tor at helping persons in
> oppressed countries.

Let me ask a different question[0] - how do you think that "decentralized
popular P2P" helps people in oppressed countries?

> Tor has to become better in order to allow users in the whole world to
> reach every website in the world. But perhaps the goals is just to allow
> traffic in the western world from non restrictive networks?

I think you're mistaking my question here :)  There needs to be a balance
between privacy and freedom of access;  A piece of software that circumvents
any security checks that I've got in my environment is a great conduit
for incidents like the following[1]:

 	http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxo
nomyName=security&articleId=9024491

 	By Jaikumar Vijayan
 	June 12, 2007
 	Computerworld

 	A Pfizer Inc. employee who installed unauthorized file-sharing software
 	on a company laptop provided for use at her home has exposed the Social
 	Security numbers and other personal data belonging to about 17,000
 	current and former employees at the drug maker.

 	Of that group, about 15,700 individuals actually had their data accessed
 	and copied by an unknown number of persons on a peer-to-peer network,
 	the company said in letters sent to affected employees and to state
 	attorneys general alerting them of the breach.

I'd like to see some discussion around how privacy is preserved, and how
Tor continues to be a Good Thing (tm) for those of us that are in the
position of justifying why Tor should be allowed -for business reasons-,
rather than feel good reasons.

cheers!
[0] Yes, seriously - I don't know what your definition of "help" is...
[1] I'm aware that Tor isn't p2p file sharing software - but when Tor
takes on similar characteristics to p2p software, the results from the 
point of view of many infosec folk aren't that different.

> Cat Okita skrev:
>> On Thu, 14 Jun 2007, Nick Mathewson wrote:
>>> On Sat, Jun 09, 2007 at 03:28:09PM +0200, vikingserver at gmail.com wrote:
>>>> Is there a plan for TOR servers to be able to announce several OR-ports
>>>> and DIR-ports?
>>>
>>> There sorta is.  It's been a "nice-to-have" for a while, and I think
>>> it's a good idea.  Somebody should specify and implement it.  If
>>> there's a decent spec and patch on an 0.2.0.x timeframe, I'd love to
>>> check it in.
>>>
>>> Here's what would need to be in the proposal:
>>>
>>>  - Some way to configure which address:port combinations to listen
>>>    on, and/or which to advertise.
>>
>> I'd also like to see some discussion of the effect this is likely to have
>> in environments that need to ban or limit Tor.  Speaking only for
>> myself, in an environment where I need to keep a lid on Tor usage,
>> having to chase port settings around makes it more likely that I'm
>> going to
>> move from limiting Tor to just plain banning it.
>>
>> cheers!
>> ==========================================================================
>>
>> "A cat spends her life conflicted between a deep, passionate and profound
>> desire for fish and an equally deep, passionate and profound desire to
>> avoid getting wet.  This is the defining metaphor of my life right now."
>>
>

==========================================================================
"A cat spends her life conflicted between a deep, passionate and profound
desire for fish and an equally deep, passionate and profound desire to
avoid getting wet.  This is the defining metaphor of my life right now."



More information about the tor-dev mailing list