relay tidbits...

Kyle Williams kyle.kwilliams at gmail.com
Wed Jun 4 05:44:00 UTC 2008


phobos at freeshell.org wrote:
> On Tue, Jun 03, 2008 at 03:41:26PM -0700, kyle.kwilliams at gmail.com wrote 6.1K bytes in 130 lines about:
> : > I wonder if he's in the United States? If so, he could face serious
> : > legal problems by having relayed child porn, and knowing about it
> : > (instead of keeping his nose out, as a node operator always should).
> 
> Under Section 230 of the CDA, Tor should be protected as a provider of
> an interactive computer service.  As there hasn't been a court case,
> that I know of, this is unproven at this point.  There is plenty of
> precedent to support this conclusion, however.
> 
> http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
> 

If Tor operators were protected by law, I would run a dozen Tor nodes. 
However, that is not the case in this day and age.

> : I would rather know the truth and be able to make a decision about what I
> : want to support than be blind sided by cops randomly showing up at my house
> : claiming I did something bad and taking all my stuff.
> : 
> : Recall the gentlemen from Germany that went through a huge amount of
> : bullshit because someone abused his node.
> : I don't want to be that guy.
> 
> And this is the classic "chilling effect".  If you don't want Tor to
> exist in the world, harass those that do by arrest and confiscation.  I
> believe in the incidents in Germany, every node operator was found not
> guilty and in most cases, their computers were returned.  
> 
> If you personally don't want to fight for online anonymity, that's fine.
> I hope you won't discourage those that do.
> 

Oh, I encourage people all the time to use Tor, but along with that I 
encourage them to be secure and use the best Tor implementation 
possible.  I don't want my friends and family being affected by some new 
bug.

Perhaps it is time for people to step back and realize what I've said 
for awhile now. Fighting vulnerabilities in Layer 7 of the OSI model 
will always be a reactive situation to new 0-days. We you are in a 
reactive situation to a 0-day, you've already lost and must scramble to 
get a patch out.  By adapting Tor in layer 3 or layer 1 of the OSI 
model, or by putting into a completely separate OSI environment (VM), we 
can reduce the surface area of attacks on our anonymity from 0-days 
dramatically.

My old boss taught me a valuable lesson: Work smarter, not harder.

And for the record, I do fight for anonymity online by providing the 
most secure and 0-day resistant Tor implementation out there.  Likewise, 
I've contributed my fair share of security bugs to Mike Perry, Roger, 
and Nick in a responsible manner.

So to say that I "personally don't want to fight for online anonymity", 
is fucking bullshit.

I'm starting to feel like the anti-hero of Tor.  I change my views from 
full disclosure to responsible disclosure.  I've helped in projects of 
others.  I've given Roger my honest opinion when he asks for it.  I've 
given away free software that is way more secure than all the other 
implementations out there.

<sarcasm with an angry tone>
WHAT THE FUCK MORE DO YOU WANT FROM ME?! Another 0-day?!
</sarcasm with an angry tone>



More information about the tor-talk mailing list