relay tidbits...
Kyle Williams
kyle.kwilliams at gmail.com
Wed Jun 4 05:44:00 UTC 2008
phobos at freeshell.org wrote:
> On Tue, Jun 03, 2008 at 03:41:26PM -0700, kyle.kwilliams at gmail.com wrote 6.1K bytes in 130 lines about:
> : > I wonder if he's in the United States? If so, he could face serious
> : > legal problems by having relayed child porn, and knowing about it
> : > (instead of keeping his nose out, as a node operator always should).
>
> Under Section 230 of the CDA, Tor should be protected as a provider of
> an interactive computer service. As there hasn't been a court case,
> that I know of, this is unproven at this point. There is plenty of
> precedent to support this conclusion, however.
>
> http://en.wikipedia.org/wiki/Section_230_of_the_Communications_Decency_Act
>
If Tor operators were protected by law, I would run a dozen Tor nodes.
However, that is not the case in this day and age.
> : I would rather know the truth and be able to make a decision about what I
> : want to support than be blind sided by cops randomly showing up at my house
> : claiming I did something bad and taking all my stuff.
> :
> : Recall the gentlemen from Germany that went through a huge amount of
> : bullshit because someone abused his node.
> : I don't want to be that guy.
>
> And this is the classic "chilling effect". If you don't want Tor to
> exist in the world, harass those that do by arrest and confiscation. I
> believe in the incidents in Germany, every node operator was found not
> guilty and in most cases, their computers were returned.
>
> If you personally don't want to fight for online anonymity, that's fine.
> I hope you won't discourage those that do.
>
Oh, I encourage people all the time to use Tor, but along with that I
encourage them to be secure and use the best Tor implementation
possible. I don't want my friends and family being affected by some new
bug.
Perhaps it is time for people to step back and realize what I've said
for awhile now. Fighting vulnerabilities in Layer 7 of the OSI model
will always be a reactive situation to new 0-days. We you are in a
reactive situation to a 0-day, you've already lost and must scramble to
get a patch out. By adapting Tor in layer 3 or layer 1 of the OSI
model, or by putting into a completely separate OSI environment (VM), we
can reduce the surface area of attacks on our anonymity from 0-days
dramatically.
My old boss taught me a valuable lesson: Work smarter, not harder.
And for the record, I do fight for anonymity online by providing the
most secure and 0-day resistant Tor implementation out there. Likewise,
I've contributed my fair share of security bugs to Mike Perry, Roger,
and Nick in a responsible manner.
So to say that I "personally don't want to fight for online anonymity",
is fucking bullshit.
I'm starting to feel like the anti-hero of Tor. I change my views from
full disclosure to responsible disclosure. I've helped in projects of
others. I've given Roger my honest opinion when he asks for it. I've
given away free software that is way more secure than all the other
implementations out there.
<sarcasm with an angry tone>
WHAT THE FUCK MORE DO YOU WANT FROM ME?! Another 0-day?!
</sarcasm with an angry tone>
More information about the tor-talk
mailing list