More GSoC Ideas

Fri Mar 21 20:09:52 UTC 2008

I didn't expect a very warm response, glad to see I wasn't disappointed!

On Fri, Mar 21, 2008 at 2:32 PM, Ben Wilhelm <zorba-tor at pavlovian.net> wrote:
>
>  Various comments on these, regarding why some of these are dubious ideas:
>
>
>  >   A. I had at least one connection to legal-preteen.com. I am willing
>  > to take some chances of getting into trouble with the law for the sake
>  > of avoiding internet censoship, but not to that end. Child pornography
>  > and The Great Firewall of China are two completely separate things.
>
>  You will never, ever, ever block all child porn websites. It's simply
>  impossible. To make things worse, in the US there's at least some
>  possibility that filtering things by content leaves you open for
>  lawsuits based on what you didn't filter - meaning that blocking child
>  porn websites might leave you liable for the ones you missed. From a
>  purely PR perspective, people might also argue "well, he clearly knew
>  child porn was being viewed through his server, and he kept his srever
>  up! Burn him, he's a witch!"
>
I don't expect to ever block all such traffic.

>
>  >   B. I've had to block Google because my roomates were getting the
>  > nasty "this might be spyware" page and weren't all too happy about
>  > that.
>
>  I don't really have a problem with this one :) (Although if you can get
>  a second IP from your ISP, this can be solved neatly - I have all Tor
>  traffic going through its own special IP. Still, this is often impractical.)
>
I can't even get a static IP without being nickeled and dimed to death.

>  >   C. I've blocked The Pirate Bay, and when I have time, will block
>  > other such sites. (See idea 2). If operators want to let tor users go
>  > through to those sites that's fine, I don't even care all that much
>  > except that I think the limited tor bandwidth can go to better uses.
>
>  The Pirate Bay itself uses extraordinarily little bandwidth, and to my
>  knowledge nobody has ever been prosecuted for downloading .torrent
>  files. The actual process of running the torrent doesn't necessarily
>  even touch TPB (what with distributed hash tables and the like) and even
>  the parts that do touch TPB use a minimal amount of bandwidth.
>  Essentially, this doesn't do what you might think it does.
>

Yeah, I don't care much about the .torrent files because they are so
small. It just makes it a little bit harder for them to start running
a torrent through my server in the first place.

>
>  > 2. On *nix systems, make it easy for snort to filter out tor traffic
>  > on a protocol level. I realize there are plenty of legal uses for
>  > BitTorrent, Gnutella, etc., but most of them do not require anonymity
>  > in a strong sense. That is, they can get the same content through http
>  > (most of the time) anyway, and downloading a Linux distribution (or
>  > whatever) won't be flagged by most governments/agencies/whatever. It's
>  > my bandwidth, I have the right to let *others'* use it as I see fit.
>
>  First off, it's nearly impossible to make Tor capable of filtering on
>  this sort of a level - the Tor client simply doesn't know what kind of
>  traffic may be sent through it until the connection is already made, and
>  thus it can't possibly avoid servers that disallow certain protocols.
>  The only thing you could do here is sever connections as soon as you
>  determine that it's the "wrong type" and this obviously has severe
>  usability implications.
>
>  Second, an increasing number of protocols are encrypted, thanks to the
>  efforts of Verizon and co - I certainly turn on encryption on my
>  bittorrent client whenever I use it, and I don't even use it to download
>  illegal stuff. Obviously anything encrypted will pass straight through
>  your clever protocol filter.

Not looking for perfection, and not looking for *tor* to do any
filtering (in either of the cases I described), programs such as snort
and squid can be configured to do just that, but it's not easy.

>  > However, the last thing my parents
>  > need is the FBI knocking on their door wondering why they are visiting
>  > legal-preteen.com.
>
>  I think they may be even more irritated when you assure them that
>  legal-preteen.com is blocked, and then the FBI shows up wanting to know
>  why they're visiting hot-hot-hot-15-and-under.com :)
>

Indeed!

>  -Ben
>
>

I am not looking for perfection in any of this. Tor is not perfect, it
isn't even made to be (every time I start up my server it reminds me
not to rely on it for "strong anonymity." I am looking at changing
*probabilities*. If running an exit node is perceived as "safer" for
more people, it might be easier to get non-techies/geeks to run (exit)
nodes.

I'd love to see the idea at least discussed (if somewhat informally)
before simple dismissal.

-madjon

-- 
madjon at gmail.com