[tor-talk] Legal or not on monitoring traffic at a Tor exit?

Roger Dingledine arma at mit.edu
Mon Oct 24 02:56:16 UTC 2011


On Sun, Oct 23, 2011 at 10:18:41PM -0400, Xinwen Fu wrote:
> I'm just asking the legal liability of running Tor exits and making it
> clear. I don't bother with modifying somebody's traffic.
> 
> Basically, you are saying once we run exits, the computers are not our own
> computers any more:
> 
> Tor exit operators == ISP, from the perspective of laws.
> 
> What if somebody attacks my computer running a Tor exit via Tor? I have to
> call police since I cannot check the content of the attack traffic?

The issue as I understand it is that when you are not an endpoint of
the Tor flows (meaning they go from some Tor user to some destination
like a website), looking at the content of the flows is wiretapping.

If you are the endpoint of one of the flows, then you can look at the
content of that flow (but still not at the content of other flows).

As Greg said, I'd suggest you read the legal faq. I'd be happy to
introduce you to some lawyers who can help explain further details. Paul
Ohm (Colorado) and Marcia Hofmann (EFF) come to mind.

There was also a panel at PETS this year on the ethics of research on
the Tor network. Eventually some notes from it will find their way onto
the wiki, but consensus results for researchers like "don't wiretap"
shouldn't surprise you.

--Roger



More information about the tor-talk mailing list