sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes. folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>. randy
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky. Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different? -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230.
Andrew
On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch <trelane@trelane.net> wrote:
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230.
OK -- I looked at that part of the US Code (http://www4.law.cornell.edu/uscode/47/230.html). Apart from the fact that the phrase "common carrier" does not occur in that section, subparagraph (f)(2) says: Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property. Perhaps you're referring to the law exempting ISPs from liability for user-created content? (I don't have the citation handy.) If so, remember that that law requires response to take-down notices. --Steve Bellovin, http://www.cs.columbia.edu/~smb
-----Original Message----- From: Steven M. Bellovin [mailto:smb@cs.columbia.edu] Sent: Wed 6/24/2009 11:01 PM To: trelane@trelane.net Cc: NANOG list Subject: Re: tor On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch <trelane@trelane.net> wrote:
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230.
OK -- I looked at that part of the US Code (http://www4.law.cornell.edu/uscode/47/230.html). Apart from the fact that the phrase "common carrier" does not occur in that section, subparagraph (f)(2) says: Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property. Perhaps you're referring to the law exempting ISPs from liability for user-created content? (I don't have the citation handy.) If so, remember that that law requires response to take-down notices. --Steve Bellovin, http://www.cs.columbia.edu/~smb Well, let's push a little harder. If I transfer stolen intellectual property over the Internet using simple file transfer, I don't believe any court is going to accept that the ISP has liability. So what is the underlying principle? Mind you the law is ad hoc most of the time. This whole area is fuzzy to the point of being a pea soup fog ...
My gosh... Ok, so if someone happens to talk about murder over the phone, is the phone company providing the service held liable? Lets get back to rational/informative content please. -Joe Blanchard
-----Original Message----- From: Rod Beck [mailto:Rod.Beck@hiberniaatlantic.com] Sent: Wednesday, June 24, 2009 6:12 PM To: Steven M. Bellovin; trelane@trelane.net Cc: NANOG list Subject: RE: tor
-----Original Message----- From: Steven M. Bellovin [mailto:smb@cs.columbia.edu] Sent: Wed 6/24/2009 11:01 PM To: trelane@trelane.net Cc: NANOG list Subject: Re: tor
On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch <trelane@trelane.net> wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer
smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal
helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be
Richard A Steenbergen wrote: passed to me by thing you prepared to
be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230.
OK -- I looked at that part of the US Code (http://www4.law.cornell.edu/uscode/47/230.html). Apart from the fact that the phrase "common carrier" does not occur in that section, subparagraph (f)(2) says:
Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property.
Perhaps you're referring to the law exempting ISPs from liability for user-created content? (I don't have the citation handy.) If so, remember that that law requires response to take-down notices.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Well, let's push a little harder. If I transfer stolen intellectual property over the Internet using simple file transfer, I don't believe any court is going to accept that the ISP has liability.
So what is the underlying principle? Mind you the law is ad hoc most of the time. This whole area is fuzzy to the point of being a pea soup fog ...
Joe Blanchard wrote:
My gosh...
Ok, so if someone happens to talk about murder over the phone, is the phone company providing the service held liable?
Lets get back to rational/informative content please.
The phone company still has to provide records of who owns the phone number and perhaps allow a tap of the phone depending on court orders. I seem to have to maintain a CALEA server and compliance which I will probably never use but is mandated by law. If the courts find they can never find the owner of an IP, then the laws will mandate that we maintain such records; and in fact, there has been more than one bill for provisioning the storage of all emails for subpoena purposes. I'm not familiar with TOR, but I suspect that governments can still step through it to find the person responsible if perhaps a bit more time consuming. Jack
Yes, allow records and perhaps a phone tap, but not held liable for the means to a crime as suggested in earlier emails. Again, lets get back to suitable content. We could certainly go on an on about the legal items but of what relevance is it to NANOG. Kind Regards, -Joe Blanchard
-----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Wednesday, June 24, 2009 7:14 PM To: Joe Blanchard Cc: 'Rod Beck'; 'Steven M. Bellovin'; trelane@trelane.net; 'NANOG list' Subject: Re: tor
My gosh...
Ok, so if someone happens to talk about murder over the
Joe Blanchard wrote: phone, is the
phone company providing the service held liable?
Lets get back to rational/informative content please.
The phone company still has to provide records of who owns the phone number and perhaps allow a tap of the phone depending on court orders. I seem to have to maintain a CALEA server and compliance which I will probably never use but is mandated by law. If the courts find they can never find the owner of an IP, then the laws will mandate that we maintain such records; and in fact, there has been more than one bill for provisioning the storage of all emails for subpoena purposes.
I'm not familiar with TOR, but I suspect that governments can still step through it to find the person responsible if perhaps a bit more time consuming.
Jack
On Wed, 24 Jun 2009 19:27:25 -0400 "Joe Blanchard" <jbfixurpc@gmail.com> wrote:
Yes, allow records and perhaps a phone tap, but not held liable for the means to a crime as suggested in earlier emails.
Again, lets get back to suitable content. We could certainly go on an on about the legal items but of what relevance is it to NANOG.
Right. Randy's original posting was square-on: he said that if you offer a certain service, you may encounter a certain problem, and such-and-such a web site may help you avoid that problem while still offering (most of) the service. --Steve Bellovin, http://www.cs.columbia.edu/~smb
You're referring to the DMCAs safe harbor provision. -brandon On 6/24/09, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch <trelane@trelane.net> wrote:
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different. You might also consider asserting your right to common carrier immunity under 47USC230.
OK -- I looked at that part of the US Code (http://www4.law.cornell.edu/uscode/47/230.html). Apart from the fact that the phrase "common carrier" does not occur in that section, subparagraph (f)(2) says:
Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property.
Perhaps you're referring to the law exempting ISPs from liability for user-created content? (I don't have the citation handy.) If so, remember that that law requires response to take-down notices.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- Brandon Galbraith Mobile: 630.400.6992 FNAL: 630.840.2141
Hi Richard, It is a more complicated issue than that. There is a long established legal tradition that telecommunication transport is not liable for the content it transmits. It's called common carrier. If someone makes an obscene phone call, the phone company cannot be held liable. Yes, if the client subsequently complains and asks for that number to be blocked and the phone company does nothing, that's different. But the general principle is that anyone who transmits bits is not liable for content. Unfortunately in my personal view that principle never got established in the Layer 3 world. So we now have governments trying to use ISPs as censors, regulators, and enforcers of public policy. There may be some cases such as spamming where the ISPs have to take some responsibility, but it is really hard to find an appealing principle that articulates what should and should not be the ISP's responsibility. Roderick S. Beck Director of European Sales Hibernia Atlantic 13-15, rue Sedaine, 75011 Paris http://www.hiberniaatlantic.com Wireless: 33+6+8692+5357. French Landline: 33+1+4355+8224 AOL Messenger: GlobalBandwidth rod.beck@hiberniaatlantic.com info@globalwholesalebandwidht.com ``Unthinking respect for authority is the greatest enemy of truth.'' Albert Einstein. -----Original Message----- From: Richard A Steenbergen [mailto:ras@e-gerbil.net] Sent: Wed 6/24/2009 10:41 PM To: Randy Bush Cc: NANOG list Subject: Re: tor On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky. Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different? -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
On Wed, Jun 24, 2009 at 10:57:27PM +0100, Rod Beck wrote:
Hi Richard,
It is a more complicated issue than that.
There is a long established legal tradition that telecommunication transport is not liable for the content it transmits. It's called common carrier. If someone makes an obscene phone call, the phone company cannot be held liable. Yes, if the client subsequently complains and asks for that number to be blocked and the phone company does nothing, that's different.
But the general principle is that anyone who transmits bits is not liable for content.
Unfortunately in my personal view that principle never got established in the Layer 3 world.
This has nothing to do with telecommunications or any kind of carrier or business relationship. This is intentionally leaving your computer open so that anyone on the Internet can come along and appear to be coming from your IP, where they will promptly set off doing bad stuff that will get traced back to you rather than them. Think of it like intentionally leaving your car unlocked with the keys in the ignition and a note authorizing people to borrow it and take it for a spin, and then expecting not to get into any kind of trouble when they rack up speeding tickets and/or use it to run someone over. Besides, the kind of consequencies I'm talking about are "having your internet account shut off for abuse"... But if you do happen to be one of those unlucky people who gets sued for downloading illegal content I don't think "but your honor I was running tor" is the defense you're looking for. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
This has nothing to do with telecommunications or any kind of carrier or business relationship. This is intentionally leaving your computer open so that anyone on the Internet can come along and appear to be coming from your IP, where they will promptly set off doing bad stuff that will get traced back to you rather than them. Think of it like intentionally leaving your car unlocked with the keys in the ignition and a note authorizing people to borrow it and take it for a spin, and then expecting not to get into any kind of trouble when they rack up speeding tickets and/or use it to run someone over. Besides, the kind of consequencies I'm talking about are "having your internet account shut off for abuse"... But if you do happen to be one of those unlucky people who gets sued for downloading illegal content I don't think "but your honor I was running tor" is the defense you're looking for. :) -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) I am afraid what you described with the car is not illegal. It is highly unlikely any court would convict ... :)
On Wed, Jun 24, 2009 at 11:18:20PM +0100, Rod Beck wrote:
I am afraid what you described with the car is not illegal.
It is highly unlikely any court would convict ... :)
I'm not going to try and play armchair lawyer here (since my original comment was about the ethical and practical implications, i.e. your insurance co would probably tell you to piss off when you filed a claim about your trashed car, rather than the legal ones), but... If you did this activity with the express purpose of helping someone else hide their identity, and thus their crime could be traced back to you but no further, you might end up looking like you were aiding and abetting. Bottom line, this simply isn't common carrier activity, and when these anonymous users decide to abuse your trust you are the one who will suffering the consequences. -- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Richard, The question is how much ISPs should be responsible for the actions of their clients. My point is that is not obvious where you draw the line. I have yet to see anyone, including yourself, articulate a general principle (maybe it doesn't exist). Roderick S. Beck Director of European Sales Hibernia Atlantic 13-15, rue Sedaine, 75011 Paris http://www.hiberniaatlantic.com Wireless: 33+6+8692+5357. French Landline: 33+1+4355+8224 AOL Messenger: GlobalBandwidth rod.beck@hiberniaatlantic.com info@globalwholesalebandwidht.com ``Unthinking respect for authority is the greatest enemy of truth.'' Albert Einstein.
Rod - you wouldnt qualify as an ISP - or even a "provider of an interactive computer service" to go by the language in 47 USC 230, by simply running a TOR exit node. On Thu, Jun 25, 2009 at 4:15 AM, Rod Beck<Rod.Beck@hiberniaatlantic.com> wrote:
Richard,
The question is how much ISPs should be responsible for the actions of their clients.
My point is that is not obvious where you draw the line.
I have yet to see anyone, including yourself, articulate a general principle (maybe it doesn't exist).
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
Rod - you wouldnt qualify as an ISP - or even a "provider of an interactive computer service" to go by the language in 47 USC 230, by simply running a TOR exit node.
Ah, but would an ISP which currently enjoys whatever the current definition of "common carrier" is these days, running a TOR node, still be covered by said provisions? Adrian
On Thu, Jun 25, 2009 at 9:44 AM, Adrian Chadd<adrian@creative.net.au> wrote:
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
Rod - you wouldnt qualify as an ISP - or even a "provider of an interactive computer service" to go by the language in 47 USC 230, by simply running a TOR exit node.
Ah, but would an ISP which currently enjoys whatever the current definition of "common carrier" is these days, running a TOR node, still be covered by said provisions?
ISPs are not common carriers. Geoff Huston is - as always - the guy who explains it best. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-3/uncommon_... -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
On Thu, Jun 25, 2009 at 9:44 AM, Adrian Chadd<adrian@creative.net.au> wrote:
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
Rod - you wouldnt qualify as an ISP - or even a "provider of an interactive computer service" to go by the language in 47 USC 230, by simply running a TOR exit node.
Ah, but would an ISP which currently enjoys whatever the current definition of "common carrier" is these days, running a TOR node, still be covered by said provisions?
ISPs are not common carriers. Geoff Huston is - as always - the guy who explains it best. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-3/uncommon_...
Fine; re-phrase my question as "an organisation currently enjoying common carrier status." Adrian (Apologies for off-topic noise.)
On Thu, Jun 25, 2009 at 9:59 AM, Adrian Chadd<adrian@creative.net.au> wrote:
Fine; re-phrase my question as "an organisation currently enjoying common carrier status."
You do realize that even where the telco division of carrier X is a common carrier but the ISP division is typically not .. And even were the telco to run a tor node, their charter as a common carrier probably doesnt specify that theyre a common carrier for tor nodes. so ... -- Suresh Ramasubramanian (ops.lists@gmail.com)
Fine; re-phrase my question as "an organisation currently enjoying common carrier status."
That would not include any ISP in the United States. (Dunno about Canada.) As other people have pointed out, telcos are common carriers, ISPs aren't, not even ISPs that are subsidiaries of telcos. The legal status of ISPs in the U.S. can best be described as complicated. The DMCA provides limited immunity from copyright suits, and the CDA (47 USC 230) provides fairly broad immunity from some other kinds of suits. The U.S. is a common law country where you don't really know how a law will be applied until there are enough reported cases to establish persuasive case law, and we're a long way from that. So go ahead and run Tor if you want, but if the cops knock on the door, I would advise against saying "we're a common carrier so go away." R's, John
Suresh Ramasubramanian wrote:
ISPs are not common carriers. Geoff Huston is - as always - the guy who explains it best. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-3/uncommon_...
Except interestingly, TOR is the common carrier at its best, not filtering and investigating the use of the packets being transfered. The cause for saying an ISP is not a common carrier is the handling of abuse of the network, which could still be argued as common carrier in that the effects of spam, port scans, etc do have an impact on an ISP if they go unchecked and watch other networks filter them out. In addition, there are plenty of laws designed to protect customer privacy in the government's attempt to provide common carrier status for an ISP. DMCA also attempts to preserve common carrier for the ISP, requiring the ISP to extend a level of trust and act in specific a manner to maintain those protections. I don't think any of it is perfect, and it will take time for government to catch up to understanding how the Internet can be handled. Jack
-----Original Message----- From: Jack Bates [mailto:jbates@brightok.net] Sent: Thu 6/25/2009 2:39 PM To: Suresh Ramasubramanian Cc: NANOG list Subject: [SPAM-HEADER] - Re: tor - Email has different SMTP TO: and MIME TO: fields in the email addresses Suresh Ramasubramanian wrote:
ISPs are not common carriers. Geoff Huston is - as always - the guy who explains it best. http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-3/uncommon_...
Except interestingly, TOR is the common carrier at its best, not filtering and investigating the use of the packets being transfered. The cause for saying an ISP is not a common carrier is the handling of abuse of the network, which could still be argued as common carrier in that the effects of spam, port scans, etc do have an impact on an ISP if they go unchecked and watch other networks filter them out. In addition, there are plenty of laws designed to protect customer privacy in the government's attempt to provide common carrier status for an ISP. DMCA also attempts to preserve common carrier for the ISP, requiring the ISP to extend a level of trust and act in specific a manner to maintain those protections. I don't think any of it is perfect, and it will take time for government to catch up to understanding how the Internet can be handled. Jack Agreed. The current regulatory framework, which says that ISPs provide 'enhanced services' is specious. IP is not an enhanced service, it is just a transport protocol, albeit a very popular one because the interfaces are cheap and it embraces routing. As I vaguely recollect, the enhanced service definition came up as way of preventing Telcos from completing dominating the ISP world. Regards, Roderick.
Richard A Steenbergen wrote:
If you did this activity with the express purpose of helping someone else hide their identity, and thus their crime could be traced back to you but no further, you might end up looking like you were aiding and abetting.
Since when was anonymity a crime? Neither entails the other. I've run a tor relay, and I'm pretty confident that just because I'm up in layer 3+ land, common carrier status would apply, if anyone could even detect the contents of the traffic passing through my systems in the first place (the whole point of tor being to mitigate against exactly that). Some good tips for anyone thinking about running a relay or exit node, the first of which is to inform your isp. tor is a great tool, more people please! https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
On Wed, 24 Jun 2009, Rod Beck wrote:
This has nothing to do with telecommunications or any kind of carrier or business relationship. This is intentionally leaving your computer open so that anyone on the Internet can come along and appear to be coming from your IP, where they will promptly set off doing bad stuff that will get traced back to you rather than them. Think of it like intentionally [snip]
From what I know, the bigger exit node operators are fully aware of
Not sure if this just "happened" to pop up on the radar because of all the tor work being done to provide access out of Iran for citizens there that are blocked. Probably just a co-incidence, but since I just got done reading a bunch and setting up a bridge node (provate relay), I can say that there are also levels of liability. There are tor entry/egress points (where users enter and exit the tor netowrk), usually referred to as "exit nodes", and then there are a bunch of tor relay nodes. A relay node just becomes part of the network, and sends and receives traffic inside the tor network. This _should_ be the most common configuration, but some people do not RTM and make themselves exit nodes. That is where you get into trouble. Relay nodes just pass encrypted packets - no exiting allowed. The third configuration is called a "bridge" node. This is a relay that does not tell anyone it is a node. A controller has a copy of that nodes public key, and builds a private network. Moral: you can help with tor without leaving yourself open to sbuse. the responsibility they have. -- steve
As I understand & pls correct if I am wrong:
There is a long established legal tradition that telecommunication transport is not liable for the content it transmits. It's called common carrier.
Telephony = common carrier yes- considered 'basic service'under Telecom Act 96.. but data is considered 'enhanced services' different section of the Act. Thus common carrier does not apply. The dualism/argument began in the 2nd computer inquiry and scales right up to [US dominated] Intl telephony settlements- ICAIS where VoIP is not settled the same way [$] but governed by peering/transit arrangements Nancy Paterson (Reachability as a Net Neutrality Issue) PhD student, YorkU, Toronto Quoting Richard A Steenbergen <ras@e-gerbil.net>:
On Wed, Jun 24, 2009 at 10:57:27PM +0100, Rod Beck wrote:
Hi Richard,
It is a more complicated issue than that.
There is a long established legal tradition that telecommunication transport is not liable for the content it transmits. It's called common carrier. If someone makes an obscene phone call, the phone company cannot be held liable. Yes, if the client subsequently complains and asks for that number to be blocked and the phone company does nothing, that's different.
But the general principle is that anyone who transmits bits is not liable for content.
Unfortunately in my personal view that principle never got established in the Layer 3 world.
This has nothing to do with telecommunications or any kind of carrier or business relationship. This is intentionally leaving your computer open so that anyone on the Internet can come along and appear to be coming from your IP, where they will promptly set off doing bad stuff that will get traced back to you rather than them. Think of it like intentionally leaving your car unlocked with the keys in the ignition and a note authorizing people to borrow it and take it for a spin, and then expecting not to get into any kind of trouble when they rack up speeding tickets and/or use it to run someone over.
Besides, the kind of consequencies I'm talking about are "having your internet account shut off for abuse"... But if you do happen to be one of those unlucky people who gets sued for downloading illegal content I don't think "but your honor I was running tor" is the defense you're looking for. :)
-- Richard A Steenbergen <ras@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
for those for whom i am too terse o i believe anonymity is a good thing, and i have done what i can to support it for a few decades. you don't have to like it. o i think tor is cool. you don't have to like it and i do not care. o i found out you need to be a little careful when running a tor node. o i thought i would share what i learned. and now, additionally, i find people's bluster and pontification about it to be bluster and pontification. randy
Richard A Steenbergen wrote:
On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
If bittorrent of copyrighted material is the most illegal thing you helped facilitate while running tor, and all you got was an assertive e-mail because of it, you should consider yourself extremely lucky.
Anonymity against privacy invasion and for political causes sure sounds like a great concept, but in reality it presents too tempting a target for abuse. If you choose to open up your internet connection to anyone who wants to use it, you should be prepared to be held accountable for what those anonymous people do with it. I'm sure you don't just sell transit to any spammer who comes along without researching them a little first, why should this be any different?
Sadly the ability to distinguish between the myriad forms of activity defined in various localities as "crimnal enterprise" and pick out the one's you're willing to support (sedition) vs those you aren't (use you imagination) is not a property of the tool. knocking down bit-torrent within tor seems straight forward enough but by in large to use the tool you're going to have to take the bad with the good.
This is rapidly heading off topic, and I imagine the MLC will be stepping in shortly. :)
Running what's effectively an anonymous open proxy is not a bright idea, even if there's security bundled on.. John Gilmore found that out after Verio disconnected his perpetual open relay for example .. and TOR is just as nutty a concept. Nothing less that I'd expect from the EFF, frankly speaking - but clued people (and you are clued, for sure) shouldnt be running it. There was that other fun when that swedish researcher was running a fake tor exit node and turned up lots of embassy passwords etc - mostly because embassy staffers found TOR a fun way to browse for porn, bypassing firewalls from their offices Uninstall it and forget about it, I'd say. --srs On Thu, Jun 25, 2009 at 1:13 AM, Randy Bush<randy@psg.com> wrote:
sadly, naively turning up tor to help folk who wish to be anonymous in hard times gets one a lot of assertive email from self-important people who wear formal clothes.
folk who learn this the hard way may find a pointer passed to me by smb helpful, <http://www.chrisbrunner.com/?p=119>.
randy
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Jun 24, 2009 at 8:50 PM, Suresh Ramasubramanian<ops.lists@gmail.com> wrote:
Running what's effectively an anonymous open proxy is not a bright idea, even if there's security bundled on..
John Gilmore found that out after Verio disconnected his perpetual open relay for example .. and TOR is just as nutty a concept.
Nothing less that I'd expect from the EFF, frankly speaking - but clued people (and you are clued, for sure) shouldnt be running it.
Would you feel better if instead of "Tor" it was called "Crowds" and instead of those rapscallions at the EFF it was a nice respectable AT&T Research project from Avi Ruben? I bet I still have my "Anonymity Loves Company" shirt somewhere... Anonymous speech is a vital concept if you expect Free speech. http://avirubin.com/crowds.pdf
On Thu, Jun 25, 2009 at 9:07 PM, Aaron Porter<atporter@gmail.com> wrote:
Would you feel better if instead of "Tor" it was called "Crowds" and instead of those rapscallions at the EFF it was a nice respectable AT&T Research project from Avi Ruben? I bet I still have my "Anonymity Loves Company" shirt somewhere... Anonymous speech is a vital concept if you expect Free speech.
... as long as it doesnt get abused, yes. When it gets so that the volume of abuse gets far higher than the volume of use, they go the way of all those anon remailers (nym.alias.net and othes) And while we are at listing research projects .. there are multiple other great projects around - from the berkman center and elsewhere, that do much the same. Only - they're targeted at specific repressive regimes - even customized to them. -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Thu, Jun 25, 2009 at 9:07 PM, Aaron Porter<atporter@gmail.com> wrote:
Would you feel better if instead of "Tor" it was called "Crowds" and instead of those rapscallions at the EFF it was a nice respectable AT&T Research project from Avi Ruben? I bet I still have my "Anonymity Loves Company" shirt somewhere... Anonymous speech is a vital concept if you expect Free speech.
... as long as it doesnt get abused, yes. When it gets so that the volume of abuse gets far higher than the volume of use, they go the way of all those anon remailers (nym.alias.net and othes)
And while we are at listing research projects .. there are multiple other great projects around - from the berkman center and elsewhere, that do much the same.
Only - they're targeted at specific repressive regimes - even customized to them.
And which one is targetted at the specific repressive regime effectively created by the US broadband cartels? :-) .. JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Fri, Jun 26, 2009 at 7:08 AM, Joe Greco<jgreco@ns.sol.net> wrote:
And which one is targetted at the specific repressive regime effectively created by the US broadband cartels? :-)
Rod Beck's proposal to modify the common carrier regs, of course. -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Jun 25, 2009, at 11:37 AM, Aaron Porter wrote:
Would you feel better if instead of "Tor" it was called "Crowds" and instead of those rapscallions at the EFF it was a nice respectable AT&T Research project from Avi Ruben?
Or, before that, if you knew that onion routers were invented by Paul Syverson Naval Research Laboratory to protect our service personnel while they're surfing the web? Cheers, RAH While we're making appeals to authority, and all...
participants (19)
-
Aaron Porter
-
Adrian Chadd
-
Andrew D Kirch
-
Brandon Galbraith
-
Charles Wyble
-
Jack Bates
-
Jamon Camisso
-
Joe Blanchard
-
Joe Greco
-
Joel Jaeggli
-
John Levine
-
nancyp@yorku.ca
-
R.A. Hettinga
-
Randy Bush
-
Richard A Steenbergen
-
Rod Beck
-
Steve Pirk
-
Steven M. Bellovin
-
Suresh Ramasubramanian