-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 I personally have stopped trying to use tor because latency has gone far beyond my patience. Something needs to be done about tor's bandwidth capability. Of course more bandwidth will mean more users... and I have said this before and I will say it again - Tor needs to run a minimal server capability by default, even a 2kb/s, and no more of this middleman only business, the more people doing it, the less isolated those who get targeted become, and the greater the pool of possible 'suspects'...
I think it's a classic example of an opportunity for 'free riders' that tor not being a pure p2p application that there is this bandwidth problem, and this also makes those who have the intestinal fortitude to run servers, especially exit nodes, have a much greater risk of getting caught up in a legal problem. IMHO, the concept of middlemen nodes and client-only connections needs to be done away with because it decreases the 'lost in the crowd' solidarity that really SHOULD be a part of the tor philosophy, I think there is a little too much pandering to the lowest common denominator. If those bad guys, eg terrorists and child pornographers, were not able to use the tor network for risk of being caught in a legal problem originating from an entirely different bad guy that would be better for everyone. This would be simple to implement too, as a peer verification. Before a node would accept traffic from another node, it would look up the node's ip address in the directory, if it didn't find it, it would refuse to carry traffic for it, and as a second test, it would attempt to push a test packet through the node in a double-back loop (onion route via a second known good node back to itself)... And to add more to this, a peer-bandwidth reporting system, where nodes measure the traffic they send through each different node, and report this back to the servers (as opposed to self-reporting) and this would further make the process of using tor without exposing yourself to some other bad guy's traffic. Now I know that this would probably rattle a lot of people but we must be serious about this. If you really care about your legal safety and the anonymity of the network, you should be contributing, even if only enough to permit half of a 56k dialup connection (ie 1-2kb/s) to relay traffic. The random hop length is also a very good idea, I don't think that random delays are neccessary, this is naturally introduced by random hop lengths. Having the nodes construct a big number of circuit paths would be good too, every http object request, for example, could be sent out on a different circuit which may or may not be a different length, it would certainly make the global adversary much more work to try and track the endpoints. Another side point is that this reinforces the value of such detachable persisting stream protocols as silc, which allow the user to close the stream and reestablish it transparently. my 2c glymr Ringo Kamens wrote: > Also, they can put you on grand jury and give you obstruction of justice > for refusing to talk. > > On 5/14/06, *Eric H. Jung* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Mike, > > I don't have the time to respond to all the points of your email except > the first/ > > Federal Contempt of Court > http://www.bafirm.com/articles/federalcontempt.html > > "Although there is no statutory maximum limit regulating the amount of > time a contemnor can be ordered to spend in confinement (United States > v. Carpenter, 91 F.3d 1282, 1283 (9th Cir. 1996)), the requirement that > a jury trial be granted in criminal contempt cases involving sentences > over six months in jail acts as a check on this power." 67-79 > > > > --- Mike Perry <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > Thus spake Eric H. Jung ( [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>): > > > > > > Tony's point was that you could arrange not to have the > > > authentication > > > > tokens anymore. You better hope they believe you when you say you > > > > don't have it, though. > > > > > > >Not having the authentication tokens counts as refusing to > > surrender > > > >them. > > > > > > Per US law, if a judge subpoenas you to hand them over and you > > refuse > > > and/or remain silent, it means indefinite jail time (until you hand > > > over the tokens) and/or fines. > > > > Where is your source on this? As I understand it, there are a few > > fundamental principles of the US legal system that should render this > > statement completely false. One is Habeas Corpus.. You can't just > > throw someone in jail indefinitely without a criminal charge and a > > trial. http://en.wikipedia.org/wiki/Writ_of_habeas_corpus > > > > Though it seems Bush&Co are violating it with "enemy combatant" > > charges, I do not think they have the political power (at least > > anymore) to name an anonymity provider as an "enemy combatant" > > (especially if they are a natural born US citizen). The same applies > > to the 72 hour warrant deal, at least as far as I can tell from > > http://www.fff.org/comment/com0601c.asp > > > > Second, if it is a criminal charge, you are not under any obligation > > to testify against yourself in a criminal court of law (5th > > ammendment). There are various exceptions to this, main one being if > > you are not the person charged of the crime (though I think you can > > still claim that such testimony may incriminate you for unrelated > > matters). I suppose it could also be argued that the passphrase does > > not count as testimony, but it sure seems like it is. > > > > Finally, some googling on subpoena compliance seems to indicate that > > punishment for subpoena non-compliance is 'contempt of court' charge > > and fines. > > > > http://www.rcfp.org/cgi-local/privilege/item.cgi?i=questions > > > > That page advises you not to answer any subpoenas without challenging > > them first, among other things (ie one state's court cannot usually > > subpoena someone from another state). Contempt of court charges for > > non-compliance may be repeated, but any contempt law I can find on > > the web has some form of maximum limit. The longest I've seen so far > > is North Carolina, which is a max of 1yr in 90 day increments: > > http://www.rosen.com/ppf/cat/statco/laws.asp > > > > > > Also, dunno how accurate it is, but Wikipedia seems to claim that the > > key disclosure provisions of the RIPA (Part III) are not yet in force > > in the UK: > > > > > http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000 > <http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000> > > > > > > > > > > We seriously have to watch our paranoia on this one. This is one of > > those situations that if we believe we have no rights, it will be > > very > > easy to knock us over, simply by playing off our fears and demanding > > keys without any legitimate basis to do so. > > > > If any Tor operator is arrested/detained in the US, they would do > > well > > to refuse to surrender any passphrase until they are actually in > > court > > and ordered to do so by a Judge (and then only after voicing protest, > > to allow for clear appeal to a higher court). Cops will probably just > > lie to you and try to convince you that you are required on the spot. > > Ask for a lawyer immediately. > > > > This is not just to protect the Tor network either. With computer > > laws > > as crazy as they are, and with the IPPA coming down the road, soon > > simply having something like an Open Source DVD player or archiver on > > your machine will be enough to land you in jail for a while, if it's > > not already... > > > > -- > > Mike Perry > > Mad Computer Scientist > > fscked.org <http://fscked.org> evil labs > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEZ/9jGkOzwaes7JsRAyWjAJ9T0cxygP8ore2sw6kBVwYLV8ePfwCbBKbO UGKiBEagke7+CIroTA94Ymk= =fo9F -----END PGP SIGNATURE-----