Re: 20090101... - Dänemark

[Georg Sluyterman]

Eugen Leitl wrote:
 Data retention law has just been passed in Germany. Here's the list
 of who voted how 
 
   
 http://www.bundestag.de/parlament/plenargeschehen/abstimmung/20071109_teleueberwach.pdf
 
 This will be contested as unconstitutional, but in cases it
 will become law all Tor operators are required by law to start 
 logging 20090101. Similiar applies to the entire EU, but the
 dates and details might differ.
 

The details indeed does differ :-)

In Denmark, the implementation of the EU-directive (which is called
'logningsbekendtgørelsen')  is not bad news for Tor-operators.

If you have a Tor-server in Denmark, you don't have to log *anything*!
I have this in writing (from something called IT- og Telestyrelsen), if
anybody is interested.

Regarding to the danish 'version' of Vorratsdatenspeicherung
('logningsbekendtgørelsen'), you only have to log data, that you /know/.
That means, if you eg. have an open access point, then normally you do
not know which physical persons have a specific IP-address, and
therefore you do not have to log that.
If you are non-commercial (eg. Tor-operaters normally are), then you do
not have to log *anything*. That means a private open access point does
not have to be register anything.

So if you want to host a Tor-server somewhere in Denmark, feel free to
contact me by e-mail if i can be at any help.

-- 
Regards
Georg Sluyterman

Re: 20090101 (log data)

[Lionel Elie Mamane]

On Sun, Nov 11, 2007 at 11:46:07AM -0500, Hans S. wrote:
 TOR Admin (gpfTOR1) wrote:

 I will try it for email (fon, mobile and sms may be nearly like this):

 For mobile calls and SMS messages, the cell location of the caller/
 sender at the beginning of the call must be recorded.

 Please take a look at:

 (0) The Treaty (choose #185), english, french


 The treaty (0) is concerned about what they call mutual assisstance
 in fighting computer related crime and the usual paedorist stuff.
 The treaty itself is absolutely horrifying and has effects much
 further than Germany and Europe, reaching out to the US and
 elsewhere. Article 20 and 21 are interesting, they might be the
 reason for our law.

They could be understood as recording traffic / content data on
demand, not collect / store everything by default and keep it for
queries about the past. Wouldn't a law that compels ISPs to start to
record data about a particular user when the police asks it (with a
court order or otherwise vetted order) fulfil that treaty?

-- 
Lionel

Re: 20090101 (log data)

[Lionel Elie Mamane]

On Mon, Nov 12, 2007 at 08:12:35PM +0100, linux wrote:

 do you know what is a timestamp in terms of this law? today, 11pm

 2: anon server:
 In my opinion, an anon sever has to log every replacement of a
 sender ID by his own ID and the time stamp of this replacement.
 Tor replaces the IP-address, so we have to log a time stamp and the
 source IP for every connection. (Thats my private opinion.)

 What they ask for email is stupid. Every one will go to a server
 which is not in the EU. But still I will keep some email account in
 the EU and enter this address everywhere where I expect to get spam
 from.

No, alas, no. I think most people will stay with servers and the EU,
so your email to/from them will be in the system. Although maybe not
in a form that is convenient for the authorities to query (they have
to mass-send requests to several ISPs...).

Another solution is using your *own* server. That would be kinda
funny... Have the police call you to get logs about you.

 PS: what happens if the logged data is lost by accident? If the
 Bundeswehr looses data why not me?

Because you are criminally liable for it and they don't? More
seriously, I suppose that if they actually believe you when you say it
is an accident and you show that you took appropriate precautions
(off-site backups, ...), then they will not make you (big)
problems. There is “lost by accident” and “lost by “accident””. Not
entirely the same.

-- 
Lionel

Re: 20090101

[Mike Perry]

Thus spake Smuggler ([EMAIL PROTECTED]):

 Olaf Selke wrote:
  Eugen Leitl wrote:
  On Sat, Nov 10, 2007 at 08:14:34PM +0100, Olaf Selke wrote:
 
  nothing will change for German tor operators due to this law. It defines
  how to store and how to hand over stored data to the authorities. Data
  not collected at all can't be stored, right?. But this law does not
  enforce tor operators to collect any data.
  Oh, really? So ISPs, VoIP and mobile phone providers have nothing to fear,
  right?
  
  right!
 
 Wrong. I read the law. My lawyers read the law. It doesnt say: Store the
 data you have. It says: Store these specific datasets, no matter if you
 have them or not. The comments in the Regierungsentwurf are very telling.
 So, I am sorry. Tor nodes will have to log. ISPs will have to log.
 Everyone doing public telco services will have to log.

Actually, out of curiosity do your lawyers believe that
upstream/backbone/IX ISPs will also be required to log (and to log the
same type of data)? That would seem to be a lot of data.. Not to
mention that upstream ISPs will not have customer information for IP
addresses. It would seem to me that Tor nodes are much more similar to
backbone routers than consumer ISPs.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpTZL1QyFh0R.pgp
Description: PGP signature

Re: 20090101

[Smuggler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mike Perry wrote:
 Thus spake Smuggler ([EMAIL PROTECTED]):
 
 Olaf Selke wrote:
 Eugen Leitl wrote:
 On Sat, Nov 10, 2007 at 08:14:34PM +0100, Olaf Selke wrote:

 nothing will change for German tor operators due to this law. It defines
 how to store and how to hand over stored data to the authorities. Data
 not collected at all can't be stored, right?. But this law does not
 enforce tor operators to collect any data.
 Oh, really? So ISPs, VoIP and mobile phone providers have nothing to fear,
 right?
 right!
 Wrong. I read the law. My lawyers read the law. It doesnt say: Store the
 data you have. It says: Store these specific datasets, no matter if you
 have them or not. The comments in the Regierungsentwurf are very telling.
 So, I am sorry. Tor nodes will have to log. ISPs will have to log.
 Everyone doing public telco services will have to log.
 
 Actually, out of curiosity do your lawyers believe that
 upstream/backbone/IX ISPs will also be required to log (and to log the
 same type of data)? That would seem to be a lot of data.. Not to
 mention that upstream ISPs will not have customer information for IP
 addresses. It would seem to me that Tor nodes are much more similar to
 backbone routers than consumer ISPs.
 
 

No, upstreams/backbones etc dont have to log.
Only parties generating traffic data in the first place (dialup) and
parties changing traffic data (Tor) have to store.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHO1PnOMmnRrmEoQkRArkKAJ9/oOvPxQVX1yca7Okc7Z77DzbPqwCgmYsH
LgeqiBGPgpNAGLr+Dg3xf9k=
=F9Wc
-END PGP SIGNATURE-

Re: 20090101

[Mike Perry]

Thus spake Smuggler ([EMAIL PROTECTED]):

 Olaf Selke wrote:
  Eugen Leitl wrote:
  On Sat, Nov 10, 2007 at 08:14:34PM +0100, Olaf Selke wrote:
 
  nothing will change for German tor operators due to this law. It defines
  how to store and how to hand over stored data to the authorities. Data
  not collected at all can't be stored, right?. But this law does not
  enforce tor operators to collect any data.
  Oh, really? So ISPs, VoIP and mobile phone providers have nothing to fear,
  right?
  
  right!
 
 Wrong. I read the law. My lawyers read the law. It doesnt say: Store the
 data you have. It says: Store these specific datasets, no matter if you
 have them or not. The comments in the Regierungsentwurf are very telling.
 So, I am sorry. Tor nodes will have to log. ISPs will have to log.
 Everyone doing public telco services will have to log.

Oh, and I'm also wondering about redundancy. If I run a Tor node in
Germany is it the case that I have to log, AND my ISP has to log, AND
their colo provider has to log, AND the upstream ISP has to log, AND the
IX has to log all the same data? Is there any division of
responsibility? Or will there be like 5-10 copies of the same
connection data floating around everywhere?

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgp3BKQrUQ75W.pgp
Description: PGP signature

Re: 20090101

[Eugen Leitl]

On Wed, Nov 14, 2007 at 11:59:43AM -0800, Mike Perry wrote:

 Oh, and I'm also wondering about redundancy. If I run a Tor node in
 Germany is it the case that I have to log, AND my ISP has to log, AND
 their colo provider has to log, AND the upstream ISP has to log, AND the

That would be interesting to know. I think I'll ask my provider (Hetzner)
whether they'll have to log, or whether they feel commercial entities
they're hosting have to log themselves.

 IX has to log all the same data? Is there any division of
 responsibility? Or will there be like 5-10 copies of the same
 connection data floating around everywhere?

There will be definitely a redundancy, imo. Also, Tor server
is privy to more information than the ISP which hosts it. The
question is, whether the law can be interpreted in such a way
(I presume it will be milked for all that it is worth).

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101 (log data)

[Matthew MacGregor]

(Disclaimer: I'm not doing it, nor will I ever do it, so raiding my
place is completely pointless; and once you've ruined my life
sufficiently, you and yours will pay dearly, and in person).


Not think you're being a tad melodramatic there?


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 07-1, 11/11/2007
Tested on: 12/11/2007 08:28:55
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com

Re: 20090101

[Matej Kovacic]

Hi,

 SI VIS PACEM, PARA BELLUM
 Bad idea. Right now we're not criminals, and can even convince the
 interested public of that.
 If we'd start shooting back we would lose public support. Which is the
 factor that will decide this war.
 
 Plus, it would never really work. Antivirus software would need days
 - at the most - to detect and disable tor. And we just don't have the
 resources to find new methods of spreading tor, like the big spammers
 and botnets constantly do.


I agree. But what about building Tor server and client into popular P2P
clients?

bye, Matej

Re: 20090101

[TOR Admin (gpfTOR1)]

Matej Kovacic schrieb:
 I agree. But what about building Tor server and client into popular P2P
 clients?

There is a project to spread out Tor by pre-configured
DSL-modem/WLAN-router.

http://wiki.freunde-der-freiheit.de/index.php/TOR-Campaign

They have a mailing list. I do not know, if a router was running now.

Re: 20090101 (log data)

[algenon flower]

Hello 
  I just hardly can't believe it what I am hearing about this. From what I get, 
it sounds like a full on assault on privacy and free speech, the things that 
make the internet good, has begun.
  I am very sorry to hear the news and am very upset for everybody, especially 
those in Europe where this seems to be starting. 
  Am I to believe from the foregoing that potentially having to surrender a Tor 
servers logs (that do not compromise much) will actually make Tor server 
operators criminals because they don't reveal enough?

   Algenon

Hans S. [EMAIL PROTECTED] wrote:  Original Message 
From: Marco Gruss 
Apparently from: [EMAIL PROTECTED]
To: or-talk@freehaven.net
Subject: Re: 20090101 (log data)
Date: Sun, 11 Nov 2007 16:27:39 +0100

 Hi,
 
 TOR Admin (gpfTOR1) wrote:
  I will try it for email (fon, mobile and sms may be nearly like this):
 For mobile calls and SMS messages, the cell location of the caller/
 sender at the beginning of the call must be recorded.
 
 Pretty ugly, IMHO.
 
 Marco

Hi,

the big, but yet not loud enough protests in Germany about these new
laws do imho  relate to the fact that there are much older laws. These
protected exactly against the use of grids of databases concerning citizens,
the obligation to deliver data to authorities and to  to create grids with
for good reasons separate data for authorities.  So the big They create new
laws explicitely enforcing what was prohibited yesterday.
 How successfull or actually working that was in daily life is another
 question.

Deep trust in promotional and mass manipulating abilities make me believe
that in a not too far future all these doings may be socially anticipated
by the majority and accepted as necessary.  Reasons? The usual.
Paedorists.

To my knowledge not all (or only few) of states have or ever had this
'limited ability' in treating their citizens data. Of course there also
are a few with a higher valency of human rights.

There is a background to what has happened in DE right now, also
concerning our friends from Suomi (hope that's right) as well as people
(friends, too, of course;) from Italy and presently 48 other States.

The bigger picture appears to be the so called Convention on Cybercrime,
which our beloved goverment (DE) wishes to ratify.

Please take a look at:

(0) The Treaty (choose #185), english, french 
(1) The list of states involved, english 
(2) Is where I found (1), german.  
(3) Foebud's website, german

As obvious and natural members of a Council of Europe, the US, Japan,
Azerbaijan, Turkey, South-Africa and others are also supposed to, are
about to, or already have ratified the mentioned paper.  Moving servers to
Russia ?  See list.  (although the Russians didn't even care to sign it,
yet ...)

The treaty (0) is concerned about what they call mutual  assisstance
in fighting computer related crime and the usual paedorist stuff. 
The treaty itself is absolutely horrifying and has effects much further than
Germany and Europe, reaching out to the US and elsewhere. Article
20 and 21 are interesting, they might be the reason for our law. The
german gov.  and others simply shift the costs of getting and storing data
essential for the intended surveillance.  According to the treaty the
goverments are obliged to somehow get hold of tha data.  So they make a
law forcing isp's and other service providers to do so. Awfully simple.

Read  Article 23 and further about international co-operation agreements.
According to this, telco data can and shall be made available to
authorities of the enlisted states on request and spontanously for the
purpose of criminal investigation.  Hurray.

So far, so bad, but even worse,  data then will leave the originating
legislation.  Of course will, lets say the Ukrainian police obey e.g
german law how long to store and how to use or where to pass data to. (I
do not have any problems with or about Ukrania or Ukranians, just an
example.) So, what happens, if data becomes to be very easily available to
states who never really cared about such odd things like civil rights?
Welcome to an international legal marketplace for telco data.

With a little phantasy we might imagine yottabytes (really much) of logs
being analyzed by whoever wants to, profiling of individuals and tracking
just about anything in communication, and this on a pretty much
international scale. Every day.  Is that new? No, but new in that extent.

Some people might end up in Guantanamo or some other weirdo's prison
without ever knowing what actually hit them. Nowadays mere suspicion is
enough, we have learned.

Quite a nightmare.

As soon as this law in Germany comes into force on 01.01.2009 Tor-ops
_may_ have to hand over logs on request.  It does not criminalize
operators of a node.

Tor's purpose is to provide anonymous access to the net. Period.  So how
much this analyzing of nodes will break anonymity

Re: 20090101 (log data)

[Kasimir Gabert]

On Nov 12, 2007 3:15 AM, algenon flower [EMAIL PROTECTED] wrote:
 Hello
   I just hardly can't believe it what I am hearing about this. From what I
 get, it sounds like a full on assault on privacy and free speech, the things
 that make the internet good, has begun.
   I am very sorry to hear the news and am very upset for everybody,
 especially those in Europe where this seems to be starting.
   Am I to believe from the foregoing that potentially having to surrender a
 Tor servers logs (that do not compromise much) will actually make Tor server
 operators criminals because they don't reveal enough?

 Algenon


Another issue here is that surrendering the logs will actually have
the potential to compromise much.  It was allow timing attacks to
become very trivial for the government to carry out.

And the Tor operators will only be criminals if they do not have the
data to surrender to the government when it is requested.

Kasimir



-- 
Kasimir Gabert

Re: 20090101 (log data)

[Marko Sihvo]

Andrew kirjoitti:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Marko Sihvo schrieb:
  

Eugen Leitl kirjoitti:


Yes, I agree, ordinarily this is morally despicable, but this is
war, and we haven't started it.

  

SI VIS PACEM, PARA BELLUM


Bad idea. Right now we're not criminals, and can even convince the
interested public of that.
If we'd start shooting back we would lose public support. Which is the
factor that will decide this war.
  
Fighting this war with volunteers would be the honorable way... Of 
course... But if that won't do it... Maybe there are other options...

Re: 20090101 (log data)

[linux]

On Sunday 11 November 2007 10:43, TOR Admin (gpfTOR1) wrote:

do you know what is a timestamp in terms of this law? today, 11pm

 2: anon server:
 In my opinion, an anon sever has to log every replacement of a
 sender ID by his own ID and the time stamp of this replacement.
 Tor replaces the IP-address, so we have to log a time stamp and the
 source IP for every connection. (Thats my private opinion.)

does tor really change the packets 1 by 1? or is it that data comes in, is 
buffered and then send with other data to a different tor server (middle 
man). If yes then tor middlenode does not offer any public service where you 
replace an ID by an other. (Whatever you mean by ID)

exit nodes still can be run outside europe. I will quit from my german server 
provider and get one somewhere else asap.



What they ask for email is stupid. Every one will go to a server which is not 
in the EU. But still I will keep some email account in the EU and enter this 
address everywhere where I expect to get spam from. 



Gruesse


PS: what happens if the logged data is lost by accident? If the Bundeswehr 
looses data why not me?

Re: 20090101 (log data)

[linux]

Timing attacs can be done only with accurate data. 
What if my server has a wrong time or its clock is changing speed randomly 
or ...


I think some more clever people then me will come up with an idea soon.
I am sure tor developers will soon improve tor. We should of course do a lot 
in fighting this law but we should do more in improving tor.

Promote tor or the idea of anonymous web access in universities. Why should it 
not be cool to make a masters degree in improving anonymity?

Why not create a overnet where your IP address is only seen when you log in 
to the overnet but what you do inside is hidden. 


I have big hope in the smart guys and girls around us :) (I do not talk about 
the a***oles in the government)


Gruesse

Re: 20090101 (log data)

[Kasimir Gabert]

On Nov 12, 2007 12:13 PM, linux [EMAIL PROTECTED] wrote:
 Timing attacs can be done only with accurate data.
 What if my server has a wrong time or its clock is changing speed randomly
 or ...


 I think some more clever people then me will come up with an idea soon.
 I am sure tor developers will soon improve tor. We should of course do a lot
 in fighting this law but we should do more in improving tor.

 Promote tor or the idea of anonymous web access in universities. Why should it
 not be cool to make a masters degree in improving anonymity?

 Why not create a overnet where your IP address is only seen when you log in
 to the overnet but what you do inside is hidden.


 I have big hope in the smart guys and girls around us :) (I do not talk about
 the a***oles in the government)


 Gruesse


The Overnet idea seems a tad silly.  If connections in between servers
need to be logged, I do not think the requirement of logging would
change were the connections to be for the Overnet or for the Internet.

And I honestly do not see a problem with engaging in illegal
activities to ensure the anonymity of Tor users.  What the government
is doing is illegal by any decent rational standards, and it will
[hopefully] never come to the level of abuse against us that Ghandi
and other active peaceful resistors were subjected to in order to
achieve their ends, so it is unlikely that standing on the sidelines
and shouting that more people need to join Tor will accomplish much.

Kasimir

-- 
Kasimir Gabert

Re: 20090101 (log data)

[Eugen Leitl]

On Mon, Nov 12, 2007 at 01:13:23PM -0700, Kasimir Gabert wrote:

 The Overnet idea seems a tad silly.  If connections in between servers

I don't know how well hidden services and current Tor codebase scales,
but having an anonymous communication space is certainly worthwhile,
even if read-only. Do hidden wikis see much defacement, currently?

 need to be logged, I do not think the requirement of logging would
 change were the connections to be for the Overnet or for the Internet.

Not all Tor hosts log, and cooperation between different legal compartments
is much less than within e.g. US and EU. The average network bandwidth
and latency are likely to get much better in future, so the number of
hops in a circuit can be adaptively increased to make attack much more 
difficult, logs or no.
 
 And I honestly do not see a problem with engaging in illegal
 activities to ensure the anonymity of Tor users.  What the government
 is doing is illegal by any decent rational standards, and it will

I agree -- but so far there's no need for it yet. As others have correctly
stated we need to stay in full compliance of the law (as long as that law
is not unconstitutional), to not put public support into jeopardy.
Once however such illegal retention laws have been passed, then only outlaws 
will have anonymity.

 [hopefully] never come to the level of abuse against us that Ghandi
 and other active peaceful resistors were subjected to in order to
 achieve their ends, so it is unlikely that standing on the sidelines
 and shouting that more people need to join Tor will accomplish much.

As your attorney, I advise you to to rent a very fast car with no top, and to
not discuss such issues with anybody else you don't trust absolutely.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101 (log data)

[Kasimir Gabert]

On Nov 12, 2007 1:26 PM, Eugen Leitl [EMAIL PROTECTED] wrote:
 On Mon, Nov 12, 2007 at 01:13:23PM -0700, Kasimir Gabert wrote:

  The Overnet idea seems a tad silly.  If connections in between servers

 I don't know how well hidden services and current Tor codebase scales,
 but having an anonymous communication space is certainly worthwhile,
 even if read-only. Do hidden wikis see much defacement, currently?

  need to be logged, I do not think the requirement of logging would
  change were the connections to be for the Overnet or for the Internet.

 Not all Tor hosts log, and cooperation between different legal compartments
 is much less than within e.g. US and EU. The average network bandwidth
 and latency are likely to get much better in future, so the number of
 hops in a circuit can be adaptively increased to make attack much more
 difficult, logs or no.

You are definitely correct, I apologize.  Only when data is retained
across the world will hidden services not continue to provide the
anonymity that is currently provided... assuming of course that the
Tor servers are not all German.  It would be easily possible for the
government if the hidden server is German to track the connection from
a German user to it, however (after this law).


  And I honestly do not see a problem with engaging in illegal
  activities to ensure the anonymity of Tor users.  What the government
  is doing is illegal by any decent rational standards, and it will

 I agree -- but so far there's no need for it yet. As others have correctly
 stated we need to stay in full compliance of the law (as long as that law
 is not unconstitutional), to not put public support into jeopardy.
 Once however such illegal retention laws have been passed, then only outlaws
 will have anonymity.

That is true, and we all do have until 20090101 to produce a solution.
 It would be bad, however, to lose anonymity for Germans for even a
few days after that date, especially because Germans, as a whole, seem
to be requiring it more and more lately.


  [hopefully] never come to the level of abuse against us that Ghandi
  and other active peaceful resistors were subjected to in order to
  achieve their ends, so it is unlikely that standing on the sidelines
  and shouting that more people need to join Tor will accomplish much.

 As your attorney, I advise you to to rent a very fast car with no top, and to
 not discuss such issues with anybody else you don't trust absolutely.

Thank you.  Or I should start using Tor... let's see... I need a good name :)



 --
 Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
 __
 ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




-- 
Kasimir Gabert

Re: 20090101

[Olaf Selke]

Eugen Leitl wrote:
 On Sat, Nov 10, 2007 at 08:14:34PM +0100, Olaf Selke wrote:
 
 nothing will change for German tor operators due to this law. It defines
 how to store and how to hand over stored data to the authorities. Data
 not collected at all can't be stored, right?. But this law does not
 enforce tor operators to collect any data.
 
 Oh, really? So ISPs, VoIP and mobile phone providers have nothing to fear,
 right?

right!

 Wonder why they've been whining, then. I wonder why I went demonstrating
 for the first time in my life, in the freezing sleet, with a bad cold.

they have to spend a lot of money for that kind of nonsense. That really
hurts. Do you expect companies do care for free speech or human rights?
They only care for profit.

regards, Olaf

Re: 20090101

[Smuggler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Olaf Selke wrote:
 Eugen Leitl wrote:
 On Sat, Nov 10, 2007 at 08:14:34PM +0100, Olaf Selke wrote:

 nothing will change for German tor operators due to this law. It defines
 how to store and how to hand over stored data to the authorities. Data
 not collected at all can't be stored, right?. But this law does not
 enforce tor operators to collect any data.
 Oh, really? So ISPs, VoIP and mobile phone providers have nothing to fear,
 right?
 
 right!

Wrong. I read the law. My lawyers read the law. It doesnt say: Store the
data you have. It says: Store these specific datasets, no matter if you
have them or not. The comments in the Regierungsentwurf are very telling.
So, I am sorry. Tor nodes will have to log. ISPs will have to log.
Everyone doing public telco services will have to log.

 Wonder why they've been whining, then. I wonder why I went demonstrating
 for the first time in my life, in the freezing sleet, with a bad cold.
 
 they have to spend a lot of money for that kind of nonsense. That really
 hurts. Do you expect companies do care for free speech or human rights?
 They only care for profit.

Actually, some companies do care for free speech and human rights. Mine
does. Which is why it leaves Germany now for more free ground.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHNsVVOMmnRrmEoQkRArwTAJ4m4fUMjUlVmwGEwqmSq7OfmCZgbgCgkHbS
hRLi0014ciIOj0ANOICKhno=
=yuSe
-END PGP SIGNATURE-

Re: 20090101

[Paolo Amoroso]

On Sun, 11 Nov 2007 09:03:19 +
Smuggler [EMAIL PROTECTED] wrote:

 It says: Store these specific datasets

since i'm italian and i don't know your language, i'm curious about
which data must be retained by each service.
Could you list them, in english?

greetings

Re: 20090101 (log data)

[Paolo Amoroso]

On Sun, 11 Nov 2007 10:43:03 +0100
TOR Admin (gpfTOR1) [EMAIL PROTECTED] wrote:

 I will try it for email (fon, mobile and sms may be nearly like this):


thank you ;-)

Re: 20090101 (log data)

[Marco Gruss]

Hi,

TOR Admin (gpfTOR1) wrote:

I will try it for email (fon, mobile and sms may be nearly like this):

For mobile calls and SMS messages, the cell location of the caller/
sender at the beginning of the call must be recorded.

Pretty ugly, IMHO.

Marco

Re: 20090101

[Ruediger Klis]

 -Ursprüngliche Nachricht-
 Von: or-talk@freehaven.net
 Gesendet: 10.11.07 06:38:52
 An: or-talk@freehaven.net
 Betreff: Re: 20090101


 
 Am Freitag, 9. November 2007 schrieb Eugen Leitl:
  On Fri, Nov 09, 2007 at 07:42:46PM +0100, Valen MacLeod wrote:
  Heisst das jetzt, dass ich das protokollieren muss, wenn ich
   einen TORserver betreiben will?
 
  Not yet. A lot of things can and will change until 1. January 2009,
  and I would definitely look for an official legal interpretation
  before you pick between your three choices of what to do (or not to
  do).
 
  What are the most friendly jurisdications for anonymizing services?
  I was thinking about Russia, but it's probably not cheap to rent
  a server there. Any russian Tor operators here?
 
 The Germans on this list can participate in a Verfassungsbeschwerde 
 (constitutional complaint?) here:
 
 http://www.vorratsdatenspeicherung.de/content/view/51/70/
 
 Martin
 -- 
 Dr. Martin Senftleben, Ph.D. (S.V.U.)
 http://www.drmartinus.de/
 http://www.daskirchenjahr.de/
 
 
 

--
Several weeks ago i registered a Tor exit node (123Tor). I thought
it's a good thing for privacy. After reading the mailing lists I was really
extremely shocked about the arrested Tor-Server admins and
other things.
The result was I'm shutting down my exit-node immediately.
After that I'm assume that Tor is needed in the free world,
so i set up a new node (arachne) on a debian linux box as
middleman.
Living in Germany can be very hard. First the Hackerparagraph and
now the Vorratsdatenspeicherung.

Because of this I've just signed in the list.

Greetings

Rüdiger

Re: 20090101 (log data)

[Hans S.]

 Original Message 
From: Marco Gruss [EMAIL PROTECTED]
Apparently from: [EMAIL PROTECTED]
To: or-talk@freehaven.net
Subject: Re: 20090101 (log data)
Date: Sun, 11 Nov 2007 16:27:39 +0100

 Hi,
 
 TOR Admin (gpfTOR1) wrote:
  I will try it for email (fon, mobile and sms may be nearly like this):
 For mobile calls and SMS messages, the cell location of the caller/
 sender at the beginning of the call must be recorded.
 
 Pretty ugly, IMHO.
 
 Marco

Hi,

the big, but yet not loud enough protests in Germany about these new
laws do imho  relate to the fact that there are much older laws. These
protected exactly against the use of grids of databases concerning citizens,
the obligation to deliver data to authorities and to  to create grids with
for good reasons separate data for authorities.  So the big They create new
laws explicitely enforcing what was prohibited yesterday.
 How successfull or actually working that was in daily life is another
 question.

Deep trust in promotional and mass manipulating abilities make me believe
that in a not too far future all these doings may be socially anticipated
by the majority and accepted as necessary.  Reasons? The usual.
Paedorists.

To my knowledge not all (or only few) of states have or ever had this
'limited ability' in treating their citizens data. Of course there also
are a few with a higher valency of human rights.

There is a background to what has happened in DE right now, also
concerning our friends from Suomi (hope that's right) as well as people
(friends, too, of course;) from Italy and presently 48 other States.

The bigger picture appears to be the so called Convention on Cybercrime,
which our beloved goverment (DE) wishes to ratify.

Please take a look at:

(0) The Treaty (choose #185), english, french 
(1) The list of states involved, english 
(2) Is where I found (1), german.  
(3) Foebud's website, german

As obvious and natural members of a Council of Europe, the US, Japan,
Azerbaijan, Turkey, South-Africa and others are also supposed to, are
about to, or already have ratified the mentioned paper.  Moving servers to
Russia ?  See list.  (although the Russians didn't even care to sign it,
yet ...)

The treaty (0) is concerned about what they call mutual  assisstance
in fighting computer related crime and the usual paedorist stuff. 
The treaty itself is absolutely horrifying and has effects much further than
Germany and Europe, reaching out to the US and elsewhere. Article
20 and 21 are interesting, they might be the reason for our law. The
german gov.  and others simply shift the costs of getting and storing data
essential for the intended surveillance.  According to the treaty the
goverments are obliged to somehow get hold of tha data.  So they make a
law forcing isp's and other service providers to do so. Awfully simple.

Read  Article 23 and further about international co-operation agreements.
According to this, telco data can and shall be made available to
authorities of the enlisted states on request and spontanously for the
purpose of criminal investigation.  Hurray.

So far, so bad, but even worse,  data then will leave the originating
legislation.  Of course will, lets say the Ukrainian police obey e.g
german law how long to store and how to use or where to pass data to. (I
do not have any problems with or about Ukrania or Ukranians, just an
example.) So, what happens, if data becomes to be very easily available to
states who never really cared about such odd things like civil rights?
Welcome to an international legal marketplace for telco data.

With a little phantasy we might imagine yottabytes (really much) of logs
being analyzed by whoever wants to, profiling of individuals and tracking
just about anything in communication, and this on a pretty much
international scale. Every day.  Is that new? No, but new in that extent.

Some people might end up in Guantanamo or some other weirdo's prison
without ever knowing what actually hit them. Nowadays mere suspicion is
enough, we have learned.

Quite a nightmare.

As soon as this law in Germany comes into force on 01.01.2009 Tor-ops
_may_ have to hand over logs on request.  It does not criminalize
operators of a node.

Tor's purpose is to provide anonymous access to the net. Period.  So how
much this analyzing of nodes will break anonymity is the interesting
part...

I personally begin to look around for places to set up my node (and
myself;) in other parts of the world.


Suggestions are welcome.



Regards

Hans


(0)http://conventions.coe.int/Treaty/Commun/ListeTraites.asp?CM=8CL=ENG
(1)http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185CM=DF=CL=ENG
(2)http://www.tecchannel.de/pc_mobile/news/1738342/ 
(3)http://www.foebud.org/datenschutz-buergerrechte/vorratsdatenspeicherung/weitergabe-von-kommunikationsprofilen

Re: 20090101 (log data)

[Eugen Leitl]

On Sun, Nov 11, 2007 at 11:46:07AM -0500, Hans S. wrote:

 I personally begin to look around for places to set up my node (and
 myself;) in other parts of the world.

When you do this, make sure you that the server/IP is not registered
to you personally, and make sure the means of payment are not
traceable to you (cash is good). Offshoring is also possible, but
unfortunately expensive. The thing with Russia (or China) is that
authorities there completely ignore massively illegal operations like
RBN (of course their SIGINT guys may still monitor it, they just
don't act on the intelligence), so with that kind of operator 
nobody would frown at hosting a Tor exit.

Apart from that my (as always, purely personal, and rather unpopular)
opinion is that once operating Tor without logs has been made illegal,
then it's time for no more Mr. Nice Guy, and let's see how the authorities 
will deal with a global StormTor network of a million nodes, all exit.

The advantage of malware-vectored Tor is that it's 
self-propagating/self-hosting,
and it it also boosts the number of users by forcing all traffic on
infected machines through Tor, transparently for the end user.
It will be slightly slower, but the fraction of a malicious exits
will be negligible.

Yes, I agree, ordinarily this is morally despicable, but this is war, 
and we haven't started it.

(Disclaimer: I'm not doing it, nor will I ever do it, so raiding my
place is completely pointless; and once you've ruined my life
sufficiently, you and yours will pay dearly, and in person).

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101 (log data)

[Marko Sihvo]

Eugen Leitl kirjoitti:
Yes, I agree, ordinarily this is morally despicable, but this is war, 
and we haven't started it.
  

I agree...

Acting like saint will end up in the death of anonymity and free 
communciations... Welcome to the real world...


SI VIS PACEM, PARA BELLUM

Re: 20090101 (log data)

[Andrew]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Marko Sihvo schrieb:
 Eugen Leitl kirjoitti:
 Yes, I agree, ordinarily this is morally despicable, but this is
 war, and we haven't started it.
 

 SI VIS PACEM, PARA BELLUM
Bad idea. Right now we're not criminals, and can even convince the
interested public of that.
If we'd start shooting back we would lose public support. Which is the
factor that will decide this war.

Plus, it would never really work. Antivirus software would need days
- - at the most - to detect and disable tor. And we just don't have the
resources to find new methods of spreading tor, like the big spammers
and botnets constantly do.
No, the only way this fight can be won is by winning public opinion.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
 
iD8DBQFHN2Fj6GnazsDEIPERAgSdAJ0U/x+woy2u6CarKvYd7q6LcdMleQCfcVjb
ruTivRwNgWyEIyKuEKdyGPE=
=m20f
-END PGP SIGNATURE-

Re: 20090101

[Max Berger]

Am Freitag, den 09.11.2007, 16:25 +0100 schrieb Eugen Leitl:
 
 No, there's a clemency period until 20090101. Whether you want to
 log afterwards, or shut down your node is every operator's personal
 decision.
 

Does anyone have an idea of the size of these log files? I try to
estimate how many data we will collect in half a year and how useful
they are for breaking anonymity...

Will we need the stream data? 

As far as I see in the new §113a TKG [*] we don't have to log the whole
circuit data. We just have to log, which nodes connect to our node and
which IP-address we give this connection (that's the IP-address of our
own node, so we have to log this only once). The IP-address of the next
node is not required.

Max


(*) http://www.bmj.bund.de/files/-/2047/RegE%20TK%DC.pdf
§113a (6) Wer Telekommunikationsdienste erbringt und hierbei die nach
Maßgabe dieser Vorschrift zu speichernden Angaben verändert, ist zur
Speicherung der ursprünglichen und der neuen Angabe sowie des
Zeitpunktes der Umschreibung dieser Angaben nach Datum und Uhrzeit unter
Angabe der zugrunde liegenden Zeitzone verpflichtet.

RE: 20090101

[Alexander Bernhard]

They will not just ask you for the logfiles. YOU will have to find out which
ip-address was routed on your server on a more-or-less specific timewindow
in the last 6 month and with which ip-address the data was forwarded to the
next router.

If you can not provide this information you will be charged by law. In my
opinion, as an tor-operator you will not be punished for the maximum years
of inprisonment or the highest money fee possible ... but it could be hard
enough if you have a previous conviction in your police file stating you to
be involved in computer crime and a possible terrorist :-(

And yes, they of cource put some terms into the TKG to whom the information
is available:

Zur Erfüllung ihrer gesetzlichen Aufgaben haben eine Vielzahl von Stellen
Zugriff auf diese Bestandsdaten (§§ 112, 113 TKG): Gerichte,
Strafverfolgungsbehörden, Polizeivollzugsbehörden des Bundes und der Länder
für Zwecke der Gefahrenabwehr, Zollkriminalamt und Zollfahndungsämter für
Zwecke eines Strafverfahrens, Zollkriminalamt zur Vorbereitung und
Durchführung von Maßnahmen nach § 39 des Außenwirtschaftsgesetzes,
Verfassungsschutzbehörden des Bundes und der Länder, Militärischer
Abschirmdienst, Bundesnachrichtendienst, Notrufabfragestellen, Bundesanstalt
für Finanzdienstleistungsaufsicht, Zollverwaltung zur
Schwarzarbeitsbekämpfung.(found at
http://www.vorratsdatenspeicherung.de/content/view/78/86/lang,de/#Umsetzung_
in_Deutschland)

Sorry for not translating the german text, but perhaps you can see that it
is not only one institution and not only courts ...

There are really bad times coming up in Germany ...
regards,
Alexander Bernhard


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Jan Danielsson
Sent: Saturday, November 10, 2007 12:59 PM
To: or-talk@freehaven.net
Subject: Re: 20090101

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Max Berger wrote:
[---]
 As far as I see in the new §113a TKG [*] we don't have to log the whole
 circuit data. We just have to log, which nodes connect to our node and
 which IP-address we give this connection (that's the IP-address of our
 own node, so we have to log this only once). The IP-address of the next
 node is not required.

   I assume that they made sure to put one, or more, make available to
the state cause in there?

   If not, I'm just wondering how they'd react if I do log (as
required), and if they want the logs, I send them a
tor.20080101-20100101.logs.tar.bz.gpg.good_luck.

- --
Kind regards,
Jan Danielsson

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (NetBSD)

iD8DBQFHNZ0UuPlHKFfKXTYRCi17AKCJH5hLNUoQWfWaamuWtaCWRUR//ACeK6ii
8wipwCF4HDrIiutt6nJOOkw=
=i3p7
-END PGP SIGNATURE-

Re: 20090101 (space for log data)

[TOR Admin (gpfTOR1)]

Our measurement for space of log data:
(because there was a question for it)

  server traffic (mean): 2.000 KB/s
  log data for one week: 200 GByte
  after remove of some useless strings: 120 GByte
  compressed and encrypted: 20 GByte

  for 26 weeks: approx. 500 GByte

This is very much for our server. But we hope, we do not have to log.

Re: 20090101

[Christoph]

I assume that they made sure to put one, or more, make available to
 the state cause in there?
Of course !

If not, I'm just wondering how they'd react if I do log (as
 required), and if they want the logs, I send them a
 tor.20080101-20100101.logs.tar.bz.gpg.good_luck.

German:
§113 a (9) Die Speicherung der Daten nach den Absätzen 1 bis 7 hat so zu 
erfolgen, dass Auskunftsersuchen der berechtigten Stellen unverzüglich 
beantwortet werden können.

English:
You have to store the logs in a way, that you can hand them over immediately.

But it is not clear which data to store yet. We will see.

Christoph.

Re: 20090101

[Marko Sihvo]

Alexander Bernhard kirjoitti:

They will not just ask you for the logfiles. YOU will have to find out which
ip-address was routed on your server on a more-or-less specific timewindow
in the last 6 month and with which ip-address the data was forwarded to the
next router.

If you can not provide this information you will be charged by law. In my
opinion, as an tor-operator you will not be punished for the maximum years
of inprisonment or the highest money fee possible ... but it could be hard
enough if you have a previous conviction in your police file stating you to
be involved in computer crime and a possible terrorist :-(
  

When freedom is terrorism, only terrorists have freedom.

If this ever comes into the law in Finland, I promise to setup Tor 
middleman and log _nothing_. Let them put me in prison, if they have the 
balls to do it.

Re: 20090101

[Peter Kornherr]

On Fri, Nov 09, 2007 at 03:59:44PM CET, you (Eugen Leitl) wrote:

 This will be contested as unconstitutional, but in cases it
 will become law all Tor operators are required by law to start 
 logging 20090101.

20080101 :(

Re: 20090101

[Olaf Selke]

Eugen Leitl wrote:
 
 This will be contested as unconstitutional, but in cases it
 will become law all Tor operators are required by law to start 
 logging 20090101.

nope, from my understanding this is not the case. Telco operators are required 
to store data
they already collect, for a certain period of time. But this law doesn't 
require to collect
any data at all. So for German Tor operators nothing is going to change since 
there's
nothing to store.

regards, Olaf

Re: 20090101

[Eugen Leitl]

On Fri, Nov 09, 2007 at 04:13:46PM +0100, Peter Kornherr wrote:
 On Fri, Nov 09, 2007 at 03:59:44PM CET, you (Eugen Leitl) wrote:
 
  This will be contested as unconstitutional, but in cases it
  will become law all Tor operators are required by law to start 
  logging 20090101.
 
 20080101 :(

No, there's a clemency period until 20090101. Whether you want to
log afterwards, or shut down your node is every operator's personal
decision.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101

[Eugen Leitl]

On Fri, Nov 09, 2007 at 04:20:00PM +0100, Olaf Selke wrote:

 nope, from my understanding this is not the case. Telco operators are 
 required to store data
 they already collect, for a certain period of time. But this law doesn't 
 require to collect
 any data at all. So for German Tor operators nothing is going to change since 
 there's
 nothing to store.

No, this is not correct. You have to log connection info, and anonymisation
services are explicitly mentioned in the new bill.

Let's hope Karlsruhe will strike it down.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101

[Olaf Selke]

Eugen Leitl wrote:
 On Fri, Nov 09, 2007 at 04:20:00PM +0100, Olaf Selke wrote:
 
 nope, from my understanding this is not the case. Telco operators are 
 required to store data
 they already collect, for a certain period of time. But this law doesn't 
 require to collect
 any data at all. So for German Tor operators nothing is going to change 
 since there's
 nothing to store.
 
 No, this is not correct. You have to log connection info, and anonymisation
 services are explicitly mentioned in the new bill.

which paragraph are you referring to? §113a TKG doesn't require to collect any 
data. It just
requires to store already collected data for at least six months:

§113a TKG
Wer öffentlich zugängliche Telekommunikationsdienste für Endnutzer erbringt, 
ist
verpflichtet, von ihm bei der Nutzung seines Dienstes erzeugte oder verarbeitete
Verkehrsdaten nach Maßgabe der Absätze 2 bis 5 sechs Monate im Inland oder in 
einem anderen
Mitgliedstaat der Europäischen Union zu speichern.

regards, Olaf

Re: 20090101

[Eugen Leitl]

On Fri, Nov 09, 2007 at 04:47:11PM +0100, Olaf Selke wrote:

 which paragraph are you referring to? §113a TKG doesn't require to collect 
 any data. It just
 requires to store already collected data for at least six months:
 
 §113a TKG
 Wer öffentlich zugängliche Telekommunikationsdienste für Endnutzer erbringt, 
 ist
 verpflichtet, von ihm bei der Nutzung seines Dienstes erzeugte oder 
 verarbeitete
 Verkehrsdaten nach Maßgabe der Absätze 2 bis 5 sechs Monate im Inland oder in 
 einem anderen
 Mitgliedstaat der Europäischen Union zu speichern.

http://www.bmj.bund.de/files/-/2047/RegE%20TK%DC.pdf

http://www.heise.de/newsticker/foren/go.shtml?read=1msg_id=13859936forum_id=127012

Geht es nach dem heute beschlossenen Entwurf, so sind auch die in
Deutschland ansässigen Anonymisierungsdienste betroffen. Alle Tor-,
oder sonstigen Nodes müssen die Ausgangs-, und Endadresse der
IP-Umwandlung protokollieren. Vgl. insoweit RegE Seite 166 zu §
113a Abs. 6 TKG-E.[1] Da bleiben nur Dienste mit mindestens zwei
Nodes außerhalb der EU um Anonymität zu gewährleisten.

Zumindest bis zu einer Entscheidung des BVerfG. Denn diese spezielle
Regelung geht über die Richtlinie hinaus.

Perhaps it's time to increase the number of hops in the client
circuit.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101

[Valen MacLeod]

Eugen Leitl schrieb:


On Fri, Nov 09, 2007 at 04:47:11PM +0100, Olaf Selke wrote:

 


which paragraph are you referring to? §113a TKG doesn't require to collect any 
data. It just
requires to store already collected data for at least six months:

§113a TKG
Wer öffentlich zugängliche Telekommunikationsdienste für Endnutzer erbringt, 
ist
verpflichtet, von ihm bei der Nutzung seines Dienstes erzeugte oder verarbeitete
Verkehrsdaten nach Maßgabe der Absätze 2 bis 5 sechs Monate im Inland oder in 
einem anderen
Mitgliedstaat der Europäischen Union zu speichern.
   



http://www.bmj.bund.de/files/-/2047/RegE%20TK%DC.pdf

http://www.heise.de/newsticker/foren/go.shtml?read=1msg_id=13859936forum_id=127012

Geht es nach dem heute beschlossenen Entwurf, so sind auch die in
Deutschland ansässigen Anonymisierungsdienste betroffen. Alle Tor-,
oder sonstigen Nodes müssen die Ausgangs-, und Endadresse der
IP-Umwandlung protokollieren. Vgl. insoweit RegE Seite 166 zu §
113a Abs. 6 TKG-E.[1] Da bleiben nur Dienste mit mindestens zwei
Nodes außerhalb der EU um Anonymität zu gewährleisten.

Zumindest bis zu einer Entscheidung des BVerfG. Denn diese spezielle
Regelung geht über die Richtlinie hinaus.

Perhaps it's time to increase the number of hops in the client
circuit.

 

Heisst das jetzt, dass ich das protokollieren muss, wenn ich einen 
TORserver betreiben will?

Re: 20090101

[Eugen Leitl]

On Fri, Nov 09, 2007 at 07:42:46PM +0100, Valen MacLeod wrote:

Heisst das jetzt, dass ich das protokollieren muss, wenn ich einen
TORserver betreiben will?

Not yet. A lot of things can and will change until 1. January 2009,
and I would definitely look for an official legal interpretation
before you pick between your three choices of what to do (or not to do).

What are the most friendly jurisdications for anonymizing services?
I was thinking about Russia, but it's probably not cheap to rent
a server there. Any russian Tor operators here?

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: 20090101

[Martin Senftleben]

Am Freitag, 9. November 2007 schrieb Eugen Leitl:
 On Fri, Nov 09, 2007 at 07:42:46PM +0100, Valen MacLeod wrote:
 Heisst das jetzt, dass ich das protokollieren muss, wenn ich
  einen TORserver betreiben will?

 Not yet. A lot of things can and will change until 1. January 2009,
 and I would definitely look for an official legal interpretation
 before you pick between your three choices of what to do (or not to
 do).

 What are the most friendly jurisdications for anonymizing services?
 I was thinking about Russia, but it's probably not cheap to rent
 a server there. Any russian Tor operators here?

The Germans on this list can participate in a Verfassungsbeschwerde 
(constitutional complaint?) here:

http://www.vorratsdatenspeicherung.de/content/view/51/70/

Martin
-- 
Dr. Martin Senftleben, Ph.D. (S.V.U.)
http://www.drmartinus.de/
http://www.daskirchenjahr.de/



signature.asc
Description: This is a digitally signed message part.