Re: 20090101 (log data)
On Sun, Nov 11, 2007 at 11:46:07AM -0500, Hans S. wrote: >> TOR Admin (gpfTOR1) wrote: >>> I will try it for email (fon, mobile and sms may be nearly like this): >> For mobile calls and SMS messages, the cell location of the caller/ >> sender at the beginning of the call must be recorded. > Please take a look at: > (0) The Treaty (choose #185), english, french > The treaty (0) is concerned about what they call mutual assisstance > in fighting computer related crime and the usual paedorist stuff. > The treaty itself is absolutely horrifying and has effects much > further than Germany and Europe, reaching out to the US and > elsewhere. Article 20 and 21 are interesting, they might be the > reason for our law. They could be understood as recording traffic / content data on demand, not collect / store everything by default and keep it for queries about the past. Wouldn't a law that compels ISPs to start to record data about a particular user when the police asks it (with a court order or otherwise vetted order) fulfil that treaty? -- Lionel
Re: 20090101 (log data)
On Mon, Nov 12, 2007 at 08:12:35PM +0100, linux wrote: > do you know what is a timestamp in terms of this law? today, 11pm >> 2: anon server: >> In my opinion, an anon sever has to log every replacement of a >> sender ID by his own ID and the time stamp of this replacement. >> Tor replaces the IP-address, so we have to log a time stamp and the >> source IP for every connection. (Thats my private opinion.) > What they ask for email is stupid. Every one will go to a server > which is not in the EU. But still I will keep some email account in > the EU and enter this address everywhere where I expect to get spam > from. No, alas, no. I think most people will stay with servers and the EU, so your email to/from them will be in "the system". Although maybe not in a form that is convenient for the authorities to query (they have to mass-send requests to several ISPs...). Another solution is using your *own* server. That would be kinda funny... Have the police call you to get logs about you. > PS: what happens if the logged data is lost by accident? If the > Bundeswehr looses data why not me? Because you are criminally liable for it and they don't? More seriously, I suppose that if they actually believe you when you say it is an accident and you show that you took appropriate precautions (off-site backups, ...), then they will not make you (big) problems. There is “lost by accident” and “lost by “accident””. Not entirely the same. -- Lionel
Re: 20090101 (log data)
On Nov 12, 2007 1:26 PM, Eugen Leitl <[EMAIL PROTECTED]> wrote: > On Mon, Nov 12, 2007 at 01:13:23PM -0700, Kasimir Gabert wrote: > > > The Overnet idea seems a tad silly. If connections in between servers > > I don't know how well hidden services and current Tor codebase scales, > but having an anonymous communication space is certainly worthwhile, > even if read-only. Do hidden wikis see much defacement, currently? > > > need to be logged, I do not think the requirement of logging would > > change were the connections to be for the Overnet or for the Internet. > > Not all Tor hosts log, and cooperation between different legal compartments > is much less than within e.g. US and EU. The average network bandwidth > and latency are likely to get much better in future, so the number of > hops in a circuit can be adaptively increased to make attack much more > difficult, logs or no. You are definitely correct, I apologize. Only when data is retained across the world will hidden services not continue to provide the anonymity that is currently provided... assuming of course that the Tor servers are not all German. It would be easily possible for the government if the hidden server is German to track the connection from a German user to it, however (after this law). > > > And I honestly do not see a problem with engaging in illegal > > activities to ensure the anonymity of Tor users. What the government > > is doing is illegal by any decent rational standards, and it will > > I agree -- but so far there's no need for it yet. As others have correctly > stated we need to stay in full compliance of the law (as long as that law > is not unconstitutional), to not put public support into jeopardy. > Once however such illegal retention laws have been passed, then only outlaws > will have anonymity. That is true, and we all do have until 20090101 to produce a solution. It would be bad, however, to lose anonymity for Germans for even a few days after that date, especially because Germans, as a whole, seem to be requiring it more and more lately. > > > [hopefully] never come to the level of abuse against us that Ghandi > > and other active peaceful resistors were subjected to in order to > > achieve their ends, so it is unlikely that standing on the sidelines > > and shouting that more people need to join Tor will accomplish much. > > As your attorney, I advise you to to rent a very fast car with no top, and to > not discuss such issues with anybody else you don't trust absolutely. Thank you. Or I should start using Tor... let's see... I need a good name :) > > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > __ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > -- Kasimir Gabert
Re: 20090101 (log data)
On Mon, Nov 12, 2007 at 01:13:23PM -0700, Kasimir Gabert wrote: > The Overnet idea seems a tad silly. If connections in between servers I don't know how well hidden services and current Tor codebase scales, but having an anonymous communication space is certainly worthwhile, even if read-only. Do hidden wikis see much defacement, currently? > need to be logged, I do not think the requirement of logging would > change were the connections to be for the Overnet or for the Internet. Not all Tor hosts log, and cooperation between different legal compartments is much less than within e.g. US and EU. The average network bandwidth and latency are likely to get much better in future, so the number of hops in a circuit can be adaptively increased to make attack much more difficult, logs or no. > And I honestly do not see a problem with engaging in illegal > activities to ensure the anonymity of Tor users. What the government > is doing is illegal by any decent rational standards, and it will I agree -- but so far there's no need for it yet. As others have correctly stated we need to stay in full compliance of the law (as long as that law is not unconstitutional), to not put public support into jeopardy. Once however such illegal retention laws have been passed, then only outlaws will have anonymity. > [hopefully] never come to the level of abuse against us that Ghandi > and other active peaceful resistors were subjected to in order to > achieve their ends, so it is unlikely that standing on the sidelines > and shouting that more people need to join Tor will accomplish much. As your attorney, I advise you to to rent a very fast car with no top, and to not discuss such issues with anybody else you don't trust absolutely. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: 20090101 (log data)
On Nov 12, 2007 12:13 PM, linux <[EMAIL PROTECTED]> wrote: > Timing attacs can be done only with accurate data. > What if my server has a wrong time or its clock is changing speed randomly > or ... > > > I think some more clever people then me will come up with an idea soon. > I am sure tor developers will soon improve tor. We should of course do a lot > in fighting this law but we should do more in improving tor. > > Promote tor or the idea of anonymous web access in universities. Why should it > not be "cool" to make a masters degree in improving anonymity? > > Why not create a "overnet" where your IP address is only seen when you log in > to the "overnet" but what you do inside is hidden. > > > I have big hope in the smart guys and girls around us :) (I do not talk about > the a***oles in the government) > > > Gruesse > The Overnet idea seems a tad silly. If connections in between servers need to be logged, I do not think the requirement of logging would change were the connections to be for the Overnet or for the Internet. And I honestly do not see a problem with engaging in illegal activities to ensure the anonymity of Tor users. What the government is doing is illegal by any decent rational standards, and it will [hopefully] never come to the level of abuse against us that Ghandi and other active peaceful resistors were subjected to in order to achieve their ends, so it is unlikely that standing on the sidelines and shouting that more people need to join Tor will accomplish much. Kasimir -- Kasimir Gabert
Re: 20090101 (log data)
Timing attacs can be done only with accurate data. What if my server has a wrong time or its clock is changing speed randomly or ... I think some more clever people then me will come up with an idea soon. I am sure tor developers will soon improve tor. We should of course do a lot in fighting this law but we should do more in improving tor. Promote tor or the idea of anonymous web access in universities. Why should it not be "cool" to make a masters degree in improving anonymity? Why not create a "overnet" where your IP address is only seen when you log in to the "overnet" but what you do inside is hidden. I have big hope in the smart guys and girls around us :) (I do not talk about the a***oles in the government) Gruesse
Re: 20090101 (log data)
On Sunday 11 November 2007 10:43, TOR Admin (gpfTOR1) wrote: do you know what is a timestamp in terms of this law? today, 11pm > 2: anon server: > In my opinion, an anon sever has to log every replacement of a > sender ID by his own ID and the time stamp of this replacement. > Tor replaces the IP-address, so we have to log a time stamp and the > source IP for every connection. (Thats my private opinion.) does tor really change the packets 1 by 1? or is it that data comes in, is buffered and then send with other data to a different tor server (middle man). If yes then tor middlenode does not offer any public service where you replace an ID by an other. (Whatever you mean by ID) exit nodes still can be run outside europe. I will quit from my german server provider and get one somewhere else asap. What they ask for email is stupid. Every one will go to a server which is not in the EU. But still I will keep some email account in the EU and enter this address everywhere where I expect to get spam from. Gruesse PS: what happens if the logged data is lost by accident? If the Bundeswehr looses data why not me?
Re: 20090101 (log data)
Andrew kirjoitti: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marko Sihvo schrieb: Eugen Leitl kirjoitti: Yes, I agree, ordinarily this is morally despicable, but this is war, and we haven't started it. "SI VIS PACEM, PARA BELLUM" Bad idea. Right now we're not criminals, and can even convince the interested public of that. If we'd start shooting back we would lose public support. Which is the factor that will decide this war. Fighting this war with volunteers would be the honorable way... Of course... But if that won't do it... Maybe there are other options...
Re: 20090101 (log data)
On Nov 12, 2007 3:15 AM, algenon flower <[EMAIL PROTECTED]> wrote: > Hello > I just hardly can't believe it what I am hearing about this. From what I > get, it sounds like a full on assault on privacy and free speech, the things > that make the internet good, has begun. > I am very sorry to hear the news and am very upset for everybody, > especially those in Europe where this seems to be starting. > Am I to believe from the foregoing that potentially having to surrender a > Tor servers logs (that do not compromise much) will actually make Tor server > operators criminals because they don't "reveal" enough? > > Algenon > Another issue here is that surrendering the logs will actually have the potential to compromise much. It was allow timing attacks to become very trivial for the government to carry out. And the Tor operators will only be criminals if they do not have the data to surrender to the government when it is requested. Kasimir -- Kasimir Gabert
Re: 20090101 (log data)
Hello I just hardly can't believe it what I am hearing about this. From what I get, it sounds like a full on assault on privacy and free speech, the things that make the internet good, has begun. I am very sorry to hear the news and am very upset for everybody, especially those in Europe where this seems to be starting. Am I to believe from the foregoing that potentially having to surrender a Tor servers logs (that do not compromise much) will actually make Tor server operators criminals because they don't "reveal" enough? Algenon "Hans S." <[EMAIL PROTECTED]> wrote: Original Message From: Marco Gruss Apparently from: [EMAIL PROTECTED] To: or-talk@freehaven.net Subject: Re: 20090101 (log data) Date: Sun, 11 Nov 2007 16:27:39 +0100 > Hi, > > TOR Admin (gpfTOR1) wrote: > > I will try it for email (fon, mobile and sms may be nearly like this): > For mobile calls and SMS messages, the cell location of the caller/ > sender at the beginning of the call must be recorded. > > Pretty ugly, IMHO. > > Marco Hi, the big, but yet not loud enough protests in Germany about these "new" laws do imho relate to the fact that there are much older laws. These protected exactly against the use of grids of databases concerning citizens, the obligation to deliver data to authorities and to to create grids with for good reasons separate data for authorities. So the big "They" create new laws explicitely enforcing what was prohibited yesterday. How successfull or actually working that was in daily life is another question. Deep trust in promotional and mass manipulating abilities make me believe that in a not too far future all these doings may be socially anticipated by the majority and accepted as necessary. Reasons? The usual. Paedorists. To my knowledge not all (or only few) of states have or ever had this 'limited ability' in treating their citizens data. Of course there also are a few with a higher valency of human rights. There is a background to what has happened in DE right now, also concerning our friends from Suomi (hope that's right) as well as people (friends, too, of course;) from Italy and presently 48 other States. The bigger picture appears to be the so called "Convention on Cybercrime", which our beloved goverment (DE) wishes to ratify. Please take a look at: (0) The Treaty (choose #185), english, french (1) The list of states involved, english (2) Is where I found (1), german. (3) Foebud's website, german As obvious and natural members of a Council of Europe, the US, Japan, Azerbaijan, Turkey, South-Africa and others are also supposed to, are about to, or already have ratified the mentioned paper. Moving servers to Russia ? See list. (although the Russians didn't even care to sign it, yet ...) The treaty (0) is concerned about what they call mutual assisstance in fighting computer related crime and the usual paedorist stuff. The treaty itself is absolutely horrifying and has effects much further than Germany and Europe, reaching out to the US and elsewhere. Article 20 and 21 are interesting, they might be the reason for our law. The german gov. and others simply shift the costs of getting and storing data essential for the intended surveillance. According to the treaty the goverments are obliged to somehow get hold of tha data. So they make a law forcing isp's and other service providers to do so. Awfully simple. Read Article 23 and further about international co-operation agreements. According to this, telco data can and shall be made available to authorities of the enlisted states on request and spontanously for the purpose of criminal investigation. Hurray. So far, so bad, but even worse, data then will leave the originating legislation. Of course will, lets say the Ukrainian police obey e.g german law how long to store and how to use or where to pass data to. (I do not have any problems with or about Ukrania or Ukranians, just an example.) So, what happens, if data becomes to be very easily available to states who never really cared about such odd things like civil rights? Welcome to an international legal marketplace for telco data. With a little phantasy we might imagine yottabytes (really much) of logs being analyzed by whoever wants to, profiling of individuals and tracking just about anything in communication, and this on a pretty much international scale. Every day. Is that new? No, but new in that extent. Some people might end up in Guantanamo or some other weirdo's prison without ever knowing what actually hit them. Nowadays mere suspicion is enough, we have learned. Quite a nightmare. As soon as this law in Germany comes into force on 01.01.2009 Tor-ops _may_ have to hand over logs on request. It does
Re: 20090101 (log data)
(Disclaimer: I'm not doing it, nor will I ever do it, so raiding my place is completely pointless; and once you've ruined my life sufficiently, you and yours will pay dearly, and in person). Not think you're being a tad melodramatic there? --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 07-1, 11/11/2007 Tested on: 12/11/2007 08:28:55 avast! - copyright (c) 1988-2007 ALWIL Software. http://www.avast.com
Re: 20090101 (log data)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marko Sihvo schrieb: > Eugen Leitl kirjoitti: >> Yes, I agree, ordinarily this is morally despicable, but this is >> war, and we haven't started it. >> > > "SI VIS PACEM, PARA BELLUM" Bad idea. Right now we're not criminals, and can even convince the interested public of that. If we'd start shooting back we would lose public support. Which is the factor that will decide this war. Plus, it would never "really" work. Antivirus software would need days - - at the most - to detect and disable tor. And we just don't have the resources to find new methods of spreading tor, like the big spammers and botnets constantly do. No, the only way this fight can be won is by winning public opinion. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iD8DBQFHN2Fj6GnazsDEIPERAgSdAJ0U/x+woy2u6CarKvYd7q6LcdMleQCfcVjb ruTivRwNgWyEIyKuEKdyGPE= =m20f -END PGP SIGNATURE-
Re: 20090101 (log data)
Eugen Leitl kirjoitti: Yes, I agree, ordinarily this is morally despicable, but this is war, and we haven't started it. I agree... Acting like saint will end up in the death of anonymity and free communciations... Welcome to the real world... "SI VIS PACEM, PARA BELLUM"
Re: 20090101 (log data)
On Sun, Nov 11, 2007 at 11:46:07AM -0500, Hans S. wrote: > I personally begin to look around for places to set up my node (and > myself;) in other parts of the world. When you do this, make sure you that the server/IP is not registered to you personally, and make sure the means of payment are not traceable to you (cash is good). Offshoring is also possible, but unfortunately expensive. The thing with Russia (or China) is that authorities there completely ignore massively illegal operations like RBN (of course their SIGINT guys may still monitor it, they just don't act on the intelligence), so with that kind of operator nobody would frown at hosting a Tor exit. Apart from that my (as always, purely personal, and rather unpopular) opinion is that once operating Tor without logs has been made illegal, then it's time for no more Mr. Nice Guy, and let's see how the authorities will deal with a global StormTor network of a million nodes, all exit. The advantage of malware-vectored Tor is that it's self-propagating/self-hosting, and it it also boosts the number of users by forcing all traffic on infected machines through Tor, transparently for the end user. It will be slightly slower, but the fraction of a malicious exits will be negligible. Yes, I agree, ordinarily this is morally despicable, but this is war, and we haven't started it. (Disclaimer: I'm not doing it, nor will I ever do it, so raiding my place is completely pointless; and once you've ruined my life sufficiently, you and yours will pay dearly, and in person). -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: 20090101 (log data)
Original Message From: Marco Gruss <[EMAIL PROTECTED]> Apparently from: [EMAIL PROTECTED] To: or-talk@freehaven.net Subject: Re: 20090101 (log data) Date: Sun, 11 Nov 2007 16:27:39 +0100 > Hi, > > TOR Admin (gpfTOR1) wrote: > > I will try it for email (fon, mobile and sms may be nearly like this): > For mobile calls and SMS messages, the cell location of the caller/ > sender at the beginning of the call must be recorded. > > Pretty ugly, IMHO. > > Marco Hi, the big, but yet not loud enough protests in Germany about these "new" laws do imho relate to the fact that there are much older laws. These protected exactly against the use of grids of databases concerning citizens, the obligation to deliver data to authorities and to to create grids with for good reasons separate data for authorities. So the big "They" create new laws explicitely enforcing what was prohibited yesterday. How successfull or actually working that was in daily life is another question. Deep trust in promotional and mass manipulating abilities make me believe that in a not too far future all these doings may be socially anticipated by the majority and accepted as necessary. Reasons? The usual. Paedorists. To my knowledge not all (or only few) of states have or ever had this 'limited ability' in treating their citizens data. Of course there also are a few with a higher valency of human rights. There is a background to what has happened in DE right now, also concerning our friends from Suomi (hope that's right) as well as people (friends, too, of course;) from Italy and presently 48 other States. The bigger picture appears to be the so called "Convention on Cybercrime", which our beloved goverment (DE) wishes to ratify. Please take a look at: (0) The Treaty (choose #185), english, french (1) The list of states involved, english (2) Is where I found (1), german. (3) Foebud's website, german As obvious and natural members of a Council of Europe, the US, Japan, Azerbaijan, Turkey, South-Africa and others are also supposed to, are about to, or already have ratified the mentioned paper. Moving servers to Russia ? See list. (although the Russians didn't even care to sign it, yet ...) The treaty (0) is concerned about what they call mutual assisstance in fighting computer related crime and the usual paedorist stuff. The treaty itself is absolutely horrifying and has effects much further than Germany and Europe, reaching out to the US and elsewhere. Article 20 and 21 are interesting, they might be the reason for our law. The german gov. and others simply shift the costs of getting and storing data essential for the intended surveillance. According to the treaty the goverments are obliged to somehow get hold of tha data. So they make a law forcing isp's and other service providers to do so. Awfully simple. Read Article 23 and further about international co-operation agreements. According to this, telco data can and shall be made available to authorities of the enlisted states on request and spontanously for the purpose of criminal investigation. Hurray. So far, so bad, but even worse, data then will leave the originating legislation. Of course will, lets say the Ukrainian police obey e.g german law how long to store and how to use or where to pass data to. (I do not have any problems with or about Ukrania or Ukranians, just an example.) So, what happens, if data becomes to be very easily available to states who never really cared about such odd things like civil rights? Welcome to an international legal marketplace for telco data. With a little phantasy we might imagine yottabytes (really much) of logs being analyzed by whoever wants to, profiling of individuals and tracking just about anything in communication, and this on a pretty much international scale. Every day. Is that new? No, but new in that extent. Some people might end up in Guantanamo or some other weirdo's prison without ever knowing what actually hit them. Nowadays mere suspicion is enough, we have learned. Quite a nightmare. As soon as this law in Germany comes into force on 01.01.2009 Tor-ops _may_ have to hand over logs on request. It does not criminalize operators of a node. Tor's purpose is to provide anonymous access to the net. Period. So how much this analyzing of nodes will break anonymity is the interesting part... I personally begin to look around for places to set up my node (and myself;) in other parts of the world. Suggestions are welcome. Regards Hans (0)http://conventions.coe.int/Treaty/Commun/ListeTraites.asp?CM=8&CL=ENG (1)http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=&DF=&CL=ENG (2)http://www.tecchannel.de/pc_mobile/news/1738342/ (3)http://www.foebud.org/datenschutz-buergerrechte/vorratsdatenspeicherung/weitergabe-von-kommunikationsprofilen
Re: 20090101 (log data)
Hi, TOR Admin (gpfTOR1) wrote: I will try it for email (fon, mobile and sms may be nearly like this): For mobile calls and SMS messages, the cell location of the caller/ sender at the beginning of the call must be recorded. Pretty ugly, IMHO. Marco
Re: 20090101 (log data)
On Sun, 11 Nov 2007 10:43:03 +0100 "TOR Admin (gpfTOR1)" <[EMAIL PROTECTED]> wrote: > I will try it for email (fon, mobile and sms may be nearly like this): thank you ;-)
Re: 20090101 (log data)
Paolo Amoroso schrieb: > On Sun, 11 Nov 2007 09:03:19 + > Smuggler <[EMAIL PROTECTED]> wrote: > >> It says: Store these specific datasets > > since i'm italian and i don't know your language, i'm curious about > which data must be retained by each service. > Could you list them, in english? > > greetings > I will try it for email (fon, mobile and sms may be nearly like this): 1: email: SMTP provider has to log for every outgoing email: - time stamp - user account - user email address (From:) - user IP-address - recipient email address (To:) POP/IMAP provider ha to log: - every login of a user (time stamp, account, IP-address) - From: and To: of every incoming email - remote IP-address and time stamp for every incoming email 2: anon server: In my opinion, an anon sever has to log every replacement of a sender ID by his own ID and the time stamp of this replacement. Tor replaces the IP-address, so we have to log a time stamp and the source IP for every connection. (Thats my private opinion.) greetings