Browse code

add a new FAQ question we seem to get a lot.

Andrew Lewman authored on 13/11/2012 20:22:45
Showing 1 changed files
... ...
@@ -9,28 +9,10 @@
9 9
     <a href="<page docs/documentation>">Documentation &raquo; </a>
10 10
     <a href="<page docs/faq-abuse>">Abuse FAQ</a>
11 11
   </div>
12
-  <div id="maincol"> 
12
+  <div id="maincol">
13 13
     <!-- PUT CONTENT AFTER THIS TAG -->
14 14
     <h1>Abuse FAQ</h1>
15 15
     <hr>
16
-    #<!-- BEGIN SIDEBAR -->
17
-    #<div class="sidebar-left">
18
-    #<h3>Questions</h3>
19
-    #<ul>
20
-    #<li><a href="<page docs/faq-abuse>#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></li>
21
-    #<li><a href="<page docs/faq-abuse>#DDoS">What about distributed denial of service attacks?</a></li>
22
-    #<li><a href="<page docs/faq-abuse>#WhatAboutSpammers">What about spammers?</a></li>
23
-    #<li><a href="<page docs/faq-abuse>#HowMuchAbuse">Does Tor get much abuse?</a></li>
24
-    #<li><a href="<page docs/faq-abuse>#TypicalAbuses">So what should I expect if I run an exit relay?</a></li>
25
-    #<li><a href="<page docs/faq-abuse>#IrcBans">Tor is banned from the IRC network I want to use.</a></li>
26
-    #<li><a href="<page docs/faq-abuse>#SMTPBans">Your nodes are banned from the mail server I want to use.</a></li>
27
-    #<li><a href="<page docs/faq-abuse>#Bans">I want to ban the Tor network from my service.</a></li>
28
-    #<li><a href="<page docs/faq-abuse>#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></li>
29
-    #<li><a href="<page docs/faq-abuse>#RemoveContent">I want some content removed from a .onion address.</a></li>
30
-    #<li><a href="<page docs/faq-abuse>#LegalQuestions">I have legal questions about Tor abuse.</a></li>
31
-    #</ul>
32
-    #</div>
33
-    #<!-- END SIDEBAR -->
34 16
     <h3>Questions</h3>
35 17
     <ul>
36 18
     <li><a href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></li>
... ...
@@ -42,14 +24,17 @@
42 24
     <li><a href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></li>
43 25
     <li><a href="#Bans">I want to ban the Tor network from my service.</a></li>
44 26
     <li><a href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></li>
45
-    <li><a href="#RemoveContent">I want some content removed from a .onion address.</a></li>
27
+    <li><a href="#RemoveContent">I want some content removed from a
28
+.onion address.</a></li>
29
+    <li><a href="#AbuseOpinion">Where does Tor Project stand on abusers
30
+using technology?</a></li>
46 31
     <li><a href="#LegalQuestions">I have legal questions about Tor abuse.</a></li>
47 32
     </ul>
48 33
     <hr>
49
-    
34
+
50 35
     <a id="WhatAboutCriminals"></a>
51 36
     <h3><a class="anchor" href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></h3>
52
-    
37
+
53 38
     <p>Criminals can already do bad things. Since they're willing to
54 39
     break laws, they already have lots of options available that provide
55 40
     <em>better</em> privacy than Tor provides. They can steal cell phones,
... ...
@@ -57,10 +42,10 @@
57 42
     in Korea or Brazil and use them to launch abusive activities; they
58 43
     can use spyware, viruses, and other techniques to take control of
59 44
     literally millions of Windows machines around the world. </p>
60
-    
45
+
61 46
     <p>Tor aims to provide protection for ordinary people who want to follow
62 47
     the law. Only criminals have privacy right now, and we need to fix that. </p>
63
-    
48
+
64 49
     <p>Some advocates of anonymity explain that it's just a tradeoff &mdash;
65 50
     accepting the bad uses for the good ones &mdash; but there's more to it
66 51
     than that.
... ...
@@ -70,25 +55,25 @@
70 55
     (identity theft) makes it even easier. Normal people, on the other hand,
71 56
     don't have the time or money to spend figuring out how to get
72 57
     privacy online. This is the worst of all possible worlds. </p>
73
-    
58
+
74 59
     <p>So yes, criminals could in theory use Tor, but they already have
75 60
     better options, and it seems unlikely that taking Tor away from the
76 61
     world will stop them from doing their bad things. At the same time, Tor
77 62
     and other privacy measures can <em>fight</em> identity theft, physical
78 63
     crimes like stalking, and so on. </p>
79
-    
64
+
80 65
     #<a id="Pervasive"></a>
81 66
     #<h3><a class="anchor" href="#Pervasive">If the whole world starts using
82 67
     #Tor, won't civilization collapse?</a></h3>
83
-    
68
+
84 69
     <a id="DDoS"></a>
85 70
     <h3><a class="anchor" href="#DDoS">What about distributed denial of service attacks?</a></h3>
86
-    
71
+
87 72
     <p>Distributed denial of service (DDoS) attacks typically rely on having a group
88 73
     of thousands of computers all sending floods of traffic to a victim. Since
89 74
     the goal is to overpower the bandwidth of the victim, they typically send
90 75
     UDP packets since those don't require handshakes or coordination. </p>
91
-    
76
+
92 77
     <p>But because Tor only transports correctly formed TCP streams, not
93 78
     all IP packets, you cannot send UDP packets over Tor. (You can't do
94 79
     specialized forms of this attack like SYN flooding either.) So ordinary
... ...
@@ -97,10 +82,10 @@
97 82
     for every byte that the Tor network will send to your destination. So
98 83
     in general, attackers who control enough bandwidth to launch an effective
99 84
     DDoS attack can do it just fine without Tor. </p>
100
-    
85
+
101 86
     <a id="WhatAboutSpammers"></a>
102 87
     <h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3>
103
-    
88
+
104 89
     <p>First of all, the default Tor exit policy rejects all outgoing
105 90
     port 25 (SMTP) traffic. So sending spam mail through Tor isn't going to
106 91
     work by default. It's possible that some relay operators will enable
... ...
@@ -108,31 +93,31 @@
108 93
     allow outgoing mails; but that individual could just set up an open mail
109 94
     relay too, independent of Tor. In short, Tor isn't useful for spamming,
110 95
     because nearly all Tor relays refuse to deliver the mail. </p>
111
-    
96
+
112 97
     <p>Of course, it's not all about delivering the mail. Spammers can use
113 98
     Tor to connect to open HTTP proxies (and from there to SMTP servers); to
114 99
     connect to badly written mail-sending CGI scripts; and to control their
115 100
     botnets &mdash; that is, to covertly communicate with armies of
116 101
     compromised computers that deliver the spam.
117 102
     </p>
118
-    
103
+
119 104
     <p>
120 105
     This is a shame, but notice that spammers are already doing great
121 106
     without Tor. Also, remember that many of their more subtle communication
122 107
     mechanisms (like spoofed UDP packets) can't be used over Tor, because
123 108
     it only transports correctly-formed TCP connections.
124 109
     </p>
125
-    
110
+
126 111
     <a id="ExitPolicies"></a>
127 112
     <h3><a class="anchor" href="#ExitPolicies">How do Tor exit policies work?</a></h3>
128
-    
113
+
129 114
     <p>
130 115
     <a href="<page docs/faq>#ExitPolicies">See the main FAQ</a>
131 116
     </p>
132
-    
117
+
133 118
     <a id="HowMuchAbuse"></a>
134 119
     <h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3>
135
-    
120
+
136 121
     <p>Not much, in the grand scheme of things. The network has been running
137 122
     since October 2003, and it's only generated a handful of complaints. Of
138 123
     course, like all privacy-oriented networks on the net, it attracts its
... ...
@@ -140,15 +125,15 @@
140 125
     to donate resources to the network" from the role of "willing to deal
141 126
     with exit abuse complaints," so we hope our network is more sustainable
142 127
     than past attempts at anonymity networks. </p>
143
-    
128
+
144 129
     <p>Since Tor has
145 130
     <a href="<page about/torusers>">many good uses as
146 131
     well</a>, we feel that we're doing pretty well at striking a balance
147 132
     currently. </p>
148
-    
133
+
149 134
     <a id="TypicalAbuses"></a>
150 135
     <h3><a class="anchor" href="#TypicalAbuses">So what should I expect if I run an exit relay?</a></h3>
151
-    
136
+
152 137
     <p>If you run a Tor relay that allows exit connections (such as the
153 138
     default exit policy), it's probably safe to say that you will eventually
154 139
     hear from somebody. Abuse
... ...
@@ -182,13 +167,13 @@
182 167
     get by following <a href="<blog>tips-running-exit-node-minimal-harassment">these tips
183 168
     for running an exit node with minimal harassment</a> and <a
184 169
     href="<wiki>doc/ReducedExitPolicy">running a reduced exit policy</a>.</p>
185
-    
170
+
186 171
     <p>You might also find that your Tor relay's IP is blocked from accessing
187 172
     some Internet sites/services. This might happen regardless of your exit
188 173
     policy, because some groups don't seem to know or care that Tor has
189 174
     exit policies. (If you have a spare IP not used for other activities,
190 175
     you might consider running your Tor relay on it.) For example, </p>
191
-    
176
+
192 177
     <ul>
193 178
     <li>Because of a few cases of anonymous jerks messing with its web
194 179
     pages, Wikipedia is currently blocking many Tor relay IPs from writing
... ...
@@ -198,7 +183,7 @@
198 183
     revealing their identities when publishing it (or don't want to reveal
199 184
     to local observers that they're accessing Wikipedia). Slashdot is also
200 185
     in the same boat.</li>
201
-    
186
+
202 187
     <li>SORBS is putting some Tor relay IPs on their email
203 188
     blacklist as well. They do this because they passively detect whether your
204 189
     relay connects to certain IRC networks, and they conclude from this that
... ...
@@ -207,16 +192,16 @@
207 192
     but we have given up. We recommend you avoid them, and <a
208 193
     href="http://paulgraham.com/spamhausblacklist.html">teach your friends
209 194
     (if they use them) to avoid abusive blacklists too</a>.</li>
210
-    
195
+
211 196
     </ul>
212
-    
197
+
213 198
     <a id="IrcBans"></a>
214 199
     <h3><a class="anchor" href="#IrcBans">Tor is banned from the IRC network I want to use.</a></h3>
215
-    
200
+
216 201
     <p>Sometimes jerks make use of Tor to troll IRC channels. This abuse
217 202
     results in IP-specific temporary bans ("klines" in IRC lingo), as the
218 203
     network operators try to keep the troll off of their network. </p>
219
-    
204
+
220 205
     <p>This response underscores a fundamental flaw in IRC's security model:
221 206
     they assume that IP addresses equate to humans, and by banning the
222 207
     IP address they can ban the human. In reality this is not the case &mdash;
... ...
@@ -226,7 +211,7 @@
226 211
     and an entire cottage industry of blacklists and counter-trolls has
227 212
     sprung up based on this flawed security model (not unlike the antivirus
228 213
     industry). The Tor network is just a drop in the bucket here. </p>
229
-    
214
+
230 215
     <p>On the other hand, from the viewpoint of IRC server operators, security
231 216
     is not an all-or-nothing thing.  By responding quickly to trolls or
232 217
     any other social attack, it may be possible to make the attack scenario
... ...
@@ -236,19 +221,19 @@
236 221
     special cases. While it's a losing battle to try to stop the use of open
237 222
     proxies, it's not generally a losing battle to keep klining a single
238 223
     ill-behaved IRC user until that user gets bored and goes away. </p>
239
-    
224
+
240 225
     <p>But the real answer is to implement application-level auth systems,
241 226
     to let in well-behaving users and keep out badly-behaving users. This
242 227
     needs to be based on some property of the human (such as a password he
243 228
     knows), not some property of the way his packets are transported. </p>
244
-    
229
+
245 230
     <p>Of course, not all IRC networks are trying to ban Tor nodes. After
246 231
     all, quite a few people use Tor to IRC in privacy in order to carry
247 232
     on legitimate communications without tying them to their real-world
248 233
     identity. Each IRC network needs to decide for itself if blocking a few
249 234
     more of the millions of IPs that bad people can use is worth losing the
250 235
     contributions from the well-behaved Tor users. </p>
251
-    
236
+
252 237
     <p>If you're being blocked, have a discussion with the network operators
253 238
     and explain the issues to them. They may not be aware of the existence of
254 239
     Tor at all, or they may not be aware that the hostnames they're klining
... ...
@@ -256,35 +241,35 @@
256 241
     Tor ought to be blocked, you may want to consider moving to a network that
257 242
     is more open to free speech.  Maybe inviting them to #tor on irc.oftc.net
258 243
     will help show them that we are not all evil people. </p>
259
-    
244
+
260 245
     <p>Finally, if you become aware of an IRC network that seems to be
261 246
     blocking Tor, or a single Tor exit node, please put that information on <a
262 247
     href="<wiki>doc/BlockingIrc">The Tor
263 248
     IRC block tracker</a>
264 249
     so that others can share.  At least one IRC network consults that page
265 250
     to unblock exit nodes that have been blocked inadvertently. </p>
266
-    
251
+
267 252
     <a id="SMTPBans"></a>
268 253
     <h3><a class="anchor" href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></h3>
269
-    
254
+
270 255
     <p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for
271 256
     spamming</a>, some over-zealous blacklisters seem to think that all
272 257
     open networks like Tor are evil &mdash; they attempt to strong-arm network
273 258
     administrators on policy, service, and routing issues, and then extract
274 259
     ransoms from victims. </p>
275
-    
260
+
276 261
     <p>If your server administrators decide to make use of these
277 262
     blacklists to refuse incoming mail, you should have a conversation with
278 263
     them and explain about Tor and Tor's exit policies. </p>
279
-    
264
+
280 265
     <a id="Bans"></a>
281 266
     <h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3>
282
-    
267
+
283 268
     <p>We're sorry to hear that. There are some situations where it makes
284 269
     sense to block anonymous users for an Internet service. But in many
285 270
     cases, there are easier solutions that can solve your problem while
286 271
     still allowing users to access your website securely.</p>
287
-    
272
+
288 273
     <p>First, ask yourself if there's a way to do application-level decisions
289 274
     to separate the legitimate users from the jerks. For example, you might
290 275
     have certain areas of the site, or certain privileges like posting,
... ...
@@ -293,7 +278,7 @@
293 278
     service, so you could set up this distinction only for Tor users. This
294 279
     way you can have multi-tiered access and not have to ban every aspect
295 280
     of your service. </p>
296
-    
281
+
297 282
     <p>For example, the <a
298 283
     href="http://freenode.net/policy.shtml#tor">Freenode IRC network</a>
299 284
     had a problem with a coordinated group of abusers joining channels and
... ...
@@ -301,7 +286,7 @@
301 286
     coming from Tor nodes as "anonymous users," removing the ability of the
302 287
     abusers to blend in, the abusers moved back to using their open proxies
303 288
     and bot networks. </p>
304
-    
289
+
305 290
     <p>Second, consider that hundreds of thousands of
306 291
     people use Tor every day simply for
307 292
     good data hygiene &mdash; for example, to protect against data-gathering
... ...
@@ -314,11 +299,11 @@
314 299
     people don't have a good measure of how many polite Tor users are
315 300
     connecting to their service &mdash; you never notice them until there's
316 301
     an impolite one.)</p>
317
-    
302
+
318 303
     <p>At this point, you should also ask yourself what you do about other
319 304
     services that aggregate many users behind a few IP addresses. Tor is
320 305
     not so different from AOL in this respect.</p>
321
-    
306
+
322 307
     <p>Lastly, please remember that Tor relays have <a
323 308
     href="<page docs/faq>#ExitPolicies">individual exit policies</a>. Many
324 309
     Tor relays do
... ...
@@ -328,29 +313,29 @@
328 313
     exit policies and only block the ones that allow these connections;
329 314
     and you should keep in mind that exit policies can change (as well as
330 315
     the overall list of nodes in the network).</p>
331
-    
316
+
332 317
     <p>If you really want to do this, we provide a
333 318
     <a href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">Tor
334 319
     exit relay list</a> or a
335 320
     <a href="<page projects/tordnsel>">DNS-based list you can query</a>.
336 321
     </p>
337
-    
322
+
338 323
     <p>
339 324
     (Some system administrators block ranges of IP addresses because of
340 325
     official policy or some abuse pattern, but some have also asked about
341 326
     whitelisting Tor exit relays because they want to permit access to their
342 327
     systems only using Tor. These scripts are usable for whitelisting as well.)
343 328
     </p>
344
-    
329
+
345 330
     <a id="TracingUsers"></a>
346 331
     <h3><a class="anchor" href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></h3>
347
-    
332
+
348 333
     <p>
349 334
     There is nothing the Tor developers can do to trace Tor users. The same
350 335
     protections that keep bad people from breaking Tor's anonymity also
351 336
     prevent us from figuring out what's going on.
352 337
     </p>
353
-    
338
+
354 339
     <p>
355 340
     Some fans have suggested that we redesign Tor to include a <a
356 341
     href="<page docs/faq>#Backdoor">backdoor</a>.
... ...
@@ -407,12 +392,48 @@
407 392
     <a href="http://www.missingkids.com/">http://www.missingkids.com/</a>.
408 393
     We do not view links you report.</p>
409 394
 
395
+    <a id="AbuseOpinion"></a>
396
+    <h3><a class="anchor" href="#AbuseOpinion">Where does Tor Project
397
+stand on abusers using technology?</a>
398
+
399
+    <p>We take abuse seriously. Activists and law enforcement
400
+use Tor to investigate abuse and help support survivors. We
401
+work with them to help them understand how Tor can help their work.
402
+In some cases, technological mistakes are being made and we help to
403
+correct them. Because some people in survivors' communities embrace
404
+stigma instead of compassion, seeking support from fellow victims
405
+requires privacy-preserving technology.</p>
406
+
407
+    <p>Our refusal to build backdoors and censorship into Tor is not
408
+  because of a lack of concern. We refuse to weaken Tor because it
409
+would harm efforts to combat child abuse and human trafficking in the
410
+physical world, while removing safe spaces for victims online.
411
+Meanwhile, criminals would still have access to botnets, stolen
412
+phones, hacked hosting accounts, the postal system, couriers, corrupt
413
+officials, and whatever technology emerges to trade content. They are
414
+early adopters of technology. In the face of this, it is dangerous or
415
+policymakers to assume that blocking and filtering is sufficient. We
416
+are more interested in helping efforts to halt and prevent child
417
+abuse than helping politicians score points with constituents by
418
+hiding it. The role of corruption is especially troubling, see this
419
+United Nations report on <a
420
+href="http://www.unodc.org/documents/human-trafficking/2011/
421
+Issue_Paper_-_The_Role_of_Corruption_in_Trafficking_in_Persons.pdf">The
422
+Role of Corruption in Trafficking in Persons</a>.</p>
423
+
424
+    <p>Finally, it is important to consider the world that children will
425
+    encounter as adults when enacting policy in their name. Will they
426
+    thank us if they are unable to voice their opinions safely as
427
+adults? What if they are trying to expose a failure of the state to
428
+protect other children?</p>
429
+
410 430
     <a id="LegalQuestions"></a>
411
-    <h3><a class="anchor" href="#LegalQuestions">I have legal questions about Tor abuse.</a></h3>
412
-    
431
+    <h3><a class="anchor" href="#LegalQuestions">I have legal questions
432
+about Tor abuse.</a></h3>
433
+
413 434
     <p>We're only the developers. We can answer technical questions, but
414 435
     we're not the ones to talk to about legal questions or concerns. </p>
415
-    
436
+
416 437
     <p>Please take a look at the
417 438
     <a href="<page eff/tor-legal-faq>">Tor Legal FAQ</a>,
418 439
     and contact EFF directly if you have any further legal questions. </p>
... ...
@@ -425,4 +446,4 @@
425 446
   <!-- END SIDECOL -->
426 447
 </div>
427 448
 <!-- END CONTENT -->
428
-#include <foot.wmi>  
449
+#include <foot.wmi>