Roger Dingledine commited on 2005-06-30 03:07:16
Zeige 1 geänderte Dateien mit 38 Einfügungen und 38 Löschungen.
... | ... |
@@ -51,22 +51,15 @@ break laws, they already have lots of options available that provide |
51 | 51 |
<em>better</em> privacy than Tor provides. They can steal cell phones, |
52 | 52 |
use them, and throw them in a ditch; they can crack into computers |
53 | 53 |
in Korea or Brazil and use them to launch abusive activities; they |
54 |
-can spread viruses that take control of literally millions of Windows |
|
55 |
-machines around the world. </p> |
|
54 |
+can use spyware, viruses, and other techniques to take control of |
|
55 |
+literally millions of Windows machines around the world. </p> |
|
56 | 56 |
|
57 | 57 |
<p>Tor aims to provide protection for ordinary people who want to follow |
58 | 58 |
the law. Only criminals have privacy right now; we need to fix that. </p> |
59 | 59 |
|
60 |
-<a id="Tradeoff"></a> |
|
61 |
-<h3><a class="anchor" href="#Tradeoff">Isn't it just a tradeoff: accepting the bad uses for the good ones?</a></h3> |
|
62 |
- |
|
63 |
-<p>No, we don't think that's how it works in the case of Tor. </p> |
|
64 |
- |
|
65 |
-<p>There are lots of ways to get anonymity on the net, some legal and |
|
66 |
-some illegal. As we explained above, many of the illegal approaches |
|
67 |
-can provide stronger anonymity than Tor can provide, because they can |
|
68 |
-control literally millions of computers via spyware, viruses, and other |
|
69 |
-techniques. </p> |
|
60 |
+<p>Some advocates of anonymity explain that it's just a tradeoff --- |
|
61 |
+accepting the bad uses for the good ones --- but we don't think that's |
|
62 |
+how it works in the case of Tor. </p> |
|
70 | 63 |
|
71 | 64 |
<p>Criminals and other bad people have the motivation to learn how to |
72 | 65 |
get good anonymity, and many have the motivation to pay well to achieve |
... | ... |
@@ -98,10 +91,6 @@ for every byte that the Tor network will send to your destination. So |
98 | 91 |
in general, attackers who control enough bandwidth to launch an effective |
99 | 92 |
DDoS attack can do it just fine without Tor. </p> |
100 | 93 |
|
101 |
-<p>And if this argument doesn't convince you, go try Tor and see how |
|
102 |
-much aggregate throughput you can eke out of it, then come back to us |
|
103 |
-if you're still worried. </p> |
|
104 |
- |
|
105 | 94 |
<a id="WhatAboutSpammers"></a> |
106 | 95 |
<h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3> |
107 | 96 |
|
... | ... |
@@ -113,8 +102,13 @@ allow outgoing mails; but that individual could just set up an open mail |
113 | 102 |
relay too, independent of Tor. In short, Tor isn't useful for spammers, |
114 | 103 |
because nearly all Tor servers refuse to deliver their mail. </p> |
115 | 104 |
|
116 |
-<p>The complex answer: Even if the above were not true, spammers are |
|
117 |
-already doing great without Tor. They |
|
105 |
+<p>Of course, it's not all about delivering the mail. Spammers can use |
|
106 |
+Tor to connect to open HTTP proxies (and from there to SMTP servers), |
|
107 |
+to connect to badly written mail-sending CGI scripts, and to control |
|
108 |
+their botnets. |
|
109 |
+</p> |
|
110 |
+ |
|
111 |
+<p>The better answer: Spammers are already doing great without Tor. They |
|
118 | 112 |
have armies of compromised computers that do their spamming. The added |
119 | 113 |
complexity of getting new software installed and configured, and doing |
120 | 114 |
Tor's public key operations, etc, makes it not economically worthwhile |
... | ... |
@@ -129,8 +123,9 @@ policies are propagated to the client via the directory, so clients |
129 | 123 |
will automatically avoid picking exit nodes that would refuse to exit |
130 | 124 |
to their intended destination. </p> |
131 | 125 |
|
132 |
-<p>This way each server can decide the services he wants to allow |
|
133 |
-connections to, based on abuse potential and his own situation. </p> |
|
126 |
+<p>This way each server can decide the services, hosts, and networks |
|
127 |
+he wants to allow connections to, based on abuse potential and his own |
|
128 |
+situation. </p> |
|
134 | 129 |
|
135 | 130 |
<a id="HowMuchAbuse"></a> |
136 | 131 |
<h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3> |
... | ... |
@@ -153,10 +148,11 @@ currently. </p> |
153 | 148 |
|
154 | 149 |
<p>If you run a Tor server that allows exit connections (such as the |
155 | 150 |
default exit policy), it's probably safe to say that you will eventually |
156 |
-hear from somebody. Abuse complaints can come in a variety of forms. The |
|
157 |
-main ones so far have taken the following form: </p> |
|
151 |
+hear from somebody. Abuse complaints can come in a variety of forms. Abuse |
|
152 |
+complaints may come in a variety of forms. For example: </p> |
|
158 | 153 |
<ul> |
159 |
-<li>Somebody connects to hotmail, and sends a criminal mail somewhere. The |
|
154 |
+<li>Somebody connects to hotmail, and sends a ransom note to a |
|
155 |
+company. The |
|
160 | 156 |
FBI sends you a polite email, you explain that you run a Tor server, |
161 | 157 |
and they say 'oh well' and leave you alone. [Port 80]</li> |
162 | 158 |
<li>Somebody tries to get you shut down by using Tor to connect to google |
... | ... |
@@ -166,11 +162,10 @@ your ISP about how you're destroying the world. [Port 80]</li> |
166 | 162 |
himself. Your ISP gets polite mail about how your computer has been |
167 | 163 |
compromised; and/or your computer gets ddosed. [Port 6667]</li> |
168 | 164 |
<li>Somebody uses Tor to download a Vin Diesel movie, and |
169 |
-your ISP gets a DMCA takedown notice. According to our lawyers |
|
170 |
-(and this convinced the Harvard general counsel), your ISP can |
|
171 |
-totally ignore this notice with no liability problems. See EFF's <a |
|
172 |
-href="http://tor.eff.org/eff/tor-dmca-response.html">Tor DMCA |
|
173 |
-Response Template</a>. [Arbitrary ports]</li> |
|
165 |
+your ISP gets a DMCA takedown notice. See EFF's <a |
|
166 |
+href="http://tor.eff.org/eff/tor-dmca-response.html">Tor DMCA Response |
|
167 |
+Template</a>, which explains to your ISP why they can probably ignore |
|
168 |
+the notice without any liability. [Arbitrary ports]</li> |
|
174 | 169 |
</ul> |
175 | 170 |
|
176 | 171 |
<p>You might also find that your Tor server's IP is blocked from accessing |
... | ... |
@@ -180,12 +175,15 @@ exit policies. (If you have a spare IP not used for other activities, |
180 | 175 |
you might consider running your Tor server on it.) For example, </p> |
181 | 176 |
|
182 | 177 |
<ul> |
183 |
-<li>Wikipedia is currently blocking many Tor server IPs from writing |
|
184 |
-(reading still works), because they haven't figured out internally how |
|
185 |
-to deal with the fact that they want to provide open access but they |
|
186 |
-also have no ways to control abuse to their website. We're working with |
|
187 |
-them to resolve this.</li> |
|
188 |
-<li>It seems that SORBS is putting some Tor server IPs on their email |
|
178 |
+<li>Because of a few cases of anonymous jerks messing with its web |
|
179 |
+pages, Wikipedia is currently blocking many Tor server IPs from writing |
|
180 |
+(reading still works). We're talking to Wikipedia about how they might |
|
181 |
+control abuse while still providing access to anonymous contributors, |
|
182 |
+who often have hot news or inside info on a topic but don't want to risk |
|
183 |
+revealing their identities when publishing it (or don't want to reveal |
|
184 |
+to local observers that they're accessing Wikipedia). Slashdot is also |
|
185 |
+in the same boat.</li> |
|
186 |
+<li>SORBS is putting some Tor server IPs on their email |
|
189 | 187 |
blacklist as well. They do this because they passively detect whether your |
190 | 188 |
server connects to certain IRC networks, and they conclude from this that |
191 | 189 |
your server is capable of spamming. We're working with them to teach them |
... | ... |
@@ -252,11 +250,13 @@ to unblock exit nodes that have been blocked inadvertently. </p> |
252 | 250 |
|
253 | 251 |
<p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for |
254 | 252 |
spamming</a>, some over-zealous blacklisters seem to think that all |
255 |
-open networks like Tor should be boycotted. They don't understand how |
|
256 |
-Tor works (e.g. that it has exit policies), and don't seem to care to |
|
257 |
-understand it. If your server administrators decide to make use of these |
|
253 |
+open networks like Tor are evil --- they attempt to strong-arm network |
|
254 |
+administrators on policy, service and routing issues, and then extract |
|
255 |
+ransoms from victims. </p> |
|
256 |
+ |
|
257 |
+<p>If your server administrators decide to make use of these |
|
258 | 258 |
blacklists to refuse incoming mail, you should have a conversation with |
259 |
-them and explain how Tor works. </p> |
|
259 |
+them and explain about Tor and Tor's exit policies. </p> |
|
260 | 260 |
|
261 | 261 |
<a id="Bans"></a> |
262 | 262 |
<h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3> |
263 | 263 |