lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Jun  7 02:43:39 2006
From: degeneracypressure at gmail.com (Eliah Kagan)
Subject: Re: blocking tor is not the right way forward.
	It may just be the right way backward.

On 6/6/06, John Sprocket wrote:
> hehe. look at it metaphorically (like guest inside establishment)
>
> you're head of security at a casino you monitor a specific area full of
> people/users.
> you have your normal people you can see and possibly identify if you so
> care. there's a
> group of people that walk in and are wearing clothing that is obviously
> meant to obscure their intentions. would you let them stay in your casino,
> or would you ask them politely to
> take off their masks?
>
> do you choose to accept fully anonymous people (only being able to identify
> them as being anonymous) into your establishment?

Suppose your casino has cameras, that show you the faces of these
so-called "normal people". You think you can look at their faces and
determine where they live and where they got their money? Because
*that* would be a proper metaphor to looking at your server logs. The
privacy risk to Internet surfers is often *greater* than that to
patrons of "physical" establishments.

This metaphor appears to be exceedingly contrived, beyond the point of
even making sense in the metaphorical world. What clothing are they
wearing to anonymize themselves? Are they managing to wear clothing
that makes it difficult to distinguish them from others while at the
same time not violating social standards of proper dress in a casino,
not interfering in any way with the other customers, or causing any
other customers to feel uncomfortable? If you can come up with some
clothing that fits that description, then I would guess that most
casinos would permit them to continue as they were. The locks on the
doors to restricted areas in the casino will still restrict their
movement and the security cameras will still enable the security staff
to know if they are committing a crime in the casino, and to stop them
from committing that crime. (In the casino, such a person could still
be **apprehended** too, just as easily as anybody else, which is one
of the reasons why it puzzles me that you have chosen this metaphor.)

Going back to your previous metaphor, I think it is important to
recognize that a public website is very unlike a private home, and
more like a booth at a fair. Do you want to provide your identity to
everyone standing behind booths at fairs, in order for you to merely
**walk up** to the booth and take a look?

When it comes right down to it, the owner of a private website is
perfectly free to choose to try to block tor. That behavior threatens
the legitimate interests of legitimate users, but is certainly within
the rights of the owner. And tor users are perfectly free to try to
get around such attempts. That behavior is commendable, and certainly
within the rights of tor users. (And don't go whining about clickwrap
agreements for surfing websites--none of those are binding anyway,
except in cases of e-commerce, in which the user of the site is
actually engaged in a contractual relationship with the owner or
owning entity of the site).

-Eliah

Powered by blists - more mailing lists