lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu Jun  8 11:23:40 2006
From: joeljose420 at gmail.com (Joel Jose)
Subject: Re: blocking tor is not the right way forward. It
	may just be the right way backward.

yeah,

      its when people see tor and tor like projects as a problem than
a solution that they cant focus on the bigger issue. If profiling, and
other privacy threatning features are "disencouraged".. if the concept
of using "scarce" resources like ipaddress.. etc for "addressing"
network users are discouraged.. if people stop feeling scared of
things.. then tor and other projects will fade away into the internet
archieves...

Cmon people.. tor and all other tor-alike do "decrease" performance
drastically.. its a huge resource eater for the people and community
who maintain it. if there was no need for tor.. certainly it would
have gone away sooner than you have finished inserting that module on
your apache ;)

yeah.. i was being too over idealistic there.. besides making
ipaddress irrelevent is what tor does afterall(albit in a more
sarcastic way).. anyway i seriously hope people will one day in the
(not-so-near)future have their privacy "valued" even without tor;)

joel.

On 6/7/06, Eliah Kagan <degeneracypressure@...il.com> wrote:
> On 6/6/06, John Sprocket wrote:
> > hehe. look at it metaphorically (like guest inside establishment)
> >
> > you're head of security at a casino you monitor a specific area full of
> > people/users.
> > you have your normal people you can see and possibly identify if you so
> > care. there's a
> > group of people that walk in and are wearing clothing that is obviously
> > meant to obscure their intentions. would you let them stay in your casino,
> > or would you ask them politely to
> > take off their masks?
> >
> > do you choose to accept fully anonymous people (only being able to
> identify
> > them as being anonymous) into your establishment?
>
> Suppose your casino has cameras, that show you the faces of these
> so-called "normal people". You think you can look at their faces and
> determine where they live and where they got their money? Because
> *that* would be a proper metaphor to looking at your server logs. The
> privacy risk to Internet surfers is often *greater* than that to
> patrons of "physical" establishments.
>
> This metaphor appears to be exceedingly contrived, beyond the point of
> even making sense in the metaphorical world. What clothing are they
> wearing to anonymize themselves? Are they managing to wear clothing
> that makes it difficult to distinguish them from others while at the
> same time not violating social standards of proper dress in a casino,
> not interfering in any way with the other customers, or causing any
> other customers to feel uncomfortable? If you can come up with some
> clothing that fits that description, then I would guess that most
> casinos would permit them to continue as they were. The locks on the
> doors to restricted areas in the casino will still restrict their
> movement and the security cameras will still enable the security staff
> to know if they are committing a crime in the casino, and to stop them
> from committing that crime. (In the casino, such a person could still
> be **apprehended** too, just as easily as anybody else, which is one
> of the reasons why it puzzles me that you have chosen this metaphor.)
>
> Going back to your previous metaphor, I think it is important to
> recognize that a public website is very unlike a private home, and
> more like a booth at a fair. Do you want to provide your identity to
> everyone standing behind booths at fairs, in order for you to merely
> **walk up** to the booth and take a look?
>
> When it comes right down to it, the owner of a private website is
> perfectly free to choose to try to block tor. That behavior threatens
> the legitimate interests of legitimate users, but is certainly within
> the rights of the owner. And tor users are perfectly free to try to
> get around such attempts. That behavior is commendable, and certainly
> within the rights of tor users. (And don't go whining about clickwrap
> agreements for surfing websites--none of those are binding anyway,
> except in cases of e-commerce, in which the user of the site is
> actually engaged in a contractual relationship with the owner or
> owning entity of the site).
>
> -Eliah
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
As soon as men decide that all means are permitted to fight an
evil, then their good becomes indistinguishable from the evil
that they set out to destroy.
                      - Christopher Dawson, The Judgment of Nations

Powered by blists - more mailing lists