[tor] Re: Torservers Update

  • From: Mitar <mmitar@xxxxxxxxx>
  • To: torservers@xxxxxxxxxxxxx
  • Date: Fri, 5 Nov 2010 00:08:01 +0100

Hi!

On Thu, Nov 4, 2010 at 8:59 PM, Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote:
> I don't see how one signature could be a "big overhead".

It is big mental overhead. At least when you are in some sense
fighting current laws on one side you use its system (signature) on
the other hand?

If we are trying to make something for the better do we really need
such formal tools instead of simply trust? Tor is build on trust:
trust, that exit nodes will not sniff data, for example.

Really, what do you see accomplished by signature? Will you then sue
people if they break "contract"? That would be great news: "Torservers
sues its Tor operator for sniffing traffic".

Do you believe that people will take their volunteer work on keeping
up such servers up more serious if they sign something? Or will they
rather have a feeling that they are doing a non-volunteer work,
contracted work?

> I want to make sure everyone knows that we do not sniff any traffic,

Sure. This can be done with public manifesto or something.

> and it's important to know that the people responsible for the servers don't
> do anything potentially harmful.

Definitely signature does not help here in any way. Many countries
have signed Universal Declaration of Human Rights, but do they really
abide by it?

If people who will donate will see acts which are contrary to what
they donated, they will not donate anymore. Signature doesn't matter.
What matters is that you will stop feeding donations you got to the
operator who is breaking rules. After fair analysis if he/she is
really doing that. You do not need signature for that. You need
healthy community which will understand errors we will sometimes make
and our strive for fixing them, weather it would be miscalculation in
donations report or bad node operator.

What matters at the end are deeds we will make. Not words or even
signatures. And you cannot and will not enforce any deeds by
signatures.

> If I reply to an abuse mail, I have to be sure that the traffic is 
> originating from the
> Tor network, and not something else running on the machine.

Ho, hold your horses. Really? Why exactly? Node operator does not have
a right for anonymity and security of Tor? It would be better for
him/her to feed his traffic into the Tor network so that it would
consume traffic just to get this traffic "tagged" as Tor traffic?
Isn't it better that he/she just simply use his node directly and
he/she can still pretend/protects himself/herself that this traffic is
coming from Tor network. (Of course he/she will have to use only those
ports he/she allows also for others.)

Imagine such use as an use of Tor network only with zero hops. ;-)

> If you donate, you want to make sure your money goes into non-monitoring exit 
> nodes.

No. You trust that money will be spend according to promise. There is
nothing for granted. Maybe sometimes current society made you believe
so, like we believed for long that Internet will stay open and
uncensored. Yea, right. More and more it is obvious that we will have
to work a lot to keep it that way. And it is not really getting any
better. Censorship laws are passed more and more. And this is the
so-called "civilized" countries.

I agree that it is useful to have a formal organization so that you
can rise founds and publicly appear, get some formal recognition and
such. But I do not believe EFF is getting their support by requiring
signatures around. No, they are showing that by what they are doing.

Hope you will see this e-mail as constructive. It was written as such.


Mitar

Other related posts: