[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress

Jacob Appelbaum jacob at appelbaum.net
Tue Sep 28 07:19:05 UTC 2010 

On 09/27/2010 11:04 PM, Thomas Stowe wrote:
> Wow, the only assertion I made was that TOR is compromised and you basically
> just told everyone to completely ignore what I've said. 

What do you base your assertion on? It sounds like FUD to me and so
based on that alone, yeah, I'd suggest people not listen to you on this
topic.

> Look, I know you're
> passionate about TOR and that's great - you guys made a really cool suite of
> software but don't take this wrong when I say this because I don't mean it
> as a personal slight. You're naive. You think that it's okay to run an exit
> node and it's wrong to push people in the direction not to run exit nodes,
> even in the case that they will have their computers taken and have charges
> pending against them and be forced to spend money out of pocket to promote
> anonymity. That's a dream that we all have - no consequences.

People can configure their Tor relay in accordance with their risk
tolerance. I think that legally, it's pretty safe to run a Tor relay in
the USA. I've consulted with lawyers for many years on the topic, I've
spent nearly eight years of my life on the EFF legal couch. I think that
while I'm not a lawyer, I'm comfortable with the legal risks presented.
The DMCA actually has one good thing in it and it provides a kind of
safe harbor for network operators. Read the page on this directory
authority as an example:
http://rgnx.net:443/

Also read this:
http://www.torproject.org/eff/tor-legal-faq.html.en

> The reality is
> that things do happen to people and I don't really care if the guy from
> Germany became a developer for TOR after he had gone through hell with the
> law. The relevant fact is, he did go through hell with the law and everyone
> sane looking out for their own survival should consider that not running an
> exit node would be and is a good decision. It's stupid to endanger yourself
> for a cause that's dead before it's gotten off the ground. Personally, I'm
> not going to a privacy-martyr and I don't think anyone else should ever
> consider it.

Way to fight for what you believe in!

> Are you saying that with the TOR code not being compromised
> that it equates to saftey?

For certain values of safety? Sure.

This is a good overview:
https://www.torproject.org/overview.html.en#whyweneedtor

> Can't TOR developers find users causing problems
> or 

No. That's the entire point. We cannot trace users.

> possibly a law enforcement exit-node honeypot set up to be used to catch
> users causing problems?

If you sniff an exit node, you're not able to trace it back to the user
who initiated the connection - that's the entire point of an anonymity
system. It's not an empty promise, it's a design of the system itself.

> With encryption export laws, current attitudes of
> law and requests made to companies and groups dealing in security by
> governments, are we wrong to hold the TOR network suspect because we don't
> understand or haven't looked at the source code? 

Yeah, you're wrong for the reasons above and because you haven't looked
at how the system works *even a little bit* before making wild
statements that are absolutely false.

> I believe your statement
> regarding that there is no backdoor but I still won't take your word for it
> and I honestly don't have the time to look over the code or search for
> novel, new exploits that have yet to be found that would reveal TOR users'
> identities. 

What? You just contradicted yourself a few times there.

> I didn't state that there is one, I said that there I don't
> trust it and there might possibly be one. That's an opinion, logically based
> upon other events that are ongoing in global use of the Internet and
> technologies. <sarcasm on> But you're right, "TOR anonymity" is more
> important than my possible legal fees or spending a week in jail until it's
> figured out that it wasn't me accessing whatever it was that I could be
> arrested for. <sarcasm off>. But then again because you refuted me by
> stating that everything I stated was bullshit and of course you proved your
> point by stating you're a TOR dev so you must be right by way of having
> authority on the subject. I don't find you to be objective in your
> criticism, but "that's only my opinion" based upon you being a dev and how
> passionate you seem to be. If I was going to make a claim like "it's
> backdoored", I would've posted code to back it up and not speculated based
> upon many other things in the world. It's not as if our government were
> capable on spying on all of us if they wanted in many ways, is it? :P I'd
> say my statements are correct, sane and hold the best interest of TOR users
> who might run an exit node first and the EFF and their "campaign for
> privacy" second but really showed that I care for both.
> 

What the hell happened to Noisebridge? Are you kids huffing NO2 again
near the keyboards?

> 
> I sometimes wonder if people think that poking fun at my signature or
> stating that it's idiotic means a damned thing beyond that they were pretty
> much mentally masturbating to the fact that they could insult the fact that
> I have it in my e-mails. Glad I could help you get off. It's not so much an
> ice-breaker to me as one might think as it is a tell of where your mind is
> and where you come from that you'd waste energy and time on it.
> 

Wowza; you're a real prick. I wonder if you will even try to understand
the things I've linked for you in this "discussion" - it sure feels like
a waste of time.

All the best,
Jake

More information about the Noisebridge-discuss mailing list