grarpamp wrote: > 3 - Further, there needs to be an understanding of what the traffic > ACTUALLY IS. Operators should be using tools such as wireshark, > tcpdump, bro, etc to determine the content. And if it turns out to > be encrypted to destinations and services unknown, NO such determination > can be made. The only thing left to go on is impact as in #2 above.
I wasn't going to comment on this thread in general because I have nothing new to add to the conversation. However, I feel compelled to mention this #3 is possibly very bad advice for those in the USA. Our Legal FAQ clearly states this is probably illegal; https://www.torproject.org/eff/tor-legal-faq.html.en#ExitSnooping. Until such a case determines it legal or not, some very savvy lawyers recommend against doing exactly what you suggest. If your lawyer suggests otherwise, we're happy to talk to them. "Should I snoop on the plaintext that exits through my Tor relay? No. You may be technically capable of modifying the Tor source code or installing additional software to monitor or log plaintext that exits your node. However, Tor relay operators in the U.S. can create legal and possibly even criminal liability for themselves under state or federal wiretap laws if they affirmatively monitor, log, or disclose Tor users' communications, while non-U.S. operators may be subject to similar laws. Do not examine the contents of anyone's communications without first talking to a lawyer." -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
