On 1/2/16 10:37 PM, Moritz Bartl wrote: >> We could trigger that if a Tor Exit operator would be able to have an >> ExitPolicy that deny traffic going to the destination IPs of the country >> where it's located, leading any kind of abuses to be originated because >> of Tor Exit traffic flowing to a foreign country. > > You can achieve something similar by placing your relay in a country > other than your own, without the need of complicated rulesets.
Mmmmm ok, that's a very interesting input that trigger me to a couple of consideration on the topic: 1st) Avoiding traffic going out to the same country where the Tor Exit is located, is anyhow a protection measure for the Tor Relay operator Assume the following matrix consideration: a) I'm Italian, i run a Tor Exit in Germany, i prevent traffic from going to Germany and Italy b) I'm Italian, i run a Tor Exit in Germany, i prevent traffic from going to Italy c) I'm Italian, i run a Tor Exit in Germany, i prevent traffic from going to Germany d) I'm Italian, i run a Tor Exit in Germany, i do not apply any country-specific blocks for outgoing traffic >From my own liability/resiliency issues against takedown GermanyAutority->GermanyISP and legal takedown ItalianAutority->Myself the option "a" would be the best one. So the additional security requirements / resiliency being considered at that point becomes two different: Z) "placing the server outside the country" Y) "avoid traffic destinated to the country where the server is located" It's interesting because the AS-Aware routing would try to prevent "Y", that also means that would be still leaving an improved legal capacity action against Tor Relay operators's ISPs, because authorities would be able to inquiry the ISPs directly, while giving the end-user a greater benefit for privacy (less countries to be crossed for Tor Exit traffic). 2nd) Does TorServers-like organizations run most relay in their own country? How TorServers organizations handle those kind of consideration? - Do they usually prefer to keep Tor Relay in their own country, because of easier handling of possible legal threat? - Or do they prefer to place the Tor Relays in other countries because of the additional international cooperation requirements, leading to better informed decisions by authorities ? Thinking about the "Onion Italia" setup those bring to a contradicting balance between: - the goal also to provide good exit traffic from Italy - minimizing the liabilities by having Italia authorities uninformed actions against us For us placing servers outside Italy does not enable to fullfil the goal to provide Tor Exit traffic in Italy, but placing it in Italy would expose to the additional legal risks of uninformed decisions by law enforcements officers (the "wakeup at 6.00am with someone knocking the door"). So with a "Tor Exit Policy being geographical aware for allowance or denial of specific country destinated traffic", could enable better "granularity" in the balancing of liability mitigation/resiliency/deployment, enabling to run an Italian legal entity running Italian based servers c/o Italian ISPs, but add some level of resiliency/protection against uninformed decisions by law enforcements. As a research topic, it would be interesting to make a matrix of the different deployment scenarios with parameters such as: - "Where are the persons responsible for the legal entity" - "Where your legal entity is located" - "Where the server is located" - "Which country you allow traffic to go trough" - "Routing of requests" in different scenarios That things, together with some MLAT database of country-country cooperation agreements/framework, feeded to a properly written algorithm could suggest the top/most resilient "TorServers Organizational/Legal/Technical/Architectural setups" ? -naif -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
