Thursday, February 23, 2006

TaoSecurity on Tor

In an unrelated post, Richard Bejtlich stated on his blog that "Tor servers will have to run inline filters to police this sort of activity."

This issue troubled me for a while. Somebody smart :-) told me some time ago that Tor license and legal FAQ actually prohibits such monitoring and (?) filtering. Specifically, it says:

"Q: Should I snoop on the plaintext that exits through my Tor server?
A: No. You are technically capable of monitoring or logging plaintext that exits your node if you modify the Tor source code or install additional software to enable such snooping. However, Tor server operators in the U.S. can create legal and possibly even criminal liability for themselves under state or federal wiretap laws if they affirmatively monitor, log, or disclose Tor users' communications, while non-U.S. operators may be subject to similar laws. Do not examine the contents of anyone's communications without first talking to a lawyer."

My response that was that the above goes against common sense, but I was told that law and common sense have nothing to do wich each other...

Ideas? Discussion?

Dr Anton Chuvakin