I am not sure what he’s hinting at. Just using Tor doesn’t bear any legal risks. Hosting an exit node is different, as depending on the country you might get into serious trouble if certain traffic goes through it.
Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?
An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.
Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.
It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.
It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.
Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.
It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.
I am not sure what he’s hinting at. Just using Tor doesn’t bear any legal risks. Hosting an exit node is different, as depending on the country you might get into serious trouble if certain traffic goes through it.
Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?
An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.
What I meant was blacklisting certain destinations. It obviously wouldn’t prevent all malicious traffic
Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.
It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.
It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.
Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.
It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.