IETF Logo Mail Archive

Re: ietf.org unaccessible for Tor users

Adam Roach <adam@nostrum.com> Wed, 16 March 2016 18:55 UTC

Return-Path: <adam@nostrum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B99D12D64F for <ietf@ietfa.amsl.com>; Wed, 16 Mar 2016 11:55:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o57y_Pfc3100 for <ietf@ietfa.amsl.com>; Wed, 16 Mar 2016 11:55:49 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A639E12D5EE for <ietf@ietf.org>; Wed, 16 Mar 2016 11:55:49 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.14.9) with ESMTPSA id u2GItbQW026818 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 16 Mar 2016 13:55:45 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
Subject: Re: ietf.org unaccessible for Tor users
To: Eliot Lear <lear@cisco.com>, Randy Bush <randy@psg.com>
References: <20160313143521.GC26841@Hirasawa> <m2a8m0y72q.wl%randy@psg.com> <F04B3B85-6B14-43BA-9A21-FC0A31E79065@piuha.net> <56E7E09D.7040100@cisco.com> <4349AFDD-350C-4217-9BEE-3DBD2F608F95@nohats.ca> <27177.1458050662@obiwan.sandelman.ca> <m2k2l3qud5.wl%randy@psg.com> <56E90304.3050407@cisco.com> <m2bn6eq59r.wl%randy@psg.com> <56E904A7.80200@cisco.com> <m2a8lyq4ud.wl%randy@psg.com> <56E90BF9.4090306@cisco.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <56E9AC23.8060109@nostrum.com>
Date: Wed, 16 Mar 2016 13:55:31 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56E90BF9.4090306@cisco.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/jt0MVGlgFBYsgPJm8b3S339I2KI>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, IETF Disgust List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 18:55:53 -0000

On 3/16/16 2:32 AM, Eliot Lear wrote:
> To my knowledge nobody else has raised the concern that that
> the Tor people are raising, and so we are being asked to specifically
> support Tor.  Fine.  That means we then need to consider the
> benefit/harm of our actions regarding who precisely we are helping.  I
> asked that question honestly without an answer, but with concerns.

It's a little off topic, but I'll bite. I'm only replying in the hope 
that we can get past the sidelong aspersions that imply that these users 
are somehow undeserving of access.

This FAQ gives information in a far more thoughtful and comprehensive 
way than I could have hoped to regarding the users who make use of the 
TOR network: https://www.torproject.org/about/torusers.html.en

One of the less obvious things, though, is that switching back and forth 
between Tor and normal browsing on the same machine opens you up to 
certain fingerprinting attacks (cf. 
https://www.w3.org/2001/tag/doc/unsanctioned-tracking/#limitations-of-technical-solutions). 
These attacks can allow determined adversaries to correlate your 
"regular" traffic with your Tor-routed traffic. These are mostly 
state-level actors, although some non-state institutions have 
demonstrated the ability to unmask Tor traffic using this class of 
technique.

So, in particular, the people you're blocking when you make Tor access 
impossible or difficult, are frequently going to be the ones who risk 
persecution, imprisonment, or death if they're discovered. Think human 
rights activists, citizen journalists, and anonymous whistleblowers in 
oppressive regimes. They're the ones who literally *cannot* afford to 
turn Tor off.

/a

v2.23.0 | Report a Bug | By Email