Researchers Face Jail Risk For Tor Snooping Study

← Back to Stories (view on slashdot.org)

Researchers Face Jail Risk For Tor Snooping Study

Posted by CmdrTaco on Thursday July 24, 2008 @02:50AM from the learning-is-dangerous-business dept.

An anonymous reader writes "A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project (PDF) in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act. The researchers neither sought legal review of the project nor ran it past their Institutional Review Board. The Electronic Frontier Foundation, which has written a legal guide for Tor admins, strongly advises against any sort of network monitoring."

4 of 121 comments (clear)

Min score:

Reason:

Sort:

Correct link to study by miraboo · 2008-07-24 02:53 · Score: 5, Informative

The link to the study is borked. Correct link: http://www.cs.washington.edu/homes/yoshi/papers/Tor/PETS2008_37.pdf
1. Re:Correct link to study by Anonymous Coward · 2008-07-24 04:35 · Score: 4, Informative
  
  I don't wonder that the Tor people are upset by this study, because it makes some credible-looking claims that Tor does not adequately provide the anonymity it claims to. Amongst other things, the researchers warn that the design of the network can allow different actions by the same user to to be associated.
  They also warn about things that have led many to doubt the project from the start: that (in their language) 'misbehaving' nodes can be set up that could take a range of actions detrimental to users.
  Lest this be thought to be a hypothetical threat, consider this from their conclusion:
  >we developed a method for detecting malicious
  >logging exit routers, and provided evidence that
  >there are such routers that
  >speciïcally log insecure protocol exit traïfc
  They also note that while they ran their node, they received numerous accusations of illegal activity, traced to their node's IP address. This has always been a danger for node operators - this test confirms it is a real threat.
  Frankly, a reader of this report would be wise to reconsider Tor usage.
Re:They can't be stupid. by faloi · 2008-07-24 03:01 · Score: 4, Informative

It sounds like, from the very cut down version of the story that's available at the link, they didn't want to go to the effort to find out. They probably figured (correctly) it'd be a huge hassle to go through all the hurdles to get the approvals they might need. Rather than dig into it, they talked amongst themselves and decided it wasn't a big deal. Regardless of FAQ containing legal advice to the contrary. They sought minimal outside advice, and may or may not have provided enough information for the third party to make a determination, but didn't pursue it.

When engaging in activities that might be legal, but might be a felony...I'll go for safe over sorry any day.

--
"It is a miracle that curiosity survives formal education." -Albert Einstein
Re:OT factoid... by Anonymous Coward · 2008-07-24 03:41 · Score: 5, Informative

Nope. Slashdot banned tor openly, as do most online discussion systems that don't want to be flooded by endless bots.
You either ban all tor users or you allow all tor users, since any one user can just reconnect through every tor node to evade ip bans(allowing them to create new accounts if their old one was banned). Most places would rather be able to ban users, so they disallow tor exit nodes.