Slashdot Mirror
UK Parliament: Banning Tor Is Unacceptable and Technologically Impossible
An anonymous reader writes: Months after UK prime minister David Cameron sought to ban strong encryption, a new parliamentary briefing contradicts that, at least when it comes to Tor. The briefing says, "there is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges." The briefing cites Tor's ability to circumvent such censorship in countries like China as well as looking at both legal and illegal uses of Tor.
Good article for it.
Its been a while.
Yet tor hasn't worked in China for years, it actually seems to be pretty easy to block.
Tor works in China? I rarely get Tor or torrents to connect in Beijing, but for some reason it varies depending on where I connect.
The problem is that for Cameron to change his mind on trying to ban strong encryption, would imply that he was somehow wrong to try and ban it in the first place. This of course will not happen. Politicians HATE it when they are shown to be wrong.
A bit of heated rhetoric mentioning Paedophiles, Terrorists and Tor will put paid to this report, and GCHQ will continue on their merry way treating the entire population as enemies/criminals.
Trying to associate Microsoft with "fun" is like trying to associate Satan with aromatherapy. -Tycho
I wouldn't trust anything that comes out of that horse's mouth.
It's not like they stick to their word or never change their mind all of a sudden..
Tor falls into the same category as many other items which can be used for both good and bad.
A knife can be used to cut bread, but also throats. Morphine is be best pain killer there is,
but is also a killer when abused. Bitcoin (& co) can revolutionize the monetary system,
but also be used for non-tracable financing for all sorts of illegal activities.
"Non-tracable financing for all sorts of illegal activities" is also a a well-known property of... cash!
Cash is not really under political questioning (a bit more so from banking): it's common,
under relative control, and it's not new.
This leads me to believe that the banning things which can have adverse side effects
is not primarily motivated by care for the public best, but rather fear of the new/unknown and
fear of loosing control.
Well, to be honest, all it probably means is that they know how to get around tor, and they don't want people to switch to anything else.
But I'm cynical that way.
wouldn't be to ban strong encryption, it would be to make the assumption in Law that there mere *presence* of such an encryption system is enough indication of liability. Much like the assumption made that because something posesses a moving picture display that it is being used as a televisual broadcast receiver even if it isn't actually being used as such. It's easier to assume than it is to carry the burden of proof - with assumption comes the passing of that stick to the accused (who is on a loser because - and you've got to point this out or you're screwed - you can't prove a negative, it's a logical absurdity).
What this means to Granny is that if her computer is compromised with one of those cryptolocker things that encrypts her home folder and holds it ransom, she can't decrypt it because she doesn't have the key.
Strike 1 in English Law: possession being 9/10, if you have hold of a hard drive it is assumed that you have access to the data on it.
Strike 2: if there is an encryption it is also assumed that you have the key (see previous point about proving negatives).
Strike 3: Case that Granny is accused of having kiddie porn, the assumption can now be made that said kiddie porn is inside the encrypted container. Because the Law is now changed so that criminal liability now works on Balance of Probabilities (hence doesn't need a jury to decide Beyond Reasonable Doubt), Granny is going away for a while even if a: there is no kiddie porn - which she can't prove by unlocking the encrypted container, and b: she could prove it by breaking the encryption and opening the container - make the assumption that there are other containers containing the porn, which given the mental status of State prosecutors (and police), being utterly paranoid, she be fucked because the seed thought is there (that Granny is a bad person), and combined with the balance of probabilities, "No Smoke Without Fire" applies. NSWF CANNOT apply in Beyond Reasonable Doubt because BRD REQUIRES physical evidence! And encrypted container with no access to the data is NOT physical evidence. If it were we'd see prisons bursting with people jailed on the basis of unseen contents in sealed black boxes.
Lesson for all: if you're accused of causing harm or damage, DEMAND THAT JURY AND DO NOT BACK DOWN.
</run_on_rantish_rant>
Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
So the UK government, one of the strongest supporters of monitoring everyone, everywhere, all the time, thinks that Tor is fine for people to use.
I'm sure Tor is not just a honey pot. The UK government wouldn't lie about something like that, would they? The folk in GCHQ are known for being fair, just and respectful of local / international laws concerning data collection on... everyone, everywhere, all the time.
Nothing to see here citizen.
As they say, attack is the best form of defense, having been caught undermining encryption, spying on their own countries without warrants, suddenly the creeps all want to infer that encryption is a terrorist weapon. Hence it should be made illegal, making what they did seem legal.
Encryption is an essential basis for communications, necessary for a free society, and protected by constitutions and human rights legislation, and a protection of commercial and democratic secrets.
There is no basis for Cameron to authorize in secret spying on British people for a foreign power.
We get it, if you don't go along with it, like UKIP, your bad phone calls are released to the press to discredit you. He didn't get that, so he's approved by the people with access to his private communications. However just because he's tainted doesn't mean the taint can spread.
They publish a list of their exit nodes for god's sake.
Perhaps someone could explain how Tor creates anonimity. Most places I read stress the more obvious part of Onion Routing which is sort of merry go round tumbler so people can't associate where you got on from where you got off. But What I don't understand is how you preserver anonimity in the getting on part. Two things strike me as give-aways. First It seems like there has to be some zero conf step where you learn where a tor entrance node is and what port it wants to initiate the protocol. It seems like these entrance nodes would have to not change frequently so any determined adversary just needs to program key routers to watch for traffic to that IP address. Lots of diverse traffic to any specific computer with a characteristic port number would be the bread crumbs used to identify the watched IP addresses. Second, since the packets are encoded in some layered way, surely there is some sort of header or something that a deep packet inspector could recognize as a tor format, also giving the game away.
So I could see how tor could obfuscate who is talking to who, it seems like it would have a hard time obfuscating the set of people involved.
Some drink at the fountain of knowledge. Others just gargle.
Cameron is trying to sound "tough" to appeal to voters, especially in the run up to the General Election in May. Of course, sounding tough doesn't require that your stated policy makes any sense technically, logically, economically or in any other sense.
"If you think the problem is bad now, just wait until we've solved it." --- Arthur Kasspe
Their upper class wants to communicate anonymously: http://www.thedailybeast.com/a...
The loudest and most visible people to politicians are the nutbars. And many of them will see changing your mind by a politician who said things that they agreed with as "selling out" or "betrayal", therefore they will vilify and berate a politician who changes their mind on a pet subject.
Dumb nutbars don't cope well with change. Especially the older ones. Therefore a politician who changes their mind causes them actual mental anguish: the world isn't understood any more, it's all frightening,anything could happen (and they will work on how it must be bad, not how it could be good). And conservatives, wherever they are (Democrats in the USA too), appeal especially to those who do not want to see things change or can't cope with change.
Therefore the politician, to keep in power, cannot afford to change their mind. Indeed by doubling down on the insistence, they can get easement from the loud and vocal idiot brigade. Given they aren't punished for being intransigent or even wrong, politicians see no upside in being reasoned in their conclusions.
So it's not entirely their fault: the benefit/cost decision is defined for them by voters/complainants.
I doubt that actually. POST is a small group of scientists who advise parliament, they're not a part of the government at all and it's extremely unlikely they'd be privy to classified knowledge about secret programmes to intercept tor communication.
Banning TOR is not technologically impossible, it is quite easy to do. Enforcing the ban is the problem. Making it a crime may deter some, but of course not the nefarious.
>Banning TOR is not technologically impossible, it is quite easy to do. //
Go on?
Suppose I create an SSH tunnel or use a VPN to a machine that I run TOR on - you're going to enforce a ban on that and it's "quite easy". Pray tell how?
Suppose you're going to be super-naive about it and just block TOR traffic at the ISP user level - it's encrypted and can be passed on common ports like 443 - how do you stop that traffic?
"You can't ban Tor! People might switch to something we can't intercept!"
Nothing posted to
Ha! I thought it was a meme I wasn't aware of :D
You didn't read his post, banning it is easy, all you have to do is pass a law that says its not allowed. Enforcing the ban is the hard part.
Just leave it alone and think of the bounty of intelligence you will harvest - infiltrate or set up some phony jihadist / paedo / drug & weapons dealing / carding sites and wait for the perps to come to you.
is a typical right wing authoritarian fuckwit!
TOR exit nodes are on a public list. Banning them by IP address is quite easy, and it is pretty common for admins to ban or severely restrict services to exit nodes, just because they have a reputation for abuse.
The ideal is to use TOR, then a VPN service past the exit node, so services on the Internet don't give you the middle finger.
But then again, they're hardly unbiased.
The charge against him was not his theory, but that he wrote it in Italian, which the ordinary person could read, rather than latin, which would only be read by scholars and the church, who were safe with the knowledge that the bible wasn't literally true.
Ordinary people, however, couldn't be trusted with this fact. They might wonder if the bible had any other errors in it and why it should make them give 10% or more to the church, along with tax free divestitures of land and assets. And that was a dangerous thing.
Tor cannot be used in China. It has been blocked there, and has been unusable for years now. You can't see all the contents of Tor traffic, but you can certainly cut off Tor altogether. I'm not sure where the idea came in that you can't, but obviously they didn't do their homework.
TOR is throughly compromised and they don't want people to stop using it, they want them to feel "safe" using it.
"If any question why we died, Tell them because our fathers lied."
Tor is tainted by GCHQ. Why else would they suggest continuing using it?
> Even if it were [moral], there would be technical challenges
Ha ha oh wow. Since when did this ever start showing up in statements? Last I checked we still have people (from plebs to politicians) saying crap like "We should show everyone's name on the internets!"
And even multi-million corporates saying crap like "Let's base policy around the user's location because we can tell where they are." Then some tech says something about "proxies and VPNs" and the decision makers say something about "Fix it. We'll sue. We'll lobby it into illegal. Do something."
You don't have to know tech, just know that things like "the (federal) LEOs can look the guy up" and "they can be controlled through their ISP" are not hard rules. That there are few hard limits to internet use at all. You can do whatever you want case-to-case but it's different when you try to declare encompassing laws. You don't have to know tech, just look at restrictive countries. You can control most people most of the time (techwise) but don't assume that's a reflection of your power, it reflects people using tech the easy (insecure) way.
Hopefully we'll dodge more bullets in the future. I'm glad we didn't set the wrong precedent on "an IP address is useful evidence but can not be equated to an individual".
It would probably be faster to have a courier take your hand encrypted piece of paper that you left for him at the dead drop.
But seriously, I hope no one is trying to do more than email over such a link. Ugh.
TOR exit nodes are on a public list. Banning them by IP address is quite easy, and it is pretty common for admins to ban or severely restrict services to exit nodes, just because they have a reputation for abuse.
The ideal is to use TOR, then a VPN service past the exit node, so services on the Internet don't give you the middle finger.
But then the VPN provider knows who you are so your anonymity is gone already, and as since it is your VPN provider that's on the front line, the NSA don't need to go picking at the TOR maze to guess who you could be.
It depends who you are worrying about.
The NSA is one thing. However, if someone wanted to post something so their HOA won't sue them for $10,000 per negative post (a common contract stipulation in Florida), having security enough so the VPN owner throws up their hands and says they can't do anything since the traffic is from a TOR node... is good enough.
The biggest issue I have where I live are sue-happy entities. They be powerful enough to shake the VPN owner and get the IP behind it, similar to how CTunnel.com turned state's evidence... but if the IP behind it is a TOR exit node, there is nothing that can be done, unless the proxy service links the account used to the outgoing IP... which they shouldn't. However, using a VPN that is in another country tends to shield from that, since a VPN service in Sweden would laugh at some restaurant in NYC demanding IP addresses because someone claimed their fish sucked.
I'm not worried about criminal activity, but being the unlucky person when lightning strikes and some vigilante SJW decides to go after someone who stated something non politically correct just for shits and grins.