27 January 2011 Tor exits in .edu space Date: Thu, 27 Jan 2011 23:04:31 +0100

From: Eugen Leitl <eugen[at]leitl.org>

To: cypherpunks[at]al-qaeda.net

Subject: Re: Tor exits in .edu space ----- Forwarded message from Flamsmark <flamsmark[at]gmail.com> ----- From: Flamsmark <flamsmark[at]gmail.com>

Date: Thu, 27 Jan 2011 11:51:56 -0500

To: or-talk[at]freehaven.net

Subject: Re: Tor exits in .edu space -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 My name is Thomas Lowenthal, and I'm an undergraduate student at Princeton University. I'm majoring in the Politics Department, with a certificate from the Program in Applications of Computing, and the Program in Information Technology and Society. I'm also an Undergraduate Fellow at Princeton's Center for Information Technology Policy[1]. I'll be graduating this summer, in 2011. I run the exit TempleSouth[2] inside the IP space of Princeton University. The computer itself isn't a departmental or University piece of equipment, it's just my own machine that lives under my desk. Over time, it's had different names and fingerprints, as I moved from machine to machine, and operating system to operating system. Running an exit node here has been a lot of work, but it's been extremely interesting to see the reactions that different administrators here have had. I run a Tor exit node because I support the ubiquitous availability of strong anonymity for anyone who wants it. Tor is one of the strongest, best-researched, and most widely-used online anonymity system, and I want to help keep it running at maximum capacity. Initially, I operated a relay but -- not one to shy away from a fight -- reviewed the EFF's legal guidance, and switched to an exit node. This was in the days before Mike Perry's excellent Tips for Running and Exit Node with Minimal Harassment[3], and I used a wide open exit policy. Of course, after a little while some DMCA complaints started showing up. I responded with polite and precise variations on the abuse templates. However, Princeton has a policy of assuming the accuracy of such notices, and that they refer to actually illegal behavior. I was sanctioned on the basis that I was personally violating copyright law. Of course, I argued back. I gradually made my way through different administrative procedures, talking with several administrators, and committees, and finally Princeton's general counsel. It took a few years (and untold meetings) but I've managed to persuade them that running an exit node is neither illegal nor unethical (if not actively altruistic). The most interesting part has been the reactions from the various people involved in the the discipline/discussion process. The first few administrators, and the committee that sanctioned me to begin with, were completely incredulous that this whole Tor business could be anything but an elaborate ploy to download movies and music online. It was beyond imagining that a message sent by -- highly reputable -- entertainment companies could be anything but cold hard fact: prima facie evidence of wrongdoing. I had to pull out Section 230 of the Communications Decency Act[4] and subtly hint that sanctioning me might be illegal itself, before they'd consider seeking a second opinion on my "wrongdoing". Our DMCA contact was much more pragmatic, and genuinely interested in what was going on. She went out and did her homework on the Tor project, examining things with a non-judgemental eye. She empathized with my desire to work towards internet freedom. Her concerns were pragmatic and legal. Se was worried that I could move towards giving the University a bad name, or causing it actual harm. She was also skeptical that I -- a student with a home-made computer under my desk -- could be considered a "service provider" in the eyes of the DMCA, especially since I hadn't registered a DMCA contact. However, the school's general counsel was the most understanding. After I explained to him exactly how Tor works, and we reviewed the safe harbor provisions of the DMCA, he got on board with the EFF's legal position. He also realized that this left the University with negligible liability for what was going on, and that -- on the contrary -- it was only sanctioning me that would raise the legal risk under the CDA. The support that I received from the project was somewhat limited, but I can't really imagine receiving that much more. I spoke with arma on the IRC channel, and he provided me with moral support, and offered to get me in touch with Ed Felten at Princeton's CITP. An open letter from lawyers, addressing an ISP or University's liability concerns might be valuable, but then again it might not. It's my feeling that this sort of situation is best resolved with polite determination and some mild politicking, but I don't see that there's much that the Tor project can do to persuade large organizations of its worth. The most valuable resource that I have right now is Mike Perry's excellent Tips for Running and Exit Node with Minimal Harassment. That's exactly the sort of thing that's really valuable to people like me. I'd like it to be linked directly from 'so you want to be a server' section of the torproject.org . Beyond that, the most valuable thing for the project to do is advocacy. The more people know about Tor, and respect the value of online anonymity, the easier people should find it to run exits That's the position as it currently stands. I think that the University is not happy, per se, but that they realize that running a Tor node is one of the many forms of autonomy that must be granted in a liberal academic institution. There are still blips from time to time when it seems that someone has made a death threat, or committed a criminal offense while exiting from my node. Mostly, however, the University just lives and lets live. - -Thomas Lowenthal

GPG key 80AF07D3

thomas.lowenthal[at]gmail.com

http://flamsmark.com A note: Princeton is home to the Center for Information Technology Policy, directed by Professor Ed Felten, my Computer Science adviser. CITP is home to research fellows, including Wendy Seltzer, one of Tor's Board of Directors, and has even had Roger Dingledine visit as a guest speaker. If needed, it's possible that I could have requested backup, or reinforcements from CITP during the saga described above, however I preferred to fight this one on my own, as far as possible. If you want to get in touch with me, please email me, or contact StrangeCharm in #nottor on irc.oftc.net . My resume is available at: http://flamsmark.com/docs/lowenthal-resume.pdf . The viewpoints expressed here are my own, and not representative of my university or employers. Please feel free to redistribute these comments widely. They are available under a Creative Commons Attribution-ShareAlike 3.0 United States license[5]. If you excerpt from them, please link to email archives and/or http://flamsmark.com/docs/lowenthal-tor-edu.txt , and attribute them to my full name - Thomas Lowenthal. [1] http://citp.princeton.edu/ [2] Fingerprint $500B25C1240DAC33AC6621D1A87D77A0FF91DE33 [3] https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment [4] https://secure.wikimedia.org/wikipedia/en/wiki/Section_230_of_the_Communications_Decency_Act [5] http://creativecommons.org/licenses/by-sa/3.0/us/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAk1Bm0kACgkQMHyzSdX0lpx7RQD+Lyxsj6/P8pHzd2nqllpcueGH YhRAA6c63aOrgWCjWMQA/3PHSVixJzo4zXZe268KpaMXHlp0awwdzxQ0hL81e+hF =uTp8 -----END PGP SIGNATURE----- *********************************************************************** To unsubscribe, send an e-mail to majordomo[at]torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org

8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE