
Tor Exit Nodes in Libraries – Pilot - briansmith
https://blog.torproject.org/blog/tor-exit-nodes-libraries-pilot-phase-one
======
fossuser
If you think the Tor project is working on an important problem, consider
running a relay. It's inexpensive, easy to administer, no hassle (if not an
exit) and I think the scale is such that a couple thousand additional relays
would make a noticeable difference to the network.

You can even have it AWS where it will get automatic updates with almost no
effort: [https://cloud.torproject.org/](https://cloud.torproject.org/)

If you want to run it on OS X:
[https://tor.stackexchange.com/questions/6567/how-do-i-
manual...](https://tor.stackexchange.com/questions/6567/how-do-i-manually-
setup-a-relay-on-os-x)

I think it's pretty cool that you can help enable people to safely bypass
censorship/surveillance from across the world.

~~~
jolan
> no hassle (if not an exit)

Not 100% true, your server's IP will be banned along side the IPs of exit
nodes. It seems a lot of blacklists don't bother to make the distinction.

[https://www.reddit.com/r/TOR/comments/2abne1/hulu_blocked_af...](https://www.reddit.com/r/TOR/comments/2abne1/hulu_blocked_after_setting_up_tor_nonexit_relay/)

[https://trac.torproject.org/projects/tor/wiki/org/doc/ListOf...](https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor)

~~~
fossuser
Good point - I did notice this with Hulu, but haven't seen it elsewhere.

------
arat
If you know a librarian who might be interested in participating in the
future, consider encouraging him or her to fill out this questionnaire:

[https://libraryfreedomproject.org/questionnaire/](https://libraryfreedomproject.org/questionnaire/)

------
fweespeech
I wonder how many DMCA requests they will get and if the administrative
overhead with it will kill the Pilot.

~~~
noondip
From
[http://www.ala.org/advocacy/copyright/dmca/guidance](http://www.ala.org/advocacy/copyright/dmca/guidance):

Section 404 of the DMCA updates section 108 of the Copyright Act to allow
libraries and archives to take advantage of digital technologies when engaging
in specified preservation activities. The amendment to subsection 108(a)(3) is
intended to ease the burden on libraries and archives of the current law's
requirement that a notice of copyright be included on copies that are
reproduced under section 108. Under this amendment, such notice would be
required only where the particular copy that is reproduced by the library or
archive itself bears a notice. The amendment to subsection 108(b) permits a
library or archive to make up to three copies or phonorecords, rather than
just one, for purposes of preservation and security or for deposit for
research use in another library or archives, and permits such copies or
phonorecords to be made in digital as well as analog formats. The amendment
provides that any such copy in a digital format must not be otherwise
distributed in that format and must not be available to the public outside the
premises of the library or archives.

~~~
fweespeech
That isn't immunity to frivolous DMCA notices or the ability to ignore DMCA
notices.

By serving as an exit node, they are able to take it off premises.

> _The amendment provides that any such copy in a digital format must not be
> otherwise distributed in that format and must not be available to the public
> outside the premises of the library or archives._

~~~
wcchandler
Yeah, that's a specific example they point out in the guidelines.

But there's another section that also applies to higher ed institutions which
remits all damages and criminal charges if they prove they had no knowledge of
it (actively) going on. That's the provision they'll probably hide under.

 _edit: I should clarify, most DMCA complaints are from third parties who get
paid from the settlements. Eliminating the financial incentive to pursue legal
action pretty much eliminates the threat of prosecution._

~~~
fweespeech
Does that exemption hold true the second or third time they get hit with a
legal notice about the same issue and their Tor exit node?

------
ceequof
[https://pando.com/2014/07/16/tor-spooks/](https://pando.com/2014/07/16/tor-
spooks/)

    
    
      In 2006, Tor research was funded was through a no-bid
      federal contract awarded to Dingledine’s consulting
      company, Moria Labs. And starting in 2007, the Pentagon
      cash came directly through the Tor Project itself —
      thanks to the fact that Team Tor finally left EFF and
      registered its own independent 501(c)(3) non-profit.
    
      How dependent was — and is — Tor on support from
      federal government agencies like the Pentagon?
    
      In 2007, it appears that all of Tor’s funding came from
      the federal government via two grants. A quarter million
      came from the International Broadcasting Bureau (IBB), a
      CIA spinoff that now operates under the Broadcasting Board
      of Governors. IBB runs Voice of America and Radio Marti, a
      propaganda outfit aimed at subverting Cuba’s communist
      regime. The CIA supposedly cut IBB financing in the 1970s
      after its ties to Cold War propaganda arms like Radio Free
      Europe were exposed.
    
      The second chunk of cash — just under $100,000 — came
      from Internews, an NGO aimed at funding and training
      dissident and activists abroad. Tor’s subsequent tax
      filings show that grants from Internews were in fact
      conduits for “pass through” grants from the US State
      Department.

~~~
mburns
[https://www.torproject.org/about/sponsors.html.en](https://www.torproject.org/about/sponsors.html.en)

The NSA fully-funded and wrote SELinux, too. So what?

~~~
daveloyall
I am naive on this topic.

Sincere question: don't these facts call the utility of SELinux and Tor into
question?

If the answer is "because math", well... I don't speak math. Being illerate in
this manner, I must depend on the reputations of the parties involved (and the
reputations of the parties that report who was involved!).

So... Can a person who does not trust the NSA trust products they paid for?

~~~
INTPenis
You can definitely trust the sensational value in finding out that any project
advocating freedom and data security would be exploited by a government.

That's what I do, it's not perfect but I love reading source code and figuring
out how things work so I know others, much smarter than me, love that too.

The public cases of the US government going after Tor, for example, have all
read like external attacks on the protocol design flaws to build a larger
case.

I would be more suspicious over placing exit nodes in libraries because I
assume they're state owned in the US. Don't know since I'm not from there
though. I just think it's sort of ironic because the attacks that have been
performed all required possession of exit nodes.

~~~
simoncion
> I would be more suspicious over placing exit nodes in libraries...

Librarians are more often rabidly pro-privacy and pro-anonymity than not.
They're often _very_ well read, well educated, and know their history.

> I just think it's sort of ironic because the attacks that have been
> performed all required possession of exit nodes.

Unless you have information that I do not (if you do, please link to it)
control of a single exit node gives you no more power than your ISP already
has over you. What attacks were you thinking of? Keep in mind that Tor
explicitly does not protect against:

* An adversary that can listen to the communication between a large number of nodes in the Tor network and targeted Tor users. (Similarly, Tor cannot protect against a malicious adversary who controls a very large number (1/3? 51%? I can't remember) of the nodes in the Tor network.)

* Tampering with or recording of the data that leaves or is returned by a Tor exit node. (Again, this is an attack that _anyone_ between you and your communication partner can launch, whether you're using Tor or not.)

~~~
INTPenis
>Librarians are more often rabidly pro-privacy and pro-anonymity than not.
They're often very well read, well educated, and know their history.

Few librarians are involved in network operations at the library though. I'm
just speaking from my experience here in Sweden but that stuff is usually
handled by a local IT department or out sourced to a company.

So the danger would be in having a federal oversight on network operations of
libraries. I do not believe we have that in Sweden at least. Probably the US
government allow libraries to manage themselves on that front too.

>Unless you have information that I do not (if you do, please link to it)
control of a single exit node gives you no more power than your ISP already
has over you. What attacks were you thinking of? Keep in mind that Tor
explicitly does not protect against:

Exit nodes, as in plural.

So hypothetically if the federal government did manage network operations for
libraries in the US, and the Tor network was successful in onboarding many
libraries in this project, that could mean massive control of Tor exit nodes.

