Researchers Face Jail Risk For Tor Snooping Study 121
An anonymous reader writes "A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project (PDF) in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act. The researchers neither sought legal review of the project nor ran it past their Institutional Review Board. The Electronic Frontier Foundation, which has written a legal guide for Tor admins, strongly advises against any sort of network monitoring."
Correct link to study (Score:5, Informative)
Re:They can't be stupid. (Score:5, Informative)
When engaging in activities that might be legal, but might be a felony...I'll go for safe over sorry any day.
Re:OT factoid... (Score:5, Informative)
Nope. Slashdot banned tor openly, as do most online discussion systems that don't want to be flooded by endless bots.
You either ban all tor users or you allow all tor users, since any one user can just reconnect through every tor node to evade ip bans(allowing them to create new accounts if their old one was banned). Most places would rather be able to ban users, so they disallow tor exit nodes.
They have more than the law to worry about . . . (Score:2, Informative)
Re:Correct link to study (Score:4, Informative)
I don't wonder that the Tor people are upset by this study, because it makes some credible-looking claims that Tor does not adequately provide the anonymity it claims to. Amongst other things, the researchers warn that the design of the network can allow different actions by the same user to to be associated.
They also warn about things that have led many to doubt the project from the start: that (in their language) 'misbehaving' nodes can be set up that could take a range of actions detrimental to users.
Lest this be thought to be a hypothetical threat, consider this from their conclusion:
>we developed a method for detecting malicious
>logging exit routers, and provided evidence that
>there are such routers that
>speciïcally log insecure protocol exit traïfc
They also note that while they ran their node, they received numerous accusations of illegal activity, traced to their node's IP address. This has always been a danger for node operators - this test confirms it is a real threat.
Frankly, a reader of this report would be wise to reconsider Tor usage.
Re:You can't jail them@ (Score:1, Informative)