Scott Hanselman

Yeah, TOR is nifty. You can configure FoxyProxy to work with it. In fact, the first time you run FoxyProxy after installing it, it asks you if you'd like to configure it to work with TOR.

So using TOR with Privoxy gets you about as close to invisible on the internet as you can get. I've also heard of people tunneling SSH to their home proxy using TOR and using Squid at home to pre-fetch pages and download their email if they are using a public hot spot. I can't think of anything more secure than that other than using a Sneakernet to transport the packets.

As I understand TOR, it's not exactly an "everyone gets pages for everyone else" setup. Everyone using TOR is part of the routing chain, but the unencrypted access to the actual content happens on edge (gateway) servers. I think that's a better setup anyways - I might want to use TOR to protect my own privacy, but not at the cost of donating having my internet connection used to access illegal content. I wouldn't want my IP showing up on a server log as part of some terrorist plot, kiddie porn ring, etc.

Yep, I looked into it a bit more. TOR Clients just route traffic, TOR Servers acquire the content. It looks like they allow you to enforce policies to limit your abuse and exposure if you run a TOR Server, but I don't think I'd want to mess with it. http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RunAServerBut

I went whatismyIPaddress.com and got plastered with 3 popups one after another. back to IPCONFIG

@John A. Davis: IPCONFIG will only show your computers IP address - not the public Internet IP address being used to get traffic from servers for you.

[)amien

If you don't like the popups on WHATISMYIP, you can use http://www.dnsstuff.com/ - it shows your public IP in the upper right hand corner. Sorry for the comment barrage - I'll shut up now.

Also try http://checkip.dyndns.org - This is what a lot of the various automatic DynDNS updaters use.

The big problem I see with Tor is that they rely on volunteers to donate bandwidth. If I want to contribute to the network, I can run a server. I run μTorrent 24/7 so I can help pass along the Hanselminutes and DotNetNuke goodness. I totally support and agree with the ideals of the EFF, so why shouldn't I want to run a Tor server?

This is all well and good, until, as chance would have it, my connection is used for some pervert to deal in child porn. Or plot a terrorist attack. Now, I don't rightly care what you use my connection for in theory. That's why I'm donating the bandwidth to Tor. But, as we've seen in a lot of DMCA/RIAA John Doe cases, I might actually be held responsible for the content accessed from my IP address.

IANAL, but I worry about the liability of operating a Tor server. At the very least, it gives the fuzz a good excuse to kick your door down and confiscate all of your hardware (thank you, Patriot Act).

People should not fear their government. Their government should fear them. This is my ideal, and I'm sticking to it. That said, I really have no desire to stand tall before the man. Am I totally wrong in my thinking here? Is there any case precedent to help me feel safer about hosting a Tor server in the US? Or is this something for which I will have to rely on my freedom-loving overseas brethren?

Looks like it's my turn to spam Scott's blog tonight.

Of course, I posted my last comment before I read what Jon Galloway recommended:

<quote>
5.2. I'd run a server, but I don't want to deal with abuse issues.

Great. That's exactly why we implemented exit policies.

Each Tor server has an exit policy that specifies what sort of outbound connections he will allow from his server, and what sort he will refuse. The exit policies are propagated to the client in the directory, so clients will avoid picking exit nodes that would refuse to exit to their intended destination.

By default, your server allows access to many popular services, but restricts some (such as port 25) due to abuse potential. You can edit your torrc to make your exit policy more or less restrictive. If you want to avoid most if not all abuse potential, set it to "reject *:*". This setting forces a "non-exit" operation. Nobody exits through your node, only direct connections to other nodes will be established.
</quote>

Okay... So I can block individual ports. That's helpful, since it keeps spammers out. Still doesn't explain how I might prevent being used for behavior that could make me criminally liable short of setting a non-exit policy. Truthfully, I realize that it's not really a realistic expectation, and certainly is not in the spirit of Tor. Guess my options are:

1) Run a server and run a risk of showing up in subpoenaed IP logs for something I didn't do

2) Run a server and set it a non-exit policy

3) Don't run a server and just leech bandwidth from the Tor network

Looks like Tor requieres a public IP address in my computer :-(