Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What stops someone from masking their own behavior by falsely attributing it to a TOR user. That is, someone runs a TOR exit relay and whenever a complaint comes in for an action actually executed by the relay host, falsely attributing it to a TOR user.


To put it finally and bluntly:

BECAUSE IPs SHOULD NOT HOLD UP IN A COURT OF LAW AS PROOF OF IDENTITY.

Wow, that feels better.


The very same person could just use tor to begin with, without running an exit node at all. And from some perspectives, including mine, that's a good thing, at large.


Actually, there's a very simple and elegant answer to this: Tor doesn't save anything from relayed traffic to disk. So if forensic traces exist on the behavior, it was PROBABLY the node operator.

(I used to have a source for this, but I think I bookmarked it on my dead laptop.)


Not really, sometimes you need pcaps to diagnose network problems as an admin. I anonymize the IPs and shred the files afterwards. But recorded == operator is a bad heuristic.


in addition to sibling, the threat of being sued for perjury along with whatever else you did

also, the same argument applies for tor at large


Bandwidth in not equalling bandwidth out.


Showing what? That you might have been using your own node for something?


Yes, and the value of out minus in correlating with the complainant's bandwidth experience.


> Yes, and the value of out minus in correlating with the complainant's bandwidth experience.

That would be true if only if that's the only extra thing you would be doing on the node though. Even then seems like pretty thin evidence.


Graph bandwidth usage second by second or minute by minute and it gets to be a pretty keen indicator.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: