On 04/12/2013 11:35 AM, Troy Arnold wrote:
On Fri, Apr 12, 2013 at 11:00:42AM +0200, bartels wrote:
On 04/12/2013 10:06 AM, Moritz Bartl wrote:
On 11.04.2013 22:17, bartels wrote:
I don't see the legal issue, though. Maybe it is there, but I don't see how rejecting sites via Exit Policy ;) would trigger any one of (1) through (5).
Yes, rejecting via exit policy should not, but direct filtering/tampering via iptables might.
How do you figure that? Where's the legal difference?
Rejecting via exit policy means that those packets/traffic never reach your relay because the rest of the network won't select your relay as part of the circuit.
Rejecting via iptables means those packets reach your machine but never leave. Therefor, you are making a judgement about which traffic is abusive or illegal. In some jurisdictions this has, by some twisted logic, been interpreted to mean that the operator is giving tacit approval for anything that has not been rejected.
This is even more clear-cut if you are rejecting specific hosts rather than all traffic on a given set of ports.
I find Klingon easier to understand than the perverse logic of lawyers. But there is no arguing with jurisdiction.
So, how can isps get away with blocking port 25? Just curious. And/or offering a deliberately corrupted dns?
It really is spelled out in the doc that Moritz linked: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
Okay.
In any case it *is* mean to tell the network that you'll relay certain traffic but then in fact not pass it on. Nobody likes a liar :)
Apparently, I gave the impression that I am in favor of exit relays rejecting or dropping packets. I am not. Exit policy, or any other tor policy is good.
My only concern is abuse and the best way to deal with it.
Thank for the feedback.
- bartels