Re: Tor and network security/administration

[Sean Donelan <sean () donelan com>]

On Sat, 17 Jun 2006, Jeremy Chadwick wrote:
> The problem I see is that this technology will be used (literally,
> not ideally) solely for harassment (especially via IRC).  I do not
> see any other practical use for this technology other than that.
> The whole "right to privacy/anonymity" argument is legitimate, but I
> do not see people using* Tor for legitimate purposes.

Tor is just a brand name.  Its not the first, last or only way.

As long as there are people, there will be people that abuse things.
Every open service has been abused: USENET, SMTP, IRC, DNS, DHCP,
TTY/TDD Relay for the deaf, etc.  The Internet is just a small community
of 500 million or so of your closest friends you don't know.

People have known since rlogin, rexec, rsh relying on IP addresses as a
method to control access has limitations.  Caller ID isn't that much more
secure. It is extremely unlikely we will ever make all or even most of
the network hosts secure, and there will continue to be new applications
being created all the time. Applications designers should probably
consider using application and higher layer authentication methods if
they don't want their applications used as open relays for abuse.  You
can't control what the rest of the world does, but you can set the policy
for using your own application.