I am not sure what he’s hinting at. Just using Tor doesn’t bear any legal risks. Hosting an exit node is different, as depending on the country you might get into serious trouble if certain traffic goes through it.
Yes exactly, and I think there have been stories recently where the exit node host has been held liable for content that’s gone through it.Which is complete bullshit, but the unfortunate reality is that the legal system doesn’t need to understand technology to regulate it.
It’s not bullshit. If A has proof your system launched an attack, or sent CSAM, to another system, but your only defense is “I let anyone use my system in that way”, then at the very least you’re an accomplice.
It is bullshit, because it puts the onus of policing everything on any service provider. If a TOR exit node provider is responsible for all traffic through their node, then an ISP is responsible for all traffic through them to their users - yet it is not reasonable for ISP’s to do this. Nor should it be acceptable by law and even less so if the purpose is for law enforcement to bypass the warrant system by having private parties do the investigation for them.
Well, the law enforcement ship has sailed a long time ago, it’s more of a flotilla by now. Data communication service providers (including ISPs) have some customer identification and data retention requirements in exchange for immunity from the data itself, but otherwise —reasonabke or not— there are more and more traffic policing laws that get introduced for ISPs to abide. By starting a Tor Exit node, you become a service provider, and the same laws start to apply.
It’s no joke that we live in a surveillance state, just that some go “full surveillance” like China, while others go “slightly less in-your-face surveillance” like the US/EU.
Would it be possible to allow exit nodes to blacklist specific kinds of traffic and somehow privately verify that the traffic is not one of the blacklisted kinds (zero knowledge proof perhaps sorry not a CS person)?
An exit node can put in place any filters, blacklists, mitm, exploit injection, logging, and anything else it wants… on unencrypted traffic. Using HTTPS through an exit node, limits all of that to the destination of the traffic, there is no way to get a ZK proof of all the kinds of possible traffic and contents that can exist.
To give you an idea, last time I used Tor, I suddenly started to get a bunch of connection attempts from the FBI. Was I doing anything illegal? Nope. Was TOR a legal liability? You betcha.
I was using peerblock and one of the blocklists contained known governmental IP addresses. Those blocked connections began quickly filling the logs.
Spooked the crap outta me. It’s been a few years since I did that, so I could have that detail wrong. I know it was for sure one of the three letter acronyms, DOD, FBI, CIA, but they were definitely incoming.
That does not sound plausible to me. Typically, your own computer would be behind a router that is either doing NAT or has a firewall (probably the former). Any incoming traffic would be directed to the router without any chance of reaching your computer. Whatever you saw was either outgoing traffic or incoming traffic in response to connections initiated by your own computer.
Consider this, the Tor software was accepting connections from government IPs.
Regardless of whether it was active intrusion or a significant portion of the Tor network, (at that time) had a number of governmental IP ranges in it, It’s enough to dissuade my use, at least without more significant OpSec.
I use peerblock and had some good blocklists set up. The hardest part should be finding peerblock or a more modern fork, the blocklists are mostly public. Helps keep from connecting to known bad actors.
I’m thankful Roku has had data breaches. Mostly because I have a Roku TV that was somehow compromised and now, even after a couple of years and several full factory resets, whoever used my throwaway account signed up for all the streaming services at the highest tier. Hard to be mad when I havent had to pay for anything.
And no, before anyone says anything, it’s not putting my home network at risk, as it’s just the Roku account that’s compromised. Nothing tied to me personally, not even a card/address on the account, so I just chalk it up to “as long as it keeps working, Im not worrying about it”.
I used to blame my cousin, as she has a raging drug addiction and does shady crap like steal people’s credit cards/checks and it was only after she had been over that I had noticed. But nope, still going despite time and resets. If I knew a way of pulling login info off the TV, I’d probably share it, because hell, why not.
But it’s probably using a stolen CC. I wouldn’t feel too great about using someone else’s credit card without their knowledge. I’d report it and try to get the card suspended.
Free stuff is great and all, but I imagine they’re using a stolen CC to pay for those subscriptions and they’re exploiting someone who’s not great at paying attention to their credit card bill.
You may want to report it so that someone isn’t getting fucked over.
Exactly. Having been on the CS side of the house for stuff like this, I can’t imagine they would penalize the customer for coming forward. Customer service ain’t got time for that. They’re going to remove the card, reset the password, and maybe report the card.
Taking money from someone else’s bank account is a shitty thing to do. I don’t know why anyone here would be in support of not reporting this.
It is the only social media I can still view only those I follow and in chronological order. I don’t like the algorithms. I re-followed Elon for about 12 hours the other day. Then I remembered why I unfollowed.
My account has been silent since Musk bought Twitter. I’ve to muster the courage to ask my mutuals to follow me on another platform or exchange Telegram handles.
All the things the cops would want this bot to do are prohibited by rules or by the potential for public outrage; no facial recognition, no offensive capabilities, it’s basically just a camera drone. But that will change when the rules change, or when people stop paying attention… if this thing can avoid being trashed for more then ten minutes after it’s deployed.
Starting on January 1, developers will be charged a fee every time someone installs a game built in Unity after they reach certain revenue or install thresholds.
Obviously death threats are not ok, but for fucks sake, that change is insane. People may install games many times for many reasons, like switching drives, computer, OS or debugging, or corruption, or because they go back to it after not playing for a while.
How is it a good model to charge for repeated installs?
The decision sparked an astonishing backlash against Unity from across the gaming industry,
I bet, this will threaten some people on their livelihood, and if you are 90% finished on a project, it’s an insane change that will force you to switch to another engine, and could kill several projects.
Also as a user, this increases the need and amount of DRM mechanics, which we need less not more of.
I hope Unity will see a massive dive in customers on these policies. This is the kind of decision a company deserves bankruptcy for. And the CEO John Riccitiello deserves to be fired without benefits, and never hired as CEO again.
Edit PS:
The fee is up to $0.20, that’s steep and would mean the end of sub $10 games. This would hurt single and indie developers very much.
Luckily there are other engines, but Unity used to be among the good ones, now they’ve become an untrustworthy player, and that decreases competition for the entire field.
Unreal is much more entrenched than Unity is. At the AAA level, more places hire Unreal devs than Unity devs.
Unity is popular with indies because it’s dead simple (Unreal is a complex monster of an engine). But even Unreal doesn’t have a monopoly, between things like Source, Lumberyard (which is now FOSS and run by the Linux Foundation), etc. Not to mention you can always roll your own engine, which many places already have.
I feel like every company is taking advantage of the mass layoffs going on everywhere, which lets their own layoffs get lost in the news of endless layoffs. I think theyre simply laying off staff just to save on labor costs.
Yeah. Corporate at my work is always looking to keep labor costs at a minimum because its “easy to control”. Yeah, it saves money, but it’s so damned shortsighted.
In a shocking turn of events, google decided once again to make their namesake service worse for everyone.
Legitimately baffling, keeping this feature doesn’t really seem like it would impact anyone except those that use it, while removing it not only impacts those people that already use it, but those who would potentially have reason to in the future.
Cannot think of a single benefit to removing a feature like this.
It is only baffling if you still think that Google’s aim is to help people. At one point they were trying to gain market share and so that was true. It is not anymore.
“against all odds” my left asshole. This is always the way of hacker vs defense, it’s always an arms race and the attacking side always has the advantage.
Defense is always playing reactive. Attack gets to be creative and figure out how to break whatever tools defense has. Defense has to wait until the vulnerability is found and then deal with it. It’s the nature of the arms race with regards to cyber security.
engadget.com
Top