[Tor2web-talk] Tor2web filterlist sharing

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Mon Jan 5 12:18:02 CET 2015 

On 1/5/15 4:44 AM, Thomas White wrote:
> I'd just like to state my objection to such lists being used. In
> discussion with another person, we have agreed for our Tor2Web
> instance we will not be using it because firstly I do not believe we
> should act as the censors of people (especially without a court
> order). Secondly as the URLs are in the form of an MD5 there is no way
> to vet the list.
>
> As bad as the content is that it was designed to block, I would say it
> would be going beyond and certainly outside the principles of a
> project like Tor to begin blocking it. Tor, in theory, can actually
> block hidden services - but they don't because to maintain a voluntary
> list is to accept responsibility as the filter - certainly under UK
> law where I reside at least. If people get a court order for it to be
> blocked then I can understand since the continued operation of the
> service is more important than a single URL. With that being said, to
> proactively block sites and share the list around as a "feature" of
> Tor2Web is slightly chilling.
Hi Thomas,

thanks a lot for your commitment, i feel we really need a lot of new
forces to make Tor2web project scale up.

I invite you to consider that most Tor2web *cannot* stay online without
filtering list being applied, that's a fact we must live with.

I suggest to look at the filtering issue from an end-user experience
perspective:

                                                 IT IS NOT CENSORSHIP!

Censorship is when a content is removed or the user is blocked from
accessing it, but that's not the case at Tor2web.

The Tor2web block-page instruct the user that the content has been
blocked from this specific Tor2web server and that he's invited to
download Tor Browser Bundle and to access this directly.

I invite you to re-consider what's the effect and impact of filtering
list when applied to Tor2web.
Tor2web is something to amplify the accessibility of Tor Hidden Service,
but it's not and should not be the preferred way to access TorHS due to
security reasons.

IMHO there are two things that shall be done:
- the filtering list shall be improved, make it better, more
documented/commented and even more transparent
- advanced statistics shall be in-place, including all the ones related
to filterlist stats
- more community-based filter-list shall be used (ie: only apply filters
that those node A, B, C, D that i trust apply)
- the block page informative message shall be improved with more
meaningful instruction with step-by-step on how to access the blocked
site directly

What do you think?

Fabio

More information about the Tor2web-talk mailing list