On Fri, Sep 19, 2014 at 4:29 PM, <x50@fastmail.fm> wrote:
On Thu, Sep 18, 2014, at 05:18 PM, Ted Smith wrote:
The talk was almost certainly canceled because it contained admissions of violating federal wiretapping laws, which is what happens if you de-anonymize Tor users in the wild. This is a legally gray area in theory, but I think in practice it would never be judged in favor of the defendant, and so the CMU legal team pulled the talk to avoid exposing themselves to liability.
Wiretapping usually involves collecting content or traffic metadata that is identifiable to the user. When not against a specific user, disclosing a real IP address in itself might be more of an edge case along the lines of circumvention of the tech, cracking what the user setup, etc. There probably need to be test cases to cover these areas as applied to anonymity networks.
I've still be extremely disappointed in the lack of cooperation with the Tor project on addressing the concerns. Especially given the relationship between CMU and CERT.
That's still thinking in terms of some BS non-full-disclosure legal/professional/industry play-nice rules. There's no reason why, if their is no crime, no contractual party loss, etc that the 1st amendment can't be used to disclose it. And ZERO reason whatsoever that the research cannot simply be anonymized, rewritten and anonymously posted somewhere as if it were developed in parallel by some anon. It's as if while playing their legal/credit games they forget/ignore that vulnerable users come first. Or someone bought them out.