Legal question for the Tor team (disclaimer, I love Tor and use it in BrowserBox):
- Does Tor need an OFAC license to supply to Russian and Iranian (and other sanctioned entities)? What's your approach to stay compliant and globally helpful? I know 50% of your funding comes from US government (or did a few years back, still?), does this give you extra pathways to engage those regions?
I'm wondering because the system would seem to fall under ITAR due to its encryption, and even if non-ITAR is still a cyber product and these countries are heavily OFAC listed rn.
This is relevant for me right now as I was recetnyl contact by a significant entity in a sanctioned region with a massive deal for BrowserBox. Applying for an OFAC license to see if it's possible to serve them (but we have to make final determination on ethics/legal even if license is approved, I guess). My feeling is that broad sanctions don't hurt the things they are meant to but punish people in all countries from forming transnational links that might actually help to prevent conflicts and build relations however small. Idk, just my reflections after encountring this situation.
OFAC regulates international trade. Isn't Tor's publication an act of pure speech, rather than commerce? They're not charging for it, and they aren't physically moving any goods across borders. How could Tor be subject to any restrictions here?
(not a lawyer, just someone who naively thought the Crypto Wars ended in the 90s)
OFAC applies to trade, like your "massive deal". OFAC's original authority comes from a law titled, literally "The Trading With the Enemy Act".
Tor publishes free software, asking nothing in return. That isn't trade. Neither are those evangelists who broadcast sermons on shortwave radio -- they certainly "serve" Iran in the sense that people in that country can hear their broadcasts.
"Cyber product" lolwut? I think you have been breathing too many beltway fumes.
The section on conjure is fascinating. For those who haven't followed the refraction networking space, the idea of leveraging unused address space at the ISP level is something academic papers have proposed for years [1]. Seeing it deployed in the wild is huge. The hardest part of this has always been non-technical by the way. Convincing ISPs to cooperate. If the Tor project has managed to get ISPs to route traffic destined for unallocated IPs to a station that handles the handshake, it completely breaks the censor's standard playbook of IP enumeration. You can't just block a specific subnet without risking blocking future legitimate allocations.
I’d be curious to know if these are smaller, sympathetic ISPs or if they managed to partner with larger backbone providers. I'm interested to hear more about this.
Folks using nyanpass setup for first hop into a near China hosting provider, then it's usually two additional hops within Asia and then the internet. There's a whole industry / ecosystem of folks who sell this - and set rate limit controls based upon how much you pay etc.
No as long as you pay CN2 GIA rate. Not ratelimited just oversubscribed and bad peering. Purchase the hundred dollar per mbps CN2 GIA dedicated bandwidth its no problem.
Legal question for the Tor team (disclaimer, I love Tor and use it in BrowserBox):
- Does Tor need an OFAC license to supply to Russian and Iranian (and other sanctioned entities)? What's your approach to stay compliant and globally helpful? I know 50% of your funding comes from US government (or did a few years back, still?), does this give you extra pathways to engage those regions?
I'm wondering because the system would seem to fall under ITAR due to its encryption, and even if non-ITAR is still a cyber product and these countries are heavily OFAC listed rn.
This is relevant for me right now as I was recetnyl contact by a significant entity in a sanctioned region with a massive deal for BrowserBox. Applying for an OFAC license to see if it's possible to serve them (but we have to make final determination on ethics/legal even if license is approved, I guess). My feeling is that broad sanctions don't hurt the things they are meant to but punish people in all countries from forming transnational links that might actually help to prevent conflicts and build relations however small. Idk, just my reflections after encountring this situation.
> supply
> product
OFAC regulates international trade. Isn't Tor's publication an act of pure speech, rather than commerce? They're not charging for it, and they aren't physically moving any goods across borders. How could Tor be subject to any restrictions here?
(not a lawyer, just someone who naively thought the Crypto Wars ended in the 90s)
Encryption isn’t ITAR.
> massive deal
OFAC applies to trade, like your "massive deal". OFAC's original authority comes from a law titled, literally "The Trading With the Enemy Act".
Tor publishes free software, asking nothing in return. That isn't trade. Neither are those evangelists who broadcast sermons on shortwave radio -- they certainly "serve" Iran in the sense that people in that country can hear their broadcasts.
"Cyber product" lolwut? I think you have been breathing too many beltway fumes.
> No mention of EU chat control
> No mention of "age verification"
> No mention of people arrested for Twitter posts in the UK and the EU
What did they mean by this?
The section on conjure is fascinating. For those who haven't followed the refraction networking space, the idea of leveraging unused address space at the ISP level is something academic papers have proposed for years [1]. Seeing it deployed in the wild is huge. The hardest part of this has always been non-technical by the way. Convincing ISPs to cooperate. If the Tor project has managed to get ISPs to route traffic destined for unallocated IPs to a station that handles the handshake, it completely breaks the censor's standard playbook of IP enumeration. You can't just block a specific subnet without risking blocking future legitimate allocations.
I’d be curious to know if these are smaller, sympathetic ISPs or if they managed to partner with larger backbone providers. I'm interested to hear more about this.
[1] look up tapdance
I doubt that Russian ISP puppets would cooperate.
Does anybody know what the situation is like in China these days? What's the most commonly used tool for proxying now?
Does basically all network leaving China still get ratelimited at a few megabytes per second?
Folks using nyanpass setup for first hop into a near China hosting provider, then it's usually two additional hops within Asia and then the internet. There's a whole industry / ecosystem of folks who sell this - and set rate limit controls based upon how much you pay etc.
Easy the bypass; v2ray vless vmess trojan.
No as long as you pay CN2 GIA rate. Not ratelimited just oversubscribed and bad peering. Purchase the hundred dollar per mbps CN2 GIA dedicated bandwidth its no problem.
Grape used to be a fine word.