Results 1 to 7 of 7

Thread: Attn: admins – Comments & questions about user privacy, free speech and Tor

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Jul 2012
    Posts
    2

    Question Attn: admins – Comments & questions about user privacy, free speech and Tor

    I've been using Rizon as my primary IRC network for years now, but it only recently came to my attention that some matters related to privacy are unclear within the official documentation available, at least to the best of my knowledge.

    On your home page is written "Rizon takes free speech very seriously and avoids any censorship." I wonder what this assertion means in more concrete and precise terms. Is anything being done to protect user privacy (privacy and anonymity being necessary foundations for free speech)? Are conversations and/or IPs logged?

    Furthermore, banning Tor from the network doesn't seem to be something one would expect from a network which takes security, anonymity and free speech seriously. I am aware of the fact that such anonymization systems are frequently abused, but networks like Freenode have successfully implemented simple ways to avoid the worst cases, notably by letting channel operators choose whether or not to ban Tor users, which would appear to suit Rizon's philosophy better than a blanket ban.

    I like Rizon's vibe and would wish to keep on using it as my main IRC network, but using it for anything like serious purposes (e.g. coordinating political activism) seems unwise given uncertainty on the matters mentioned above.
    Last edited by Azarius; 07-25-2012 at 02:54 PM. Reason: typo

  2. #2
    Rizon Staff djahandarie's Avatar
    Join Date
    Jun 2010
    Location
    Massachusetts, USA
    Posts
    268

    Default

    Hey there, glad you use Rizon. Hopefully I can answer some of your questions.


    Quote Originally Posted by Azarius View Post
    On your home page is written "Rizon takes free speech very seriously and avoids any censorship." I wonder what this assertion means in more concrete and precise terms. Is anything being done to protect user privacy (privacy and anonymity being necessary foundations for free speech)? Are conversations and/or IPs logged?
    We do not log any conversations. Obviously, keep in mind that IRC channels are public by default and any rogue bot could join and start logging it, unless you lock down the channel with keys or access lists.

    IP/nick pairs are logged and are accessible to a few staff members if there is a serious situation (for example, someone attacking the network with a botnet/drones). The logs are subject to US law, so a warrant could result in us having to give them up. Even if we didn't log this information, a warrant could require us to track a certain nickname's IP from then on, and we would be legally prevented from alerting the user (as it would impede the investigation), so it's not particularly more risky for users than it would have been without logs.

    Since Rizon is nonprofit, it'd be very difficult for us to represent a user in court (consider the recent Twitter subpoena case) as well.


    Quote Originally Posted by Azarius View Post
    Furthermore, banning Tor from the network doesn't seem to be something one would expect from a network which takes security, anonymity and free speech seriously. I am aware of the fact that such anonymization systems are frequently abused, but networks like Freenode have successfully implemented simple ways to avoid the worst cases, notably by letting channel operators choose whether or not to ban Tor users, which would appear to suit Rizon's philosophy better than a blanket ban.
    I agree regarding the full ban on Tor. We have eventual plans to bring up a Tor hidden service and allow users to connect through that (and gain a ____.tor.rizon.net mask or similar as a result). However, this does take a good amount of developer time so it's been put on the backburner for now while we're working on other changes.


    Quote Originally Posted by Azarius View Post
    I like Rizon's vibe and would wish to keep on using it as my main IRC network, but using it for anything like serious purposes (e.g. coordinating political activism) seems unwise given uncertainty on the matters mentioned above.
    Hopefully those answers help your decision process. If you're running something very critical/risky, a lot of our servers are under the jurisdiction of US law, and some servers under other jurisdictions, so it'd be best to really evaluate all your options and see if you need to set up a fully secure communication channel using your own hardware. If you want to use Rizon for something risky, it'd be best to anonymously purchase a VPS or similar sort of tunnel and bounce through that, or any other similar layer of indirection.

    The IP/nick logs are essentially the only things we log, unless you interact with services, in which case we also log any IPs taking major actions (such as deleting or registering) a channel/nickname.

    In the end, our logging is to help ensure the network exists in a useful state (rather than run down by attackers, which is generally the more immediate threat as opposed to legal intervention, for most online political movements). Also, when we are contacted by the government regarding people using our network for stealing credit card numbers or organizing botnets, it's very useful to have basic logs to show that it was someone else, not us, because otherwise they will shut down servers quick, and that's a real threat and an easy avenue for them to take if their real goal is to silence some legal speech on the network.


    What Rizon does promote, is that none of our staff members will go in and shut down a channel or silence a user simply because they don't agree with something or find it risky, which unfortunately some other IRC/chat networks do on a regular basis. We do our best regarding legal issues, but since all our hardware is donated by the server admins, and all our staff are volunteers, we can only provide the bare minimum of protection when contacted by a government (with a valid warrant/subpoena) which has jurisdiction over our servers.
    Darius

  3. #3
    Junior Member
    Join Date
    Jul 2012
    Posts
    2

    Default

    Thank you for that enlightening reply, all my questions have been answered, and none in a way that didn't correspond to my expectations. I would suggest you make available a privacy policy or something similar somewhere more obvious than this thread, as I believe those are rather important informations.

    I'm looking forward to having the possibility to access Rizon via a Tor hidden service in the future. At the moment, I don't think any of the activities I plan to use Rizon for are critical or risky enough to warrant measures such as a VPS to insure privacy. My concern was essentially "philosophical". Consider me satisfied.

  4. #4
    Junior Member
    Join Date
    Aug 2012
    Posts
    2

    Default Sounds overly complex...

    I honestly believe that allowing tor support is absolutely necessary for Rizon to be congruent to a free and open society. Yes, with tor comes some potential for abuse, but it's easier to manage this on a per-channel basis than by just flatly banning an open proxy (which really just shifts would-be miscreants to other open proxies -- and you're fighting a losing battle if you think you can ban them all) and shutting down potentially mission-critical use cases.

    Best case for a would-be victim of oppression is that they simply can't access Rizon. Worst case is that they get caught accessing Rizon and charged for political dissidence or any other charges which can be brought against people. This may seem like a far-fetched nightmare, but in some countries this is just a way of life.

    The solution you proposed, whilst very thorough, implies far more work than is actually required. All that Rizon developers would need to do to allow tor access is to import a list of tor exit nodes IP (you already have this, or you couldn't ban tor) and to apply a hostmask to all users from those IPs. This way, channel operators could choose to ban the entire tor hostmask if required. This is really an hour or two maximum of work, I'm not sure how it's not infinitely more desirable than just banning tor.

    If more help is required, just let me know. I've done similar on private IRCds before.

    I will also offer a 5 Bitcoin (~$50) or $50 Liberty Reserve donation to the Rizon network upon implementation of tor support, and encourage others with similar opinions to do the same.
    Last edited by Reikoku; 08-07-2012 at 12:56 PM.

  5. #5
    Rizon Staff djahandarie's Avatar
    Join Date
    Jun 2010
    Location
    Massachusetts, USA
    Posts
    268

    Default

    Quote Originally Posted by Reikoku View Post
    I honestly believe that allowing tor support is absolutely necessary for Rizon to be congruent to a free and open society. Yes, with tor comes some potential for abuse, but it's easier to manage this on a per-channel basis than by just flatly banning an open proxy (which really just shifts would-be miscreants to other open proxies -- and you're fighting a losing battle if you think you can ban them all) and shutting down potentially mission-critical use cases.

    Best case for a would-be victim of oppression is that they simply can't access Rizon. Worst case is that they get caught accessing Rizon and charged for political dissidence or any other charges which can be brought against people. This may seem like a far-fetched nightmare, but in some countries this is just a way of life.
    As I said earlier, I do think tor support is important, it's just not at the top of our list. A proper implementation is key to avoid abuse of the service.


    Quote Originally Posted by Reikoku View Post
    The solution you proposed, whilst very thorough, implies far more work than is actually required. All that Rizon developers would need to do to allow tor access is to import a list of tor exit nodes IP (you already have this, or you couldn't ban tor) and to apply a hostmask to all users from those IPs. This way, channel operators could choose to ban the entire tor hostmask if required. This is really an hour or two maximum of work, I'm not sure how it's not infinitely more desirable than just banning tor.
    Setting up a hidden service is not hard, and we can lock down the ircd to tor fairly easily that way, as opposed to regularly pulling an exit node list (which technically is not fully accurate) and doing automated configuration changes&rehashes. It's just not viable to do this moment with the development staff we have available.


    Quote Originally Posted by Reikoku View Post
    If more help is required, just let me know. I've done similar on private IRCds before.
    Feel free to send mink@rizon.net an email if you're interested in doing any sort of development for Rizon.


    Quote Originally Posted by Reikoku View Post
    I will also offer a 5 Bitcoin (~$50) or $50 Liberty Reserve donation to the Rizon network upon implementation of tor support, and encourage others with similar opinions to do the same.
    Appreciated of course, but Rizon already runs in the red thousands of dollars a month, donations don't really make much sense for our cost model. I'd recommend funneling that money to your favorite charity if we get the job done.
    Darius

  6. #6
    Junior Member
    Join Date
    Aug 2012
    Posts
    2

    Default

    I will e-mail mink.

    Can I ask how Rizon does fund its servers, if not through donations?

Similar Threads

  1. Free Rolex Watches If You Welcome Me
    By Heaven Implode in forum Introductions
    Replies: 5
    Last Post: 07-19-2010, 05:19 PM
  2. 1yr Free Subscription to PC World
    By Jason in forum Deals
    Replies: 3
    Last Post: 04-10-2010, 01:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •