Opportunity for Tor growth overlooked: Tor-only public hotspots to reduce accountability (lemmy.sdf.org)

submitted 2 weeks ago by evenwicht@lemmy.sdf.org to c/tor@infosec.pub

0 comments fedilink hide all child comments

There are countless public wi-fi access points that push captive portals which collect identity info on users and track them. The purpose of the privacy intrusion is (allegedly) so they can respond to complaints about unacceptable use. Or worse, so they can directly snoop on their own users activity to police their behavior. Those burdens are not cost-free. Babysitters cost money.

Tor solves this problem. There can be no expectation that a service provider nanny Tor users because they naturally cannot see what users are doing. You are only responsible for what you know -- and for what data you collect. The responsibility of Tor users falls on the exit nodes (to the extent they are used, as opposed to onions).

It’s bizarre how public access admins often proactively block egress Tor traffic, out of some ignorant fear that they would be held accountable for what the user does. It’s the complete opposite. Admins /shed/ accountability for activity that they cannot monitor. If it’s out of their hands, it’s also beyond their responsibility. This is Infosec Legal Aspects 101 -- don’t collect the info if you don’t want the responsibility that the data collection brings. Somehow most of the population has missed that class and remains driven by FUD instead. They foolishly do the opposite: copious overcollection, erroneously thinking that’s the responsible thing to do.

In principle, if you want to deploy gratis Internet access to a population free of captive portals and with effortless administration that respects the privacy of users, then it is actually clearnet traffic that you would block. If you allow only Tor traffic, you escape the babysitter role entirely.

In thinking about how to configure this, first thought was: setup a Tor middlebox transparent proxy and force all traffic over Tor. The problem with that is you would actually still have visibility on the traffic before it gets packaged for Tor, so it fails in the sense that you could technically be held liable for not babysitting the traffic between the user and the Tor network. OTOH, the chances of receiving a complaint from the other side of the Tor cloud are naturally quite low. Still, it’s flawed.

It really needs to be a firewall that blocks all except Tor guard nodes. A “captive portal” of sorts could be used to inform clearnet users that only Tor traffic is permitted, which could give some basic advice about Tor, such as local workshops on installing a Tor client.

It imposes a barrier to entry of both knowledge and wisdom on users. So be it; it is what it is. Not everyone can expect a free hand-out, and it’s usually Tor users to face the oppression of access denial. Of course the benefit is that some people will decide to install Tor in order to use the hotspot.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here

this post was submitted on 12 Jun 2025

2 points (100.0% liked)

Unofficial Tor Community

202 readers

10 users here now

Link to tor project (they made the icon I grabbed, and tor itself of course): https://www.torproject.org/

This is a community to discuss the tor project and your experience with tor, tor browser, etc.

Rules are generally: be nice, don't be bigoted, etc.

Only seems fair that an infosec instance should have a community about one of the most well known anonymity tools :)

founded 2 years ago

MODERATORS

sapient_cogbag@infosec.pub