Tor, Germany, and Data Retention
With the "enforcement" phase of Germany's data retention law coming into effect on January 1 2009, it's time to start considering design modifications for Tor to make us more resistant. There are many different pieces to consider, including
- How should we change path selection so Tor clients are less at risk from German ISPs that decide to log?
- What exactly will German ISPs log, and who is supposed to have access to it?
- What suggestions should we give to German Tor relay operators, and German privacy advocates in general, about how they should fight this law without putting themselves too much at risk?
I propose some technical changes to Tor in this or-dev post:
Stay tuned for the policy suggestions -- perhaps we'll cover those at 25C3!
These are important questions since often when I log on thru Tor I find myself on a German server.