Tor, Germany, and Data Retention

by arma | October 17, 2008

With the "enforcement" phase of Germany's data retention law coming into effect on January 1 2009, it's time to start considering design modifications for Tor to make us more resistant. There are many different pieces to consider, including

  • How should we change path selection so Tor clients are less at risk from German ISPs that decide to log?
  • What exactly will German ISPs log, and who is supposed to have access to it?
  • What suggestions should we give to German Tor relay operators, and German privacy advocates in general, about how they should fight this law without putting themselves too much at risk?

I propose some technical changes to Tor in this or-dev post:

Stay tuned for the policy suggestions -- perhaps we'll cover those at 25C3!


Please note that the comment area below has been archived.

October 17, 2008


I'm certain that you have not missed that this data retention is not only a problem in Germany, but in all of the European Union, already or soon-to-be.

We in Denmark have had data retention laws in effect since September 15th, 2007 (…) . And it is very far-reaching. Luckily, the privacy and anonymity-aspects of this have recently been discussed openly, but I am sure there are many people who still have to fully comprehend the consequences of the direction we are heading.

I am aware that Denmark has very few Tor operators, compared to Germany, but none the less, it is a problem for the network as well, I suspect. No?

October 17, 2008


These are important questions since often when I log on thru Tor I find myself on a German server.

October 18, 2008


Not that I know what I'm talking about but; would it be reasonable to have TOR send out dummy connections with dummy data? That may create speed issues however it can be made as an option people can enable or disable.

October 19, 2008


is this data retetention programme will affect the clients outside europe lie asia & middle east countries.

October 30, 2008


SORM(correctly speaking for Internet it will be SORM-2,SORM-1 is for phones) in Russia. Well, it's (basically) required to get ISP's license which is necessary for their operations, it's not 'total monitoring' system(i.e. it doesn't record ALL data for future use, it allow to monitor specific in real-time)

and hardware involved will cost too much for almost any tor node to install. So this leaves position of Tor in Russia rather..interesting.(Especially if exit node funcionality is enabled).

November 07, 2008


Need tor browser bundle updates . previous tor browser bundle 14 is saying no authority certificate. please update it

November 11, 2008


Firefox is too slow when tor button is activated. Any ideas for improvement?

November 12, 2008


Firefox is too slow when tor button is activated. Any ideas for improvement? Thanks in advance.

November 16, 2008


"We are planning common legal actions with the German Privacy Foundation who run both Tor and JonDonym servers.


"The EU data retention law is not a problem. Only the german law, which goes far beyound. We already have a big german statement here. In short: we are already sueing against the law at the german Constitutional Court, we are talking to the german "Bundesnetzagentur" which is the executive for this law, and we will do some more legal actions for before the end of this year." - JonDos team

April 30, 2010


what is german privacy foundation and why do i keep getting routed to the site when i try to access an onion site