[tor-project] Launching Ethics Guidelines

Tim Wilson-Brown - teor teor2345 at gmail.com
Sat May 14 15:54:39 UTC 2016 

> On 13 May 2016, at 07:50, Virgil Griffith <i at virgil.gr> wrote:
> 
> To all:
> 
> I recognize that selling minimized log files, even if they could be minimized in a hypothetical way yielding high confidence that it didn't threaten Tor's security model, would still be contrary to the ethos of Tor Project.  Towards that end, effective immediately, log files, aggressively minimized or otherwise, are not for sale.

It really would be best if you didn't keep detailed logs at all.
Now it is publicly known that you keep detailed logs, servers with access to those logs, and you yourself, become a target for bad actors.

> Additionally, I commit to:
> * making a good faith effort to encouraging clearnet users to use TBB over OnionLink.  Details TBD.

I would also appreciate it if you would encourage TBB users to use onion sites directly, rather than over OnionLink.

> On 13 May 2016, at 05:27, Virgil Griffith <i at virgil.gr> wrote:
> 
> Using my old CDN, Fastly.com, my costs were ~$2000 per month. Under the new setup with 100TB.com(cheapest I could find) costs are $600 per month and climbing.  It's unclear to me how you do it so cheaply.  Are you metered by how much traffic you generate?  If you have suggestions for a host i am interested---anything below $500 per month would be a godsend.

I hear CloudFlare offers a free (as in beer) CDN plan that isn't volume-based.
They will even let you block Tor Exit nodes (Tor Browser users) if you have a business-level paid plan.
https://www.cloudflare.com/plans/

However, I recommend you first try to find a competitor of theirs which also offers feature-based pricing, but without the annoying CAPTCHAs for users with shared IP addresses, such as Tor Browser users.

> On 13 May 2016, at 12:01, micah <micah at riseup.net> wrote:
> 
> However, you did not make any clear statement that you are not doing
> something else that people may similarly object to, but just dont know
> about it yet, or don't realize how it is being used in a way that may
> not be ethically ok for the community.
> 
> You said "All I've ever done", which is using the past tense, but that
> doesn't tell me that you are not doing something now, or will do so in
> the future.
> 
> Can you make such a statement now? Are there other things you are doing
> with Tor that the general community does not know about and cannot make
> an ethical evaluation?

Has OnionLink ever received a security or privacy review?
I'd be interested in how much information about clients is logged and/or made available to hidden services, and vice versa.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B
ricochet:ekmygaiu4rzgsk6n



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160514/3e49a067/attachment.sig>

More information about the tor-project mailing list