<font size="2"><span style="background-color:rgba(255,255,255,0)"> > - timestamp accurate to the second</span></font><div><font size="2"><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.301961);"><br></span></font></div><div><font size="2"><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.301961);">Isis: that is an excellent point. It didn't occur to me to shave the seconds/minutes from the timestamp. That is a fantastic point and a clear oversight on my end. Minimized logs are no longer available, but when they were I should have definitely been shaving those timestamps. I sincerely thank<span></span> you for catching that.</span></font></div><div><font size="2"><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.301961);"><br></span></font></div><div><font size="2"><span style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.301961);">-V</span></font></div><div><br>On Monday, 16 May 2016, isis <<a href="mailto:isis@torproject.org">isis@torproject.org</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Virgil Griffith transcribed 10K bytes:<br>
> I accidentally put tor-project@ on the To: field. Sorry about that.<br>
<br>
A *likely* story. I put tor-project@ back in the To: field.<br>
<br>
> Although I personally don't consider this content to be dangerous, at<br>
> least one person will consider it so, and I'd rather not antagonize<br>
> that person.<br>
<br>
Heh.<br>
<br>
> I renamed the URL to:<br>
<br>
[snipped the URL]<br>
<br>
> Share as you see fit.<br>
<br>
I'll refrain from stooping to your level, thanks.<br>
<br>
> -V<br>
<br>
The above URL to dropbox which Virgil gave me contains extremely detailed<br>
logs of user behaviour, including:<br>
<br>
- timestamp accurate to the second<br>
- IP addresses (where only the final octet is scrubbed, reducing the set of<br>
possible IPs in question to ~253)<br>
- onion service requested<br>
- full URI requested<br>
- onion service response code<br>
<br>
> On Thu, May 12, 2016 at 5:43 PM, Virgil Griffith <<a href="javascript:;" onclick="_e(event, 'cvml', 'i@virgil.gr')">i@virgil.gr</a>> wrote:<br>
> > Apparently tor-assistants@ no longer exists? Well, here's the logs.<br>
> > Share with whomever you think is appropriate.<br>
> ><br>
> > ============================================================<br>
> > The earlier dates were on a different hard drive. Here's the oldest<br>
> > date I have on hand: Jan 25, 2016.<br>
> ><br>
> > <a href="https://dl.dropboxusercontent.com/u/3308162/2016-01-25.log.gz" target="_blank">https://dl.dropboxusercontent.com/u/3308162/2016-01-25.log.gz</a><br>
<br>
<br>
This file was replaced with a new one, which says the following:<br>
<br>
<br>
> Oops! Didn't mean to post this URL to a public mailing list. My goof.<br>
><br>
> I renamed the file and sent the new URL to isis and Matt Finkel. If you<br>
> want the data, talk to either of them. I trust each of them to distribute<br>
> the data however they see fit.<br>
><br>
> In releasing this day's worth of data, my goal is concretize the discussion<br>
> of how much de-anonymizing power this data provides.<br>
><br>
> I claim two things:<br>
> (a) Forbidding any Tor community member from using Google Ads on a<br>
> Tor-related website is overbroad.<br>
> (b) The de-anonymizing power of onion.link's minimized logs is<br>
> substantially less than Google Ads (or equivalent).<br>
><br>
> If (a) is not true, reasonable next candidates for banishment include, and<br>
> are not limited to:<br>
><br>
> * Grams <a href="http://grams7enufi7jmdl.onion" target="_blank">http://grams7enufi7jmdl.onion</a> [onionsite]<br>
> * DailyDot <a href="http://www.dailydot.com/tags/tor" target="_blank">http://www.dailydot.com/tags/tor</a> [clearnet]<br>
> * DeepDotWeb <a href="http://deepdot35Wvmeyd5.onion" target="_blank">http://deepdot35Wvmeyd5.onion</a> [double whammy! DeepDotWeb<br>
> tracks users on its onionsite *AND* clearnet<br>
> <a href="https://www.deepdotweb.com/" target="_blank">https://www.deepdotweb.com/</a>]<br>
><br>
> And last I checked these were popular upstanding onionsites.<br>
><br>
> Obviously some people will dislike (a). And thus some people will dislike<br>
> (b). And that's okay. The community (obviously) doesn't wish to<br>
> unanimously approve of every Tor onion-site. The question is whether using<br>
> an ad-network is a bannable offense.<br>
><br>
> Given (a) is not a bannable offense, and additionally badness(b) <<br>
> badness(a). Ergo (b) not a bannable offense.<br>
<br>
To my knowledge, The Daily Dot has never attempted to sell Tor user data to<br>
INTERPOL.<br>
<br>
> > SHA1: f5eaab44c04e483ffe24c58ec558fdfaefb610b2<br>
> ><br>
> > I forthrightly attest that:<br>
> ><br>
> > (1) these logs are socially very interesting, but not actively dangerous.<br>
> ><br>
> > (2) these logs are substantially less dangerous than running Google<br>
> > ads, which was the alternative.<br>
> ><br>
> > Rebuttals are welcome on tor-project@ .<br>
> ><br>
> > If you want to see the minimized logs for a specific day I can do that too.<br>
<br>
Hmm… I think I've heard the word "minimised" in reference to bulk metadata<br>
collection before…<br>
<br>
--<br>
♥Ⓐ isis agora lovecruft<br>
_________________________________________________________<br>
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35<br>
Current Keys: <a href="https://fyb.patternsinthevoid.net/isis.txt" target="_blank">https://fyb.patternsinthevoid.net/isis.txt</a><br>
</blockquote></div>