Hi David,
I think this is a compelling idea and I love that you've given so many examples of research on human rights-focused design considerations. That said, one of the trickiest parts of the social contract was not overpromising or contradicting ourselves when it comes to design since sometimes we need to use or build tools that do not meet the requirements you outlined below -- tools for detecting bad relays came up in that previous conversation a bunch, just as one example. I think there could be a lot of value in a "design standards" document, but I think there should definitely be clarification in "things we use" vs "things we build" and also "things we need internally" vs "binaries we release to the public".
Alison
dawuud:
Hi David, thanks for this message. I think the points you've raised above are *exactly* the kinds of things that social contract should make us discuss together. If the SC is who we are/what we want to be, what are the ways in which we are currently failing to meet those commitments? This is one of the ways I see this document being used.
Alison
Hi Alison, Yes and I wonder if Tor project would want to publish a different kind of social contract specifiying software design principals and distributed system design considerations which are supportive of human rights and privacy. Surely the many years of experience gained from developing tor has resulted in these types of considerations for distributed systems.
here's an IRTF charter for an interesting research group, "Human Rights Protocol Considerations": https://datatracker.ietf.org/group/hrpc/charter/
In particular their charter states that: """ The research group takes as its starting point the problem statement that human-rights-enabling characteristics of the Internet might be degraded if they are not properly defined, described and sufficiently taken into account in protocol development. """
and
""" As evinced by RFC 1958, the Internet aims to be the global network of networks that provides unfettered connectivity to all users at all times and for any content. Open, secure and reliable connectivity is essential for rights such as freedom of expression and freedom of association. Since the Internet’s objective of connectivity makes it an enabler of human rights, its architectural design converges with the human rights framework. """
so far they've publish this document: https://www.ietf.org/id/draft-doria-hrpc-report-01.txt
Among many other things they mention the end to end principal, however i'm also inspired by the principal of least authority as described in Mark Miller's "The Structure of Authority": ( To me this paper reads like beautiful anarchist literature for software developers.. however I suspect some non-technologists will also appreciate it ) http://www.erights.org/talks/no-sep/ http://www.erights.org/talks/no-sep/secnotsep.pdf
Inspired by Tahoe-LAFS and the principal of least authority Dominic Tarr wrote a short paper about cryptographic handshakes which likens identity keys to cryptographic capabilities and discusses how not to leak them to passive network observers: https://github.com/dominictarr/secret-handshake-paper
And further I find "User Interaction Design for Secure Systems" by Ka-Ping Yee https://www2.eecs.berkeley.edu/Pubs/TechRpts/2002/CSD-02-1184.pdf
is also inspiring and relevant since Tor project is also involved and advocating for various tor friendly user facing applications such as Tor browser, ricochet etc. one of the principals it mentions is revocation:
""" Revocability. The interface should allow the user to easily revoke authorities that the user has granted wherever revocation is possible. """
For instance someone inspired by ricochet might design and implement a similar chat system with an identity onion revocation mechanism: perhaps Alice would be able to tell all her contacts except Bob of her new onion service thereby revoking Bob's access to her current onion.
No SPOFs No admins
sincerely,
David
tor-project mailing list tor-project@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project