I had hoped to discuss robots.txt instead of Tor2web, but so be it.

> I disagree with you, and therefore think that keeping detailed logs is 

> unethical, particularly for commercial or capability demonstration purposes.

I would prefer not to log, and that was the original design.  Then when your servers start pushing 700+ hits/sec, it gets hard to sustain without some sort of revenue model.  And then because onion.link is such a lawsuit magnet, granting agencies typically don't want to touch it (which I understand).  I considered charging for the service, but if only paid users could see the content, that would defeat the purpose of the goal of being a global "whistleblowing platform".  So that left the various free models.  Among the free models, ads and logs are the tried-and-true methods.  So it's what I've tried experimenting with.  I'm fine being considered the moral equivalent of a non-profit Twitter which makes a good faith effort to minimize exposure, yet still tracks user behavior.

> And when the name of the service is "Tor2web", it's hard to dissociate it 

> from Tor.

That's totally reasonable.  I think this is actually part of the reason tor2web.org is talking about merely hosting code and letting the implementations brand themselves appropriately.

> And I would put it to you that the ethics guidelines, and various other 

> community standards, aim to protect user privacy in general, not just for Tor 

> Browser users, and not just when users expect privacy.

Well that's a claim.  And one that certainly settles the issue.  In short, I am content with the lesser condition of a world where people can opt-out of tracking.  I am ethically satisfied as long that opt-out is easily available.  One concern with this approach is that it puts Tor as ethically opposed to every large free online service in the world.  Including many that Tor Project uses.

> If you want a different standard, where we're allowed to keep identifiable 

> information about some users of some tools accessing them via some methods, 

> then you really need to make a strong argument for it. Otherwise, the 

> overarching principle applies.

In the worst case I'd think the "privacy all the time" is impractical with the modern Internet.  As for Tor itself I don't think it should keep identifiable information, but that's different from excommunicating those who work in organizations that do.  This standard would expel many existing productive members of the Tor community.

> Guard nodes don't see what sites users are accessing.

> Tor2web nodes do.

> So it's possible to create logs with user IP addresses and the onion sites 

> they've accessed (as you've demonstrated).

> A guard can't do that.

Same position as before.  I consider guard node traffic to be vastly more private than tor2web traffic because people using TBB have expressed a desire to be private.  Onion.link is about convenient access.  For privacy, use TBB if you want privacy while using that convenient access---problem solved.

> Thanks again, but the search is still Google, so user IPs and onion sites not 

> only go to onion.link, but also Google.

Open to changing that.  After the robots.txt discussion.

> You seem to be trying very hard to make this conversation happen on your 

> schedule.

> But maybe it's going to take time and thought and even research and 

> experiments for this conversation to develop.

> Perhaps you'll have to live with the uncertainty for a while.

Fair enough.  I've waited since the Berlin meeting last year for this discussion.  And bluntly---it is *really* that hard?  Celebrated Tor products already *directly depend* on the answer being either (B) or (C).  Given several products already depend on it, is rejecting (A) really that hard?

> I'm not going to repeat what I said previously about client authentication, 

> but I do have something new to add:

> Some recent US legal judgements require explicit permission to access every 

> website for the wider Internet: without permission, it's illegal to access 

> any website. So that's is one reason to be wary of using explicit permission 

> to access as our standard - we'd likely oppose it when applied to non-onion 

> websites.

I'd oppose it as well.

-V