On Wed, 09 Mar 2011 12:45:39 -0800 Chris Palmer chris@eff.org allegedly wrote:
On 03/09/2011 08:17 AM, mick wrote:
And as Scott said, I don't see why EFF should place the operators of Tor nodes at risk by using Tor as a scanning tool.
Again, do you understand what it is we are doing?
We are not doing a scan with Nmap set to "aggressive" or "stealthy" on all ports.
We are saying hello on port 443, and then saying goodbye. Once. Using normal TCP and TLS handshaking, no tricks. For the good of the internet.
Chris
Yes, I do understand what you are doing, but no, I do not understand why you should need to do this through Tor.
And here I confess that I am now confused (not difficult, it happens) because in your email dated 26 Feb you said:-
"Lots of reputable security researchers who scan the entire internet without getting permission. You can't get permission from every operator in the world, but you still need to do good and interesting research. Examples of reputable researchers who have scanned the whole internet include Dan Bernstein, Dan Kaminsky, and EFF. (At least I think we're reputable. :) ) I don't know for sure, but I can't imagine Arbor, CAIDA, and Renesys can do their jobs without scanning the internet.
Using Tor to scan the internet is a good way to see how the internet looks from different perspectives at once, which can be quite valuable."
Which says to me that you are using Tor to do this research. Whilst in your email dated 9 March you say:-
"No. The Observatory scans were done from EFF machines in our data center. Our slides and source code and data are available for free. Please check them out."
and
"Actually scanning through Tor might be nifty, might be useful. But it's not currently in our plan anyway."
Which says categorically that you are not using Tor.
So which is it?
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------