[tor-dev] Guidelines and processes for ethical Tor research

[Aaron Johnson]

Hello,

Today at the Tor developers’ meeting, we had a discussion about how to help ensure that Tor research is done ethically.  We developed a set of general guidelines for ethical Tor research, and we sketched out a process that researchers should follow if they want to do work on the live Tor network.

The guidelines at present are:
  1. Only collect data that is acceptable to publish. In the case of encrypted or secret-shared data, it can be acceptable to assume that the keys or some shares are not published.
  2. Only collect as much data as is needed (i.e. data minimization).
  3. Limit the granularity of the data. For example, "noise" (i.e. added data inaccuracies) should almost certainly be added.
  4. Make an explicit description of benefits and risks, and argue that the benefits outweigh the risks.
  5. Consider auxiliary data when assessing the risk of your research. For example, data from snooping exit traffic can be combined with entry traffic to deanonymize users.
  6. Use a test network when at all possible.

The process we discussed is fairly lightweight. It amounts to notifying a Tor Review Group (TRG) of your plans and using the TRG's feedback to develop a research plan that respects the guidelines. This notification can be private to the TRG only (although public notification is preferred). The TRG would consist of Tor developers and researchers.

We are going to continue developing the guidelines and process through the wiki: <https://trac.torproject.org/projects/tor/wiki/doc/ResearchEthics>. Please send any comments.

Best,
Aaron