aaron.m.johnson at nrl.navy.mil
Thu Oct 8 14:21:11 UTC 2015
> I've been meaning to respond to this for a while.
Thanks for your thoughts.
> For what it's worth, I completely disagree that outright "banning" of certain data collection is the right answer here. There should be a standard "let's weigh the risks vs. the benefits and make a decision" for any/all cases. In most cases, there are ways to perform data collection over Tor (even trying to understand the makeup of hidden services) in a way that does not compromise privacy/security -- e.g., the harvest reports only the "class of the .onion site" and not the actual site itself. This answers the question the researcher is interested in, without compromising or revealing the .onion directly.
I do agree that all cases should be judged in terms of costs and benefits. The idea of that list is to provide specific activities for which the costs are judged not to outweigh the benefits. In this case, the activity is not “collect information about the descriptors you see as an HSDir and then report aggregate statistics”; it is “collect information about the descriptors you see as an HSDir and then connect to those onion addresses that you observe to try and do a Web crawl of them and scrape their content”. The latter is judged to be unacceptable because Tor wants to provide onion-service operators with the ability to run an onion service privately, and definitely without having to deal with crawlers or other snooping parties.
I actually think a list with specific examples is far more useful than a set of abstract criteria that can easily be interpreted to be consistent with the goals of the interpreter.
More information about the tor-dev