[tor-dev] ResearchEthics

Tim Wilson-Brown - teor teor2345 at gmail.com
Thu Oct 8 14:30:26 UTC 2015


> On 9 Oct 2015, at 01:21, Aaron Johnson <aaron.m.johnson at nrl.navy.mil> wrote:
> 
> Hello Rishab,
> 
>> I've been meaning to respond to this for a while.
> 
> Thanks for your thoughts.
> 
>> For what it's worth, I completely disagree that outright "banning" of certain data collection is the right answer here. There should be a standard "let's weigh the risks vs. the benefits and make a decision" for any/all cases. In most cases, there are ways to perform data collection over Tor (even trying to understand the makeup of hidden services) in a way that does not compromise privacy/security -- e.g., the harvest reports only the "class of the .onion site" and not the actual site itself. This answers the question the researcher is interested in, without compromising or revealing the .onion directly.
> 
> I do agree that all cases should be judged in terms of costs and benefits. The idea of that list is to provide specific activities for which the costs are judged not to outweigh the benefits. In this case, the activity is not “collect information about the descriptors you see as an HSDir and then report aggregate statistics”; it is “collect information about the descriptors you see as an HSDir and then connect to those onion addresses that you observe to try and do a Web crawl of them and scrape their content”. The latter is judged to be unacceptable because Tor wants to provide onion-service operators with the ability to run an onion service privately, and definitely without having to deal with crawlers or other snooping parties.

I also wonder about the risk presented by such a concentration of .onion site addresses (or .onion site requests, if the addresses are never recorded anywhere). If an adversary accesses the researcher’s list, or is observing the researcher’s connection, or is observing the .onion site’s connection, how much does this increase the risk of discovering the site?

For example, if a site’s threat mitigation involves it being accessed a certain (small) number of times, and then changing address, crawlers could represent an unacceptable burden on the site’s operator and legitimate users.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151009/02a4b508/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151009/02a4b508/attachment-0001.sig>


More information about the tor-dev mailing list