[tor-project] Launching Ethics Guidelines

Tim Wilson-Brown - teor teor2345 at gmail.com
Fri May 6 09:30:03 UTC 2016

> On 6 May 2016, at 14:53, Virgil Griffith <i at virgil.gr> wrote:
> I've received conflicting accounts as to whether the  ethics guidelines require onionsites are to be opt-in [no spec yet?] or the current opt-out [i.e., /robots.txt].
> Any clarification on this point would be very helpful for the various tor2web services which currently use the current /robots.txt method.
> FWIW, when Aaron and I designed tor2web, we chose the unusual subdomain URL format explicitly so that /robots.txt would work.

Where is the current opt-out process specified? Im not familiar with it.

As with anything that's not explicitly spelt out in the ethics guidelines, I think that's an ongoing conversation we need to have, taking into account the principles in those guidelines.

It seems to me that access via Tor and access via tor2web should be equivalent by default.
So I really can't see how opt-in would work, but I have yet to see a proposal for an opt-in method.
(I don't like any design where tor2web needs to connect to an onion service to work out whether the service has opted-in.
That adds to the load, and is bad if the number of connections or externally-triggered connections are part of the threat model.)
Has there been anything said on a public mailing list about opt-ins for tor2web?

It also seems to me that any opt-in proposal would be more likely to work under prop224, when onion service addresses are harder to discover. Nevertheless, if a client has the address, it shouldn't matter if they access the service via Tor or tor2web. Any transition to opt-in would also be easier to manage as part of the prop224 transition.

There's one important exception to this general principle: Single Onion Services.
To avoid creating one-hop proxies, tor2web should not allow access to a single onion service.
We'e yet to arrive at a mechanism to make this happen, but I think we will end up adding a line to the onion service descriptor.
We could make this a configuration parameter (AllowTor2Web?) that defaults to 1 for hidden services, and 0 for single onion services.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160506/c0bbd04a/attachment.sig>

More information about the tor-project mailing list