[tor-project] Launching Ethics Guidelines

Virgil Griffith i at virgil.gr
Wed May 11 08:15:25 UTC 2016

Here's the line about unacceptability of crawling .onion:

"For example, it is not acceptable to run an HSDir, harvest onion
addresses, and do a Web crawl of those onion services."


So, this can indeed be an official policy.  But it was the first I had
heard of it.  And currently at least 3-4 tor2web nodes in
good-standing explicitly permit crawling of .onion .


Teor: Apologies for being dumb, but can you explain why it's bad for
tor2web-nodes to connect to single-onion services?  Both Tor2web and
Single-onion say IN BIG BOLD LETTERS that using these remove your
anonymity.  Given that these are intentionally meant to be "expert
features" for people who know what they are doing, I don't immediately
see a concern sufficiently large that it merits special handling.  Can
you enlighten me?


On Fri, May 6, 2016 at 5:36 PM, Tim Wilson-Brown - teor
<teor2345 at gmail.com> wrote:
>> On 6 May 2016, at 19:30, Tim Wilson-Brown - teor <teor2345 at gmail.com> wrote:
>>> On 6 May 2016, at 14:53, Virgil Griffith <i at virgil.gr> wrote:
>>> I've received conflicting accounts as to whether the  ethics guidelines require onionsites are to be opt-in [no spec yet?] or the current opt-out [i.e., /robots.txt].
>> ...
>> There's one important exception to this general principle: Single Onion Services.
>> To avoid creating one-hop proxies, tor2web should not allow access to a single onion service.
>> We'e yet to arrive at a mechanism to make this happen, but I think we will end up adding a line to the onion service descriptor.
>> We could make this a configuration parameter (AllowTor2Web?) that defaults to 1 for hidden services, and 0 for single onion services.
>> https://trac.torproject.org/projects/tor/ticket/17945
> After re-reading the ticket, there is another way to implement this feature without providing a generic method for onion services to block tor2web:
> The rendezvous point (and possibly the introduction point) could terminate the connection if it has a single hop on both ends. However, this could result in false positives if the consensus gets out of sync.
> Or is there a reliable way for a relay to detect non-relays without using the consensus?
> Tim
> Tim Wilson-Brown (teor)
> teor2345 at gmail dot com
> PGP 968F094B
> ricochet:ekmygaiu4rzgsk6n
> _______________________________________________
> tor-project mailing list
> tor-project at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project

More information about the tor-project mailing list