[tor-project] Launching Ethics Guidelines
i at virgil.gr
Wed May 11 08:15:25 UTC 2016
Here's the line about unacceptability of crawling .onion:
"For example, it is not acceptable to run an HSDir, harvest onion
addresses, and do a Web crawl of those onion services."
So, this can indeed be an official policy. But it was the first I had
heard of it. And currently at least 3-4 tor2web nodes in
good-standing explicitly permit crawling of .onion .
Teor: Apologies for being dumb, but can you explain why it's bad for
tor2web-nodes to connect to single-onion services? Both Tor2web and
Single-onion say IN BIG BOLD LETTERS that using these remove your
anonymity. Given that these are intentionally meant to be "expert
features" for people who know what they are doing, I don't immediately
see a concern sufficiently large that it merits special handling. Can
you enlighten me?
On Fri, May 6, 2016 at 5:36 PM, Tim Wilson-Brown - teor
<teor2345 at gmail.com> wrote:
>> On 6 May 2016, at 19:30, Tim Wilson-Brown - teor <teor2345 at gmail.com> wrote:
>>> On 6 May 2016, at 14:53, Virgil Griffith <i at virgil.gr> wrote:
>>> I've received conflicting accounts as to whether the ethics guidelines require onionsites are to be opt-in [no spec yet?] or the current opt-out [i.e., /robots.txt].
>> There's one important exception to this general principle: Single Onion Services.
>> To avoid creating one-hop proxies, tor2web should not allow access to a single onion service.
>> We'e yet to arrive at a mechanism to make this happen, but I think we will end up adding a line to the onion service descriptor.
>> We could make this a configuration parameter (AllowTor2Web?) that defaults to 1 for hidden services, and 0 for single onion services.
> After re-reading the ticket, there is another way to implement this feature without providing a generic method for onion services to block tor2web:
> The rendezvous point (and possibly the introduction point) could terminate the connection if it has a single hop on both ends. However, this could result in false positives if the consensus gets out of sync.
> Or is there a reliable way for a relay to detect non-relays without using the consensus?
> Tim Wilson-Brown (teor)
> teor2345 at gmail dot com
> PGP 968F094B
> tor-project mailing list
> tor-project at lists.torproject.org
More information about the tor-project