[tor-project] Fwd: Launching Ethics Guidelines

Virgil Griffith i at virgil.gr
Fri May 13 11:50:26 UTC 2016 

To all:

I recognize that selling minimized log files, even if they could be
minimized in a
hypothetical way yielding high confidence that it didn't threaten Tor's
security model, would still be contrary to the ethos of Tor
Project.  Towards that end, effective immediately, log files,
aggressively minimized or otherwise, are not for sale.

Additionally, I commit to:
* making a good faith effort to encouraging clearnet users to use TBB over
OnionLink.  Details TBD.
* making a good faith effort to clearly conveying that OnionLink is not
operated by, nor affiliated with, Tor Project.  Details TBD.
* not appending accessed domains to the /sitemap.xml
* prioritizing development of top-up services such as SatoshiPay.  With
hope, ads will be obviated.


For now I am reserving the right to:
* publishing aggregate statistics.  Some will disapprove, but there is a
dearth of data in this area to inform public policy.  And Tor is too
important to leave policy to the mercy of sophistry.

* obeying the /robots.txt precedent.  From the very beginning, Aaron and I
chose Tor2web's unusual URL structure for the explicit purpose of
elegantly supporting robots.txt .


With that said, this has been emotionally draining and I'm taking a break
from non-Roster Tor work for a few weeks.

-Virgil


On Friday, 13 May 2016, Virgil Griffith <i at virgil.gr> wrote:

> Using my old CDN, Fastly.com, my costs were ~$2000 per month. Under the
> new setup with 100TB.com (cheapest I could find) costs are $600 per month
> and climbing.  It's unclear to me how you do it so cheaply.  Are you
> metered by how much traffic you generate?  If you have suggestions for a
> host i am interested---anything below $500 per month would be a godsend.
>
> I have never harvested .onion addresses from a HSDir.  All I've ever done
> is cache NXDOMAIN responses, which I've now stopped doing.  I also stopped
> adding to the /sitemap.xml (which I was doing) because it made people upset.
>
>
> I'm recognize that the logs angle as damaging the Tor brand.  I will add a
> link to download TBB and disclaimer making it excruciatingly clear
> onion.link is not part of Tor.
>
> Thus far I can commit to each of the above.  Over the weekend I'll take a
> closer look at this.
>
> -V
>
>
> On Friday, 13 May 2016, Moritz Bartl <moritz at torservers.net
> <javascript:_e(%7B%7D,'cvml','moritz at torservers.net');>> wrote:
>
>> On 05/13/2016 07:53 AM, Matthew Finkel wrote:
>> > As far as we know, the other Tor2Web sites do not log client
>> connections.
>> > Compromising on storing and selling user data so you can obtain some
>> money for
>> > operating the website goes against users' and our expectations of
>> Tor2web, and
>> > Tor's brand. Shutting down your Tor2web sites is the responsible
>> decision if
>> > you can't find another way for funding it.
>>
>> I do not have the time and energy to really contribute to this thread
>> right now, but some data points: At least for onion.to, that is right:
>> We do not collect logs. We host it at two locations; the total costs of
>> running it are less than 30€ per month, which we pay from our own
>> pockets. Which is totally fine. Adding third party trackers or
>> advertising is out of the question. If I did not have a way to sustain
>> it (which, again, is really cheap) I would simply shut it down. Virgil,
>> if you need 30€/month to operate them and it would buy us an ethical and
>> privacy-friendly service, I'm happy to pay you. Mentioning costs here
>> seem to be simply an excuse. You didn't even ask or tried to raise it in
>> donations.
>>
>> As far as I know, the other tor2web gateways (tor2web.org, blutmagie
>> etc) do not log either.
>>
>> Also, there seems to be some (deliberate?) commingling between running a
>> tor2web gateway and putting the discovered sites into a sitemap (which
>> we also don't; we do allow search engine indexing of the individual
>> sites though), and actively harvesting onions at HSDirs. There is
>> clearly a difference, it is not the same thing.
>>
>> --
>> Moritz Bartl
>> https://www.torservers.net/
>> _______________________________________________
>> tor-project mailing list
>> tor-project at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160513/09be4edf/attachment.html>

More information about the tor-project mailing list