[tor-project] Launching Ethics Guidelines

isis isis at torproject.org
Mon May 16 02:07:07 UTC 2016

Virgil Griffith transcribed 10K bytes:
> I accidentally put tor-project@ on the To: field.  Sorry about that.

A *likely* story.  I put tor-project@ back in the To: field.

> Although I personally don't consider this content to be dangerous, at
> least one person will consider it so, and I'd rather not antagonize
> that person.


> I renamed the URL to:

[snipped the URL]

> Share as you see fit.

I'll refrain from stooping to your level, thanks.

> -V

The above URL to dropbox which Virgil gave me contains extremely detailed
logs of user behaviour, including:

  - timestamp accurate to the second
  - IP addresses (where only the final octet is scrubbed, reducing the set of
    possible IPs in question to ~253)
  - onion service requested
  - full URI requested
  - onion service response code

> On Thu, May 12, 2016 at 5:43 PM, Virgil Griffith <i at virgil.gr> wrote:
> > Apparently tor-assistants@ no longer exists?  Well, here's the logs.
> > Share with whomever you think is appropriate.
> >
> > ============================================================
> > The earlier dates were on a different hard drive.  Here's the oldest
> > date I have on hand: Jan 25, 2016.
> >
> > https://dl.dropboxusercontent.com/u/3308162/2016-01-25.log.gz

This file was replaced with a new one, which says the following:

> Oops!  Didn't mean to post this URL to a public mailing list.  My goof.
> I renamed the file and sent the new URL to isis and Matt Finkel.  If you
> want the data, talk to either of them.  I trust each of them to distribute
> the data however they see fit.
> In releasing this day's worth of data, my goal is concretize the discussion
> of how much de-anonymizing power this data provides.
> I claim two things:
>    (a) Forbidding any Tor community member from using Google Ads on a
>        Tor-related website is overbroad.
>    (b) The de-anonymizing power of onion.link's minimized logs is
>        substantially less than Google Ads (or equivalent).
> If (a) is not true, reasonable next candidates for banishment include, and
> are not limited to:
>    * Grams       http://grams7enufi7jmdl.onion      [onionsite]
>    * DailyDot    http://www.dailydot.com/tags/tor   [clearnet]
>    * DeepDotWeb http://deepdot35Wvmeyd5.onion [double whammy! DeepDotWeb
>      tracks users on its onionsite *AND* clearnet
>      https://www.deepdotweb.com/]
> And last I checked these were popular upstanding onionsites.
> Obviously some people will dislike (a).  And thus some people will dislike
> (b).  And that's okay.  The community (obviously) doesn't wish to
> unanimously approve of every Tor onion-site.  The question is whether using
> an ad-network is a bannable offense.
> Given (a) is not a bannable offense, and additionally badness(b) <
> badness(a).  Ergo (b) not a bannable offense.

To my knowledge, The Daily Dot has never attempted to sell Tor user data to

> > SHA1: f5eaab44c04e483ffe24c58ec558fdfaefb610b2
> >
> > I forthrightly attest that:
> >
> > (1) these logs are socially very interesting, but not actively dangerous.
> >
> > (2) these logs are substantially less dangerous than running Google
> > ads, which was the alternative.
> >
> > Rebuttals are welcome on tor-project@ .
> >
> > If you want to see the minimized logs for a specific day I can do that too.

Hmm… I think I've heard the word "minimised" in reference to bulk metadata
collection before…

 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160516/afe8ebc2/attachment.sig>

More information about the tor-project mailing list