[tor-talk] the privacy of public tor descriptor data

[l.m]

Wow. You just blew my mind. So anonymity and privacy for users, but
not contributors that make said privacy features possible? By that
reasoning ContactInfo would be mandatory, which it's not. It also
follows that MyFamily would become a high-priority (mandatory) feature
to implement rather than something which is considered for
elimination. I'm curious--how do you intend to prove two relay with
similar subnet and ASN are related? I would be very interested in that
proof.

So regarding users/clients, don't ask, don't tell, and, in fact,
heavily document how they can avoid identification.

Regarding infrastructure operators. If you withhold *non-mandatory*
information you *will* be suspect. Even if you happen to be a
university. I feel so much better now.

x-num of relays registered to a public institution, forced disclosure
follows, that or be seen as a threat
-> relays associated with department
---> relays associated with research 
-----> relays associated with graduate

-and-

if the research isn't approved by tor network as a whole 
-> researcher becomes a target

-which means-

tor research becomes discouraged 
-> bugs, flaws not identified 
---> state intelligence win

I propose you change the documentation, and the code to reflect your
stance. Which to me sounds like bs. The truth is anonymity of tor is
for the good, and bad, no matter how subjective. It's also a matter of
practice that a relay is only be marked bad if you do something bad,
or are incapable of performing relay duties. Otherwise you loose
flags. At not point is it an acceptable to treat a relay group as
suspect for missing non-mandatory data. The spec and design doc says
you're wrong.

Every researcher falls into two categories: those who support the
government and see tor as a possible threat, and those who support
privacy-anonymity advocacy. Singling out relay operators means the
former consider the choice wise, and makes the latter second guess.

It was wrong to push the operator. Engaging in research isn't wrong.
There's a completely valid reason to not want to have this information
available and this specific event is an example. If you allow elicit
drug harbors because you can't prove where they are--how can you
assume a relay may be malicious without gathering evidence. Your
public descriptors give you no right over the operator identity. Deal
with it.

What if the operator of these relays had ignored you? They should
have. You would have gone bonkers wouldn't you.

--leeroy