[tor-talk] the privacy of public tor descriptor data

W. Greenhouse wgreenhouse at riseup.net
Tue May 5 20:24:36 UTC 2015


"l.m" <ter.one.leeboi at hush.com> writes:

> What if the operator of these relays had ignored you? They should
> have. You would have gone bonkers wouldn't you.
>
> --leeroy

I wouldn't have cared much, actually. I'm not a Tor developer nor a dirauth
operator nor anything else other than a user who has contributed relays
(without ContactInfo, as it happens). I don't think it makes sense to make
ContactInfo compulsory, but groups of relays on the same AS without contact
or family set should at least be provisionally considered to be related.

If the relay operator hadn't responded, the appropriate response in my opinion
(which is not binding on anyone else) would have been
to observe these relays closely in case the research turned out to involve
active attacks on the network which might make it more possible for third parties
to hurt Tor.

Security research unfortunately is still a "Wild West" field and,
without knowing whether they intended it this way or not, it's certainly the case
that the US-CERT research I mentioned made it more dangerous for a time for
anyone to use or host a hidden service (because the radioactive breadcrumbs
were left for anyone to see). I know that a lot of universities want to
contribute to Tor, but they tend to be pretty obvious about it with setting of
families and nicknames.

Most research can be done on testing networks without exposing human users
, and tor even supplies the software to run test networks.
Risky research on human Tor users should require review board approval
at the university at a minimum, just like testing drugs on humans does.
(Actually it's harder than that, because obtaining "informed consent" from all
users to someone else's "research" is not possible in an anonymous network.)



More information about the tor-talk mailing list