On 9 Oct 2015, at 01:21, Aaron Johnson aaron.m.johnson@nrl.navy.mil wrote:
Hello Rishab,
I've been meaning to respond to this for a while.
Thanks for your thoughts.
For what it's worth, I completely disagree that outright "banning" of certain data collection is the right answer here. There should be a standard "let's weigh the risks vs. the benefits and make a decision" for any/all cases. In most cases, there are ways to perform data collection over Tor (even trying to understand the makeup of hidden services) in a way that does not compromise privacy/security -- e.g., the harvest reports only the "class of the .onion site" and not the actual site itself. This answers the question the researcher is interested in, without compromising or revealing the .onion directly.
I do agree that all cases should be judged in terms of costs and benefits. The idea of that list is to provide specific activities for which the costs are judged not to outweigh the benefits. In this case, the activity is not “collect information about the descriptors you see as an HSDir and then report aggregate statistics”; it is “collect information about the descriptors you see as an HSDir and then connect to those onion addresses that you observe to try and do a Web crawl of them and scrape their content”. The latter is judged to be unacceptable because Tor wants to provide onion-service operators with the ability to run an onion service privately, and definitely without having to deal with crawlers or other snooping parties.
I also wonder about the risk presented by such a concentration of .onion site addresses (or .onion site requests, if the addresses are never recorded anywhere). If an adversary accesses the researcher’s list, or is observing the researcher’s connection, or is observing the .onion site’s connection, how much does this increase the risk of discovering the site?
For example, if a site’s threat mitigation involves it being accessed a certain (small) number of times, and then changing address, crawlers could represent an unacceptable burden on the site’s operator and legitimate users.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F