|
|
== Ethical Tor research ==
|
|
|
## Ethical Tor research
|
|
|
|
|
|
=== Goals ===
|
|
|
### Goals
|
|
|
* In general, describe how to conduct responsible research on Tor.
|
|
|
* Develop guidelines for research activity that researchers can use to evaluate their proposed plan.
|
|
|
* Produce a (non-exhaustive) list of specific types of unacceptable activity.
|
|
|
* Develop a “due diligence” process for research that falls in the scope of “potentially dangerous” activities. This process can require some notification and feedback from the Tor network or other third parties.
|
|
|
|
|
|
=== Guidelines for research ===
|
|
|
### Guidelines for research
|
|
|
1. Only collect data that is acceptable to publish. In the case of encrypted or secret-shared data, it can be acceptable to assume that the keys or some shares are not published.
|
|
|
2. Only collect as much data as is needed (i.e. data minimization).
|
|
|
3. Limit the granularity of the data. For example, "noise" (i.e. added data inaccuracies) should almost certainly be added.
|
... | ... | @@ -14,13 +14,13 @@ |
|
|
5. Consider auxiliary data when assessing the risk of your research. For example, data from snooping exit traffic can be combined with entry traffic to deanonymize users.
|
|
|
6. Use a test network when at all possible.
|
|
|
|
|
|
=== Examples of unacceptable research activity ===
|
|
|
### Examples of unacceptable research activity
|
|
|
* It is not acceptable to run an HSDir, harvest onion addresses, and publish or connect to those onion addresses.
|
|
|
* Don't set up exit relays to sniff, or tamper with exit traffic. (This is ambiguous. Is it acceptable look at ports? IPs? The amount of data? Traffic patterns?)
|
|
|
* Don't set up relays that are deliberately dysfunctional (e.g., terminate connections to specific sites).
|
|
|
|
|
|
=== Process for conducting Tor research ethically ===
|
|
|
* Notification / responsible disclosure to Tor ''before'' research
|
|
|
### Process for conducting Tor research ethically
|
|
|
* Notification / responsible disclosure to Tor _before_ research
|
|
|
* Review group (e.g. tor-research@torproject.org, or Request Tracker)
|
|
|
* The notification process should be private to prevent researchers from being scooped, but we should make it clear that public discussion is preferred.
|
|
|
* It should be acceptable for proposals that don’t receive a response within X time to proceed without waiting longer (e.g. X=7 days).
|
... | ... | @@ -38,7 +38,7 @@ |
|
|
* Review group process may be used as a way to provide guidance to researchers who do not have expertise in designing safe experiments.
|
|
|
* In the case of researcher mistakes, unanticipated results, or a significant change in research plans that may violate research guidelines, the review group should be notified.
|
|
|
|
|
|
=== Status ===
|
|
|
### Status
|
|
|
1. ~~Start wiki~~
|
|
|
2. ~~Create thread on tor-dev~~
|
|
|
3. Invite researchers to comment on proposal
|
... | ... | |