Changes

Page history
Apply conversion script to all *.md files. authored by Alexander Hansen Færøy's avatar Alexander Hansen Færøy
Hide whitespace changes
Inline Side-by-side
doc/ResearchEthics.md
View page @ a1a4b621
== Ethical Tor research ==
## Ethical Tor research
=== Goals ===
### Goals
* In general, describe how to conduct responsible research on Tor.
* Develop guidelines for research activity that researchers can use to evaluate their proposed plan.
* Produce a (non-exhaustive) list of specific types of unacceptable activity.
* Develop a “due diligence” process for research that falls in the scope of “potentially dangerous” activities. This process can require some notification and feedback from the Tor network or other third parties.
=== Guidelines for research ===
### Guidelines for research
1. Only collect data that is acceptable to publish. In the case of encrypted or secret-shared data, it can be acceptable to assume that the keys or some shares are not published.
2. Only collect as much data as is needed (i.e. data minimization).
3. Limit the granularity of the data. For example, "noise" (i.e. added data inaccuracies) should almost certainly be added.
......@@ -14,13 +14,13 @@
5. Consider auxiliary data when assessing the risk of your research. For example, data from snooping exit traffic can be combined with entry traffic to deanonymize users.
6. Use a test network when at all possible.
=== Examples of unacceptable research activity ===
### Examples of unacceptable research activity
* It is not acceptable to run an HSDir, harvest onion addresses, and publish or connect to those onion addresses.
* Don't set up exit relays to sniff, or tamper with exit traffic. (This is ambiguous. Is it acceptable look at ports? IPs? The amount of data? Traffic patterns?)
* Don't set up relays that are deliberately dysfunctional (e.g., terminate connections to specific sites).
=== Process for conducting Tor research ethically ===
* Notification / responsible disclosure to Tor ''before'' research
### Process for conducting Tor research ethically
* Notification / responsible disclosure to Tor _before_ research
* Review group (e.g. tor-research@torproject.org, or Request Tracker)
* The notification process should be private to prevent researchers from being scooped, but we should make it clear that public discussion is preferred.
* It should be acceptable for proposals that don’t receive a response within X time to proceed without waiting longer (e.g. X=7 days).
......@@ -38,7 +38,7 @@
* Review group process may be used as a way to provide guidance to researchers who do not have expertise in designing safe experiments.
* In the case of researcher mistakes, unanticipated results, or a significant change in research plans that may violate research guidelines, the review group should be notified.
=== Status ===
### Status
1. ~~Start wiki~~
2. ~~Create thread on tor-dev~~
3. Invite researchers to comment on proposal
......
......