Ethical Tor research
- In general, describe how to conduct responsible research on Tor.
- Develop guidelines for research activity that researchers can use to evaluate their proposed plan.
- Produce a (non-exhaustive) list of specific types of unacceptable activity.
- Develop a “due diligence” process for research that falls in the scope of “potentially dangerous” activities. This process can require some notification and feedback from the Tor network or other third parties.
Guidelines for research
- Only collect data that is acceptable to publish. In the case of encrypted or secret-shared data, it can be acceptable to assume that the keys or some shares are not published.
- Only collect as much data as is needed (i.e. data minimization).
- Limit the granularity of the data. For example, "noise" (i.e. added data inaccuracies) should almost certainly be added.
- Make an explicit description of benefits and risks, and argue that the benefits outweigh the risks.
- Consider auxiliary data when assessing the risk of your research. For example, data from snooping exit traffic can be combined with entry traffic to deanonymize users.
- Use a test network when at all possible.
Examples of unacceptable research activity
- It is not acceptable to run an HSDir, harvest onion addresses, and publish or connect to those onion addresses.
- Don't set up exit relays to sniff, or tamper with exit traffic. (This is ambiguous. Is it acceptable look at ports? IPs? The amount of data? Traffic patterns?)
- Don't set up relays that are deliberately dysfunctional (e.g., terminate connections to specific sites).
Process for conducting Tor research ethically
- Notification / responsible disclosure to Tor before research
- Review group (e.g. firstname.lastname@example.org, or Request Tracker)
- The notification process should be private to prevent researchers from being scooped, but we should make it clear that public discussion is preferred.
- It should be acceptable for proposals that don’t receive a response within X time to proceed without waiting longer (e.g. X=7 days).
- The review group should provide thoughts and recommendations about compliance with the research guidelines. They may work with the researcher to improve the research plan.
- Who should be in the group?
- Tor people already have little time.
- Other researchers could be members, with the caveat that group members should commit to not revealing or taking advantage of their knowledge from the notification process.
- Results should be reported in a responsible way. For example, researchers should not contribute to media exaggerations.
- How to incentivize researchers?
- Convince conference PCs to reject papers that don’t follow the guidelines or have not engaged sufficiently with the process.
- Make public objections to research that doesn't follow the guidelines or engage sufficiently with the process (e.g. blog posts).
- Our immediate goal should be to try and help the people that want to do the right thing.
- After publication, the proposal and response should be published to make the process transparent and provide positive examples for others to follow.
- The review group can request that certain details about an approved proposal be released (e.g. identity of researchers) to preempt rumors and FUD about ongoing research.
- Review group process may be used as a way to provide guidance to researchers who do not have expertise in designing safe experiments.
- In the case of researcher mistakes, unanticipated results, or a significant change in research plans that may violate research guidelines, the review group should be notified.
Start wiki Create thread on tor-dev
- Invite researchers to comment on proposal
- Create Tor review group
- Publicize guidelines and process (e.g. a blog post, or a technical report so it can be cited easily)
- Convince conferences and journal that accepted papers should be required to have engaged sufficiently with this process and to discuss the ethical considerations that they made as part of their work.