Brazilians waxed: Uni's Tor relay node booted after harvesting .onions A university research project in Brazil has had its Tor relay node banned after it was caught harvesting the .onion addresses of visitors. Marcus Rodrigues, a junior researcher with the University of Campinas in São Paulo, claims he and others were working to create a tool that could tell malicious hidden services from benign …
"Now, Rodrigues says, his group is unable to bring its Tor relay node back online, and so far nobody from the project has given them any indication that the ban will ever be removed. Still, he says, the research will continue."
In other words, Tor's ethical guidelines don't apply to them.
"In other words, Tor's ethical guidelines don't apply to them".
Sadly, AC is right. Some researchers need to learn that The Internet Is Not Your Chew-Toy.
"Doing Research" does not give you the right to be a dick towards other people on campus or elsewhere on the internet. There have been times where I've had to pull the plug on research projects that have accidentally DDoS'd other sites, or attempted to access traffic that was not intended for them. There have also been times where I've had to firewall off projects that were in danger of being attacked/misused themselves.
If that relay node had been compromised, it would have made one hell of a "listening post" for pretty much anybody with an interest in intercepting Tor traffic - law enforcement, three-/four-letter security agencies, hostile foreign powers, criminals, take your pick.
I've no sympathy for these guys, because there are clear guidelines for research ethics:
4. Examples of unacceptable research activity
It is not acceptable to run an HSDir, harvest onion addresses, and publish or connect to those onion addresses.
Could they be any clearer ? Harvesting .onions is bad, mmmkay.
If that relay node had been compromised, it would have made one hell of a "listening post" for pretty much anybody with an interest in intercepting Tor traffic - law enforcement, three-/four-letter security agencies, hostile foreign powers, criminals, take your pick.
What makes you think "law enforcement, three-/four-letter security agencies, hostile foreign powers, criminals" aren't already harvesting this exact same information? So long as a relay does its job as a relay, there's no way to know that it isn't also recording all the traffic.
The only reason this research project got shut out was because they were honest and public about what they were doing.
None of those other groups give two hoots about the Tor Project's ethical guidelines, and aren't likely to admit that they're running any relay or exit nodes, let alone what additional functionality has been added to them.
"Sadly, AC is right. Some researchers need to learn that The Internet Is Not Your Chew-Toy."
TOR's ethical guidelines have no legal force. You can write whatever you want in your terms and conditions, but it doesn't mean that I or anyone else need to give a toss what you write down. Of course this applies to law enforcement in particular, but also to researchers. You don't get to shut all inquiry about your conduct down with a 'don't investigate me' line in your T&Cs.
You're right - the Guidelines have no legal force, but from the original posts it seems that they have banned this particular node for an action listed in those guidelines:
https://www.mail-archive.com/tor-relays@lists.torproject.org/msg11947.html
Not so much legal force, more like a community shunning someone for not following their rules ?
"As for ethical guidelines, normally any university has an ethical review board which is required to pass all research projects."
Er, no. Don't know where you live, but that's not the case in the US for anything except a relatively narrow range of areas, such as biomedical research using humans or some types of animals (mainly mammals), or GMO stuff that will be allowed to grow outdoors, and maybe one or two other narrow niches. I know, I'm a US University researcher working on the border between the Physical and Biomedical Sciences. Our work has zero "ethical review" because the animals we work with are gene insertion viruses for optogenetics, cell cultures, worms & zebra fish, and/or our projects are developing chips & software. None of which ever are "ethically reviewed". The closest that we come to that is checking boxes on grant applications saying we are not using human subjects nor certain classes of animals.
Not from most people's experience. Kind words tend to be met with fingers, and once ONE starts cheating and spoiling all the fun...
Perhaps TOR should instead recode their system such that relays and exit nodes CAN'T determine destinations. If there's no way to do that, they should just say so, declare there's no real way to be anonymous on the Internet, and drop the project.
> In other words, Tor's ethical guidelines don't apply to them.
Unless I missed something, he is quoted as saying "the research will continue". He makes no mention of by which methods they intend to do that nor of their conformance or otherwise to any policies, guidelines, or ethical principles.
Putting words in someone else's mouth is not cool, especially when hiding behind a (thin) veil of anonymity half a world away.
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
