Re: eliminating bogus port 43 exits

[Roger Dingledine <arma@xxxxxxx>]

On Fri, Jun 12, 2009 at 07:32:24PM -0400, Roger Dingledine wrote:
> There are two categories to consider here: wiretapping and pen
> registers.

I should note that in the previous post I did that thing that EFF lawyers
always do that confuses people: I pretended there's only one country in
the world.

This is interesting first of all because there are relays (and relay
operators) in other countries -- and places like the EU have quite
detailed privacy laws. But second because people from other countries
*use* the Tor network, and that brings the myriad of other legal regimes
into scope even for US-based researchers.

> That means we can get down to the real question, which imo is: if you're
> going to collect info like that from your Tor, how should you do it in a
> way that keeps everybody actually safe? Not publishing specific addresses
> is a must -- not even letting them touch disk seems like a good move too.

I've been wanting for a while to publish a set of guidelines or heuristics
for how to collect Tor stats safely. Otherwise we stay in the current
situation, where random people decide they want to learn something,
do it, and then get jumped on later for not following the unwritten,
undiscussed, and not-really-actually-agreed-upon-anyway best practices.

The only tiny problem remaining is that we need to write them, discuss
them, and agree upon them. :)

--Roger