Abstract
Security and privacy researchers are increasingly taking an interest in the Tor network, and have even performed studies that involved intercepting the network communications of Tor users. There are currently no generally agreed upon community norms for research on Tor users, and so unfortunately, several projects have engaged in problematic behavior – not because the researchers had malicious intent, but because they simply did not see the ethical or legal issues associated with their data gathering. This paper proposes a set of four bright-line rules for researchers conducting privacy invading research on the Tor network. The author hopes that it will spark a debate, and hopefully lead to responsible program committees taking some action to embrace these, or similar rules.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Allman, M.: What ought a program committee to do? In: Proceedings of the Conference on Organizing Workshops, Conferences, and Symposia for Computer Systems, pp. 9:1–9:5. USENIX Association, Berkeley (2008)
Burstein, A.J.: Conducting cybersecurity research legally and ethically. In: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 8:1–8:8. USENIX Association, Berkeley (2008)
Castelluccia, C., De Cristofaro, E., Perito, D.: Private Information Disclosure from Web Searches. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 38–55. Springer, Heidelberg (2010)
Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 21. USENIX Association, Berkeley (2004)
Dittrich, D., Bailey, M., Dietrich, S.: Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research. In: (Poster at) Proceedings of the 16th ACM Conference on Computer and Communication Security (CCS 2009), Chicago, Illinois, USA (November 2009)
Dittrich, D., Bailey, M., Dietrich, S.: Towards community standards for ethical behavior in computer security research. Technical Report 2009-01, Stevens Institute of Technology, Hoboken, NJ, USA (April 2009)
Garfinkel, S.L.: Irbs and security research: myths, facts and mission creep. In: Proceedings of the 1st Conference on Usability, Psychology, and Security, pp. 13:1–13:5. USENIX Association, Berkeley (2008)
Landwehr, C.E.: Drawing the line. IEEE Security and Privacy 8, 3–4 (2010)
Loesing, K., Murdoch, S.J., Dingledine, R.: A Case Study on Measuring Statistical Data in the Tor Anonymity Network. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 203–215. Springer, Heidelberg (2010)
McCoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.: Response to tor study (July 25, 2008), http://www.verisign.com/static/039933.pdf
McCoy, D., Bauer, K., Grunwald, D., Kohno, T., Sicker, D.C.: Shining Light in Dark Places: Understanding the Tor Network. In: Borisov, N., Goldberg, I. (eds.) PETS 2008. LNCS, vol. 5134, pp. 63–76. Springer, Heidelberg (2008)
Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, IMC 2007, pp. 141–148. ACM, New York (2007)
Soghoian, C.: Legal Risks For Phishing Researchers. In: Proceedings of eCrime Researchers Summit (2008)
Soghoian, C.: Researchers could face legal risks for network snooping. Surveilance State (July 24, 2008), news.cnet.com/8301-13739_3-9997273-46.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Soghoian, C. (2012). Enforced Community Standards for Research on Users of the Tor Anonymity Network. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-29889-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29888-2
Online ISBN: 978-3-642-29889-9
eBook Packages: Computer ScienceComputer Science (R0)