"l.m" <[email protected]> writes: > What if the operator of these relays had ignored you? They should > have. You would have gone bonkers wouldn't you. > > --leeroy
I wouldn't have cared much, actually. I'm not a Tor developer nor a dirauth operator nor anything else other than a user who has contributed relays (without ContactInfo, as it happens). I don't think it makes sense to make ContactInfo compulsory, but groups of relays on the same AS without contact or family set should at least be provisionally considered to be related. If the relay operator hadn't responded, the appropriate response in my opinion (which is not binding on anyone else) would have been to observe these relays closely in case the research turned out to involve active attacks on the network which might make it more possible for third parties to hurt Tor. Security research unfortunately is still a "Wild West" field and, without knowing whether they intended it this way or not, it's certainly the case that the US-CERT research I mentioned made it more dangerous for a time for anyone to use or host a hidden service (because the radioactive breadcrumbs were left for anyone to see). I know that a lot of universities want to contribute to Tor, but they tend to be pretty obvious about it with setting of families and nicknames. Most research can be done on testing networks without exposing human users , and tor even supplies the software to run test networks. Risky research on human Tor users should require review board approval at the university at a minimum, just like testing drugs on humans does. (Actually it's harder than that, because obtaining "informed consent" from all users to someone else's "research" is not possible in an anonymous network.) -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
