On Tue, May 5, 2015 at 6:47 PM, W. Greenhouse <wgreenhouse@riseup.net> wrote:
grarpamp <grarpamp@gmail.com> writes:
Tor is not some private kingdom. It's an open application used and operated by whoever for whatever. It is absolutely the business of interested users to report, bring attention, interrogate and make lists of relays to use, promote or badexit as desired. And the business of relays to contactinfo, family, or ignore them as they wish. And of people to sniff passwords, inject malware, study traffic, researchers to research and others to have interest, bandwidth to be donated, disruption and exploit to be attempted, fileshare, illegal/legal use, promote best practices, etc. That's the nature, strength and weakness of open apps. A free for all where people use it as they wish, that's their purview, no police. You expect that, else you didn't read the label. Nothing you can do about it. Deal with it or create / fork your own kingdom. Tor's certainly not the last / best iteration of an anonymity network that there will ever be.
Ack. I wouldn't want Tor to be anything but an open protocol/network. That said, the lack of network security researchers treating their research as human subjects research when human subjects can be put at risk by it is troubling.
Most researchers ultimately work for or at pleasure of "The Man" through R&E funding, grants, taxes, etc, so what do you expect? It's the same reason Tor Project gets endless amounts of shit piled on them for choosing to accept government funds. It's a fine line. At the same time you can't deny the benefits the research, usually attacking your network of choice... someone will do it anyways, or patching your net more resistant. So you have to take it as the free for all it is. It doesn't help that politic and media representing such systems as inhabited nearly entirely by FHOTI (and where good uses remain unseen by nature), and whatever bits of morality regarding human subjects may get used as cannon fodder. Very few work truly independantly for the fame of building resistant / resistance systems, let alone anonymously, sustainably, and at a level that results in a usable product that is used at scale. Just another reason anon-capable virtual currencies are feared by governments. They can support such models. Though as a user, due diligence is still required. In a connected digital world, that has and is developing faster than evolution's capacity to deal with it, everything is human subjects, and that's something everyone involved must consider... the outcome when your work is inevitably turned towards you or someone or something you care about... is that the work you want to be doing?