Changes between Initial Version and Version 1 of org/meetings/2017Amsterdam/Notes/TorResearch


Ignore:
Timestamp:
Mar 27, 2017, 4:41:05 PM (2 years ago)
Author:
alison
Comment:

added session notes

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2017Amsterdam/Notes/TorResearch

    v1 v1  
     1Session: Tor research
     2    Leader: Steven Murdoch
     3
     4Past/present research from participants
     5
     6    Website fingerprinting: Traffic analysis attacks
     7    Emulating browser fingerprinting of Tor Browser
     8
     9    Hidden services
     10    Entry guard security
     11
     12    All the things (Paul)
     13
     14    User profiling on the Web
     15
     16    How to work better with academia to get results
     17
     18General redirect: We need to update the research proposal/qualification process
     19
     20How to get research into Tor
     21    Tor lacks standardized way to
     22        Figure out what you need to work on
     23        Get stuff incorporated into dev roadmap
     24    Requirements and process are unclear (and potentially arbitrary)
     25    Currently: Ask Nick, convince Roger
     26        Not clear path
     27        Not scalable
     28        Things can die/drop
     29        Too ad hoc
     30        Can miss out on benefits of researchers' valuable efforts
     31
     32Hurdle to dev team qualifying
     33    No time
     34    No funding for this sort of thing
     35    Just who volunteers to take it on/has time
     36
     37    Shari is working on getting more people into dev team
     38
     39    Especially for big-scope project (like Kisst)
     40
     41Would a written process be helpful?
     42    Paul: Maybe a webpage or text file that says:
     43        Do you have some reasearch that you think is relevant?
     44        Here's how to determine if it's relevant
     45        Here's what you'll need to be able to answer before you come to us
     46
     47    Defined contact channels
     48        Can't ALWAYS be Roger
     49        Contact page doesn't route helpfully
     50
     51    Scorecarding criteria for what's a good project
     52        Resources available?
     53        Funding available?
     54        Aligned?
     55        Conceptual, in production, in use?
     56        Can you provide maintenance support? (probably nobody will ever say yes)
     57        Can you go in on joint funding w/ Tor
     58
     59        Proposal Qualification Models
     60            Heilmeyer criteria
     61            Research safety board (safety in the course of the research, not in the course of when it's implemented, is better)
     62            TAILS: Please contact us before you do your research.
     63            Cass has a list of potential qualification criteria (from grants perspective) will attach to wiki page in a couple of weeks.
     64
     65    Will vetting process lower the barrier to code adoption?
     66        How is maintenance funded?
     67            Predicated on funding diversification: Foundations tend to be less deliverable-fixated
     68
     69
     70
     71Who should vet new projects?
     72    Someone who's very tightly integrated in tor team, knows what we're building and why
     73    Must work closely with PM, know what's going on internally, too
     74    Ideally, a funded, dedicated gatekeeper
     75    George? (Has done it, might be good candidate for future position)
     76
     77research.torproject.org
     78    Open research projects
     79        Assigning the Guard Flag
     80        Changing use of network
     81        How Tor Circuit should be used
     82        Fingerprinting
     83
     84Gatekeeping function might be helpful for Tor
     85    Won't harm academics: won't necessarily kill research projects, will only say whether Tor will support with resources
     86    Beats no response at all (proposal goes into the void)
     87
     88
     89What steps will be required for anything released in Tor?
     90    Documentation
     91    Testing
     92    ???
     93
     94Easy case: EndTor
     95    Simple, contained, obsoleted old code, not 10MM lines of code, solved a problem
     96
     97Hard case: How to do statistics (heavyweight scheme proposal)
     98    Hard to maintain, hard to qualify, hard to integrate, not clear answer to recognized problem
     99
     100Whole conversation a little ironic, because Tor is well-documented, so anyone can experiment if they really want to.
     101    But how to get completed (or in progress) research into the "official" Tor development roadmap is still an open question