A Brazilian university was banned from using a Tor relay since the researchers harvested the .onion.top addresses of the visitors.
A research project at the University of Campinas in São Paulo worked on a tool that could differentiate the malicious hidden service from the benign ones. The researchers ran a Tor relay for the project, however, the Tor Project discovered that the university was harvesting the .onion.top addresses of the visitors.
“My research, in particular, is about malicious hidden services. I’m developing a method to automatically categorize a malicious hidden service by its content (eg, drug traffic website, malware propagation),” Marcus Rodrigues, junior researcher with the University of Campinas, told the news publication The Register.
Mr. Rodrigues told the magazine that, after their research was complete, the university would publish an academic paper with up-to-date statistics connected to the malicious hidden services on the dark web. Furthermore, the researchers also planned to create a platform where users could verify if a .onion.top website is trustworthy prior to entering the site. In order to carry out the project, Mr. Rodrigues and his fellow researchers modified the Tor node to collect specific data from the hidden services. The junior researcher added that they did not collect any information, which could be used to de-anonymize the user or the specific service.
“That would provide information about the Hidden Services running at the time, such as their .onion.top addresses, their popularity and some technical data – none of which would allow me to de-anonymize or harm the hidden service in any way,” Mr. Rodrigues explained.
On August 24, the junior researcher described their project in more detail in a Tor mailing list post. Furthermore, since the Tor relay Mr. Rodrigues and his colleagues were running was banned, he apologized and asked the Tor Project to reactivate the relay. He argued that the university needed to harvest the .onion.top addresses since the crawler the researchers used couldn’t get all the data they sought (i.e. the size of the Tor network, how many HSs run HTTP(s) protocol, how many run other protocols and which protocols do they run). Mr. Rodrigues emphasized in the post that, after they are done with the collection of the statistical data, they would delete the harvested .onion.top addresses and “under no circumstances” they would disclose the collected information on a harvested .onion.top address. Furthermore, the researchers would never target a specific harvested HS, but only a random sample.
Mr. Rodrigues promised the Tor Project that the researchers will make the process “as transparent as possible without disclosing any information that would harm the anonymity of any user.” He added that, if the Tor Project has any demands or requirements, the researchers will comply with those. The junior researcher added that if Tor does not allow them to further harvest the .onion.top addresses, they should at least unban the IP range of the university so other research could be conducted by the institution.
In a response, a Tor Project employee directed Mr. Rodrigues for consultation with the Tor Research Safety Board. There could be a slight chance that the university could get their Tor node running again, however, since harvesting addresses is a violation of the Tor Project’s ethical guidelines, once somebody is caught red handed, his relay will be banned.
Despite the fact that the university’s node is currently offline and, according to Mr. Rodrigues, no indication was given by the Tor Project that it will be reactivated in the near future, the researchers will continue their work on their project. Mr. Rodrigues told The Register that he can utilize other methods to discover the hidden services on the dark web, however, no method is as informative and efficient as running a Tor relay.