File ".__FILE__." is part of MediaWiki and is not a valid entry point\n" ); // __FILE__ may be a privacy issue (reveals the linux user name, etc) die( "

This file is part of MediaWiki and is not a valid entry point

\n" ); } // just in case the class has been defined in another file : if( defined('Permissions_VERSION') || defined('Permissions_BACKWARD') ) { die("

Attempt to include file ".__FILE__." while Permissions class already defined with
Permissions_VERSION = " . Permissions_VERSION . "
Permissions_YYYY_MM_DD_TIME = " . Permissions_YYYY_MM_DD_TIME . "
Permissions_BACKWARD = " . Permissions_BACKWARD . "

\n") ; } if(!defined('Permissions_SHOW_RIGHTS_ON_META')) { /** * by default, links to groups are provided */ define( 'Permissions_SHOW_GROUPS_ON_META' , true ) ; } // !VERSION // !DVRM : /** * current version in DVRM format */ define('Permissions_VERSION', '1.5.104.9') ; // modify Permissions_BACKWARD only if your changes may affect other classes! /** * backward compatibility in DVRM format */ define('Permissions_BACKWARD', '1.5.104.8') ; /** * date of current version */ define('Permissions_YYYY_MM_DD_TIME', '2005-08-05 11:24') ; // !CONFIG : default values (to be eventually modified before include) : if(! defined('Permissions_CONVENIENCE_LINKS')) { /** * by default, convenience links are provided */ define( 'Permissions_CONVENIENCE_LINKS' , true ) ; } if(!defined('Permissions_SHOW_RIGHTS_ON_META')) { /** * by default, links to rights are provided */ define( 'Permissions_SHOW_RIGHTS_ON_META' , true ) ; } if(!defined('Permissions_TH_STYLE')) { /** * style definition for header cells * @internal use CSS !!! */ define( 'Permissions_TH_STYLE' , " style=' background-color : #ff0 ; ' " ) ; } if(!defined('Permissions_TABLE_STYLE')) { /** * style definition for HTML table * @internal use CSS !!! */ define( 'Permissions_TABLE_STYLE' , " border='1' " ) ; } // !CONSTANT's : internal constants define( 'Permissions_URL_SPECIAL' , "http://meta.wikimedia.org/wiki/Special_" ) ; define( 'Permissions_URL_RIGHT' , "http://meta.wikimedia.org/wiki/Right_" ) ; define( 'Permissions_URL_GROUP' , "http://meta.wikimedia.org/wiki/Group_" ) ; // !INIT : pre-init stuff processed because of an include_once in the LocalSettings.php file : $wgExtensionFunctions[] = 'wfSpecialPermissions' ; $wgExtensionCredits['specialpage'][] = array( 'name' => 'Permissions' , 'version' => ( '[http://meta.wikimedia.org/wiki/DVRM ' . Permissions_VERSION . '] (' . Permissions_YYYY_MM_DD_TIME . ')' ) , 'author' => '[http://www.meurrens.org/ Marc Meurrens, Brussels (be)]' , 'url' => 'http://meta.wikimedia.org/wiki/Permissions' , ); // !FUNCTION : wfSpecialPermissions() /** * global entry point function * * @version 1.5.104.4 * @requires mediawiki mw 1.5 , beta 4 * @since 1.5.104.2 (2005-08-03) */ function wfSpecialPermissions() { // !STEP-1 OF wfSpecialPermissions() : complete the messages that will be used : global $wgMessageCache ; $wgMessageCache->addMessages(array( 'permissions' => 'Permissions' , )); // !STEP-2 OF wfSpecialPermissions() : hooks for logs : none... // !STEP-3 OF wfSpecialPermissions() : include what should be included : global $IP ; // for include's or require's /** * */ require_once( $IP . "/includes/SpecialPage.php") ; // !STEP-4 OF wfSpecialPermissions() : inner class definition(s) : // !CLASS: Permissions extends SpecialPage // !INNER-CLASS /** * */ class Permissions extends SpecialPage { // !IV's : none // !CT /** * constructor */ function Permissions() { SpecialPage::SpecialPage('Permissions') ; } // !IM's : instance methods // !IM : execute() // !OVRDN /** * ovrdn of the abstract execute() function : * manage the output, relies on 2 static functions : * the big BuildHtmlTable() and the small BuildHtmlLink() * * @uses Global_DOC::$wg_zPermissionsWithConvenienceLinks * @uses Global_DOC::$wgOut * @uses OutputPage::addHTML() */ function execute() { global $wgOut , $wg_zPermissionsWithConvenienceLinks ; $wg_zPermissionsWithConvenienceLinks = isSet($wg_zPermissionsWithConvenienceLinks) ? $wg_zPermissionsWithConvenienceLinks : Permissions_CONVENIENCE_LINKS ; $szhOut = Permissions::BuildHtmlTable() ; // !TODO : rely on $wgValidSpecialPagesFr to translate... if($wg_zPermissionsWithConvenienceLinks) { $szhOut .= Permissions::BuildHtmlLink() ; } $wgOut->addHTML( $szhOut ); $wgOut->setArticleFlag( false ); } // !SF's : begin static functions : /**#@+ * @static */ // the small workhorse : // !SF : function BuildHtmlLink() /** * @return htmlstring */ function BuildHtmlLink() { $szUrl = Permissions_URL_SPECIAL ; return Permissions::Wiki_2_Html( " * [[Special:Permissions|Permissions]] [{$szUrl}Permissions (help)] * [[Special:Listusers|Listusers]] [{$szUrl}Listusers (help)] * ([[Special:Userrights|Userrights]]) [{$szUrl}Userrights (help)] * ([[Special:Renameuser|Renameuser]]) [{$szUrl}Renameuser (help)] " ) ; } // the big workhorse : // !SF : function BuildHtmlTable() /** * * @return htmlstring $szhOut * @version 1.5.104.7 (mediawiki 1.5 , beta 4 , minor revision 7) * @since 1.5.104.6 (2005-08-03) * @uses Global_DOC::$wgGroupPermissions * @uses Global_DOC::$wg_szGroup_2_szGroupMeaning * @uses Global_DOC::$wg_szRight_2_szRightMeaning */ function BuildHtmlTable() { // !STEP-1 OF BuildHtmlTable() : translate $szhOut = '' ; $szhYes = htmlspecialchars( Permissions::Translate( 'val_yes' ) ); // !STEP-2 OF BuildHtmlTable() : init global $wgGroupPermissions , $wgOut , $wg_szGroup_2_szhGroupMeaning , $wg_szRight_2_szhRightMeaning , $wg_szGroup_2_szwGroupMeaning , $wg_szRight_2_szwRightMeaning // * @since 1.5.104.7 : zShow Groups/Rights on meta , $wg_zShowRightsOnMeta , $wg_zShowGroupsOnMeta ; // default values and config : $wg_zShowRightsOnMeta = isSet($wg_zShowRightsOnMeta) ? $wg_zShowRightsOnMeta : Permissions_SHOW_RIGHTS_ON_META ; $wg_zShowGroupsOnMeta = isSet($wg_zShowGroupsOnMeta) ? $wg_zShowGroupsOnMeta : Permissions_SHOW_GROUPS_ON_META ; // !STEP-3 OF BuildHtmlTable() : build the 2 sets // $wgGroupPermissions , in our notation, should write : // $wg_szGroup_2_szRight_2_zOk reset($wgGroupPermissions) ; $szGroup_2_iPower = array() ; $szRight_2_rGranted = array() ; foreach($wgGroupPermissions as $szGroup => $szRight_2_zOk) { $szGroup_2_iPower[$szGroup] = count($szRight_2_zOk) ; reset($szRight_2_zOk) ; foreach($szRight_2_zOk as $szRight => $zOk) { $c=""; if (isset ($szRight_2_rGranted[$szRight])) $c=$szRight_2_rGranted[$szRight]; $szRight_2_rGranted[$szRight] = $c. ($szGroup != 'bureaucrat') ? 1 : 0.9 ; // a trick to reduce the influence of less interesting rights } } // !STEP-4 OF BuildHtmlTable() : sort the 2 sets // a few tricks to make sure of the order for some special features : $szGroup_2_iPower['*'] = -2; $szGroup_2_iPower['user'] = -1; $szGroup_2_iPower['bureaucrat'] = 1789 ; $szGroup_2_iPower['bot'] = 1968 ; $szRight_2_rGranted['createaccount'] = 9999 ; $szRight_2_rGranted['bot'] = -46 ; // sort groups by increasing power : asort($szGroup_2_iPower) ; // sort rights by decreasing use : arsort($szRight_2_rGranted) ; // !STEP-5 OF BuildHtmlTable() : it's now time to prepare the HTML output // equally divide HTML table : $uW = floor(80 / count($szGroup_2_iPower) ) ; $szStyle = Permissions_TH_STYLE ; $szhOut .= "\n

\n" ; // !STEP-5-1 OF BuildHtmlTable() : HTML thead stuff $szUrlGroup = Permissions_URL_GROUP ; $szUrlRight = Permissions_URL_RIGHT ; reset($szGroup_2_iPower) ; foreach($szGroup_2_iPower as $szGroup => $iPower) { $szGroup = ($szGroup == '*') ? 'anonymous' : $szGroup ; // explicit anonymous // aliasing mechanism : if( $wg_szGroup_2_szwGroupMeaning[$szGroup] ) // WIKI has priority over HTML { $szh = Permissions::Wiki_2_Html( $wg_szGroup_2_szwGroupMeaning[$szGroup] ) ; } elseif( $wg_szGroup_2_szhGroupMeaning[$szGroup] ) { $szh = $wg_szGroup_2_szhGroupMeaning[$szGroup]; } elseif( $wg_zShowGroupsOnMeta ) { $szh = Permissions::Wiki_2_Html( "[{$szUrlGroup}{$szGroup} {$szGroup}]" ) ; } else { $szh = $szGroup ; } // build the cell in thead : $szhOut .= " \n" ; } $szhOut .= "\n" ; // !STEP-5-2 OF BuildHtmlTable() : HTML tbody stuff arsort($szRight_2_rGranted) ; foreach($szRight_2_rGranted as $szRight => $rGranted) { // alias mechanism : if( $wg_szRight_2_szwRightMeaning[$szRight] ) // WIKI has priority over HTML { $szh = Permissions::Wiki_2_Html( $wg_szRight_2_szwRightMeaning[$szRight] ); } elseif( $wg_szRight_2_szhRightMeaning[$szRight] ) { $szh = $wg_szRight_2_szhRightMeaning[$szRight]; } elseif( $wg_zShowRightsOnMeta ) { $szh = Permissions::Wiki_2_Html( "[{$szUrlRight}{$szRight} {$szRight}]" ) ; } else { $szh = $szRight ; } // left cell : $szhOut .= " " ; // complete row : reset($szGroup_2_iPower) ; foreach($szGroup_2_iPower as $szGroup => $iPower) { $c=""; if(isset($wgGroupPermissions[$szGroup][$szRight])) $c=$wgGroupPermissions[$szGroup][$szRight]; $szhOut .= ( "\n " ) ; } $szhOut .= " \n" ; } $szhOut .= "
{$szh}
{$szh}".( ( $c ) ? $szhYes : ' ' )."

\n" ; // !STEP-6 OF BuildHtmlTable() : returns the HTML string return $szhOut ; } // the utilities : // could be private, but may be usefull elsewhere... // !SF : function Wiki_2_Html( $szwMessage ) /** * @param wikistring $szwMessage * @return htmlstring $szhMessage * @uses parse() * @uses getText() * @version 1.5.104.6 * @requires (mediawiki 1.5 , beta 4 , minor revision 6) * @since 1.5.104.6 (2005-08-03) * @internal rather rely on standard stuff when integrating the patch in the whole project */ function Wiki_2_Html( $szwMessage ) { global $wgParser, $wgTitle, $wgOut ; $parserOutput = $wgParser->parse( $szwMessage , $wgTitle , $wgOut->mParserOptions , true ) ; return $parserOutput->getText() ; } // !SF : function Translate($szOriginal) /** * a simplified version of MediaWiki_I18N::translate() * (does NOT support interpolation of variables) * * placed here to make this file standalone * (we just need to translate 'Yes' into 'Oui', 'Si', 'Ya', etc * * @param string $szOriginal * @return string $szTranslated * @version 1.5.104.7 * @internal rather rely on standard stuff when integrating the patch in the whole project */ function Translate($szOriginal) { $fname = 'SkinTemplate-translate'; wfProfileIn( $fname ) ; // open // Hack for i18n:attributes in PHPTAL 1.0.0 dev version as of 2004-10-23 $szOriginal = preg_replace( '/^string:/', '', $szOriginal ); // clean $szTranslated = wfMsg( $szOriginal ); // interpolate variables : removed in this simplified version !!! wfProfileOut( $fname ) ; // release return $szTranslated ; } // !SF : end static functions : /**#@+-*/ } // !END_OF_CLASS : Permissions // !STEP-5 OF wfSpecialPermissions() : register, make sure this special page is known SpecialPage::addPage ( new Permissions() ) ; } // !END-FUNCTION : wfSpecialPermissions() // !EOF : includes/SpecialPermissions.php ?> Response To Tor Study - CUSystems

Mediawiki title MediaWiki logo
 
Personal tools

Response To Tor Study

From CUSystems

Jump to: navigation, search

Main Page < Response To Tor Study

Disclaimer

The following is the private response of the researchers involved in this project, and not an official University of Colorado response to this topic. Please contact the University of Colorado press office for an official response.

Summary

Recently, some of our research was characterized as compromising the privacy of individuals and engaging in “wiretap”. This research involved the “Tor Network”, a mechanism that attempts to provide anonymity in the Internet. The goal of our research was to understand the Tor network so that we could improve the overall privacy and anonymity properties of this important service.

On 24 July 2008, the University of Colorado conducted an internal review of the research methodologies and determined that no University of Colorado human subjects review was needed by this study, and that the study did not constitute research misconduct.

Specifically, their response stated:

Based on our assessment and understanding of the issues involved in your work, our opinion was that by any reasonable standard, the work in question was not classifiable as human subject research, nor did it involve the collection of personally identifying information. While the underlying issues are certainly interesting and complex, our opinion is that in this case, no rules were violated by your not having subjected your proposed work to prior IRG scrutiny. Our analysis was confined to this IRG (HRC) issue.

Details

The Tor network is comprised of normal computers deployed in people's homes, offices and universities. The network acts together to “unlink” the person requesting information from the website providing the information. As part of our research, we ran a “Tor exit node”; communication traffic leaving that node went to the final websites specified by the users of the Tor network.

One of our goals was to understand how and why people use the Tor network. People use the Tor network for many purposes. Simply running a Tor exit node illustrates the many negative uses – during the course of our normal operation of the exit node, we received numerous “take down notices” for copyrighted material being accessed from our node, other notices that our node was “attacking” other computers and inquiries about threats that were transported by our node. All of that traffic originated from users of the Tor network, and were not related to our own actions.

In order to understand the positive contributions of the Tor network, we sought to understand the geographic distribution of users. Our conclusions were that Tor appeared to be used by people from numerous countries with less freedom of speech than we enjoy in the United State.

To do this research, it was necessary for us to monitor some of the traffic leaving a Tor exit node. Here we used the same, commonly accepted practice for network monitoring as many other research groups. Capturing network packets like this is a common procedure. In fact, the response to our earlier paper at the Internet Measurement Conference in 2007 concerning the legality of the monitoring and analyzing Internet communication highlighted the differing opinions in the community about the standards and methods to be used. Our paper provided a very limited set of guidelines – other speakers at the conference (including representatives form the Dept. of Homeland Security) felt that the privacy methods we advocated were overly restrictive and not needed under current law and practice. The general consensus at the conference was that this sort of monitoring is not only perfectly acceptable, but an important thing to do, but that more guidance is needed.

What made this particular work different was that the packets we captured came through a Tor node. Because of this difference, we took extreme caution in managing these traces and have not and will not plan to share them with other researchers.

The results of our research will pave the way for improving the privacy and anonymity of Tor user and help demonstrate the positive role that Tor plays in free and public communication. While we observed the highest ethical standards in our research, we observe that others do not share our sense of ethics. As one concrete step toward improving the privacy and anonymity of Tor users, and as part of our research we developed methods for detecting when others might be both monitoring Tor traffic and then abusing that data.

Our research group has a history of contributing to the security and privacy of the Tor network. This work and our other results will pave the way for greater future privacy and anonymity for Internet users. For example, our research lets us better understand the real uses of Tor, and will allow us and others to create more efficient solutions to solve this important problem.


Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker