Private Probes: What's the Point
Hi All, I've run into a few probes marked private, and when I've found & asked the owners, they didn't realise they'd done anything restrictive or harmful to researchers by marking their probes private. Intrigued at this phenomena, I had a look at the probe metadata. Right now I think there are 1,534 Atlas probes that are active and connected to the network, but marked private. What's the point of having private probes in the network? Do their hosts still earn credits they can use on public probes? Should they be? Are private probe hosts helping the project? The FAQ says nothing about private probes, so I thought I would ask here. Thanks, Jon
Hi Jon! On 2015-10-19 05:00, Jonathan Brewer wrote:
Hi All,
I've run into a few probes marked private, and when I've found & asked the owners, they didn't realise they'd done anything restrictive or harmful to researchers by marking their probes private.
Intrigued at this phenomena, I had a look at the probe metadata. Right now I think there are 1,534 Atlas probes that are active and connected to the network, but marked private.
What's the point of having private probes in the network? Do their hosts still" earn credits they can use on public probes? Should they be? Are private probe hosts helping the project?
IIRC, we did have quite a bit on the topic of labelling probes as "private", but I would have to do some digging to find the references to that discussion.. But before chiming in ith my personal point of view, may I ask the Atlas Team to summarize what the effects of "private" are. I seem to remember that private probes *do* participate in the built-in measurements. I may be wron, though.
The FAQ says nothing about private probes, so I thought I would ask here.
I think it is pretty useful to have another look at that setting.
Thanks,
Jon
Cheers, Wilfried
On Oct 20, 2015, at 12:36 PM, Wilfried Woeber <woeber@cc.univie.ac.at> wrote:
Hi Jon!
On 2015-10-19 05:00, Jonathan Brewer wrote:
Hi All,
I've run into a few probes marked private, and when I've found & asked the owners, they didn't realise they'd done anything restrictive or harmful to researchers by marking their probes private.
Intrigued at this phenomena, I had a look at the probe metadata. Right now I think there are 1,534 Atlas probes that are active and connected to the network, but marked private.
What's the point of having private probes in the network? Do their hosts still" earn credits they can use on public probes? Should they be? Are private probe hosts helping the project?
IIRC, we did have quite a bit on the topic of labelling probes as "private", but I would have to do some digging to find the references to that discussion..
But before chiming in ith my personal point of view, may I ask the Atlas Team to summarize what the effects of "private" are. I seem to remember that private probes *do* participate in the built-in measurements. I may be wron, though.
The FAQ says nothing about private probes, so I thought I would ask here.
I think it is pretty useful to have another look at that setting.
Thanks,
Jon
Cheers, Wilfried
My understanding is that my private probe participates in built-in measurements but is not open to the world. My small network is not designed to serve as a target for the world. James R. Cutler James.cutler@consultant.com PGP keys at http://pgp.mit.edu
Hi James, I just wanted to clarify a few points about how the probes work in response to your comment. All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*. Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement. And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements). You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/ Please let us know if you have any other questions. Regards, Daniel Quinn
Dear list, Talking about how public and non-public probe participates in built-in and user-defined measurement, a possible scenario has come to my mind (maybe it’s not really relevant to what you are discussing right now). Here goes the case: I host a probe and it is required to participate in a UDM involving sensitive destinations, say DNS measurement to ISIS’s site (could be interesting and useful in certain senses), which however might violet my local security policies. As a consequence, the big brother might knock at my door and invite me for a coffee…or something more serious. My question is, if that happens, am I really responsible for that and whether it is possible to avoid participating in certain risky measurements. Possibly I wrong too much. Best regards, wenqin
On 22 Oct 2015, at 16:35, Daniel Quinn <dquinn@ripe.net> wrote:
Hi James,
I just wanted to clarify a few points about how the probes work in response to your comment.
All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*.
Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement.
And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements).
You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/
Please let us know if you have any other questions.
Regards,
Daniel Quinn
For example there are discussion these days concerning this paper: http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p653.pdf https://readings.owlfolio.org/2015/encore-lightweight-measurement-web-censor... I wonder if Atlas platform has similar concerns as well. Best regards, weqnin
On 22 Oct 2015, at 17:00, Wenqin SHAO <wenqin.shao@telecom-paristech.fr> wrote:
Dear list,
Talking about how public and non-public probe participates in built-in and user-defined measurement, a possible scenario has come to my mind (maybe it’s not really relevant to what you are discussing right now). Here goes the case:
I host a probe and it is required to participate in a UDM involving sensitive destinations, say DNS measurement to ISIS’s site (could be interesting and useful in certain senses), which however might violet my local security policies. As a consequence, the big brother might knock at my door and invite me for a coffee…or something more serious.
My question is, if that happens, am I really responsible for that and whether it is possible to avoid participating in certain risky measurements.
Possibly I wrong too much.
Best regards, wenqin
On 22 Oct 2015, at 16:35, Daniel Quinn <dquinn@ripe.net> wrote:
Hi James,
I just wanted to clarify a few points about how the probes work in response to your comment.
All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*.
Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement.
And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements).
You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/
Please let us know if you have any other questions.
Regards,
Daniel Quinn
Im my, biased, opinion Atlas is has significantly less ethical issues. Atlas is not running on the user's system or browser and we do much less than could be done with javascript. So Atlas measurement traffic looks very much less like it is coming from the user and the user is not exposed to content/malware through Atlas. Daniel On 22.10.15 17:07 , Wenqin SHAO wrote:
For example there are discussion these days concerning this paper:
http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p653.pdf https://readings.owlfolio.org/2015/encore-lightweight-measurement-web-censor...
I totally agree with you on the point that no actual content is involved in Atlas measurements. In that sense, Atlas is in deed much less problematic than the work on web censorship. However, I recall (I tried and failed to find the reference for the moment being) that in France, some type of metadata might be as well sensitive, say a URL, and that’s why I mentioned DNS measurements previously. Wenqin
On 22 Oct 2015, at 17:26, Daniel Karrenberg <daniel.karrenberg@ripe.net> wrote:
Im my, biased, opinion Atlas is has significantly less ethical issues. Atlas is not running on the user's system or browser and we do much less than could be done with javascript. So Atlas measurement traffic looks very much less like it is coming from the user and the user is not exposed to content/malware through Atlas.
Daniel
On 22.10.15 17:07 , Wenqin SHAO wrote:
For example there are discussion these days concerning this paper:
http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p653.pdf https://readings.owlfolio.org/2015/encore-lightweight-measurement-web-censor...
On Thu, Oct 22, 2015 at 05:42:37PM +0200, Wenqin SHAO <wenqin.shao@telecom-paristech.fr> wrote a message of 33 lines which said:
I recall (I tried and failed to find the reference for the moment being) that in France, some type of metadata might be as well sensitive, say a URL,
My talk at the France-IX General Assembly <https://www.franceix.net/media/cms_page_media/851/The_necessary_restructuring_of_the_Internet_by_Stephane-BORTZMEYER_AFNIC.pdf> mentioned RIPE Atlas probes and their use in France to monitor DNS censorship.
Wengin, Thank you for your good question. This is exactly why we allow HTTP measurements only to well defined targets. So far we assume that DNS queries are not harmful. Since we cannot know what is "risky" in all places there is little else we can do. Would you have more peace of mind if you could opt out of DNS the probe doing DNS queries related to measurements altogether? On the positive side: Should any host get in trouble we commit to go back to our logs/results and testify that the traffic was originated by our probe. Of course we cannot tell you what your local authorities will hold you responsible for. Would a ping to a certain address get you in trouble? So if you are *really* *really* concerned about this you should not host a probe. Daniel On 22.10.15 17:00 , Wenqin SHAO wrote:
Dear list,
Talking about how public and non-public probe participates in built-in and user-defined measurement, a possible scenario has come to my mind (maybe it’s not really relevant to what you are discussing right now). Here goes the case:
I host a probe and it is required to participate in a UDM involving sensitive destinations, say DNS measurement to ISIS’s site (could be interesting and useful in certain senses), which however might violet my local security policies. As a consequence, the big brother might knock at my door and invite me for a coffee…or something more serious.
My question is, if that happens, am I really responsible for that and whether it is possible to avoid participating in certain risky measurements.
Possibly I wrong too much.
Best regards, wenqin
On 22 Oct 2015, at 16:35, Daniel Quinn <dquinn@ripe.net> wrote:
Hi James,
I just wanted to clarify a few points about how the probes work in response to your comment.
All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*.
Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement.
And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements).
You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/
Please let us know if you have any other questions.
Regards,
Daniel Quinn
Hello Daniel, Thank you very much for you quick response. I personally am not very much concerned. The possibility just came into my mind. I plan to move my recently obtained probe into a Academic network in China, where the hosting institution there shall take the responsibility for all consequences, instead of putting it my parents’ living room. One other issue with security policies is that sometime one wouldn’t learn these rules if one hadn’t violet them in first place. Regards, Wenqin
On 22 Oct 2015, at 17:17, Daniel Karrenberg <daniel.karrenberg@ripe.net> wrote:
Wengin,
Thank you for your good question.
This is exactly why we allow HTTP measurements only to well defined targets. So far we assume that DNS queries are not harmful. Since we cannot know what is "risky" in all places there is little else we can do. Would you have more peace of mind if you could opt out of DNS the probe doing DNS queries related to measurements altogether?
On the positive side: Should any host get in trouble we commit to go back to our logs/results and testify that the traffic was originated by our probe.
Of course we cannot tell you what your local authorities will hold you responsible for. Would a ping to a certain address get you in trouble? So if you are *really* *really* concerned about this you should not host a probe.
Daniel
On 22.10.15 17:00 , Wenqin SHAO wrote:
Dear list,
Talking about how public and non-public probe participates in built-in and user-defined measurement, a possible scenario has come to my mind (maybe it’s not really relevant to what you are discussing right now). Here goes the case:
I host a probe and it is required to participate in a UDM involving sensitive destinations, say DNS measurement to ISIS’s site (could be interesting and useful in certain senses), which however might violet my local security policies. As a consequence, the big brother might knock at my door and invite me for a coffee…or something more serious.
My question is, if that happens, am I really responsible for that and whether it is possible to avoid participating in certain risky measurements.
Possibly I wrong too much.
Best regards, wenqin
On 22 Oct 2015, at 16:35, Daniel Quinn <dquinn@ripe.net> wrote:
Hi James,
I just wanted to clarify a few points about how the probes work in response to your comment.
All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*.
Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement.
And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements).
You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/
Please let us know if you have any other questions.
Regards,
Daniel Quinn
Wenquin, apologies for mis-spelling you name. I need a bigger font or new glasses ;-). What I forgot to say in comparison with Encore because it was so obvious is this: of course the really big ethical problem with Encore is that the users participate without knowing about it. With Atlas the host of course indicates consent by hosting the probe and agreeing to Atlas rules. So I sure hope that you inform the hosting institution about the probe. ;-). Daniel PS: Personally I have been consciously ignorant of rules quite frequently and relied on my moral compass. However we all know that there are places where the consequences of ignoring rules can be quite unpleasant these days. :-(. On 22.10.15 17:33 , Wenqin SHAO wrote:
Hello Daniel,
Thank you very much for you quick response.
I personally am not very much concerned. The possibility just came into my mind. I plan to move my recently obtained probe into a Academic network in China, where the hosting institution there shall take the responsibility for all consequences, instead of putting it my parents’ living room.
One other issue with security policies is that sometime one wouldn’t learn these rules if one hadn’t violet them in first place.
Regards, Wenqin
On 22 Oct 2015, at 17:17, Daniel Karrenberg <daniel.karrenberg@ripe.net> wrote:
Wengin,
Thank you for your good question.
This is exactly why we allow HTTP measurements only to well defined targets. So far we assume that DNS queries are not harmful. Since we cannot know what is "risky" in all places there is little else we can do. Would you have more peace of mind if you could opt out of DNS the probe doing DNS queries related to measurements altogether?
On the positive side: Should any host get in trouble we commit to go back to our logs/results and testify that the traffic was originated by our probe.
Of course we cannot tell you what your local authorities will hold you responsible for. Would a ping to a certain address get you in trouble? So if you are *really* *really* concerned about this you should not host a probe.
Daniel
On 22.10.15 17:00 , Wenqin SHAO wrote:
Dear list,
Talking about how public and non-public probe participates in built-in and user-defined measurement, a possible scenario has come to my mind (maybe it’s not really relevant to what you are discussing right now). Here goes the case:
I host a probe and it is required to participate in a UDM involving sensitive destinations, say DNS measurement to ISIS’s site (could be interesting and useful in certain senses), which however might violet my local security policies. As a consequence, the big brother might knock at my door and invite me for a coffee…or something more serious.
My question is, if that happens, am I really responsible for that and whether it is possible to avoid participating in certain risky measurements.
Possibly I wrong too much.
Best regards, wenqin
On 22 Oct 2015, at 16:35, Daniel Quinn <dquinn@ripe.net> wrote:
Hi James,
I just wanted to clarify a few points about how the probes work in response to your comment.
All RIPE Atlas probes, even those not marked “public”, are available to be used in both built-in and user-defined measurements *as sources*.
Many probes are not hosted on the open Internet, so they make for lousy targets. In most cases, they're hosted on internal networks, so they're often not “targetable” at all. More importantly, hosting a probe does not make your network (which already exists on the open Internet) any more or less likely to be the target of a measurement.
And in terms of outgoing traffic, the probe generates next to nothing (typically a few Kb/s, even when it’s being used for user-defined measurements).
You can learn more about this from the FAQs: https://atlas.ripe.net/about/faq/
Please let us know if you have any other questions.
Regards,
Daniel Quinn
Hi,
On 22 Oct 2015, at 17:48, Daniel Karrenberg <daniel.karrenberg@ripe.net> wrote:
What I forgot to say in comparison with Encore because it was so obvious is this: of course the really big ethical problem with Encore is that the users participate without knowing about it. With Atlas the host of course indicates consent by hosting the probe and agreeing to Atlas rules. So I sure hope that you inform the hosting institution about the probe. ;-).
There’s much discussion on the Encore measurement and similar research efforts on measuring censorship. I missed this discussion here, but actually pointed to the Atlas infrastructure regarding sensible rules on bandwidth usage. I think there is not much issue for Atlas, as you say, Atlas is a voluntary effort. Besides that, most hosts of Atlas probes are probably knowledgeable on networking, and network measurements. These people should know what they are getting into.
PS: Personally I have been consciously ignorant of rules quite frequently and relied on my moral compass. However we all know that there are places where the consequences of ignoring rules can be quite unpleasant these days. :-(.
My impression is also that many many more people are getting into networking, network and Internet research. Many are from a new generation that did not experience the evolution of the Internet. Because of that, they may not have developed the same set of values that the older generation had. This means that these values now should be made explicit, which is a very hard thing to do… but I think it’s a very interesting process :) Jeroen.
participants (8)
-
Daniel Karrenberg -
Daniel Quinn -
James R Cutler -
Jeroen van der Ham -
Jonathan Brewer -
Stephane Bortzmeyer -
Wenqin SHAO -
Wilfried Woeber