Request For Research Presentations For the PrivacyCon Conference #00044

Submission Number:
Jim Rennie
Initiative Name:
Request For Research Presentations For the PrivacyCon Conference
This submission is from Jim Rennie, Privacy and Security Counsel, GitHub,, 415-735-4488 This research presentation is a case study of a malicious use of a Privacy Enhancing Technology (PET) in the wild. GitHub was posed with a problem concerning the popular and well-known Tor network, a PET which (among other things) allows for browsing the web without an easily traceable IP address. After an outbreak of harassment, bullying, and spamming of users, we investigated and discovered that the vast majority of accounts accessing GitHub via Tor were being used for malicious attacks. Ultimately, we decided to treat Tor users differently than non-Tor users, but in a way we feel respects the privacy rights of Tor users. We believe there is an important policy discussion to be held around use of PETs, and how to balance honoring those users who desire greater privacy against the interests of other users to be free from harassment. We hope our experience in this situation can help start that discussion, provide a spark for further research on PETs, and give some guidance to other companies faced with similar issues. Attached is the draft of the slides which would be presented at PrivacyCon.