I would imagine the researchers broke quite a few laws verifying this attack on the public Tor network, if they indeed did so. And since Tor is incredibly hard to simulate at that level, it's likely that they did. Even if they developed the attack on a simulated network they may have run the tool for verification against the live network. Maybe they did it to de-anonymize a drug marketplace or something else they thought they could get "ethical hacker points" for. Maybe they sent the information to the feds and thought they were doing the right thing.
This is something that has always been legally murky, enough so that I feel like some technical people could decide that they didn't care and just go with it. More people under them might have as well, pulled along by sheer groupthink if not genuine agreement.
This attack was unique not in that it made strong claims, but that it had unusually specific strong claims that indicated some amount of empiricism. I feel like you could only reasonably claim that number if you actually tested it against a very strong network simulation (which doesn't exist for Tor) or the real network.
It's not like other researchers haven't done similar things to get results about Tor. There are a few workshop and academic conference papers that talk about results obtained by analyzing Tor traffic; this is technically wiretapping according to the Tor project, but previously it's always been mundane enough that nobody has gotten involved. This experiment might have compromised some people's very personal information, and it's incredibly public.
This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.
>This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.
I more or less agree that liability seems more likely, but I have no idea what the nature of the attack is, so it's always possible it's an offshoot of some other research they are doing which can be patentable. Alternatively, it could be that CMU procedure is to require approval for all talks for brand and IP protection reasons and he just hasn't gone through the proper procedure, so in the meantime they pulled it (rather than pulling it in response to an actual analysis of the talk). This last one seems unlikely, though, as you'd imagine there was no rush to pull the abstract (which contained no details).
At a school like CMU it's hard for me to believe they'd cancel a researcher's talk because it wasn't properly disclosed. It'd create a headache for the IP team, but they wouldn't cancel the talk. That just makes them look awful.
This is something that has always been legally murky, enough so that I feel like some technical people could decide that they didn't care and just go with it. More people under them might have as well, pulled along by sheer groupthink if not genuine agreement.
This attack was unique not in that it made strong claims, but that it had unusually specific strong claims that indicated some amount of empiricism. I feel like you could only reasonably claim that number if you actually tested it against a very strong network simulation (which doesn't exist for Tor) or the real network.
It's not like other researchers haven't done similar things to get results about Tor. There are a few workshop and academic conference papers that talk about results obtained by analyzing Tor traffic; this is technically wiretapping according to the Tor project, but previously it's always been mundane enough that nobody has gotten involved. This experiment might have compromised some people's very personal information, and it's incredibly public.
This is all really just an expansion of "they're worried about some sort of liability." In any case that's by far the likelier of the two; I can't imagine you could sell IP related to this.