[probdist]

I assume the CMU folks didn't break into any one elses nodes. It seems like one of the principles of Tor node operation is that you can run your nodes however you want. I don't think there is any binding agreement or even strong implication that someone operating a Tor node agrees to not be hostile to users.

Perhaps it was unethical by the standards of university research, but I wouldn't be bothered by the government doing this. If the government or a university researcher idled in your irc channel and logged the communications I would think that was okay. I kinda view this the same way.

[mtgx]

The government would probably need a warrant to do that. The university doesn't, and the gov may have use it as a proxy for its attack, while calling it "research". If this sort of thing isn't stopped now in a loud way, it may become the new normal in academia.

[gwright]

This wasn't done by 'academia'. It was apparently done by a Federally Funded Research and Development Center sponsored by the Department of Defense.

That doesn't mean there isn't room for criticism regarding the activities but that would be criticism regarding government activities and not academic activities.

[XorNot]

There's broad protections for reporting crimes incidentally observed. It's why parallel construction exists in the first place - to avoid the absurdity of happening to observe a murder, but then grant immunity to the victim due to how it was initially identified even if you later find the body, weapon, and DNA evidence.

In the case of Tor, when you go probing hidden services it would be very easy to find a lot of crime you'd definitely want to report if you knew who was doing it.

[doktrin]

The SEI is funded by the DoD and many among its staff and leadership are former military. It's not really 'academia' in the way you're imagining it. Rather, think of it as a government contractor that only does R&D.

[ikeboy]

They did something with the nodes that should have been impossible, basically exploiting a vulnerability in tor. That seems worse than just passively observing.