Except that the approach the author used is in my opinion completely flawed.
The author states he started from 1 (one) seed URL, and then crawled the sites, visiting links. But that's not valid, as you'd only ever come across a possible fraction of what exists.
To be able to make any authoritative claim, he would need to scan the entire IP-space, like an actual search engine would.
I'm not condoning pedophelia or anything like it, but I think it's naive to take a simple approach and then make authoritative claims about the entirety of the TOR network.
But I also think that there were flagrant abuses that could be pursued under the CFAA. Just because something isn't "per se" malware doesn't mean it wouldn't fit the legal definition.
You used to be able to set yourself up as an HSDir server, and sniff the outgoing hidden service descriptors, but the author has clearly not done this given his level of technical expertise and domain knowledge.
The author states he started from 1 (one) seed URL, and then crawled the sites, visiting links. But that's not valid, as you'd only ever come across a possible fraction of what exists.
To be able to make any authoritative claim, he would need to scan the entire IP-space, like an actual search engine would.
I'm not condoning pedophelia or anything like it, but I think it's naive to take a simple approach and then make authoritative claims about the entirety of the TOR network.
But I also think that there were flagrant abuses that could be pursued under the CFAA. Just because something isn't "per se" malware doesn't mean it wouldn't fit the legal definition.