[Tango-L] Research project: Correlation between cultural identity and tango

[Myk Dowling]

On Tue, 2009-08-18 at 11:48 +1000, Tango Research wrote:
> Some of you have expressed concerns about the tango survey
> (relationship between one’s cultural identity and the values they see
> in tango).
> 
> This survey derived from questions which arose from my experience with
> tango dancers in various countries, on different continents. Although
> this is a study born out of my personal interest, as an experienced
> researcher (I have a MA and a PhD, and one of my research interest
> lies in the field of psycholinguistics), I have gone through all the
> expected protocols for this study, starting with literature review. I
> have decided on the methodology (methods of investigation, procedure,
> and analyses) after due consideration.
> 
> The survey is an initial, exploratory study to determine whether the
> results are sufficiently promising to pursue a more intensive study.
> If the results of the survey are promising (I am happy to share the
> results with anyone who wishes to see them), I may consider doing this
> study as a university project, in which case I have to obtain an
> official ethics clearance, for example, to conduct email interviews
> (as mentioned at the end of the survey).
> 
> I chose to be anonymous and used non-personal email to communicate,
> mainly because my personal email would reveal my occupation and
> institution, leading people to presume that this survey was one of the
> university research projects, which it is not.
> 
> For reasons stated above, it would be inappropriate to host the survey
> on the servers at work. Public servers did not provide the necessary
> database facilities, so the bulk of the survey code is being hosted by
> a friend. Traffic diversion is not an aim.
> 
> One participant (well, in the end, non-participant) expressed security
> concerns. The only aspect of the survey mechanism that may have
> triggered the reported security alert is that the survey mechanism
> uses a "cookie" to control the survey session.

No, the problem is a Javascript issue. I don't block cookies. But I do
not allow any Javascript to run that is not from whitelisted site (using
the NoScript Firefox extension, http://noscript.net/). This is a very
useful security tool which acts to stop cross-site scripting attacks.
Unfortunately, although there is clearly Javascript being attempted, it
is not announcing itself properly, so I don't get a domain name I can
whitelist.

It would seem likely that your survey forms are mimicking a cross-site
scripting attack, by linking to Javascript code being stored on a
different website. If you tell me what that website is, I can white-list
it, and run the survey.

Myk,
in Canberra