1) What exactly would we pay for?
Agree on 100+ mbps exit node funding. Also agree
with Moritz's suggestion that there be a form that limits fund
disbursement on a per-ISP level, to encourage ISP diversity (and
contribute to the discovery of new "known good" ISPs for tor).
*Continued*
funding should be contingent on *simple* review requirements (e.g. node
must be up and passing decent traffic during period, fund recipient
must document experience with ISP on GoodBadISP wiki page, etc) without
making it a paperwork nightmare.
2) Should we fund existing relays or new ones?
Difficult question. Would say allow both, with the agreement that
anyone those running existing relays agree to improve service in some
way (increase monthly b/w cap, set up an additional node [even if it's a
small vps that doesn't require the amount of money funded], etc). This
would allow our big important providers to offset some of their
existing costs while still expanding the network (even if it's in
nominal terms in limited circumstances).
If there's suspected abuse, run a annual/semiannual funding review, but I
imagine those gaming the system are more likely to be small players
than the larger, established providers who were running nodes without
any help.
4) What exactly do we mean by diversity?
I would look at this almost entirely from a jurisdictional and ISP
level. I believe the biggest "sudden impact" threats to the tor network
are going to be from legal changes (jurisdictional, i.e. "save the
children, nullroute the nodes") and local business policy changes
("sorry tor customers, no more tor egress from our DC due to
complaints").
Other threats are more likely to occur slowly, requiring less focus on pre-planning.
5) How much "should" an exit relay cost?
$150/mo minimum. I pay roughly $130/mo with limehost/voxility, and
they're almost the cheapest physical servers & bandwidth to be had
on the internet. Western Europe, US, & Asian locations are going to
be more expensive for a quality provider. Perhaps offer different
funding amounts based on the ISP's region?
Also, review funding minimums and maximums every 3-6 months -- I think
that as VPS providers become more competitive and reliable for tor
purposes (i.e. losing the metering), this is going to could change very
favorably.
6) How exactly should we choose which exit relay operators to reimburse?
I think history is a good metric for determining how successfully an
operator will be in setting up a new node. If you get money to one of a
the major operators on the condition of setting up a new node, I don't
think they will have trouble setting up a new node. If you give it to
new guy, you had better have strong a strong indication that they have
the skills necessary to handle becoming an overnight systems
administrator.
7) How do we audit / track the sponsored relays?
Are there any known weaknesses with just checking the stats pages?
Require those selected for funds to register their node nicknames, then
check to see if they're online (and passing a reasonable amount of
traffic) couple time a month (or week, or day... whatever).
8) Legal questions?
Really should ask friendly lawyer blogs about this one. Given the
million different jurisdictions involved with tor, there's probably no
safe answer, but I would suggest phrasing everything as a
"reimbursement" or "award" rather than a payment to try and limit any
perception that this is a commercial activity. State in the agreement
that the funds are not to be used for commercial purposes, or something
similar, and that they do not constitute a commercial relationship
between funder and fundee.