[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Desired exit node diversity

Apologies for quick post.

If we want to a socially connected link, seems we can use the same infrastructure for doing keysignings parties but we just use relay public keys. That seems a nice distributed way of doing this.
On Thu, 24 Sep 2015 at 13:42 Virgil Griffith <i@xxxxxxxxx> wrote:
Can we not use the argument "anonymity requires diverse company" on both sides? For whole rational actors it seems like this should work. Tor "exploits the military" into lending cover to activist groups, which they would presumably support.

This may be too naive a view of the situation.

Re: socially connected. That's interesting. I'll see what I can do. Chat more in Berlin.

-V
On Thu, 24 Sep 2015 at 13:19 Roger Dingledine <arma@xxxxxxx> wrote:
On Wed, Sep 23, 2015 at 06:18:58AM +0000, Virgil Griffith wrote:
> Exit nodes seem a nice place to start concretizing what's meant when we say
> we want relay diversity. Comments immensely appreciated because as-is I
> don't know the answers to these questions.

Hi Virgil,

I've been pondering the opposite of this topic, after looking at the
recent tor-relays thread about some ISP not wanting to let somebody
host an exit relay because they figure a lot of the Tor network is
run by government agencies. My usual answer to that concern is "no, we
*know* the operators of more than half the capacity in the Tor network,
so this cannot be the case". And I think this is increasingly true in
the era of activist non-profits that run relays -- Germany's got one,
and so do the US, the Netherlands, Sweden, France, Luxembourg, etc etc.

But it would be neat to have a mechanism for learning whether this is
actually true, and (whatever the current situation) how it's changing.

The tie-in to Roster would be some sort of "socially connected" badge,
which your relay gets because you're sufficiently tied into the Tor
relay operator community.

And then we'd have something concrete to point to for backing up, or
disputing, the claim that we know a significant fraction of the network.

Of course, the details of when to assign the badge will be tricky and
critical: too loose and you undermine the trust in it (it only takes a
few "omg the kgb runs a relay and look it's got the badge" cases to make
the news), but too strict and you undercount the social connectedness.

In a sense this is like the original 'valid' flag, which you got
by mailing me and having me manually approve your relay (and without
which you would never be used as the entry or exit point in a circuit).
Periodically I wonder if we should go back to a design like that, where
users won't pick exit relays that don't have the "socially connected"
badge. Then I opt against wanting it, since I worry that we'd lose
exactly the kind of diversity we need most, by cutting out the relays
whose operators we don't know.

But both sides of that are just guessing. Let's find out!

--Roger

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev