[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: The use of malicious botnets to disrupt The Onion Router
Chad Z. Hower aka Kudzu schrieb:
I don't think from a technical pov the entry point is an issue; all data
passing through there is encrypted, so malicious intent would have to
meet serious computing power to do damage (except for dropping the
packet alltogether) at that point. Also, as you indirectly pointed out
by simply not mentioning them, relays are even less an issue. So I guess
"uncredited" routers would still be usefull as middlemen.
Some of us Tor operators know other Tor operators. As such a (web of)
trusted core network would be valuable.
Anyone else interested in this? I'm a coder, unfortunately I do not like C
(nor C++) so I can't help out much there... How big is the TOR code?
The idea would be that your trusted friends would not be your endpoint exit
node, just your firstpoint into a TOR network. And your endpoint exit nodes
would be friends of your friends friends. (3 levels, or more). While not
passing back who your friend's friends are, statistics such as how many
friends they have could be passed back to determine how many exit nodes you
eventually would have... thus you may choose 3 hops... and see that maybe
there are not enough endpoint exit nodes for your taste... so then you could
specify more hops.
However, it might actually be worth considering an *optional* feature
that would allow tor to only use exit nodes within your web of trust,
since exit nodes are the ones who could potentially do "bad things". But
I believe it would also be a serious threat to your anonymity (a site
that can identify you uniquely over a longer period of time, i.e. your
email provider, could log all exit nodes you connect from, and from that
draw conclusions to who's in your web of trust, from where it should be
only a small step towards your true identity). One would have to choose
which threat one prefers.
Is there anyone who could give a (somewhat professional) assessment of
how a web-of-trust feature would impact on anonymity? How about tor's