[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The use of malicious botnets to disrupt The Onion Router



Chad Z. Hower aka Kudzu schrieb:
Some of us Tor operators know other Tor operators. As such a (web of)
trusted core network would be valuable.

Anyone else interested in this? I'm a coder, unfortunately I do not like C
(nor C++) so I can't help out much there... How big is the TOR code?

The idea would be that your trusted friends would not be your endpoint exit
node, just your firstpoint into a TOR network. And your endpoint exit nodes
would be friends of your friends friends. (3 levels, or more). While not
passing back who your friend's friends are, statistics such as how many
friends they have could be passed back to determine how many exit nodes you
eventually would have... thus you may choose 3 hops... and see that maybe
there are not enough endpoint exit nodes for your taste... so then you could
specify more hops.
I don't think from a technical pov the entry point is an issue; all data passing through there is encrypted, so malicious intent would have to meet serious computing power to do damage (except for dropping the packet alltogether) at that point. Also, as you indirectly pointed out by simply not mentioning them, relays are even less an issue. So I guess "uncredited" routers would still be usefull as middlemen.

However, it might actually be worth considering an *optional* feature that would allow tor to only use exit nodes within your web of trust, since exit nodes are the ones who could potentially do "bad things". But I believe it would also be a serious threat to your anonymity (a site that can identify you uniquely over a longer period of time, i.e. your email provider, could log all exit nodes you connect from, and from that draw conclusions to who's in your web of trust, from where it should be only a small step towards your true identity). One would have to choose which threat one prefers.

Is there anyone who could give a (somewhat professional) assessment of how a web-of-trust feature would impact on anonymity? How about tor's overall performance?

Andrew