[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit node only server



You provide a rant, I provide a screed:

> At the risk of sounding like a broken record, I second (or third?)
> this idea.  There are a number of impelling reasons for changing the
> Tor architecture to a tit-for-tat construction:

You are confused.  Most significantly, Tor is a routing infrastructure,
not a content distribution network, and as such its design constraints
resemble those corresponding to routing infrastructures rather than
content distribution networks.  If all of the routers in the Internet
organized themselves around a "tit-for-tat" model, there would be no
Internet: small ISPs who effectively leech content from large ISPs would
not be able to participate, and that would be that.  To solve this
problem, ISPs exchange money.  There is no alternative to exchanging
something of value out-of-band (e.g. customer payments), since as far as
Internet routing is concerned, the smaller ISP has nothing to provide to
the larger ISP other than what it implicitly provides by connecting its
customers to the larger ISP.

In the case of peer-to-peer content distribution networks, one can make
the argument that individual peers are both producers and consumers of
content, in a generic sense, and that inasmuch as this is the case, it
may not be unreasonable to deploy bartering mechanisms to balance
exchanges between participants.  The case with routing infrastructures
is less obvious.  Not only does an individual ISP not necessarily
derive benefit from an eager volunteer willing to take some of its
traffic, but the entire notion that what an ISP should contribute to the
Internet should be equivalent to what it obtains from the Internet is
absurd.

> 1. It will ameliorate the inescapable FACT of human greed--if you wish
> to use resources you will have to contribute corresponding resources.
> I believe that without building in this ameliorative factor, Tor
> networks will always suffer from severe response problems. The
> BitTorrent designer apparently knew how deeply ingrained the greedy
> human response to freebies is, and designed his system to offset it. 

What is a "resource" in this context?  With BitTorrent the definition is
clear: a resource is content demanded by the network.  With Tor, the
definition is less clear: users want anonymity in the abstract and
router bandwidth in the concrete, but not every client is positioned to
provide a contribution.

> 2. It will encourage exapansion of the current (experimental) Tor
> network, thus yielding data points otherwise unavailable since there
> are undoubtedly users who would be willing to contribute some asset as
> a fee for using the Tor network BUT cannot host a permanent server.
> Shutting these people out from contributing seems a waste of both
> computing resources and good will.

There are reasons why permanent or longstanding servers are more
valuable to the Tor network than ephemeral client machines.  Not least
among these reasons are that many Tor users like TCP connections that
persist for a while and are not disconnected because someone shut off a
laptop in an Internet cafe somewhere.  Also, it is not clear that the
asset that the Internet cafe user is providing is actually beneficial to
the network, particularly if the connection is asymmetric.

> 3. It MAY reduce the legal exposure of users by putting all users on
> more equal ground--every user who runs a client will also be running a
> server.

Not only is the claim about reducing legal exposure dubious, but it is
unreasonable to expect that all Tor clients can run servers.  Not all
clients are in the position to run servers.  Consider the large
multiplicity of Tor users whose hosts are unreachable since they are
behind NATs or firewalls, or those who are subject to regimes with
serious penalties for forwarding traffic through Tor.  It seems wrong to
relegate such users to a lower tier of service; to a large extent it is
these users for whom Tor is designed!

Somehow managing to forward data to a Tor node not well-situated to be a
server does not provide increased benefit to the client making the
request.  This is a critical point of difference between the case of
content distribution networks and the case of routing infrastructures: a
file is a file, but bandwidth is only a means to an end, and bandwidth
alone does not provide what a user (or even the network) really needs.
With a content distribution network, one can argue, as BitTorrent does,
that a client acquires a resource useful to the network as it is downloading
a file from a peer, and that that resource can immediately be offered to
other nodes on the network as a contribution.  An analogous argument is
not possible in the context of Tor.

Furthermore, there is no method of accounting for bandwidth provided by
various peers in the network, which is necessary in order to verify that
a node is actually contributing properly.  Remember that a node must not
only accept traffic but also forward traffic, a task that is at least as
burdensome, and a node that provides bandwidth does not necessarily
guarantee that a client has a better experience.  Accounting for proper
routing is hard not only because the client does not interact directly
with each bandwidth provider but also because the routers cannot
properly verify that their peers are not misbehaving in the absence of
some centralized credit system.  This means currency, not bartering.  In
the real world, banks facilitate exchange of currency, and money markets
provide a platform for exchanging currency among banks.  Tor is not
about to implement a system this complex under any circumstance.

In addition to theoretical reasons why this "tit-for-tat" architecture
is inappropriate in the Tor context, there are practical reasons as
well.  For one thing, while traffic in content distribution networks is
more or less continuous, traffic in general Internet routing networks is
quite bursty.  This makes mutually balancing traffic in a pairwise
manner difficult.  Furthermore, Tor peers tend to establish ephemeral
connections to (effectively all) other Tor peers in order to provide
specific anonymity benefits.  Trying to mutally balance traffic for each
of these connections would either jeopardize the anonymity or fail
miserably.

> Some people are almost always greedy
> Some people are sometimes greedy
> No one is NEVER greedy

These are nice platitudes, but the analogy between content distribution
networks and Internet routing infrastructures does not extend this far.
It is nice to argue about the reasons for this, but ultimately it comes
down to a fundamental incompatibility.

> In closing, I think it highly unlikely that Tor will ever be practical
> on a scale much larger than the current experiment without changing to
> a tit-for-tat design.  Tor networks will ALWAYS be resource-poor
> unless tit-for-tat is at least semi-automatic (clearly, the
> architecture should allow for server-only nodes).

I dare you to say this in an objective manner.

Think harder next time.

Love,

Geoff


Attachment: signature.asc
Description: Digital signature