You provide a rant, I provide a screed: > At the risk of sounding like a broken record, I second (or third?) > this idea. There are a number of impelling reasons for changing the > Tor architecture to a tit-for-tat construction: You are confused. Most significantly, Tor is a routing infrastructure, not a content distribution network, and as such its design constraints resemble those corresponding to routing infrastructures rather than content distribution networks. If all of the routers in the Internet organized themselves around a "tit-for-tat" model, there would be no Internet: small ISPs who effectively leech content from large ISPs would not be able to participate, and that would be that. To solve this problem, ISPs exchange money. There is no alternative to exchanging something of value out-of-band (e.g. customer payments), since as far as Internet routing is concerned, the smaller ISP has nothing to provide to the larger ISP other than what it implicitly provides by connecting its customers to the larger ISP. In the case of peer-to-peer content distribution networks, one can make the argument that individual peers are both producers and consumers of content, in a generic sense, and that inasmuch as this is the case, it may not be unreasonable to deploy bartering mechanisms to balance exchanges between participants. The case with routing infrastructures is less obvious. Not only does an individual ISP not necessarily derive benefit from an eager volunteer willing to take some of its traffic, but the entire notion that what an ISP should contribute to the Internet should be equivalent to what it obtains from the Internet is absurd. > 1. It will ameliorate the inescapable FACT of human greed--if you wish > to use resources you will have to contribute corresponding resources. > I believe that without building in this ameliorative factor, Tor > networks will always suffer from severe response problems. The > BitTorrent designer apparently knew how deeply ingrained the greedy > human response to freebies is, and designed his system to offset it. What is a "resource" in this context? With BitTorrent the definition is clear: a resource is content demanded by the network. With Tor, the definition is less clear: users want anonymity in the abstract and router bandwidth in the concrete, but not every client is positioned to provide a contribution. > 2. It will encourage exapansion of the current (experimental) Tor > network, thus yielding data points otherwise unavailable since there > are undoubtedly users who would be willing to contribute some asset as > a fee for using the Tor network BUT cannot host a permanent server. > Shutting these people out from contributing seems a waste of both > computing resources and good will. There are reasons why permanent or longstanding servers are more valuable to the Tor network than ephemeral client machines. Not least among these reasons are that many Tor users like TCP connections that persist for a while and are not disconnected because someone shut off a laptop in an Internet cafe somewhere. Also, it is not clear that the asset that the Internet cafe user is providing is actually beneficial to the network, particularly if the connection is asymmetric. > 3. It MAY reduce the legal exposure of users by putting all users on > more equal ground--every user who runs a client will also be running a > server. Not only is the claim about reducing legal exposure dubious, but it is unreasonable to expect that all Tor clients can run servers. Not all clients are in the position to run servers. Consider the large multiplicity of Tor users whose hosts are unreachable since they are behind NATs or firewalls, or those who are subject to regimes with serious penalties for forwarding traffic through Tor. It seems wrong to relegate such users to a lower tier of service; to a large extent it is these users for whom Tor is designed! Somehow managing to forward data to a Tor node not well-situated to be a server does not provide increased benefit to the client making the request. This is a critical point of difference between the case of content distribution networks and the case of routing infrastructures: a file is a file, but bandwidth is only a means to an end, and bandwidth alone does not provide what a user (or even the network) really needs. With a content distribution network, one can argue, as BitTorrent does, that a client acquires a resource useful to the network as it is downloading a file from a peer, and that that resource can immediately be offered to other nodes on the network as a contribution. An analogous argument is not possible in the context of Tor. Furthermore, there is no method of accounting for bandwidth provided by various peers in the network, which is necessary in order to verify that a node is actually contributing properly. Remember that a node must not only accept traffic but also forward traffic, a task that is at least as burdensome, and a node that provides bandwidth does not necessarily guarantee that a client has a better experience. Accounting for proper routing is hard not only because the client does not interact directly with each bandwidth provider but also because the routers cannot properly verify that their peers are not misbehaving in the absence of some centralized credit system. This means currency, not bartering. In the real world, banks facilitate exchange of currency, and money markets provide a platform for exchanging currency among banks. Tor is not about to implement a system this complex under any circumstance. In addition to theoretical reasons why this "tit-for-tat" architecture is inappropriate in the Tor context, there are practical reasons as well. For one thing, while traffic in content distribution networks is more or less continuous, traffic in general Internet routing networks is quite bursty. This makes mutually balancing traffic in a pairwise manner difficult. Furthermore, Tor peers tend to establish ephemeral connections to (effectively all) other Tor peers in order to provide specific anonymity benefits. Trying to mutally balance traffic for each of these connections would either jeopardize the anonymity or fail miserably. > Some people are almost always greedy > Some people are sometimes greedy > No one is NEVER greedy These are nice platitudes, but the analogy between content distribution networks and Internet routing infrastructures does not extend this far. It is nice to argue about the reasons for this, but ultimately it comes down to a fundamental incompatibility. > In closing, I think it highly unlikely that Tor will ever be practical > on a scale much larger than the current experiment without changing to > a tit-for-tat design. Tor networks will ALWAYS be resource-poor > unless tit-for-tat is at least semi-automatic (clearly, the > architecture should allow for server-only nodes). I dare you to say this in an objective manner. Think harder next time. Love, Geoff
Attachment:
signature.asc
Description: Digital signature