[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Thoughts on Tor-based social networking?



On 10/28/2013 12:58 AM, Michael Wolf wrote:
On 10/27/2013 6:41 PM, Roger Dingledine wrote:
On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote:
I want to support free speech and other Internet freedoms, but
unfortunately the world has lots of people who enjoy ruining it for
everyone else.  Would it be possible to reduce the griefers by
having a social network of Tor based secret identities?  If I could
ding a griefer's reputation after he attacks my web site or trashes
a meeting, that might discourage Tor-based griefing.  If I could
specify OpenDNS-like settings for traffic I allow to be routed
through my Tor node, I could get a lot of the illegal video sharing
and porn off my router.  If I could specify that only people of a
certain level of reputation can route data through my node, I'd feel
better about the encrypted traffic I help route.

This kind of idea has probably already been discussed at length...
what was the outcome?
Hi Bill,

Check out
https://lists.torproject.org/pipermail/tor-relays/2013-August/thread.html#2558
including my response at the end
https://lists.torproject.org/pipermail/tor-relays/2013-August/002575.html
for the latest version of this answer.

As for "Tor based secret identities that can accrue reputation",
check out Nymble:
http://cgi.soic.indiana.edu/~kapadia/nymble/
(and there are several other research groups with similar ideas).

But nobody has deployed a Nymble-like service in a usable way, and also
it's not clear that it would solve the types of problems you describe.

--Roger

While I can appreciate Bill's concerns (my web servers are regularly
attacked by miscreants using Tor), I have a hard time imagining any case
where an *effective* reputation-type system doesn't seriously impair
anonymity.  Any sort of "reputation" is basically a profile of the
user... which sites he/she has visited, who has left positive/negative
feedback, etc.  My understanding is that Tor changes circuits every 10
minutes to help prevent users being profiled -- why would we undermine
this with a reputation system?

In order for a reputation to be effective, it has to be long-term.  In
order to achieve anonymity, each "identity" has to be short-term.  These
goals are at odds with each other.  Even Nymble seems to have chosen a
24-hr cycle of "forgiveness".  In my eyes, this is too short to be
effective, and still too long for people who wish not to be profiled.

Finally, to get anyone to use this reputation system, there would have
to be some benefit to the user.  The benefit might be 1) being able to
edit wikipedia pages pseudonymously 2) being able to post on wide
variety of blogs/etc that currently block anonymous users 3) something
else.  So far the suggestion only seems to be to the benefit of the exit
node operator, to the detriment of the user's anonymity. Exit node
operators are not in a position to grant #1 and #2, so I don't know what
benefit they could offer that would be worth what the user would be
giving up.

For what it's worth -- I do like the idea of a pseudonymous social
network for people who wish to participate.  But in my mind it would be
something runs on a hidden service or a distributed client model that
only routes through Tor.  This would be for the sole purpose of sharing
ideas though; not as a means of enabling quasi-censorship.

So, let's drop the who filtering/censoring thing entirely. Here's some more concerns I have:

Yes, griefers often use Tor. Who are they? The obvious answer is they're dumb kids, but what if Tor were threatening to a major government? It's hard for me to imaging that both China and the USA could agree on Tor. What if just one of them wanted insure Tor did not grow to a significant network? Here's what I'd do with my budget if I were asked to trash Tor:

- I'd pay hackers to use Tor for all their bad behavior
- I'd have a thousand employees download free porn and illegal videos all day every day. - I'd own many nodes, and sooner or later someone like DPR would reveal his IP address to me, and I'd take him down, discrediting Tor. - I'd make sure I had enough monitors in the Internet backbone to completely track Tor traffic, and then I'd pay tons of researchers to use it. The USA pays 60% of Tor's research budgent... Doesn't that scare anyone here?

I don't mean to trash-talk Tor. This is a super-hard problem, and Tor has done an impressive job. However, Tor's insistence that it not look at traffic or audit nodes makes Tor an easy target. Is Tor failing to grow because there is an active government backed effort to keep Tor small? Are the hackers giving Tor a bad name encouraged to do so?

So, don't track Tor user behavior, and don't filter content. However, when they piss off some web site operator, that operator should be able to state the public identity of the Tor griefer, and Tor exit nodes should feel free to black-list that user.

I really do want to run a Tor node, and an exit node at that. However, I just can't encourage more of the behavior I've seen so far. I need some way to hold a griefer accountable. It's a very very hard problem. Any ideas?

Thanks for all the good feedback.  I'm learning from these replies.
Bill
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk