On 10/27/2013 6:41 PM, Roger Dingledine wrote:
On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote:
I want to support free speech and other Internet freedoms, but
unfortunately the world has lots of people who enjoy ruining it for
everyone else. Would it be possible to reduce the griefers by
having a social network of Tor based secret identities? If I could
ding a griefer's reputation after he attacks my web site or trashes
a meeting, that might discourage Tor-based griefing. If I could
specify OpenDNS-like settings for traffic I allow to be routed
through my Tor node, I could get a lot of the illegal video sharing
and porn off my router. If I could specify that only people of a
certain level of reputation can route data through my node, I'd feel
better about the encrypted traffic I help route.
This kind of idea has probably already been discussed at length...
what was the outcome?
Hi Bill,
Check out
https://lists.torproject.org/pipermail/tor-relays/2013-August/thread.html#2558
including my response at the end
https://lists.torproject.org/pipermail/tor-relays/2013-August/002575.html
for the latest version of this answer.
As for "Tor based secret identities that can accrue reputation",
check out Nymble:
http://cgi.soic.indiana.edu/~kapadia/nymble/
(and there are several other research groups with similar ideas).
But nobody has deployed a Nymble-like service in a usable way, and also
it's not clear that it would solve the types of problems you describe.
--Roger
While I can appreciate Bill's concerns (my web servers are regularly
attacked by miscreants using Tor), I have a hard time imagining any case
where an *effective* reputation-type system doesn't seriously impair
anonymity. Any sort of "reputation" is basically a profile of the
user... which sites he/she has visited, who has left positive/negative
feedback, etc. My understanding is that Tor changes circuits every 10
minutes to help prevent users being profiled -- why would we undermine
this with a reputation system?
In order for a reputation to be effective, it has to be long-term. In
order to achieve anonymity, each "identity" has to be short-term. These
goals are at odds with each other. Even Nymble seems to have chosen a
24-hr cycle of "forgiveness". In my eyes, this is too short to be
effective, and still too long for people who wish not to be profiled.
Finally, to get anyone to use this reputation system, there would have
to be some benefit to the user. The benefit might be 1) being able to
edit wikipedia pages pseudonymously 2) being able to post on wide
variety of blogs/etc that currently block anonymous users 3) something
else. So far the suggestion only seems to be to the benefit of the exit
node operator, to the detriment of the user's anonymity. Exit node
operators are not in a position to grant #1 and #2, so I don't know what
benefit they could offer that would be worth what the user would be
giving up.
For what it's worth -- I do like the idea of a pseudonymous social
network for people who wish to participate. But in my mind it would be
something runs on a hidden service or a distributed client model that
only routes through Tor. This would be for the sole purpose of sharing
ideas though; not as a means of enabling quasi-censorship.