Jordan,
Lives are involved and we've invested a lot of time in protecting our infrastructure. tCould Conrad and I go rouge and collect relay keys? Yes we have the technical capability to access data on any virtual machine hosted on our infrastructure, but so could DigitalOcean, Scaleway, BuyVM, and the several other big ISPs hosting exit relays on Virtual Machines.
> There is little administrative overhead for Conrad to distribute a
MyFamily directive for use with relays hosted on his systems.Two things:
1) Today, sure, I guess its easy, what if we have 100 or 1000 clients tomorrow all hosting exit relays. It suddenly gets much more complicated than it was at first. Why aren't people asking Digitalocean and Scaleway to do the same? After all Digitalocean and Scaleway have way more staff who could be dedicated Tor relay managers. See the logic here?
2) We can't force our clients to modify their MyFamily directive in their torrc files. There's the possibility they refuse to modify.
In the end, it's about trusting your provider. Tor's threat model shouldn't rely on hosting providers playing nice. It should continue to rely on the continued split of trust. Although, better path selection could play in here :)
Cordially,
Nathaniel Suchy