Re: [tor-relays] Call for discussion: turning funding into more exit relays

1) What exactly would we pay for?

Agree on 100+ mbps exit node funding. Also agree with Moritz's suggestion that there be a form that limits fund disbursement on a per-ISP level, to encourage ISP diversity (and contribute to the discovery of new "known good" ISPs for tor).

*Continued* funding should be contingent on *simple* review requirements (e.g. node must be up and passing decent traffic during period, fund recipient must document experience with ISP on GoodBadISP wiki page, etc) without making it a paperwork nightmare.

2) Should we fund existing relays or new ones?

Difficult question. Would say allow both, with the agreement that anyone those running existing relays agree to improve service in some way (increase monthly b/w cap, set up an additional node [even if it's a small vps that doesn't require the amount of money funded], etc). This would allow our big important providers to offset some of their existing costs while still expanding the network (even if it's in nominal terms in limited circumstances).

If there's suspected abuse, run a annual/semiannual funding review, but I imagine those gaming the system are more likely to be small players than the larger, established providers who were running nodes without any help.

4) What exactly do we mean by diversity?

I would look at this almost entirely from a jurisdictional and ISP level. I believe the biggest "sudden impact" threats to the tor network are going to be from legal changes (jurisdictional, i.e. "save the children, nullroute the nodes") and local business policy changes ("sorry tor customers, no more tor egress from our DC due to complaints").

Other threats are more likely to occur slowly, requiring less focus on pre-planning.

5) How much "should" an exit relay cost?

$150/mo minimum. I pay roughly $130/mo with limehost/voxility, and they're almost the cheapest physical servers & bandwidth to be had on the internet. Western Europe, US, & Asian locations are going to be more expensive for a quality provider. Perhaps offer different funding amounts based on the ISP's region?

Also, review funding minimums and maximums every 3-6 months -- I think that as VPS providers become more competitive and reliable for tor purposes (i.e. losing the metering), this is going to could change very favorably.

6) How exactly should we choose which exit relay operators to reimburse?

I think history is a good metric for determining how successfully an operator will be in setting up a new node. If you get money to one of a the major operators on the condition of setting up a new node, I don't think they will have trouble setting up a new node. If you give it to new guy, you had better have strong a strong indication that they have the skills necessary to handle becoming an overnight systems administrator.

7) How do we audit / track the sponsored relays?

Are there any known weaknesses with just checking the stats pages? Require those selected for funds to register their node nicknames, then check to see if they're online (and passing a reasonable amount of traffic) couple time a month (or week, or day... whatever).

8) Legal questions?

Really should ask friendly lawyer blogs about this one. Given the million different jurisdictions involved with tor, there's probably no safe answer, but I would suggest phrasing everything as a "reimbursement" or "award" rather than a payment to try and limit any perception that this is a commercial activity. State in the agreement that the funds are not to be used for commercial purposes, or something similar, and that they do not constitute a commercial relationship between funder and fundee.