There seems to be a consensus toward building a web of trust.
Thinking about it again, I don't like much the direction it is going.
I see tor as a web of untrust actually. I never much appreciated the power already granted to
directory authorities. I want to be able to use any relay (I choose) as guard or exit easily
(at the operator's discretion), but currently unless Im mistaken I need to wait for those authorities
to flag them as appropriate.
Some of this power makes sense at the network level to balance traffic fluently between relays and
decrease the probability of bad actors obtaining meaningful data, but others like the recent ban
initiated by nunseu sounds like abuse to me. His proposal moves forward in that direction imo.
To be clear, I rely on him and others monitoring the network for bad actors and I believe
they made the right move when kicking them off.
However I think it would be preferable to keep as much as possible the open design at the network level.
Anything trying to build a web of trust should be completely separate, for instance published white and blacklists.
Authorities flagging relays with verified email or physical addresses could publish their lists, and this could
be used by the clients with the default configuration.
But no single relay - however bad someone thinks it is - should be kicked off the network by the network itself.
Especially not on the basis of individual human decisions.
There are a lot of other ways to mitigate sybil attacks, and contrary to the blog post statement that tor can handle
some malicious relay only, I believe the design allows for a network entirely powered by malicious relays provided they
are belonging to different actors and sufficiently distributed amongst them. I personally would not trust any relay Im
not operating directly.
Isn't it a good time to move more decisions to the clients, like choosing between speed vs randomness, agreeing on
blacklists/whitelists of some authority, etc?
Im sorry if I missed some obvious goals of the project or that Im bringing up previously discussed options.
c