On 11 Dec 2017, at 06:33, nusenu nusenu-lists@riseup.net wrote:
Hi,
since a single operator now controls more than 10% of the tor network's exit capacity
Or rather, do they control more than 10% of the Tor Network's consensus weight?
Consensus weight is measured from 5 bandwidth scanners in North America (3) and the Western EU (2), to 5 bandwidth servers in North America (2), the Western EU (2), South America (0.5), and Asia (0.5).
Bandwidth server locations primarily affect how exits are weighted.
One thing we could to do resolve this weighting issue is to reconfigure a majority of bandwidth scanners to use a CDN with points of presence around the world as a bandwidth server. They could keep their existing bandwidth servers as well.
This would also be a more accurate measurement of actual client experience, as clients are fairly likely to be accessing a CDN for most websites. (The majority of Tor traffic is web traffic, and most of it goes to reasonably popular domains.)
Here's how we think that would affect measured bandwidth, in detail: https://trac.torproject.org/projects/tor/wiki/doc/BandwidthAuthorityMeasurem...
The next step towards making this change is to finish the current parallel bandwidth authority tests, and start testing the Fastly CDN as one of the set of bandwidth servers:
https://trac.torproject.org/projects/tor/ticket/24506
I also think Micah experimented with fastly when longclaw was a bandwidth authority.
So any bandwidth authority operator could just add a CDN, and see how it goes. That would be faster, and minimal risk, because the existing bandwidth server would still be used as well.
I wanted to bring this up here (again [1]).
For those not clicking links, this email refers to a suggested scheme where we automatically limit operators, ASs, and single relays to a bandwidth cap.
How do you define an "operator"? How many operators would this affect over the past few years?
Using a particular situation to make a change like this, typically makes for poor design and poor policy. Because people inevitably ask: Which operator? And then their opinions about the particular operator get confused with their opinions about the general idea of limiting operators.
I thought we generally asked operators to keep it to 5%? Then we ask large operators to support other organisations once they reach 5%, so everyone can gradually move beyond their current capacity.
I'm not yet convinced we need a hard limit. I think social means are sufficient for now.
And I think we should focus our efforts on expanding the pool of exits, and improving bandwidth measurement, rather than limiting operators who are helping the network. (New automatic limits will likely be seen as a rejection of someone's contribution, so they should be handled very carefully.)
If we must do this, let's do it manually, after contacting the operator.
What do you think about capping single operators (family) to 10% exit capacity and 5% for guard operators?
How many operators would this affect over the past few years?
Here be dragons - see above.
[1] https://lists.torproject.org/pipermail/tor-dev/2016-March/010653.html
T