On 7/28/21 12:32 AM, Dave Warren wrote:
As you said, github, gitlab, archive.org are probably more scalable, and maybe harder to block (it's practically domain fronting). Not only that, but they aren't run by random people. And the Tor Project controls updates... for good... or bad [1].
I must admit, with the list of mirrors being public anyway, I've wondered why someone actively trying to block Tor wouldn't just pull the mirror list and automate it into their firewall. On the other hand, there was legitimate traffic.
What I see is a nearly gone thing. No maintainer, outdated website, better?/other ways for distribution. I personally think, and I say this hosting a mirror [2], it should be shut down for good. People will probably continue to create new mirrors... I did. Is it worth their time and effort?
Sadly this is probably the case.
Tor needs to be distributed a bit more widely than any one single provider or CDN
Which is what we kinda have. For those that can reach the tpo.org, certainly, it is one provider. But for those that can't (or those that for some reason decide not to use tpo.org), there are at least 3 others.
On the other hand, since the infrastructure and volunteers are already here, I'm not sure if it makes sense to pull the plug? But the list of mirrors should be utilized somewhere, somehow.
That's the hard part. I don't think mirrors are going to be used for load balancing, at least not now. And so what are they good for?
"For people who can reach our website, we have our own webservers that we run. We've been making sure to scale up our webservers to be able to handle the people who want to look at our website and can reach it. So I don't think anybody is speaking of using mirrors from random internet volunteers to replace the website for those who can reach it." [1]
It also occurs to me that if I were building something new today, some mechanism for tor nodes themselves to proxy http and https requests from the public internet would be relatively straightforward to implement, creating a wide network of sources for the files without requiring individual mirror operators, without replication, without disk space consumption, etc. But again, probably more trouble than it would actually be worth at this point.
Isn't that just... kinda Tor? Or a 1 hop through an exit node. It sounds good, but if we are talking censorship, that won't work. And if users can access tpo.org, there isn't much reason for them to use this. It also puts strain on the network. And it doesn't sound like CDN or in any way taking load of the tpo.org servers? So I don't see what it is supposed to do.
[1] https://gitlab.torproject.org/tpo/web/mirrors/-/issues/31990