This is in response to something from Roger's email on funding exit relays, but I didn't want to derail such an important conversation by responding directly.
He mentioned:
"At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays."
This has probably been discussed before, but the first thing that came to my mind was, "how does this simplify surveillance of tor traffic flows?" I know we badly need the performance improvement to continue moving Tor into the mainstream, but when it comes at the cost of a huge amount of all tor requests are exiting through a small subset of nodes, are we baking in a serious vulnerability?
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
For monied countries that practice aggressive electronic surveillance (China, Russia, and the larger western states), it becomes more and more tempting to set up (or subvert) expensive, fast exits (with tshark and an SSL-stripper on it) and be guaranteed significant amounts of traffic from people that they view as having something to hide. And if the same routing calculus applies to non-exit nodes, they can do the same thing on the non-exit layers, not only improving their correlation attacks, but creating a plausible chance of controlling some tunnels end-to-end. I don't think that's a good situation for anybody other than the monitors.
I know that this is one of the reasons why "more nodes" is the largest everyday push (I went from 1 to 3 in the last month), and "we're working on it," and the node-funding push should help some of this, but I think it's important to review what direction relay diversity is heading in the long-term when the metrics start leaning in a certain way.