On Mon, Jul 23, 2012 at 11:03:24AM -1000, Name Withheld wrote:
I know that this is one of the reasons why "more nodes" is the largest everyday push (I went from 1 to 3 in the last month), and "we're working on it," and the node-funding push should help some of this, but I think it's important to review what direction relay diversity is heading in the long-term when the metrics start leaning in a certain way.
I agree.
Note that we could instead reduce the influence of the fastest exits by just refusing to allocate as much traffic to such fast exits. This choice goes back to the original discussion that Mike Perry and I were wrestling with a few years ago, when deciding about deploying the bwauth design [1]: if we want to end up with a fast safe network, do we get there by having a slow safe network and hoping it'll get faster, or by having a fast less-safe network and hoping it'll get safer? We opted for the "if we don't stay relevant to the world, Tor will never grow enough" route. I think that's still a good decision today.
That said, diversity is about more than just "are there two relays to choose from or one" -- against bigger adversaries, we should be wondering about what country they're in, what upstream they have, and so on. I hear that running exit relays in the US is increasingly difficult these days, which is an extra shame because that's where a lot of Internet diversity is (unless NSA is your adversary, in which case you probably have bigger problems).
There's a lot of research work in this direction [2, 3, 4], and we're going to have to keep pushing on it.
--Roger
[1] https://blog.torproject.org/blog/torflow-node-capacity-integrity-and-reliabi... [2] https://blog.torproject.org/blog/research-problem-measuring-safety-tor-netwo... [3] https://trac.torproject.org/projects/tor/ticket/6232 [4] http://freehaven.net/anonbib/