On Thu, Aug 10, 2017 at 07:53:03PM -0400, privacy@ccs.neu.edu wrote:
We are using Online S.a.s because it it is cheap (I guess it's the same reason why others use it). We will check in the next couple of days if there is an alternative low cost provider.
If I understand the threat model for your "every relay encrypts its share, and then you do threshold decryption of the aggregate total" design, having even a few relays at some other ISP would make it a lot harder for the one ISP to attack all of the shares, right?
Maybe you can spin up one relay at each research institution, for some diversity? :)
That said, I'm not too worried here. The information you're protecting in this case isn't by itself that dangerous to publish, so the complicated privcount scheme is a great layer to add on top but the world doesn't end if it fails.
So if you wanted to add some more relays to make the "distributed trust" angle more distributed, great, and if you don't, we can treat it as a good lesson to learn for next time.
We have also limited our bandwidth but can increase it if more people express interest and it can help (we didn???t want to look like we are trying to attract/intercept traffic).
Interesting question! I can see pros and cons.
The two big topics are:
1) If you raise the bandwidth on each of them by enough, then they'll end up getting the Guard flag, so you'll attract clients directly, and your relays will be in a better position to attack them.
2) If you raise the bandwidth, then the total fraction of the Tor network that your relays handles go up.
I'm tempted to say "as long as you stay at 2-3% of the total network you'll be fine", but the fact that they're all at an already overpopulated ISP makes me pause.
--Roger