On Wed, 29 Jul 2015 18:03:31 +0500 Roman Mamedov rm@romanrm.net wrote:
I have decided to spin up some more servers, and this should postpone the need to turn off any of the relays by at least 3 weeks (at the cost of an increased burn-rate, i.e. now they all will expire sooner and "all at once").
Ok. Have you thought about contacting other people that organize hosting (at the expense of further reducing relay operator diversity, I would suggest the Tor Servers people). If additional relay bandwidth is added now, the hope is that they will get through the measurement delay by the time you do need to decommission your servers.
Also the reaction on the mailing list was not overly positive, so I might reconsider the idea of letting others reuse these identities altogether.
So, first of all, I'd like to apologize for being overly harsh, since I'm fairly sure you had good intentions in mind when offering your relay ID keys.
Like I noted in my reply to Paul S. if there was a way to measure/quantify trust, or deal with the "people's Guards just potentially switched location, and definitely switched operator" side of this equation I would be a lot more open to this sort of thing.
But like the oft complained about bwauth stuff, these are unsolved problems. Each user/HS's Guard node is in a unique position to do extra nasty things to anonymity, so the threshold of trust for handing over control of Guard nodes for a large number of users is going to be rather high (Near insurmountable for the amount of bandwidth you are contributing).
The one upshot of all this is that people are now thinking about the implication of a Guard moving, which hopefully will lead to a safer Tor for the userbase in the future.
Regards,