Such a list could be pretty cool.
I'm interested but, we must agree on that, it probably shouldn't be used for adding privilege to people in this list. I mean, the "privilege" shouldn't empower them against Tor security, because in such a case, social engineering could create a vulnerability against the network.
Of course, every system needs sincerity, and trust, of at least few people (administrators at least). But what I'm thinking of is, for example private torrent trackers, or satellite TV cards hacking forums. If one successfully got an invitation code, an evil attacker (looking to catch illegal downloaders or I don't know what) will finish by having an invitation code too.
At the end, I'm aware that when using Tor, my TCP/IP sessions can be seen by exit relay operators and ISPs agents. Even governments and judicature can ask an ISP for recording a targeted user's Internet connexion. Even if the connection is https, the website to which I'm connected can see what I'm doing. At the end, I'm thinking that, if my data through Tor is more likely to use server in the "green list", my behavior will remain the same : Tor is just hiding the originating IP address and it gives me a way to access the Internet from any country without moving out of my home.
Being a Tor Relay operator, running several Tor exits, and having been questioned by police several times, I also know that it's better for me to provide without wearing any mask (if not, it could be easy to think that there is something strange with me). And if my computers got seized they will have to prove I'm clear as drinkable water. Even if me data goes through a "green Tor list", I will not change my behavior on this point ;)
----- Mail original ----- De: "grarpamp" grarpamp@gmail.com À: tor-relays@lists.torproject.org Cc: cypherpunks@cpunks.org Envoyé: Vendredi 7 Novembre 2014 21:26:40 Objet: [tor-relays] Node Operators Web Of Trust
Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. NOWoT participation is optional, it is of course infiltratable, and what it proves may be arguable, but it seems a necessary thing to try as a test of that and to develop a good model. Many operators know each other in person. And the node density per geographic region supports getting out to meet operators even if only for the sole purpose of attesting 'I met this blob of flesh who proved ownership of node[s] x'. That's a big start, even against the sybil agents they'd surely send out to meet you. Many know exactly who the other is in the active community such that they can attest at that level. And so on down the line of different classes of trust that may be developed and asserted over each claimed operator. Assuming a NOWoT that actually says something can be established, is traffic then routable by the user over nodes via trust metrics in addition to the usual metrics and randomness? WoT's are an ancient subject... now what are the possibilities and issues when asserting them over physical nodes, not just over virtual nodes such as an email address found in your pubkey? And what about identities that exist only anonymously yet can prove control over various unique resources? If such WoT's cannot be proven to have non-value, then it seems worth doing.
This doesn't just apply to Tor, but to any node based system. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays