How does one establish trust online though? Trust is a very delicate thing. A system such as this simply inherently has these challenges. Pretty sure that is why the tor browser for example always uses https.
Indeed, both the centralised and decentralised systems that are currently in place have major issues. Within centralised systems like the Certificate Authority system we see corruption (have you seen their fees) and we must trust them to actually verify identities and to remain secure, something at least a few CAs have proven that they can't do. Then we also have to trust our vendors to provide default lists of CAs to trust that are in fact worth of our trust.
Within decentralised systems like PGP we have to worry about the network effect, and making sure that people understand what they are actually doing, again we worry about whether or not we can trust our friends, and whether or not we can trust their friends.
Trust is probably one of the hardest problems facing folks using the Internet.
With that in mind, he does raise a valid point. Are there any plans to move to a more decentralised model for the directory authorities? Are their any plans to move the power to blacklist nodes out of the hands of the Tor Project and into the hands of its users somehow.
I'm not exactly sure how either of those would be accomplished, but I'm sure there is a clever solution somewhere.
Thank you, Derric Atzrott