On 5/2/19, Herbert Karl Mathé mail@hkmathe.de wrote:
I strongly believe certain issues need be brought up into conscious, and into presence: into discussion, actually.
Therefore appreciating this as it might fit too well into context
Keeping things below surface, or trying so, has too often proven to be a very bad idea as these will come up sooner or later anyway, then with much higher magnitude. Even worse, trust is then destroyed.
As said before, the category of Anti Sybil Web of Trust Projects needs considered, and could even cover such speculative subjects.
It's not about analysing the meta of one node or one operator, even if a true positive hit, in general the yield is approximately zero percent of any overlay network's nodes, it's about stepping back and agnostically analysing them all.
Go investigate and collate all the possible meta informations...
Node location, payment, OS, ISP, uptimes, anon / nym / PGP / GovID, workplace, politic, blogs, whatever else you can imagine, including incorporating what's already in the consensus, contact, MyFamily, nickname, both real world and virtual infos, operator to operator p2p Web of Trust...
No node has to supply any infos.
Put it all in a db and give users tools to select node sets.
Some users might select State's, or State's workers or even Statist's nodes, over say anon nodes, as maybe they feel they have to play by some "rules" that anon nodes don't. Others might reject operators that post stupid pics on Facebook. Or all Ubuntu relays. Or nodes that engage in free speech they don't like, some in Tor Project would love that selector, lol.
It doesn't matter, it's a meta project, with it you can accept or reject on whatever whim you wish by node fingerprints in your client.
And if the Sybil WoT project ends up discovering some interesting potential threats classes among the entire node set, you win. Until then, you are potentially missing all of that, and are not raising Sybil's costs of doing business by forcing them to expend much resource into playing real world Web of Trust against users who might select to use various positive-meta-ranking and or WoT structures. Right now Sybil's cost is only a little hosting.
If not, you can still report bad exits and other actual technical node and traffic mangling to tor-relays and or bad-relays, at least until someone DHT's or otherwise distributes tor away from the more centralized DA design.
Note that Tor's architecture does not protect much against Global Passive Adversary of NSA style fiber Vampires, that threat does not require Sybil nodes, nor do they have to be Global or Govt, even Tier-N backbones can tap, analyse, and do nefarious things like and with that, including sell, give, and partner it all away. Though they can and do run Sybil nodes to help inject, manipulate, block, see, etc traffic, nodes, and clients.
On flip perspective, maybe you really don't want to develop WoT's and such, simply because enabling creeping featureism of it all can lead to exclusivity and control whereby valuable anon diversity is selected away from and purged. That would be very bad.
Either way, other than the usual design, protocol, code, and "Lawfare" exploit space, and the coming Quantum Compute adversary, Sybil and Vampire are likely todays biggest remaining threats to overlay networks.
None of todays networks seem to be trying to do anything to stop Sybil, and only a few networks put Vampire as any sort of priority [1]. While Vampire may perhaps be solved with some technical measures, Sybil may require some sort sort of human based measures.
[1] Curiously, cryptocurrencies do employ Anti-Sybil in various proofs of work (adversary cost raising), and can help defund Vampires.