[tor-bugs] #4923 [Tor Directory Authority]: badexiting (or rejecting) relays from certain bad countries by default

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Jan 18 06:54:44 UTC 2012


#4923: badexiting (or rejecting) relays from certain bad countries by default
-------------------------------------+--------------------------------------
 Reporter:  arma                     |          Owner:                  
     Type:  enhancement              |         Status:  new             
 Priority:  normal                   |      Milestone:  Tor: unspecified
Component:  Tor Directory Authority  |        Version:                  
 Keywords:                           |         Parent:                  
   Points:                           |   Actualpoints:                  
-------------------------------------+--------------------------------------

Comment(by arma):

 Ok. Now that I am less ill, let me try to organize my thoughts here. There
 are three angles to look at here.

 A) We could badexit relays in certain countries that censor the Internet
 "more than usual", so a Tor user doesn't end up failing to reach bbc just
 because she pops out of Vietnam. This idea is flawed because it assumes
 there is one "real" Internet yet in reality basically every place censors
 in one way or another. Just as we don't try to fight Google's geolocation
 to decide what language you get, we shouldn't badexit all of Australia
 just because they don't want me to learn about abortions.

 B) We could badexit relays in certain countries that we know are logging
 citizens' traffic "more than usual". The original motivation here was
 Syria, since we see they have logs of what their citizens do online, and
 they secure them poorly. But as of 2009 Sweden has logs of their cross-
 border traffic via their FRA law. And I can't even enumerate the list of
 European countries that have deployed traffic header data retention -- and
 no doubt many of them secure their data sets poorly too.

 C) We could outright reject relays from countries where a) we have no
 useful relays and b) we have lots of users and some of them seem to be
 unwisely clicking 'share'. Syria and Iran are the big examples here. A
 major downside to preemptively rejecting these relays is that we'd be
 turning down the possibility of having a good relay in these countries if
 one should appear. Another major downside is that we're taking the
 decision away from the people -- in plenty of other situations we say "I
 assume you know more about what's going on your country than we do." A
 more minor downside is that we wouldn't be able to track popularity as
 easily. A major upside is that these users wouldn't be unknowingly putting
 themselves in a list. Another major upside is that we'd stop freaking out
 users ("omg there's a relay in Syria it must be run by the government").

 I think "A" and "B" are unwinnable, but I would be interested to see
 somebody try the "it's a question of degrees" argument.

 I think there's a strong argument for trying to do "C" in Vidalia instead,
 by looking at the IP address Tor thinks it's using and having another "are
 you sure?" layer to becoming a relay. Though that said, if we wanted to do
 it in Vidalia maybe we should have thought of that before giving everybody
 the software.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4923#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list