Proposal: Two Hop Paths
syverson at itd.nrl.navy.mil
Tue Jun 5 20:12:09 UTC 2007
I've been reading Mike's two-hop path alternative proposal.
What is good about it is it focuses on improving usability and
recognizing the potential anonymity implications of growing the user
base vs. protecting against some stronger potential adversary for
a (n important) subset of the userbase.
There is lots of discussion of the security implications of the
proposal. I will mostly ignore that for now in light of bigger
concerns, viz. I cannot find any discussion or argument that the
proposal actually would provide the improvements that are its primary
goal: they seem to just be assumed. That is where I focus my remarks.
My guess is that two-hop-Tor-at-its-best is not perceptibly faster or
otherwise better than Tor-classic-at-its-best. Likewise for
two-hop-Tor-at-its-worst vs. Tor-classic-at-its-worst. Thus, the
entire question turns on the expected perceived performance, i.e., the
distribution of perceived-slow circuits across all circuits. Now I
will totally make up some numbers for purpose of illustration. If,
e.g., 95 percent of circuits through two-hop Tor (2ht) are perceived
as acceptably fast, vs., e.g., 5 percent of circuits for Tor Classic
(3ht), then it seems at least reasonable that usage from perceived
better usability will increase significantly. Even then there
probably needs to be some argument? But why should we expect such a
dramatic difference. My guess is that the limitations are mostly
caused by the slowest pipe or OR in the chain for any given circuit
(yes I know it's actually much more complicated than that). If even
very roughly correct, then the improvement in user perception is
not going to impress someone who find Tor unacceptably slow now. Even
if that idea that circuits generally have a single bottleneck
is wrong but the effect of this change is rather to go from,
e.g., 60 percent of circuits for a given user being considered too
slow by that user to 35 percent of circuits, why do we think the user
will have any change of opinion about bad Tor performance at all?
It's possible that the usability improvements from this proposal will
be dramatic (though I personally doubt it). But for the moment there
is not even a handwavy argument to support that view. And a
much-more-than-handwavy argument should be given before consider so
dramatic a change.
Two more related points: Complaints about Tor performance are generally
anecdotal. Do we know the percentage of users that are on "broadband"?
Do we know if users on dialup have on average any perception of Tor
To date Tor has been advertised as: "Yes we know it's generally not
as fast as the raw internet, but you're getting something from that,
and we're trying to improve that." If the advertisement becomes, "Hey!
Now in two flavors! slow-Tor-for-paranoids and
fast-Tor-for-people-on-the-go", it may actually cost us users. If
people say, "Cool, finally a higher performance version." and they're
perception after trying it is "This is their idea of a fast
version!?!", the disappointment that when we got around to considering
performance for the regular Joe we failed miserably could be worse
than what we have now.
More information about the tor-dev