Squeezing non-relays at the entry node

Roger Dingledine arma at mit.edu
Thu Dec 17 02:43:20 UTC 2009

On Wed, Dec 16, 2009 at 06:23:53PM -0800, Damian Johnson wrote:
> I'm sure you've thought of this, but adversaries can replicate any
> properties we're looking for to rate limit. In this case simply making
> yourself a slow relay and routing client traffic through yourself
> (being your own first hop) seems to get around the limitation. -Damian

Yep. But quoting my Tor-incentives paper:
(not quite the same situation, but related enough)

\subsection{The audit arms race}

Some attacks outlined above involve relays that provide some level of
service but not quite as much as we might prefer. The response in each
case is a smarter or more intensive measurement algorithm so the directory
authorities can more precisely distinguish uncooperative behavior.

To see why this won't be an arms race between increasingly subtle
cheating and increasingly sophisticated audits, we need to examine the
incentives for ordinary users. Based on informal discussions with Tor
relay operators, the most challenging part of setting up a Tor relay
is configuring the software, enabling port forwarding in the firewall,
etc. Compared to this initial barrier, the incremental cost of providing
a bit more bandwidth is low for most users. As long as our audit
mechanism correctly judges whether the user relays any traffic at all,
we're verifying that the user has performed the most personally costly
step in setting up a relay. We expect that the diminishing returns a
strategic relay gets in saving bandwidth as we progress down the arms
race will limit the complexity required for the auditing mechanism.


More information about the tor-dev mailing list