[tor-dev] Hidden service policies

[grarpamp]

On Sun, Jul 20, 2014 at 6:34 PM, Mike Hearn <mike at plan99.net> wrote:
> Hello,
>
> As we know, hidden services can be useful for all kinds of legitimate things
> (Pond's usage is particularly interesting), however they do also sometimes
> get used by botnets and other problematic things.
>
> Tor provides exit policies to let exit relay operators restrict traffic they
> consider to be unwanted or abusive. In this way a kind of international
> group consensus emerges about what is and is not acceptable usage of Tor.
> For instance, SMTP out is widely restricted.
>
> Has there been any discussion of implementing similar controls for hidden
> services, where relays would refuse to act as introduction points for hidden
> services that match certain criteria e.g. have a particular key, or whose
> key appears in a list downloaded occasionally via Tor itself. In this way
> relay operators could avoid their resources being used for establishing
> communication with botnet CnC servers.
>
> Obviously such a scheme would require a protocol and client upgrade to avoid
> nodes building circuits to relays that then refuse to introduce.
>
> The downside is additional complexity. The upside is potentially recruiting
> new relay operators.

HS's will just change their HS keys out from under
your list. Then it becomes whack a mole. And you'll
also be taking out shared services with the bathwater.
Are you funding maintenance of that list? Ready to be
called a censor when you exceed your noble intent
as all have done before? And to be ignored by those
operators who don't care to subscribe to your censor list
thus nullifying your efforts (not least of why because it
may be illegal for them to look at services on the list
to verify it, or to look at and make decisions regarding content
of traffic that transits them). And ignored by botnet ops who
will surely run their own relays and internal pathing.