[tor-dev] Scaling tor for a global population
griffin at cryptolab.net
Mon Sep 29 07:32:03 UTC 2014
I'd say that the idea to 'downgrade' people into being bridges is a
good one, if done without requiring user input. 'Everyone run a relay'
might only be useful because so many of the people we say it to have
fast connections. It seems reasonable to filter out persistently low
connections (and allow them back in if their connection speed improves).
That is not to say that every potential bridge should actually be
accepted as a bridge. The 28B/s bridge is nuts - either it's on an
embedded device or their torrc is misconfigured.
What I usually recommend is to users is based on their bandwidth and
how frequently their IP changes. If their connection is fast and their
IP never changes (eg, a desktop or server), then run a non-exit relay
. For a laptop that moves to-from work, then a relay or bridge. If
it moves a *lot*, use Cupcake (which is a wrapper for flashproxy).
Running a relay on a raspi or a router (?!) is not a great idea --
though people attempt both. If things could gracefully switch from
being a relay to a bridge based on their speed, then that would actually
make it more straightforward for users because they don't have to worry
about whether they should be a bridge or relay.
People can't really estimate their own bandwidth without something
like NDT, but they have an idea of how fast it is. eg, this connection
is 21Mb/s up, 6mb/s down, but that's mostly irrelevant because my
perception of it is that it's Fast. That perception would be the same
if I were getting 2Mbp/s up/down. So maybe one non-technical change we
can make is to user education and website documentation -- run a relay
if you have a Fast connection.
Filtering people out based on advertised bandwidth is tricky -
advertised bandwidth is only useful if it's based on reality. 250kb/s
seems like a reasonable floor for both relays and bridges. 100kb/s is
kind of the sanity check for a distributed bridge - if it's below that,
it's not useful enough IMO.
The real questions for me are: how much of a gain is possible? and
what is the right balance between number of relays and speed of those
relays? and I suspect that until something is tried, it may just be
 No one should be running an exit from home, and no one who is asking
me about this at an event should be running an exit.
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
More information about the tor-dev