[tor-dev] Desired exit node diversity
i at virgil.gr
Thu Sep 24 06:09:36 UTC 2015
Apologies for quick post.
If we want to a socially connected link, seems we can use the same
infrastructure for doing keysignings parties but we just use relay public
keys. That seems a nice distributed way of doing this.
On Thu, 24 Sep 2015 at 13:42 Virgil Griffith <i at virgil.gr> wrote:
> Can we not use the argument "anonymity requires diverse company" on both
> sides? For whole rational actors it seems like this should work. Tor
> "exploits the military" into lending cover to activist groups, which they
> would presumably support.
> This may be too naive a view of the situation.
> Re: socially connected. That's interesting. I'll see what I can do. Chat
> more in Berlin.
> On Thu, 24 Sep 2015 at 13:19 Roger Dingledine <arma at mit.edu> wrote:
>> On Wed, Sep 23, 2015 at 06:18:58AM +0000, Virgil Griffith wrote:
>> > Exit nodes seem a nice place to start concretizing what's meant when we
>> > we want relay diversity. Comments immensely appreciated because as-is I
>> > don't know the answers to these questions.
>> Hi Virgil,
>> I've been pondering the opposite of this topic, after looking at the
>> recent tor-relays thread about some ISP not wanting to let somebody
>> host an exit relay because they figure a lot of the Tor network is
>> run by government agencies. My usual answer to that concern is "no, we
>> *know* the operators of more than half the capacity in the Tor network,
>> so this cannot be the case". And I think this is increasingly true in
>> the era of activist non-profits that run relays -- Germany's got one,
>> and so do the US, the Netherlands, Sweden, France, Luxembourg, etc etc.
>> But it would be neat to have a mechanism for learning whether this is
>> actually true, and (whatever the current situation) how it's changing.
>> The tie-in to Roster would be some sort of "socially connected" badge,
>> which your relay gets because you're sufficiently tied into the Tor
>> relay operator community.
>> And then we'd have something concrete to point to for backing up, or
>> disputing, the claim that we know a significant fraction of the network.
>> Of course, the details of when to assign the badge will be tricky and
>> critical: too loose and you undermine the trust in it (it only takes a
>> few "omg the kgb runs a relay and look it's got the badge" cases to make
>> the news), but too strict and you undercount the social connectedness.
>> In a sense this is like the original 'valid' flag, which you got
>> by mailing me and having me manually approve your relay (and without
>> which you would never be used as the entry or exit point in a circuit).
>> Periodically I wonder if we should go back to a design like that, where
>> users won't pick exit relays that don't have the "socially connected"
>> badge. Then I opt against wanting it, since I worry that we'd lose
>> exactly the kind of diversity we need most, by cutting out the relays
>> whose operators we don't know.
>> But both sides of that are just guessing. Let's find out!
>> tor-dev mailing list
>> tor-dev at lists.torproject.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-dev