[tor-dev] How about capping single operators to max. 10% exit capacity of the network?

teor teor2345 at gmail.com
Sun Dec 10 21:45:54 UTC 2017

> On 11 Dec 2017, at 06:33, nusenu <nusenu-lists at riseup.net> wrote:
> Hi,
> since a single operator now controls more than 10% of the tor network's
> exit capacity

Or rather, do they control more than 10% of the Tor Network's consensus

Consensus weight is measured from 5 bandwidth scanners in North
America (3) and the Western EU (2), to 5 bandwidth servers in North
America (2), the Western EU (2), South America (0.5), and Asia (0.5).

Bandwidth server locations primarily affect how exits are weighted.

One thing we could to do resolve this weighting issue is to reconfigure
a majority of bandwidth scanners to use a CDN with points of presence
around the world as a bandwidth server. They could keep their existing
bandwidth servers as well.

This would also be a more accurate measurement of actual client
experience, as clients are fairly likely to be accessing a CDN for most
websites. (The majority of Tor traffic is web traffic, and most of it goes to
reasonably popular domains.)

Here's how we think that would affect measured bandwidth, in detail:

The next step towards making this change is to finish the current parallel
bandwidth authority tests, and start testing the Fastly CDN as one of the
set of bandwidth servers:


I also think Micah experimented with fastly when longclaw was a
bandwidth authority.

So any bandwidth authority operator could just add a CDN, and see how
it goes. That would be faster, and minimal risk, because the existing
bandwidth server would still be used as well.

> I wanted to bring this up here (again [1]).

For those not clicking links, this email refers to a suggested scheme where
we automatically limit operators, ASs, and single relays to a bandwidth cap.

How do you define an "operator"?
How many operators would this affect over the past few years?

Using a particular situation to make a change like this, typically makes for
poor design and poor policy. Because people inevitably ask:
Which operator?
And then their opinions about the particular operator get confused with
their opinions about the general idea of limiting operators.

I thought we generally asked operators to keep it to 5%?
Then we ask large operators to support other organisations once they
reach 5%, so everyone can gradually move beyond their current capacity.

I'm not yet convinced we need a hard limit.
I think social means are sufficient for now.

And I think we should focus our efforts on expanding the pool of exits,
and improving bandwidth measurement, rather than limiting operators
who are helping the network. (New automatic limits will likely be seen
as a rejection of someone's contribution, so they should be handled very

If we must do this, let's do it manually, after contacting the operator.

> What do you think about capping single operators (family) to 10% exit
> capacity and 5% for guard operators?

How many operators would this affect over the past few years?

Here be dragons - see above.

> [1] https://lists.torproject.org/pipermail/tor-dev/2016-March/010653.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20171211/8e6d4ad4/attachment.html>

More information about the tor-dev mailing list