[tor-relays] Call for discussion: turning funding into more exit relays

Tue Jul 24 14:49:49 UTC 2012

On Mon, Jul 23, 2012 at 2:58 PM, Roger Dingledine <arma at mit.edu> wrote:
> Open questions we need to decide about:
>
> 1) What exactly would we pay for?
>

As you said, reimbursing users for hosting is probably the best idea
here, however, we also don't want to get in the situation where users
feel that they _must_ be reimbursed to run an exit relay. What happens
if the sponsors funding dries up in a year and no one wants to donate
bandwidth anymore?

Perhaps only registered companies should be sponsored — as much as I
hate to limit the scope of the project, I think this (might) prevent
abuse to a certain extent. Individuals who wanted to run an exit relay
of their own could still do so, they would just have to use some of
the money to form an LLC (or whatever their countries equivalent is if
the scope of this project extends outside of the US). This gives them
a bit more of an incentive to separate their Tor node form their
personal server/computing resources (in the form of limited
liability), which they should probably be doing anyways.

> I think we should aim to constrain ourselves to talking about >=100mbit
> exits
>

I disagree; as others have said, lots of 10mbit relays will do as much
for the network as a few 100mbit relays. Most peoples use case is
simply checking email, browsing the web, reading news, etc. which
don't necessarily need a huge 100mbit relay.

> 2) Should we fund existing relays or new ones?
>

It's probably not wise to distinguish between the two. If you only
fund new relays, you may see a lot of old relays shut down (and then
restarted as "new relays" to get funding). So you might as well just
sponsor both. More thoughts on this in a bit.

> - Should we prefer big collectives like torservers, noisetor, CCC,
> dfri.se, and riseup (which can get great bulk rates on bandwidth and are
> big enough to have relationships with local lawyers and ISPs), or should
> we prefer individuals since they maximize our operator diversity? I think
> "explore both approaches" is a fine first plan.
>

"Explore both approaches" sounds good; I think we'll find that
operator diversity leads to a healthier (more anonymous) network.
Again, I lean towards small guys that will run a few nodes at
different data centers, but not Sole proprietorship's.

> - For existing relays who pay for hosting…

Picking a certain monthly transfer target might solve this; so
existing relays that are fast could apply for aid, and it would give
slower relays incentive to speed up. The challenge then becomes, where
do we set this cutoff? I'm inclined to think it could be kept
relatively low and still be very beneficial for the network.

> the Tor network must not end up
> addicted to external funding. So long as everybody is running an exit
> relay because they want to save the world, I think we should be fine.
>

This is the core of the entire discussion. We might also consider only
funding relays in areas where we need the diversity by taking into
account…

> There's network diversity (AS / upstream network topology), organization
> and operator diversity, jurisdictional (country) diversity, funding
> diversity, data-center diversity, and more.
>

…this stuff.

>
> 7) How do we audit / track the sponsored relays?
>
> How should we check that your 100mbit relay is really working? What do
> we measure to confirm its capacity? To a first approximation I'm fine
> assuming that nobody is going to try to cheat (say, by colluding with
> an ISP to write legit-looking invoices but then just split the money).
>

Probably better to monitor this carefully from the get-go. Sponsors
like to know where their money is going, and continued funding could
hinge on it.

> Then I'll send individual emails to exit relay operators pointing them
> to it and asking for their feedback
>

Consider asking some of the faster / more stable non-exit relay
operators as well. Many of these folks (myself included) have run an
exit relay at one point or another and stopped—or want to run an exit
but won't—because of the financial burden, or because of legal
ramifications, etc.

Some of them might want to run an exit relay, or change their existing
nodes to exit relays if they could only get a bit of funding to help
cover bandwidth and separate their personal resources / business from
their exit node(s) (via a new server, or a separate business entity,
etc.)

Best,
Sam

-- 
Sam Whited
pub 4096R/EC2C9934

SamWhited.com
sam at samwhited.com
404.492.6008