[tor-relays] How can we trust the guards?

[Rana]

@Mirimir
>> This is not Blockchain where hundreds of thousands of greedy selfish 
>> genes are working together for non-collusion.  A practically zero- 
>> effort collusion of already fully cooperating FIVE EYE agencies (US, 
>> UK, Canada, Australia, New Zealand) is needed to sprinkle several tens 
>> of rogue relays every month all over the globe, hosted at unsuspected 
>> hosters, looking perfectly bona fide. All they need is maintain some 
>> bandwidth and stability (why not?) and wait 70 days and - hop! - they 
>> are guards.

>That seems plausible. I don't know how the community of relay operators works. But I suspect that, if you're right, many known and trusted relay operators must be covert operatives. While that's not impossible, it would represent a huge investment.

I've been through this already, and made a calculation of the completely negligible - in government terms - amount required to pay for hosting 4000 powerful nodes that are indiscernible from honest relays and are scattered all over the world. A huge investment is emphatically NOT required for this. As to operatives, I see no reason why a single employee could not control 500 rogue relays from a single $1000 PC.  Say, spending her day revisiting 25 relays daily, doing maintenance. That's assuming zero automation. With some automation software (say, flagging relays that need attention, most of them don't most of the time), a single employee could control the entire 7000. Where's  the "huge investment"?

Tor model breaks down when facing a modest government adversary for the simple reason that having only 7000 relays total, with a minority of them carrying most of the traffic, invites cheap infiltration and takeover by state adversaries.

Rana