[tor-relays] Anti-Sybil (re: Explain... all the Nodes)

grarpamp grarpamp at gmail.com
Thu May 2 20:01:52 UTC 2019

On 5/2/19, Herbert Karl Mathé <mail at hkmathe.de> wrote:
> I strongly believe certain issues need be brought up into conscious, and
> into presence: into discussion, actually.
> Therefore appreciating this as it might fit too well into context
> Keeping things below surface, or trying so, has too often proven to be a
> very bad idea as these will come up sooner or later anyway, then with much
> higher magnitude. Even worse, trust is then destroyed.

As said before, the category of Anti Sybil Web of Trust Projects
needs considered, and could even cover such speculative subjects.

It's not about analysing the meta of one node or one operator,
even if a true positive hit, in general the yield is approximately
zero percent of any overlay network's nodes, it's about stepping
back and agnostically analysing them all.

Go investigate and collate all the possible meta informations...

Node location, payment, OS, ISP, uptimes, anon / nym / PGP / GovID,
workplace, politic, blogs, whatever else you can imagine,
including incorporating what's already in the consensus, contact,
MyFamily, nickname, both real world and virtual infos,
operator to operator p2p Web of Trust...

No node has to supply any infos.

Put it all in a db and give users tools to select node sets.

Some users might select State's, or State's workers or
even Statist's nodes, over say anon nodes, as maybe they
feel they have to play by some "rules" that anon nodes don't.
Others might reject operators that post stupid pics on Facebook.
Or all Ubuntu relays. Or nodes that engage in free speech
they don't like, some in Tor Project would love that selector, lol.

It doesn't matter, it's a meta project, with it you can accept or
reject on whatever whim you wish by node fingerprints in your client.

And if the Sybil WoT project ends up discovering some interesting
potential threats classes among the entire node set, you win.
Until then, you are potentially missing all of that, and are not
raising Sybil's costs of doing business by forcing them to
expend much resource into playing real world Web of Trust
against users who might select to use various positive-meta-ranking
and or WoT structures. Right now Sybil's cost is only a little hosting.

If not, you can still report bad exits and other actual technical
node and traffic mangling to tor-relays and or bad-relays,
at least until someone DHT's or otherwise distributes tor
away from the more centralized DA design.

Note that Tor's architecture does not protect much against
Global Passive Adversary of NSA style fiber Vampires,
that threat does not require Sybil nodes, nor do they
have to be Global or Govt, even Tier-N backbones can
tap, analyse, and do nefarious things like and with that,
including sell, give, and partner it all away.
Though they can and do run Sybil nodes to help inject,
manipulate, block, see, etc traffic, nodes, and clients.

On flip perspective, maybe you really don't want to develop
WoT's and such, simply because enabling creeping featureism
of it all can lead to exclusivity and control whereby valuable anon
diversity is selected away from and purged. That would be very bad.

Either way, other than the usual design, protocol, code, and "Lawfare"
exploit space, and the coming Quantum Compute adversary, Sybil and Vampire
are likely todays biggest remaining threats to overlay networks.

None of todays networks seem to be trying to do anything to stop
Sybil, and only a few networks put Vampire as any sort of priority [1].
While Vampire may perhaps be solved with some technical measures,
Sybil may require some sort sort of human based measures.

[1] Curiously, cryptocurrencies do employ Anti-Sybil in various
proofs of work (adversary cost raising), and can help defund Vampires.

More information about the tor-relays mailing list