[tor-relays] [Censorship in Russia] Make HTTPS/Moat captcha more complex?
Gary C. New
garycnew at yahoo.com
Fri Dec 24 08:23:15 UTC 2021
Neel,
I get the security vs usability considerations between centralized vs decentralized (or in the case of Tor semi-decentralized) networks. However, at a minimum, doesn't it make sense to exclude publishing address information from Tor metrics, etc, as to stop giving censorship organizations a free handout? Force them to invest resources to setup distributed Tor relays to glean addresses asynchronously in the wild. As it stands, all they have to do is write a simple bot to extract the synchronously published data on a daily basis.
It seems to be an inherent obstacle in design attempting to anonymize a sub-network within an established known super-network.
Thank you for your response.
Respectfully,
Gary—
This Message Originated by the Sun.
iBigBlue 63W Solar Array (~12 Hour Charge)
+ 2 x Charmast 26800mAh Power Banks
= iPhone XS Max 512GB (~2 Weeks Charged)
On Thursday, December 23, 2021, 10:14:05 PM PST, Neel Chauhan <neel at neelc.org> wrote:
On 2021-12-22 22:42, Gary C. New via tor-relays wrote:
> I know it might be a fundamental change to the Tor network, but would
> it be possible to obfuscate the Tor bridge/relay addresses with their
> respective fingerprints; similar, to the I2P network? I've often
> thought that this aspect of the I2P network is one that is implemented
> well. Perhaps Directory Authorities could preform fingerprint to
> address resolution? I think it would be extremely beneficial if
> neither bridge or relay addresses were published in the wild. It would
> make great strides in further buffering the Tor network from various
> black-listing/censorship techniques.
The thing is, while Tor itself is decentralized, the directory
authorities and fallback directories are not.
For a Tor client to bootstrap, you need a list of relays to be able to
connect to. And in turn you have to contact the dirauths or the
fallbacks.
While you could use an I2P-style or more recently blockchain-style
setup, I believe there was a reason for Tor to use centralized dirauths.
I can't seem to find the article/FAQ right now, even though I had it a
few years ago. I'm guessing it's to prevent malicious dirauths, unlike
how Bitcoin could get manipulated by bad actors with a decentralized
authority system.
> Respectfully,
>
> Gary
-Neel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20211224/5c7569c8/attachment-0001.htm>
More information about the tor-relays
mailing list