[tor-relays] Questing regarding Team Cymru Tor Relays and Bridges
Roger Dingledine
arma at torproject.org
Tue Mar 23 05:38:13 UTC 2021
On Mon, Mar 22, 2021 at 09:21:24PM +0000, Lisa Winter wrote:
> I decided to do some own research, and it seems like the Tor Project
> has a long-standing relationship with Team Cymru (at least since 2012,
> and maybe even earlier):
>
> https://blog.torproject.org/knock-knock-knockin-bridges-doors
>
> Still, I'm slightly paranoid when organizations like these start
> spinning up many different relays, effectively getting to see a
> substantial portion of the network's traffic.
Yes, we've been interacting with Team Cymru folks for more than a
decade now.
I even went to one of the conferences they organized a few years ago
hosted by the Council of Europe, where they had an audience full of
government and law enforcement people that I could teach about "what Tor
actually is" and "how the internet actually works" from my perspective,
because otherwise they'd just hear the "Tor is bad and the internet is
full of bad people" myths and FUD from their colleagues. You can read
more about that kind of outreach here:
https://blog.torproject.org/trip-report-october-fbi-conference
(different conference but same idea)
Also, their CEO is on Tor Project Inc's board currently, and I regard
that as a great step because he can help with (among other things)
oversight that we're running the business side of Tor properly:
https://www.torproject.org/about/reports/
I think most of the infrastructure that Team Cymru has set up for Tor,
we've asked them to do it. So that right there should help you look at
it differently.
Another answer might be that I'm a lot more worried about the groups
that *haven't* come forward to identify themselves, yet are trying to
watch the internet or build datasets about internet users etc.
And a third answer could be that the goal of the Tor design is to
distribute trust over multiple relays in your path, so the risk of any
one of those relays trying to attack you isn't so bad. (This angle is
a bit tricky of course, because even though that's true, having a lower
probability of being attacked is still better.)
In summary, yes it makes sense to wonder about the various organizations
that want to get involved in Tor, and understand their motives. But we
need to design our systems so that they don't fall apart if a small piece
of the network is trying to attack it. And at the same time we need to
strengthen our *communities* so that they are robust and represent many
different skills and interests and perspectives, because that's how you
grow mainstream acceptance. So, it is a balance, and there are many ways
in which we need to be doing that balance better, and I'd put this one
pretty far down the list.
Hope that helps!
--Roger
More information about the tor-relays
mailing list