[tor-relays] A Simple Web of Trust for Tor Relay Operator IDs

Wed Nov 10 19:44:37 UTC 2021

> This proposal seems to come from a
> desire of power and control over the network, not
> actually improving "anonymity" for users

That sounds more like a personal reaction to not wanting to be identified
rather than a helpful statement about other people's motivations, which
I'd stay away from, however, seeing the time, effort and care people from
the tor project and people like nusenu seem to invest, I don't think your
statement is appropriate.

Even if there are other attack vectors, it seems to have been shown that
malicious relays are in fact used for nefarious purposes, but you seem to
wave that off because it doesn't fit with your desire to avoid identity
requirements.  I think it would be better to pose it as a question that
perhaps asks about the trade-offs for defending against this kind of
network attack versus potential damage it can cause compared to the other
attacks you think are more trivial to launch (but that still sounds like
it's debatable and is skewed language so that it fits your fundamental
objection about anonymity of relay operators).  You should be more fair to
the merits and benefits of these requirements while questioning what can
be done about their negative ramifications.

Maybe the conversation you want to encourage is if/how anonymity for relay
operators complements or conflicts with end-user anonymity?  As the
network matures, clearly that is a tension that is very uncomfortable (and
is by no means unique to tor).  Maybe something like I2P or Freenet can
serve as a contrast or would be more interesting to you.

> Dose this run into legal regulations in the EU and
> other places that will clearly demonstrate that "control" means the tor
> project is actively managing the network?

IANAL, but I doubt it, at least not any more than that argument can
already be made today-- and who is to say if that's a problem even if it's
true.

> The secondary concern is the safety of that identity data collected by the
> tor project or its designated "authorities". It builds a network graph of
> relay operators and their ties to the tor project. This network graph
> makes it trivial to figure out whom to surveil and where to apply pressure
> to do actions to benefit "the state".

This is a good argument/question to ask IMO...

> The controlled shutdown of v2 onions raised many eyebrows in our legal
> dept. It de facto states the tor project is controlling the network and
> operating as an online service provider or online platform.

...but statements like this sound more like veiled complaining and straw
man-like ways to convince yourself of someone else's intentions when they
may in fact be trying to do what they can to improve the network for
everyone (though there was some loss with v2 onions, it's not like the tor
team didn't offer strong justifications for removing them - justifications
that are very much related to protecting anonymity).

Isn't there space for participating anonymously in these so-called
identity requirements like a trust network or myfamily configuration? 
IIRC there is.  Maybe you can ask about ways that there could be more of
that.  Also, if you want to run thousands of nodes, I'd wonder if the
easiest path that links you to them, at least for someone like a state
actor, may not necessarily be through these mechanisms you object to.