[tor-relays] A Simple Web of Trust for Tor Relay Operator IDs

[ronqtorrelays at risley.net]

> On Nov 10, 2021, at 10:29, Jonas via tor-relays <tor-relays at lists.torproject.org> wrote:
> 
> I could easily run thousands of [relays] across many ASes ... However, providing proof of identity or anything which ties to my real world identity is a non-starter.

I'm in a similar situation, though it would be "dozens" instead of "thousands." 

I understand the argument in favor of restricting relays to well-known, identifiable operators but I also see a possible flaw in the logic. The more you restrict who can run a relay, the fewer relays there will be. Yet, no amount of restriction will eliminate all malicious relays. (Even requiring relay operators to submit DNA samples to prove they are first-degree relatives of Tor Project board members wouldn't guarantee perfection.) Given that malicious relays will always exist, there is merit in the idea of having the largest possible pool of relays against which bad actors would have to compete. With a low bar for entry, bad actors could even end up competing against other malicious operators, and ordinary users would still come out ahead.

Unfortunately, I fear that reliable numbers would be hard to come by. But I think that there might be many people in the same position that Jonas and I are in: willing and able to run a significant number of high-value relays but only if we can do so ignoring or circumventing real-identity measures. Bad actors will disproportionately ignore or subvert such measures; worthy volunteers will be locked out.

It is human nature, when faced with a threat, to respond by asserting control. I wonder if, in this case, decentralization and increased participation might be better strategies.

--Ron