[tor-talk] Thoughts on Tor-based social networking?

Bill Cox waywardgeek at gmail.com
Mon Oct 28 12:24:33 UTC 2013 

On 10/28/2013 12:58 AM, Michael Wolf wrote:
> On 10/27/2013 6:41 PM, Roger Dingledine wrote:
>> On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote:
>>> I want to support free speech and other Internet freedoms, but
>>> unfortunately the world has lots of people who enjoy ruining it for
>>> everyone else.  Would it be possible to reduce the griefers by
>>> having a social network of Tor based secret identities?  If I could
>>> ding a griefer's reputation after he attacks my web site or trashes
>>> a meeting, that might discourage Tor-based griefing.  If I could
>>> specify OpenDNS-like settings for traffic I allow to be routed
>>> through my Tor node, I could get a lot of the illegal video sharing
>>> and porn off my router.  If I could specify that only people of a
>>> certain level of reputation can route data through my node, I'd feel
>>> better about the encrypted traffic I help route.
>>>
>>> This kind of idea has probably already been discussed at length...
>>> what was the outcome?
>> Hi Bill,
>>
>> Check out
>> https://lists.torproject.org/pipermail/tor-relays/2013-August/thread.html#2558
>> including my response at the end
>> https://lists.torproject.org/pipermail/tor-relays/2013-August/002575.html
>> for the latest version of this answer.
>>
>> As for "Tor based secret identities that can accrue reputation",
>> check out Nymble:
>> http://cgi.soic.indiana.edu/~kapadia/nymble/
>> (and there are several other research groups with similar ideas).
>>
>> But nobody has deployed a Nymble-like service in a usable way, and also
>> it's not clear that it would solve the types of problems you describe.
>>
>> --Roger
>>
> While I can appreciate Bill's concerns (my web servers are regularly
> attacked by miscreants using Tor), I have a hard time imagining any case
> where an *effective* reputation-type system doesn't seriously impair
> anonymity.  Any sort of "reputation" is basically a profile of the
> user... which sites he/she has visited, who has left positive/negative
> feedback, etc.  My understanding is that Tor changes circuits every 10
> minutes to help prevent users being profiled -- why would we undermine
> this with a reputation system?
>
> In order for a reputation to be effective, it has to be long-term.  In
> order to achieve anonymity, each "identity" has to be short-term.  These
> goals are at odds with each other.  Even Nymble seems to have chosen a
> 24-hr cycle of "forgiveness".  In my eyes, this is too short to be
> effective, and still too long for people who wish not to be profiled.
>
> Finally, to get anyone to use this reputation system, there would have
> to be some benefit to the user.  The benefit might be 1) being able to
> edit wikipedia pages pseudonymously 2) being able to post on wide
> variety of blogs/etc that currently block anonymous users 3) something
> else.  So far the suggestion only seems to be to the benefit of the exit
> node operator, to the detriment of the user's anonymity. Exit node
> operators are not in a position to grant #1 and #2, so I don't know what
> benefit they could offer that would be worth what the user would be
> giving up.
>
> For what it's worth -- I do like the idea of a pseudonymous social
> network for people who wish to participate.  But in my mind it would be
> something runs on a hidden service or a distributed client model that
> only routes through Tor.  This would be for the sole purpose of sharing
> ideas though; not as a means of enabling quasi-censorship.

So, let's drop the who filtering/censoring thing entirely.  Here's some 
more concerns I have:

Yes, griefers often use Tor.  Who are they?  The obvious answer is 
they're dumb kids, but what if Tor were threatening to a major 
government?  It's hard for me to imaging that both China and the USA 
could agree on Tor.  What if just one of them wanted insure Tor did not 
grow to a significant network?  Here's what I'd do with my budget if I 
were asked to trash Tor:

- I'd pay hackers to use Tor for all their bad behavior
- I'd have a thousand employees download free porn and illegal videos 
all day every day.
- I'd own many nodes, and sooner or later someone like DPR would reveal 
his IP address to me, and I'd take him down, discrediting Tor.
- I'd make sure I had enough monitors in the Internet backbone to 
completely track Tor traffic, and then I'd pay tons of researchers to 
use it.  The USA pays 60% of Tor's research budgent... Doesn't that 
scare anyone here?

I don't mean to trash-talk Tor.  This is a super-hard problem, and Tor 
has done an impressive job.  However, Tor's insistence that it not look 
at traffic or audit nodes makes Tor an easy target.  Is Tor failing to 
grow because there is an active government backed effort to keep Tor 
small?  Are the hackers giving Tor a bad name encouraged to do so?

So, don't track Tor user behavior, and don't filter content. However, 
when they piss off some web site operator, that operator should be able 
to state the public identity of the Tor griefer, and Tor exit nodes 
should feel free to black-list that user.

I really do want to run a Tor node, and an exit node at that. However, I 
just can't encourage more of the behavior I've seen so far.  I need some 
way to hold a griefer accountable.  It's a very very hard problem.  Any 
ideas?

Thanks for all the good feedback.  I'm learning from these replies.
Bill

More information about the tor-talk mailing list