[tor-talk] Thoughts on Tor-based social networking?
Jonathan D. Proulx
jon at csail.mit.edu
Mon Oct 28 12:36:12 UTC 2013
On Mon, Oct 28, 2013 at 08:24:33AM -0400, Bill Cox wrote:
:On 10/28/2013 12:58 AM, Michael Wolf wrote:
:>While I can appreciate Bill's concerns (my web servers are regularly
:>attacked by miscreants using Tor), I have a hard time imagining any case
:>where an *effective* reputation-type system doesn't seriously impair
:>anonymity. Any sort of "reputation" is basically a profile of the
:>user... which sites he/she has visited, who has left positive/negative
:>feedback, etc. My understanding is that Tor changes circuits every 10
:>minutes to help prevent users being profiled -- why would we undermine
:>this with a reputation system?
:I really do want to run a Tor node, and an exit node at that.
:However, I just can't encourage more of the behavior I've seen so
:far. I need some way to hold a griefer accountable. It's a very
:very hard problem. Any ideas?
As an exit node operator I share your wish, but for the reasons
Michael mentions I thik it is fundamentally impossible to have strong
anonymity and a strong enough reputation to be meaningful since one
erodes the other.
It may be possible to do something IDS like on an exit & if it seems
traffic is "abusive" to dynamicly rewrite your exit rules for some
time, but this provides a relatively easy vector to create a Tor DoS
by making all exits participating in the scheme block access to some
destination, so that's probably a bad idea too.
-Jon
More information about the tor-talk
mailing list