[tor-talk] Thoughts on Tor-based social networking?

[Martin Kepplinger]

Bill Cox:
> On 10/28/2013 12:58 AM, Michael Wolf wrote:
>> On 10/27/2013 6:41 PM, Roger Dingledine wrote:
>>> On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote:
>>>> I want to support free speech and other Internet freedoms, but
>>>> unfortunately the world has lots of people who enjoy ruining it for
>>>> everyone else.  Would it be possible to reduce the griefers by
>>>> having a social network of Tor based secret identities?  If I could
>>>> ding a griefer's reputation after he attacks my web site or trashes
>>>> a meeting, that might discourage Tor-based griefing.  If I could
>>>> specify OpenDNS-like settings for traffic I allow to be routed
>>>> through my Tor node, I could get a lot of the illegal video sharing
>>>> and porn off my router.  If I could specify that only people of a
>>>> certain level of reputation can route data through my node, I'd feel
>>>> better about the encrypted traffic I help route.
>>>>
>>>> This kind of idea has probably already been discussed at length...
>>>> what was the outcome?
>>> Hi Bill,
>>>
>>> Check out
>>> https://lists.torproject.org/pipermail/tor-relays/2013-August/thread.html#2558
>>>
>>> including my response at the end
>>> https://lists.torproject.org/pipermail/tor-relays/2013-August/002575.html
>>>
>>> for the latest version of this answer.
>>>
>>> As for "Tor based secret identities that can accrue reputation",
>>> check out Nymble:
>>> http://cgi.soic.indiana.edu/~kapadia/nymble/
>>> (and there are several other research groups with similar ideas).
>>>
>>> But nobody has deployed a Nymble-like service in a usable way, and also
>>> it's not clear that it would solve the types of problems you describe.
>>>
>>> --Roger
>>>
>> While I can appreciate Bill's concerns (my web servers are regularly
>> attacked by miscreants using Tor), I have a hard time imagining any case
>> where an *effective* reputation-type system doesn't seriously impair
>> anonymity.  Any sort of "reputation" is basically a profile of the
>> user... which sites he/she has visited, who has left positive/negative
>> feedback, etc.  My understanding is that Tor changes circuits every 10
>> minutes to help prevent users being profiled -- why would we undermine
>> this with a reputation system?
>>
>> In order for a reputation to be effective, it has to be long-term.  In
>> order to achieve anonymity, each "identity" has to be short-term.  These
>> goals are at odds with each other.  Even Nymble seems to have chosen a
>> 24-hr cycle of "forgiveness".  In my eyes, this is too short to be
>> effective, and still too long for people who wish not to be profiled.
>>
>> Finally, to get anyone to use this reputation system, there would have
>> to be some benefit to the user.  The benefit might be 1) being able to
>> edit wikipedia pages pseudonymously 2) being able to post on wide
>> variety of blogs/etc that currently block anonymous users 3) something
>> else.  So far the suggestion only seems to be to the benefit of the exit
>> node operator, to the detriment of the user's anonymity. Exit node
>> operators are not in a position to grant #1 and #2, so I don't know what
>> benefit they could offer that would be worth what the user would be
>> giving up.
>>
>> For what it's worth -- I do like the idea of a pseudonymous social
>> network for people who wish to participate.  But in my mind it would be
>> something runs on a hidden service or a distributed client model that
>> only routes through Tor.  This would be for the sole purpose of sharing
>> ideas though; not as a means of enabling quasi-censorship.
> 
> So, let's drop the who filtering/censoring thing entirely.  Here's some
> more concerns I have:
> 
> Yes, griefers often use Tor.  Who are they?  The obvious answer is
> they're dumb kids, but what if Tor were threatening to a major
> government?  It's hard for me to imaging that both China and the USA
> could agree on Tor.  What if just one of them wanted insure Tor did not
> grow to a significant network?  Here's what I'd do with my budget if I
> were asked to trash Tor:
> 
> - I'd pay hackers to use Tor for all their bad behavior
> - I'd have a thousand employees download free porn and illegal videos
> all day every day.
> - I'd own many nodes, and sooner or later someone like DPR would reveal
> his IP address to me, and I'd take him down, discrediting Tor.
> - I'd make sure I had enough monitors in the Internet backbone to
> completely track Tor traffic, and then I'd pay tons of researchers to
> use it.  The USA pays 60% of Tor's research budgent... Doesn't that
> scare anyone here?
> 
> I don't mean to trash-talk Tor.  This is a super-hard problem, and Tor
> has done an impressive job.  However, Tor's insistence that it not look
> at traffic or audit nodes makes Tor an easy target. 
And precisely that insistence is the very reason we are (at least I am)
legally in a good position to run an exit node.

> Is Tor failing to
> grow because there is an active government backed effort to keep Tor
> small?  Are the hackers giving Tor a bad name encouraged to do so?
> 
> So, don't track Tor user behavior, and don't filter content. However,
> when they piss off some web site operator, that operator should be able
> to state the public identity of the Tor griefer, and Tor exit nodes
> should feel free to black-list that user.
> 
> I really do want to run a Tor node, and an exit node at that. However, I
> just can't encourage more of the behavior I've seen so far.  I need some
> way to hold a griefer accountable.  It's a very very hard problem.  Any
> ideas?
At least I would not be able to run an exit node if at any level I could
decide on _what_ packets flow throught TCP Port XY. As I said, that's
the legal foundation. Aside from possibly harming user's anonymity, I
don't see any scenario that would not harm my position in front of the law.

> 
> Thanks for all the good feedback.  I'm learning from these replies.
> Bill