[tor-talk] [tor-relays] Would you place your secrets or in worst case make your life

grarpamp grarpamp at gmail.com
Fri Feb 21 07:18:49 UTC 2020 

>> On 13 Feb 2020, at 22:05, zwiebeln <zwiebeln at online.de> wrote:
>> Would you place your secrets or in worst case make your life
>> depended on a network that is 21 percent controlled by a single person
>> that you don't know?
>>
>> https://nusenu.github.io/OrNetStats/allexitfamilies
>>
>> I think we should start an open debate on that fact, best ending up with
>> giving some recommendations. I am sure that question is relevant to
>> torproject.org as well.

Given an overlay network offering certain degrees of
say security / bandwidth / latency can be comparatively
inverse degree to clearnet...

> "Let's encourage people to run more relays."

Depending what is sought, that can be of limited help. See
traffic analysis of gravity wells, the voids and densities between.
Nor are people validating "people", so Sybil abounds.

> Or ask for help improving your consensus weight?

Manual central / "decentral" manipulation, over unknowns,
by unknowns, can be of of limited trust... compare to
distributed random chance.

> It's also important to keep network risks in perspective:
> * 99% of relays run Linux, and a significant number of those are Debian
>   https://metrics.torproject.org/platforms.html

If an overlay wants to steer diversity there, its community
should be working ports to other non-Linux OS kernels,
and informing selection for that via notes in highly user
visible places about it.

There was a BSD group that grew and reported success
some years ago. It is a great platform that could easily
be ramped up.

> * there is 1 bridge authority (100%), 6 bandwidth authorities (17%),
>   and 9 directory authorities (11%)

Users don't see them, so they have no oppurtunity to consider
trust them over say distributed design that transforms
most central management into selectable subscriptions model
users can choose from and contribute to. A lot of potential
models there aren't really explored by projects due to central
being default think, easier, cheaper, faster, and distributed
often being roughly equivalent in similar areas.

>   * the consensus algorithm tries to limit the risks of one directory
>     authority influencing large parts of the tor network, and manual
>     bridge distribution limits the impact of the bridge authority

> * the largest ASes have:

Physical control of machines and traffic data.
Overlay communities must effort to shop for hosts if they want
to diversify that, and run nodes at home where comfortable.

And beware of Tier-1 default path rollup. Interesting approach
would be overlays deploying peering path aware modular router
into nodes, integration of radio and physical mesh networks, etc.

Global telecoms are not your friends. At least not hardly until
they start encrypting their links, publicly fighting "requests"
and lobbying vocally for you.

Better off to start building physical p2p networks around them.
Same idea as cryptocurrency.

>   https://metrics.torproject.org/

Yes things like this are not only handy and interesting
good work and research areas, but offer food for thought
to the entire network overlay space as it pursues whatever
current work and future designs may come.
Hopefully all projects in the space can contribute their own
research and find and take each others into consideration
where useful.

> There are all kinds of risks that happen when a large part of the
> network has a similar setup:

...

> I'll also ask our new Network Health team to consider the risk of
> large operators and large ASes.

Not a new problem, been analysed by the space since years.

> But ultimately, if we doubled tor's exit bandwidth, this issue would
> go away. That's the best solution to this problem.

Not necessarily. OP generally alluded to selection gravity wells
and the way that relates to trust, adversary, analysis aspects.
More nodes of particular bandwidth could flatten distribution
and performance, while affecting network analysis properties
in some not so good ways.
Simply adding more bandwidth and or relays under the
current design and operation will not much change those
elements and interactions.
Weighting for "busy nodes good" also a bit of assumptive
dance bet around *PA traffic analysis and Sybil problems.
It's fine to chase diminishing returns there if desired.

Yet also perhaps time for at least a good portion of the researchers
and projects in overlay space to form and renew efforts around both
dormant old and novel new work towards attacking those
two problems directly in new design and operation models.



[Moving to tor-talk as not strictly relay topic]

More information about the tor-talk mailing list