Some further thoughts on an already mixed thread... > Would this increase anonymity? As pointed out previously, not much. > Attacks against Tor anonymity usually relate to entry-point/exit-point > traffic correlation... Regardless of how many segments are in the > middle, if your adversary can "corner the market" on exit nodes, it > doesn't matter how many intermediate relay nodes you're using. (Correct > me where I'm wrong, experts)
Ahh, ok, I see, entry-exit correlation/tagging/timing/confirmation... interesting. I guess a longer path length could only help a quite tiny amount with that by adding some jitter, packet loss, dead circuit churn, etc in between. It certainly directly helps a lot against those entities trying to do simple hop by hop flow/log requests. Non-exit relay by default wouldn't help regarding the exit part as no one's suggesting turning up new exit relays by default. But it could add more guards making observing any useful subset of them costlier. But also make the less traffic in them more likely to be yours. And what if the oponnent runs a hidden service trap?... seems that then just watching or running the client's entry guard [1] is all that is needed to confirm both connection and content? Yipes?!!! I'm no expert. This sounds like a very hard and real problem. Thanks! [1] One single lucky node, not two, the trap serves as the exit watchpoint as well. > Would this increase the health of the overall network? Yes*! Are there anonymity drawbacks to having a glut of available bandwith? Or a glut of legit nodes? Or both? I've not yet considered that in my suggestion of a model in which Tor can in fact be used for bulk/P2P transfer and remain resource healthy. > Or, as mentioned earlier, we can assign an OR a level of trust > commensurate with its age? Maybe there would also be benefit in a web of trust amongst nodes not unlike a keysigning party. As with social networking, people vouch for each other in various ways and strengths based on how they feel that person meets them. I don't see any reason why node operators [descriptors] could not keysign and have that web encoded into the descriptors, directories, DHT, etc. Degrees of separation could also be encoded, and no web is impenetrable. So it would be just one more means of scoring nodes. The sigs would be saying: Hey, I know this operator in real life or online. They have the skill to run an up to date, reasonably secure node and at least check for cold compromise once in a while. And I would be reasonably comfortable were my traffic to transit their node, excepting of course lawful order or coercion. As before, loose, just another means. > Also, symmetry of up/down bandwidth can be an issue too... which is > unfortunate. Issue? A non-exit relay runs the same bitrate in and out of its interface, bytes in, bytes out, over time, it's impossible not to. So your maximum giveback is limited to the lower of your asymmetrical rates because you'll saturate the slower side at any greater rate. The unfortunate thing about it is that all four of economies, tech, policies and outright supression conspire to make asymmetry what you see in the consumer market. As opposed to cable (and various RF tech and fiber PON's), fiber and dsl aren't really tech limited to asymmetry. So you're just seeing the other three in action there. Protest, buy more, or co-op and trench your own neighborhood :) s/hit/hip/ ;) *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/