On Mon, Nov 23, 2009 at 10:05 AM, Paul Syverson <[email protected]> wrote: [snip] > So, reducing the number of hops means that exit nodes have > significantly more information about connection origins. Reducing hops > to one means that they know everything about the origin of a > connection (up to the IP address from which the connection entered the > Tor network, which is all that Tor is designed to hide.) That makes > their deniability of what they know about traffic exiting through them > no longer plausible (because, well now it will be false). That any of [snip]
Reduction to one is obviously quite terrible. The reason I trimmed off the Lucky's message was that I thought it was just making a argument against one-hop as endangering operators which I previously agreed with and had argued here myself. Thank you for taking the time to elaborate on the two-hop case. I hadn't previously considered the entry node as valuable data worth hiding from the exit node, but now that you point it out I find it to be a convincing argument. I'm not confident how real the the capacity consumption concerns are, or that they couldn't be addressed by some other means (if you have some blinded method of determining the minimum path length, then you could use it to prioritize longer path traffic by an amount sufficient to prevent it from being out competed too greatly) I find it quite disappointing that two-hop isn't a reasonable measure to improve performance for some users. As I've argued elsewhere I think it's important that TOR carry a significant amount of perfectly ordinary traffic both to provide cover traffic, and to ensure that there is sufficient public support, as it's a lot easier to turn a blind eye on a service you haven't used personally… To make the point more forcefully: On Mon, Nov 23, 2009 at 12:29 AM, Lucky Green <[email protected]> wrote: [snip] > Many of those that would be satisfied with fewer hops engage in > comparatively low risk behavior (which is why they are satisfied with > lower anonymity), such as downloading large files of questionable > origin. [snip] > Users with lower anonymity needs should be guided towards > the many other systems available today that provide lower anonymity than > Tor. I'll assume here that 'questionable origin' here is primarily talking about the people illicitly downloading movies and the like. I find it interesting to see the file transfer case as "comparatively low risk behavior". The reason people have used tor for this in significant numbers is that their activity is very likely to result in legal threats and disconnection from their ISP, as those consequences have become common. This isn't a speculative risk these people face it's a real one, certainly more real than any that I've personally had for using Tor. (You don't have to even support the illegal propagation of copyrighted works to support people engaging in downloading— for example, someone might download an album to recover material on a damaged CD, or they might be recovering a track they purchased but has been made available to them after the closure of a DRM key provider, and these use cases are no less likely to bring lawsuit than the people who are downloading copyrighted works for which they have not been licensed.) Of course there are people with greater anonymity needs than the file downloaders but if you are prepared to classify someone merely at risk of a costly lawsuit and disconnection from their ISP as someone who is insufficiently worthy and guide them and all the others with even lower needs to another service then would TOR even come close to the level of cover traffic required to provide anonymity to those more strongly in need? [The file downloading on Tor isn't a good thing: it's not good because tor isn't the best design for bulk transfers where latency isn't relevant... some other design could handle them better (and probably provide greater anonymity at the same time). The copyright-violating download case also has the problem that it doesn't eliminate risks it merely shifts them to the exit operators. (Because the copyright holders are perfectly happy to take the same actions against the exit operators, and many ISPs are perfectly happy to harass them)... but these are separate matters that have little to do with circuit length or the reality of the users desire for anonymization] *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
