On Wed, Aug 11, 2010 at 11:52 AM, Mike Perry <mikepe...@fscked.org> wrote: [snip] > Sometimes, you just need to pick your battles. If you believe the DMCA > is bullshit and want a full exit policy, I think the practical answer > is "Go outside the US for bandwidth". Or, be prepared to provider-hop > for a good, long time. [snip]
This is, however, bad for the diversity of the Tor network. Ideally there would be exists as widely spread as possible in order to minimize the return on investment for attackers. It seems to me that there exists an opportunity to collaboratively build a list of destinations which are "safe"— in that the probability of an ISP complaint or an unfriendly law enforcement visit is effectively insignificant. Safe destinations might include things like some network services (DNS, esp if tor moves to the TCP dns stuff which has been discussed lately), human rights organizations, other anonymity services, read-only web resources, services which already have special handling for tor (e.g. Wikipedia, which is effectively read-only for Tor exits, IRC networks which identify and specially handle Tor), and services which are known not to keep logs. While these destinations would only amount to only a tiny fraction of the Internet they could amount to a reasonable portion of the overall exit usage thus freeing up the rest of the exit capacity for everything that can't use these limited exits and providing increased performance and diversity for things that can. This is something that would require some technical infrastructure. Currently nodes don't get an exit flag unless they are fairly broadly open... and thousands of nodes each running a different idea of the safe destinations would create a computational burden on circuit creation as well as significant directory bloat. Setting the exit flag on nodes with very narrow exit policies would also facilitate the creation of targeted exit spying nodes. To avoid these problems a single template exit list could be distributed with the directories then included in node exit lists. I don't have any great answer on how to create and manage such a list— a small one is fairly easy to manage but I don't expect a large one to be. But I think the bigger question is: would the existence of this option discourage the creation of full exits to such an extent that it would hurt the tor network overall? At least in the US and soon, with the ACTA, perhaps most of the developed world I think the answer is no. The difficulty in establishing network connectivity which won't be immediately shutdown due to overzealous notice-and-takedown conformance is already so great that anyone running a full exit instead of a relay is obviously putting out a special effort to do so. The existence of an easy limited-exit option shouldn't change the incentives much. There are other things which could be done to increase the usefulness of the tor network in the face of an increasingly difficult exit climate, for example improving the exit enclave functionality would be helpful (putting services which do not need anonymity themselves behind hidden services is far from optimal both due to performance and name discovery issues), but I don't think this would provide as great or as immediate a benefit as simply increasing the real exit capacity to selected destinations. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/