Two Tor questions: 1) Is Tor purely for clients (applications making outbound connections), or can Tor be used for servers (applications receiving inbound connections)?
2) Are Tor relays hosted purely by volunteers with nothing to gain, or is there a sort of "tit for tat" such that two peers looking to anonymize their traffic can "swap identities"? I ask because I wonder if tit-for-tat anonymizing and anonymous hosting could go well together with a protocol based on two major operations: - I will make a request to anywhere on the internet and give its response to you, if you do something for me. - I will open up a port and send any requests I receive to you, if you do something for me. That "something" could be a direct value swap -- I open a port for you, you open a port for me. Or it could be anything: I make a request for you, and you give me a block of data. Together it could make for a powerful swarming downloader with built-in onionskin network, that doesn't rely upon the generosity of Tor volunteers. I got thinking along these lines when trying to come up with a constructive response to Will's currency-based streaming network. (I hate it when people have nothing but negative feedback, so I'm trying not to fall into the same trap.) But I kept getting hung up on the "unbacked" nature of online currency, where anybody can wipe their "credit history" clean and just refuse to honor past obligations without penalty. (And the complexity and game-ability of solutions to that problem.) This led me to think that bartering tit-for-tat style (eg, we immediately exchange direct value) is a more reliable form of online currency. But that only works if the other side has something you want right now. From there it occurred to me that onionskin networks are always looking for identities to route through, and that could be used: even if I don't have any data to give you right now, I can let you make requests through my identity so you can anonymize your traffic. I get data, you get privacy, we all win. But of course, this isn't at all limited to data exchange, this could be use to anonymize *any* server or P2P application -- HTTP webservers, SIP VoIP, etc. (And with dynamic DNS you could even use real names, though obviously that creates a new central vulnerability, so maybe one of the distributed DNS layers could help out here.) Anyway, I was just mulling this over while walking my dog so apologies if this idea has already been well explored, but any thoughts you have along these lines would be appreciated. Thanks! -david _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
