On Sun, Jun 20, 2010 at 08:01:34PM -0700, David Barrett wrote: > 1) Is Tor purely for clients (applications making outbound connections), > or can Tor be used for servers (applications receiving inbound connections)?
https://www.torproject.org/hidden-services > 2) Are Tor relays hosted purely by volunteers with nothing to gain, or > is there a sort of "tit for tat" such that two peers looking to > anonymize their traffic can "swap identities"? https://blog.torproject.org/blog/two-incentive-designs-tor > I ask because I wonder if tit-for-tat anonymizing and anonymous hosting > could go well together with a protocol based on two major operations: > > - I will make a request to anywhere on the internet and give its > response to you, if you do something for me. > > - I will open up a port and send any requests I receive to you, if you > do something for me. There are two main challenges here. First, if somebody can choose to be nice to me in particular so I will route my traffic through them, that puts my anonymity at risk. Second, volunteering makes you stand out in ways that can be bad for your anonymity. See the above blog post, plus the papers it cites, for more details. It's certainly not the last chapter in the story. > But I kept getting hung up on the > "unbacked" nature of online currency, where anybody can wipe their > "credit history" clean and just refuse to honor past obligations without > penalty. (And the complexity and game-ability of solutions to that > problem.) Yep. And it gets worse in the context of privacy-preserving systems. I wrote something about that long ago: http://freehaven.net/anonbib/full/date.html#rep-anon > But of course, this isn't at all limited to data exchange, this could be > use to anonymize *any* server or P2P application -- HTTP webservers, SIP > VoIP, etc. Be careful about confusing "layer of indirection" with "anonymity". You need to think about your threat model, who your adversaries are, what you're trying to protect, etc before you can decide whether you like the amount of anonymity you're getting. Otherwise you could fall into the situation of the VPN users from the other thread, who basically seem to have said "not all of my packets are going directly to my destination; what do you mean I'm not anonymous?" --Roger _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers