On Mon, Oct 28, 2013 at 08:24:33AM -0400, Bill Cox wrote: :On 10/28/2013 12:58 AM, Michael Wolf wrote:
:>While I can appreciate Bill's concerns (my web servers are regularly :>attacked by miscreants using Tor), I have a hard time imagining any case :>where an *effective* reputation-type system doesn't seriously impair :>anonymity. Any sort of "reputation" is basically a profile of the :>user... which sites he/she has visited, who has left positive/negative :>feedback, etc. My understanding is that Tor changes circuits every 10 :>minutes to help prevent users being profiled -- why would we undermine :>this with a reputation system? :I really do want to run a Tor node, and an exit node at that. :However, I just can't encourage more of the behavior I've seen so :far. I need some way to hold a griefer accountable. It's a very :very hard problem. Any ideas? As an exit node operator I share your wish, but for the reasons Michael mentions I thik it is fundamentally impossible to have strong anonymity and a strong enough reputation to be meaningful since one erodes the other. It may be possible to do something IDS like on an exit & if it seems traffic is "abusive" to dynamicly rewrite your exit rules for some time, but this provides a relatively easy vector to create a Tor DoS by making all exits participating in the scheme block access to some destination, so that's probably a bad idea too. -Jon -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
