-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/19/2013 06:50 AM, Mark McCarron wrote: >> Date: Mon, 18 Nov 2013 21:11:40 +0100 From: >> [email protected] To: [email protected] Subject: >> Re: [tor-talk] New TOR Service Suggestions and Enhancements >> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 11/18/2013 05:23 PM, Mark McCarron wrote: >>> With all the recent crack downs on civil liberties, seizure of >>> TOR services and general censorship that is now hitting even >>> mainstream search engines, I would like to propose a set of new >>> services and some enhancements to the network layer to improve >>> anonymity. We need to get as much support as possible behind >>> these services and improvements as they will assist in both >>> the expansion and self-funding capability of TOR going >>> forward. >>> >>> The following services have been suggested and will require a >>> fee, paid in Bitcoins, which will be donated to the TOR >>> project. This is a security measure to prevent saturation of >>> the services. These services should be integrated into the TOR >>> software and run in a distributed fashion. >>> >>> 1. Distributed Web Hosting >>> >>> Currently, anyone hosting a hidden service must provide their >>> own hosting solution and use software to provide access to the >>> TOR network. This strategy has seen increasing number of >>> services taken down in raids by various governments. We require >>> a distributed hosting solution that provides a web server and >>> database to anyone. The requirements for the service are as >>> follows: >>> >>> a. Payment gateway that accepts Bitcoins and either generates >>> a new site, or renews a previously generated private key. This >>> gateway should retain no knowledge of any transaction, or the >>> ability to revoke a site once generated. Sites should >>> automatically expire after a given date, unless the private key >>> is renewed. Private key renewals should not require the private >>> key to leave the client-side. >>> >>> b. Sites can be hosted at any node in an encrypted server with >>> redundancy options (whack-a-mole) and automatic replication >>> between nodes. No node should be able to inspect what it hosts >>> in any fashion. A premium can be paid to increase replication >>> times. >>> >>> c. Should provide a set minimum of traffic capacity, a >>> premium can be paid to increase that capacity or link sites to >>> build a larger service (i.e. multiple front-ends, database >>> clusters). A Bitcoin pool should be created that providers of >>> this service can be paid from to compensated for the increased >>> processing. >>> >> >> While I strongly agree that a distributed HS system would be >> very desirable, I find the idea to make it dependent on any kind >> of payment very appalling. >> >> Especially your point 1c, which is exactly what many ISPs try to >> force upon their customers nowadays. Be on the slow lane or pay a >> premium. And what if a critical mass of users is already on the >> fast lane? Thanks, but no thanks. Best effort should remain the >> way to go. >> >> What you call the gateway would also be a single point of >> failure. Unless that gateway was decentralized, too, some TLA >> could simply decide to seize it because one of the countless >> Hidden Services was doing something bad. Consequently, all other >> HS would fade out when their keys expire. >> > > In an ideal world, there would be no payment system. In the world > as it is today, we must deal with both abuse of a system and the > realities of the costs of operating a system. In respect to the > latter, we cannot live in some hippy freeloader universe.
Can you specify what kind of abuse you are expecting to prevent by introducing a payment system? Don't even think about letting the Tor project have the power to disable a given HS. It would make them subject to legal liabilities and harassment at its finest. IANAL, but in principle, the Tor project would then be responsible for any and all HS and anything and everything people might do with it. That would, likely literally, be fatal for Tor. You seem to view payments as a viable way to prevent abuse. Have a look at the "Real World", where nearly everything is subject to fees. No abuse anywhere, right? It just does not work. Requiring payments *is* an entry barrier, but it does *not* filter out the bad guys, only the poor guys. Also, the fact that everyone can trivially set up a HS without requiring anyone else's permission or going through any kind of potentially de-anonymizing process like a payment, is of the absolute key aspects of Tor. It is a very democratic, maybe even slightly anarchistic approach, without any gatekeepers. Doing away with that in an anxious attempt to reduce unspecified cases of abuse would be a terrible idea in my opinion. And I can only speak for myself here, but I would surely NOT run one single Tor relay if I knew that people using it were somehow required to make any kinds of payments for their use. I am only willing to do so because Tor is a "hippy freeloader universe" and I gladly support that. > > In regards to 1c, you felt it was a type of net neutrality. No, > that is wrong. Think of it more like the difference between shared > and dedicated hosting. > > The payment gateway would also be distributed. Different wording, same meaning. That approach is based on discriminatory treatment as a function of coughing up money. As far as I can tell, that goes pretty much against the goals Tor is aiming to achieve. If you are worried about the operating costs of node operators, have a look at this discussion: [1]. Notice that even if it were trivially possible to reimburse node operators according to some distribution scheme, you must take into account the implications of that. When you suddenly introduce a financial incentive in running Tor nodes, the relative amount of idealism is likely to drop, because you attract people for financial reasons. > >> >> >>> 2. Distributed File Hosting >>> >>> Follows the same structure as web hosting, but provides an FTP >>> service. Should integrate into the web hosting layer >>> seamlessly. >>> >>> 3. Distributed Virtual Machine Hosting >>> >>> Follows the same structure as web hosting, but provides a >>> complete virtual OpenBSD/Linux platform. A Bitcoin pool should >>> be created that providers of this service can be paid from to >>> compensated for the increased processing. >> >> This kind of approach would be needed to go beyond a "simple" >> distributed storage for static files. How else would you host a >> HS which runs any kind of interactive content... >> > > The file hosting discussed on deals with ftp-like services. If a > need is shows for other types of file hosting, it can be added, but > we should focus on core services first. Go ahead and write a paper about how to implement a distributed static file hosting scheme to be integrated into Tor. Proposed requirements: - - Node operators define a certain, arbitrary amount of disk space they are willing to share for the service - - Files must distribute automatically among nodes, given some minimum redundancy (Maybe 3? Maybe the actual redundancy should automatically scale up if there is "enough" space available on the network?) - - Node operators (or anyone else, for that matter) must *never* be able to tell what files are currently (being) stored on their nodes. Obviously, everything needs to be entirely encrypted, so not even filenames or filesizes can be seen on any node. - - For scalability, there should at least be an expiry date and/or a way for the uploader to delete files afterwards, so the storage requirements don't run off beyond all bounds over time. And that is only the "easy" task with static files. Try to come up with a viable system for distributed virtual machines! > >> >>> >>> 4. Distributed Web Indexer >>> >>> Uncensored search of the entire internet. Speed is >>> unimportant, as is the frequency of updates. The primary goal >>> is to make it uncensored. >> >> Have you had a look at YaCy [1]? >> > > Not until you mention it. This solution looks viable and should be > re-written and absorbed into the default install of TOR. Why exactly should it be rewritten? Feel free to come up with ways to integrate it into Tor... without the need for a rewrite. > >> >>> >>> 5. Distributed Email and Instant Messaging >>> >>> Accounts can be purchased for Bitcoins, completely >>> decentralized. Speed of delivery is unimportant and should be a >>> best effort system. The inclusion of a "global broadcast" for a >>> premium is recommended. This latter services allows for >>> important announcements to be flashed across the world. The >>> premium should be set very high to prevent abuse. >> >> Why do you want to sell anything and everything? The nice thing >> about Tor is that you can set up your own HS *without* the need >> for a central authority and *without* the need to pay anything. >> >> For decentralized instant messaging (without the need to pay, I >> might add), have a look at TorChat [2] >> > > Its not about selling, its is about preventing the abuse of > resources and ensuring anything that requires servers can scale > with the user base rather than being contested. See above. > > TORChat solves the instant messaging issue and should be bundled. > Now we need a distributed email system. Good luck with that. In principle, you need the same requirements as for a distributed storage of static files, plus some more, because only the recipient must be able to read and delete their emails. Also, perfect forward secrecy [2] might be desirable for emails. Something that is not available for example with GPG. Maybe you should also have a look at Bitmessage [3]. > >> >>> >>> 6. Distributed News Service >>> >>> Pay a premium and post your story. This will ensure only >>> important news hits this newswire. >> >> Yes, because those with most money and willingness to pay are >> those with the most important news for everybody. >> > > It would be a token amount, its just to prevent spam mainly. There are better concepts than money against spam [4]. > >> >>> >>> 7. Distributed Start Page and TOR Index >>> >>> TOR needs an entry point, somewhere that provides access to all >>> services and can guide users through the system. Many sites >>> have tried to serve this function, none have survived. >>> >> >> Do you realize that one of the points of a *Hidden* Service might >> be that it does *not* show up in a publicly available list of >> services? >> >> Feel free to create a HS for users new to Tor, which exemplarily >> introduces the users to some Hidden Services cherry-picked by >> you. >> > > I understand that, I'm thinking of an automated directory similar > to TORDir where you manually add services and ones that fail a > given number of checks get pruned from the system. > > Creating a hidden service to act as a start page, or gateway, for > users has been tried time-and-time again. Look at core.onion, gone > in a flash. We require something more robust. Can you explain why exactly we require that? There is no global index of the "normal internet" either, at least none that is intended to be used by humans. Best regards, - --RTNO [1] https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html [2] http://en.wikipedia.org/wiki/Perfect_forward_secrecy [3] http://en.wikipedia.org/wiki/Bitmessage [4] http://en.wikipedia.org/wiki/Proof-of-work_system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSi0F/AAoJEJe61A/xrcOQ2PIP/1eEZm6T2fi6Bv7kSscrWQwN H+w4pShqABojh8F5FCl6csSxBS+oCYQSjnN+PGSIUe81PdoFZN4AbzrdVKKFy3n5 ZrYNonvltnQqS3Je5sc1TCmeibgcOH0QvycqIlf5fFb/Ha08WwpdAuVPwT/E/05M XJwe2Kavp/tblEOL0XQlACwa8DEpbkrY3+lESdYWj0ql0AkhS4mm7WxZfFqITiVu zQCnRWmQ1HcW1GE7whPjqT5OaZmxeUd4UGYHcvmF/x5Gwoxs8oXHwVcQzX9d4SIg eepNx7I9r0WNQDcc1DshXTQtr1EN6hJ47ez0Gq8a0hAkux6WrnXv9sF7k0hjxDtG hKpOcE8eE1o8onxKmFYS8OuoKJhu934AHDwU2VwdG3PotBcguzDr88Llizxhk7ln RYSow4u3/TDEOOeXBgWlONO2Bk9c7BWmc/IxNR8E8rxf2Mx2WFFY1imBG53K4myb 9tlS0ga2IayW97Y+QTYZaUNpSPac9YDwaaPJmHDob/BlAwSjpL82BZEDeYJ/Zug0 RRhhfMD6g/dVh3Dtch0BpWQgJCxJBQUV4shLMIdoXzHW7+wRQIx5QsmQZAeUWuOI 5rxdqe6bUUt3SUwlTL/gwLlS15osNo0l/ntEW9pGG8/gWY+L4348hBu+/9zFl9ug be2z0kQiqk5nYDNJus12 =eXu9 -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
