prove decentralization creates vulnerability to a larger degree than centralization
Maybe the centralization issue should revolve around things other than such two sided math proofs should neither side win... 1) There's expectation that some TPO-like entity will blackball known bad nodes, a non-human distributed authority (be it DHT or otherwise) doesn't permit that. Which is actually a non issue because users can simply subscribe to whichever trusted blackball source they desire. Onionland may still be providing some of these bad node listing services. AFAIK, that's the only real service Tor authorities provide today. The rest is under the hood of the *only protocol* in (3) below. 2) The network simply cannot run if some or all of the nine authorities are taken offline. Even users passing around their descriptors file and continuing to run can't be done because the code doesn't support that. So the network dies. Tor right now is like the centralized 'illegal' filesharing traffic model ie: Napster... every single central sharing service that had human figureheads in control of the network got shutdown. When the heat comes to Tor, it will get shut down if its fixed human authorities can't stand the heat. There are not an endless number of figureheads, but there are an endless number of users. For which, as with DHT torrenting and bitcoin, the responsibility for those networks is so distributed that it's pointless to try taking them down. Phantom, I2P, and a number of others are also distributed and seem to be working fine as well. 3) Bitcoin and torrent also work as protoools because all users agree that the protocol is *the one and only true protocol*, they are at risk if they change, so a self maintaining gravity is both present and natural. If there are forks, they don't last because users figure it out and abandon them or at least stop until the network figures itself out. This is why Tor bootstrapping isn't an issue either... you're unlikely to bootstrap yourself into a bogus network for very long, especially if you do reasonable research in the network socialnet beforehand. Self host the repository, ship with signed recent descriptor and bad nodes subscription lists, bootstrap into that, and let network dynamics and user choice run from there. At least that's the model of some other networks. Tor is probably central today as a result of inheriting a central design model. Thereafter if not remaining so from simple gravity then from either: A) waiting for a chance to stand up with its authorities for the sake of proving out fundamental privacy/speech geopolitics. B) putting them in the position of standing as test fodder. C) trending nefarious. Tor is a US entity which has certain benefits and weaknesses. And the international support structure of (A) should be analyzed and stress tested to determine its strength bfore relying on it. All the while noting and incorporating similarities to the WL, Snowden, filesharing, and crypto battles, etc. Curiously, whenever all is said, it's still useful to have both centralized and decentralized networks surviving under pressure. Yet is centralization actually *required*, say to achieve something specific beyond that, or which cannot be modeled decentrally with some decision elements pushed out to the user.