[tor-talk] Propsal for decentralization of the Tor network

grarpamp grarpamp@gmail.com
Sun Nov 23 21:03:10 PST 2014


> prove decentralization creates vulnerability to a larger degree
> than centralization

Maybe the centralization issue should revolve around things other
than such two sided math proofs should neither side win...

1) There's expectation that some TPO-like entity will blackball
known bad nodes, a non-human distributed authority (be it DHT or
otherwise) doesn't permit that. Which is actually a non issue because
users can simply subscribe to whichever trusted blackball source
they desire. Onionland may still be providing some of these bad
node listing services.

AFAIK, that's the only real service Tor authorities provide today.
The rest is under the hood of the *only protocol* in (3) below.

2) The network simply cannot run if some or all of the nine authorities
are taken offline. Even users passing around their descriptors file
and continuing to run can't be done because the code doesn't support
that. So the network dies. Tor right now is like the centralized
'illegal' filesharing traffic model ie: Napster... every single
central sharing service that had human figureheads in control of
the network got shutdown. When the heat comes to Tor, it will get
shut down if its fixed human authorities can't stand the heat.
There are not an endless number of figureheads, but there are an
endless number of users. For which, as with DHT torrenting and
bitcoin, the responsibility for those networks is so distributed
that it's pointless to try taking them down. Phantom, I2P, and a
number of others are also distributed and seem to be working fine
as well.

3) Bitcoin and torrent also work as protoools because all users
agree that the protocol is *the one and only true protocol*, they
are at risk if they change, so a self maintaining gravity is both
present and natural. If there are forks, they don't last because
users figure it out and abandon them or at least stop until the
network figures itself out. This is why Tor bootstrapping isn't an
issue either... you're unlikely to bootstrap yourself into a bogus
network for very long, especially if you do reasonable research in
the network socialnet beforehand.

Self host the repository, ship with signed recent descriptor and
bad nodes subscription lists, bootstrap into that, and let network
dynamics and user choice run from there. At least that's the model
of some other networks.


Tor is probably central today as a result of inheriting a central
design model. Thereafter if not remaining so from simple gravity
then from either:
A) waiting for a chance to stand up with its authorities for the
   sake of proving out fundamental privacy/speech geopolitics.
B) putting them in the position of standing as test fodder.
C) trending nefarious.

Tor is a US entity which has certain benefits and weaknesses. And
the international support structure of (A) should be analyzed and
stress tested to determine its strength bfore relying on it. All
the while noting and incorporating similarities to the WL, Snowden,
filesharing, and crypto battles, etc.

Curiously, whenever all is said, it's still useful to have both
centralized and decentralized networks surviving under pressure.

Yet is centralization actually *required*, say to achieve something
specific beyond that, or which cannot be modeled decentrally with
some decision elements pushed out to the user.



More information about the cypherpunks mailing list