[tor-relays] Anti-Sybil (re: Explain... all the Nodes)

Paul Syverson paul.syverson at nrl.navy.mil
Thu May 2 20:15:03 UTC 2019


On Thu, May 02, 2019 at 04:01:52PM -0400, grarpamp wrote:
> On 5/2/19, Herbert Karl Mathé <mail at hkmathe.de> wrote:
> > I strongly believe certain issues need be brought up into conscious, and
> > into presence: into discussion, actually.
> >
> > Therefore appreciating this as it might fit too well into context
> >
> > Keeping things below surface, or trying so, has too often proven to be a
> > very bad idea as these will come up sooner or later anyway, then with much
> > higher magnitude. Even worse, trust is then destroyed.
> 
> As said before, the category of Anti Sybil Web of Trust Projects
> needs considered, and could even cover such speculative subjects.
> 
> It's not about analysing the meta of one node or one operator,
> even if a true positive hit, in general the yield is approximately
> zero percent of any overlay network's nodes, it's about stepping
> back and agnostically analysing them all.
> 
> Go investigate and collate all the possible meta informations...
> 
> Node location, payment, OS, ISP, uptimes, anon / nym / PGP / GovID,
> workplace, politic, blogs, whatever else you can imagine,
> including incorporating what's already in the consensus, contact,
> MyFamily, nickname, both real world and virtual infos,
> operator to operator p2p Web of Trust...
> 

Note that we created a research system for gathering such data,
reasoning about the trust implications, and applying it to routing
decisions. we wrote a paper on it that we presented at PETS 2015.
"20,000 In League Under the Sea: Anonymous Communication, Trust,
MLATs,and Undersea Cables"
https://www.petsymposium.org/2015/papers/04_Jaggard.pdf

I don't know that anyone has done much with this since, but I hope
that's helpful information.

aloha,
Paul


> No node has to supply any infos.
> 
> Put it all in a db and give users tools to select node sets.
> 
> Some users might select State's, or State's workers or
> even Statist's nodes, over say anon nodes, as maybe they
> feel they have to play by some "rules" that anon nodes don't.
> Others might reject operators that post stupid pics on Facebook.
> Or all Ubuntu relays. Or nodes that engage in free speech
> they don't like, some in Tor Project would love that selector, lol.
> 
> It doesn't matter, it's a meta project, with it you can accept or
> reject on whatever whim you wish by node fingerprints in your client.
> 
> And if the Sybil WoT project ends up discovering some interesting
> potential threats classes among the entire node set, you win.
> Until then, you are potentially missing all of that, and are not
> raising Sybil's costs of doing business by forcing them to
> expend much resource into playing real world Web of Trust
> against users who might select to use various positive-meta-ranking
> and or WoT structures. Right now Sybil's cost is only a little hosting.
> 
> If not, you can still report bad exits and other actual technical
> node and traffic mangling to tor-relays and or bad-relays,
> at least until someone DHT's or otherwise distributes tor
> away from the more centralized DA design.
> 
> Note that Tor's architecture does not protect much against
> Global Passive Adversary of NSA style fiber Vampires,
> that threat does not require Sybil nodes, nor do they
> have to be Global or Govt, even Tier-N backbones can
> tap, analyse, and do nefarious things like and with that,
> including sell, give, and partner it all away.
> Though they can and do run Sybil nodes to help inject,
> manipulate, block, see, etc traffic, nodes, and clients.
> 
> On flip perspective, maybe you really don't want to develop
> WoT's and such, simply because enabling creeping featureism
> of it all can lead to exclusivity and control whereby valuable anon
> diversity is selected away from and purged. That would be very bad.
> 
> Either way, other than the usual design, protocol, code, and "Lawfare"
> exploit space, and the coming Quantum Compute adversary, Sybil and Vampire
> are likely todays biggest remaining threats to overlay networks.
> 
> None of todays networks seem to be trying to do anything to stop
> Sybil, and only a few networks put Vampire as any sort of priority [1].
> While Vampire may perhaps be solved with some technical measures,
> Sybil may require some sort sort of human based measures.
> 
> 
> [1] Curiously, cryptocurrencies do employ Anti-Sybil in various
> proofs of work (adversary cost raising), and can help defund Vampires.
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 


More information about the tor-relays mailing list