invitation to directory server operators

[Sven Anderson]

Am 12.09.2008 um 17:50 schrieb John Brooks:
> Also, if this is enabled by default, it will still only be respected
> if you are already serving the normal tor directory - in countries
> with laws restrictive enough to prevent mirroring the hidden service
> directory, it seems that you'd have issues with the standard directory
> as well, not to mention actual tor traffic. I think the legal risks of
> the hidden service directory are minimal beside the risks of normal
> tor traffic, so I doubt it'd be a problem for many node operators (and
> if it were, they could disable this option again).

I don't agree. Normal Tor directories list _routers_, HS directories  
list _servers_ and therefore  _content_ in most cases. And I don't  
have a good feeling with mixing these two things.

To make a graphic example:

I don't have a bad conscience if somebody anonymously accesses child  
pornography sites over my tor node, which is accessible anyways. The  
site can still be tracked down and removed by the local authorities.  
And as a node operator I even have the possibility to block such sites  
with according exit policies if I like to.

With HS there is a new service space created. And therefore more  
responsibility. With running a Tor node supporting HS I also make  
arbitrary services available, which otherwise might not exist. I  
really like the idea of HS in general, and there are some great  
applications for it. But on the other hand there are services which I  
can not accept to support (to create) with my resources.

Accordingly, it would be much more cleaner to separate HS as much as  
possible from Tor and to see it as an application _on_top_ of Tor. So  
I don't like the idea to make every Tor node a HS node by default.  
They are two different things. To promote hidden services by foisting  
them to all Tor node operators is not fair, I think, and can even  
become dangerous for the Tor project. They should be promoted  
separately.

As a Tor node operator in the case of HS I'm much more in the need for  
fine grained access policies due to the higher responsibility. As I  
wrote in a mail before, at the moment the opposite is true. I can  
control access of general exit node traffic in exit policies. But I  
have no control if and for what HS my node becomes an entry point.  
Similar is true for the HS directory, which I can only switch on or  
off in general. If for example the public in Germany will find out,  
that there are HS for sharing child pornography and nobody can do  
something about it, the whole Tor project and especially the HS  
directories and entry points (but the public will not be able to  
discriminate) will get under heavy fire here (don't know how sensitive  
this issue is in other countries). If Tor will support the blocking of  
certain HS for node operators at that moment, the attack might be a  
bit milder and can be "rerouted" to the HS to some extent.


Regards,

Sven

-- 
http://sven.anderson.de    "Believe those who are seeking the truth.
tel:    +49-551-9969285     Doubt those who find it."
mobile: +49-179-4939223                                 (André Gide)