Reducing relays = reducing anonymity ? Tortunnel.

Martin Fick mogulguy at yahoo.com
Wed May 19 20:23:33 UTC 2010


--- On Wed, 5/19/10, Stephen Carpenter <thecarp at gmail.com> wrote:

> Certainly there is a certain amount of sense to the idea
> that tortunnel traffic may use another system that focuses more
> on speed if tortunnel was unavailable. However, an assumption is an
> assumption and I am not sure how much I buy the truth of it.

Although, I can't help but think that with equal 
resources, the use of a single system could have
benefits too:  shared code paths (and thus 
potentially better debugged), better load 
balancing, more traffic to mix with for those
loving company (anonymity seekers)...

To be more specific about what I mean by "equal
resources": suppose that users of system X have 
5 relays, and tor has 5 relays, and both
sets of users used the same bandwidth.  If all 
users used one 10 relay system instead, the 
total bandwidth should be similar.


> I ask for two reasons. The first is logical accuracy, what
> its trying to do, while bad for user anonymity, doesn't, 
> on its face, seem like a real problem for tor exit node 
> runners. The second is that I have considered writting a 
> client myself (I have some things that I want to
> play with that is a bit beyond what the current client can
> do... like rendezvous nodes that don't publish in the public
> directory) and I wouldn't want to end up being considered 
> an abuser
 
I can't help but think that there are indeed 
other use cases that would greatly benefit 
from a independent simpler transport-type 
lower-layer that tor could ride on.  If this 
layer could have more users and more 
resources (relays/coders) dedicated to it 
than just the resources that tor currently 
gets, it could be a net win for tor.

I proposed something like this a year or two
ago and have done nothing with it.  I keep 
coming back to the idea though.  I just 
recently started playing with the concept 
again, I was going to call it PNR for 
Private Natting Router.  Essentially 
attempting to define a very simple OpenVPN 
setup ontop of some natting firewall rules 
and IP forwarding.  A simple system would 
then define a way to add restrictions and 
extra capabilities to such a setup and to 
publish them along with status info.  
Restrictions might be something like: 
"can only connect to these other PNRs" 
(act as a middle node), or "can only go to
the internet via port 80" (exit node 
restriction).  A capability might be 
something like the ability to tunnel 
"connections to other individual points 
via a single VPN" (to make separate input
streams aggregate into a single output 
stream), or to aggregate/delay packages 
for potentially better mixing.

All of this would create more of a research 
environment where new models could be 
experimented with and still potentially 
benefit from a common deployed foundation. 
It would be possible to explore many new
transport layer speed/latency/bandwidth
optimisations independently from anonymity 
issues.  It might make exploring resource 
management (charging for/exchanging for 
bandwidth...) easier. An implementation of
tor could be designed to ride on such an 
infrastructure.  This implementation would 
embody many of the very clever things that
tor does today, good route selection, 
directory services...


> > Anonymity is entirely gone.
> 
> A bit overstated but, not far off. It is as anonymous as
> any single hop relay. Also, since it tries to emulate tor 
> traffic to trick the node, well, if you were running a node
> (even a non-exit), I would think that tortunnel traffic 
> would be very hard to distinguish from non-tortunnel. 
> Of course... this wouldn't help if speed is your goal.

I keep searching for that use case where
a user does not need anonymity for any 
individual query, but does on the 
aggregate level.  Perhaps this is 
something some users want, i.e. to never 
access different sites from the same IP.  
Such a use case would be very effectively 
achieved with many single hop relays.

Although I can see why tor is not 
interested in catering to such users, I
can't help but think that they could
help disguise traffic for users 
requiring strong anonymity and they
could potentially add to the resource
pool that tor uses, to ultimately
benefit tor as a whole.

My .02 cents,

-Martin



      
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list