Reducing relays = reducing anonymity ? Tortunnel.
Martin Fick
mogulguy at yahoo.com
Wed May 19 20:23:33 UTC 2010
--- On Wed, 5/19/10, Stephen Carpenter <thecarp at gmail.com> wrote:
> Certainly there is a certain amount of sense to the idea
> that tortunnel traffic may use another system that focuses more
> on speed if tortunnel was unavailable. However, an assumption is an
> assumption and I am not sure how much I buy the truth of it.
Although, I can't help but think that with equal
resources, the use of a single system could have
benefits too: shared code paths (and thus
potentially better debugged), better load
balancing, more traffic to mix with for those
loving company (anonymity seekers)...
To be more specific about what I mean by "equal
resources": suppose that users of system X have
5 relays, and tor has 5 relays, and both
sets of users used the same bandwidth. If all
users used one 10 relay system instead, the
total bandwidth should be similar.
> I ask for two reasons. The first is logical accuracy, what
> its trying to do, while bad for user anonymity, doesn't,
> on its face, seem like a real problem for tor exit node
> runners. The second is that I have considered writting a
> client myself (I have some things that I want to
> play with that is a bit beyond what the current client can
> do... like rendezvous nodes that don't publish in the public
> directory) and I wouldn't want to end up being considered
> an abuser
I can't help but think that there are indeed
other use cases that would greatly benefit
from a independent simpler transport-type
lower-layer that tor could ride on. If this
layer could have more users and more
resources (relays/coders) dedicated to it
than just the resources that tor currently
gets, it could be a net win for tor.
I proposed something like this a year or two
ago and have done nothing with it. I keep
coming back to the idea though. I just
recently started playing with the concept
again, I was going to call it PNR for
Private Natting Router. Essentially
attempting to define a very simple OpenVPN
setup ontop of some natting firewall rules
and IP forwarding. A simple system would
then define a way to add restrictions and
extra capabilities to such a setup and to
publish them along with status info.
Restrictions might be something like:
"can only connect to these other PNRs"
(act as a middle node), or "can only go to
the internet via port 80" (exit node
restriction). A capability might be
something like the ability to tunnel
"connections to other individual points
via a single VPN" (to make separate input
streams aggregate into a single output
stream), or to aggregate/delay packages
for potentially better mixing.
All of this would create more of a research
environment where new models could be
experimented with and still potentially
benefit from a common deployed foundation.
It would be possible to explore many new
transport layer speed/latency/bandwidth
optimisations independently from anonymity
issues. It might make exploring resource
management (charging for/exchanging for
bandwidth...) easier. An implementation of
tor could be designed to ride on such an
infrastructure. This implementation would
embody many of the very clever things that
tor does today, good route selection,
directory services...
> > Anonymity is entirely gone.
>
> A bit overstated but, not far off. It is as anonymous as
> any single hop relay. Also, since it tries to emulate tor
> traffic to trick the node, well, if you were running a node
> (even a non-exit), I would think that tortunnel traffic
> would be very hard to distinguish from non-tortunnel.
> Of course... this wouldn't help if speed is your goal.
I keep searching for that use case where
a user does not need anonymity for any
individual query, but does on the
aggregate level. Perhaps this is
something some users want, i.e. to never
access different sites from the same IP.
Such a use case would be very effectively
achieved with many single hop relays.
Although I can see why tor is not
interested in catering to such users, I
can't help but think that they could
help disguise traffic for users
requiring strong anonymity and they
could potentially add to the resource
pool that tor uses, to ultimately
benefit tor as a whole.
My .02 cents,
-Martin
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list