
Tor's Open Research Topics (2018) - schoen
https://blog.torproject.org/tors-open-research-topics-2018-edition
======
kuroguro
> Censorship Circumvention: Exit Side ... what if there were a pool of exit
> bridges that you could use via this mechanism? Would that pool have any less
> abuse or incidence of banning? What if this pool were pay-to-use?

This can already be solved outside of the network by setting up a VPS and
chaining it after the exit node (you still have to figure out a way to pay for
it anonymously and it's a PITA to set it up).

> What if you posted a monetary amount via a ZK smart contract, and if there
> was abuse reported, that money became forfeit?

Now that sounds interesting. Not sure how it would work in practice tho.

~~~
c22
> This can already be solved outside of the network by setting up a VPS and
> chaining it after the exit node (you still have to figure out a way to pay
> for it anonymously and it's a PITA to set it up).

This isn't really a solution. Not only do you have to pay for it
"anonymously", but any slip up at all suddenly correlates all your traffic.
What do you do when an adversary compromises your VPS, will you even notice?

~~~
kuroguro
> What do you do when an adversary compromises your VPS

You already have to operate as if an exit node could be bad, it's not that
different. One could swap them each month.

> any slip up at all suddenly correlates all your traffic

Hadn't considered that, may be a major downside for some use cases. Easily
solved by using one VPS for one service / website you visit :D

~~~
cypher_
> You already have to operate as if an exit node could be bad, it's not that
> different.

Tor's anonymity is guaranteed by its probability and temporary nature of exit
nodes. Every Tor client uses the same algorithm to select an exit node, and a
single exit node in a circuit is typically discarded within a few minutes for
web browsing. Further, Stream Isolation selects different exit nodes for
different destinations. Effectively, it means the correlation between an
individual Tor user and a particular exit node is practically zero (and
tracking at Layer-7 is often better than breaking Tor).

It's like discarding and selecting one of the 1,000 dead-drops at a time, and
all of them are being used by a million people. On the other hand, purchasing
a VPS is like setting up a single, permanent dead-drop just for yourself. The
correlation is almost-certain, and the cost of getting a new one is high.

It may be a solution to a very specific problem where pseudonymous access is
needed, like using a VPN/VPS to bypass the Tor blacklist of your E-mail
account, and ONLY TO ACCESS your E-mail account. But for greater applications
which requires anonymity, or very-shortlived pseudonymity, it's generally
unsuitable. You don't want to ruin your valuable VPS that you've spent half-
an-hour to purchase via Bitcoin, only to bypass the blacklist of a random
website.

Some may suggest a pool of VPS servers can be provided, and well, be purchased
on-demand via Lightning Network's micropayment (old-school Cypherpunks will
love this idea, the idea had been around since the 1990s, and has eventually
become feasible today!). But it effectively recreate the Exit Node
infrastructure that Tor is using.

