[Freedombox-discuss] Dumb idea: Alternative to Tor that promotes good behavior

[Daniel Kahn Gillmor]

On 10/27/2013 01:26 PM, Bill Cox wrote:
> Here's the problem: Tor has little public support, because most Tor
> traffic is wasted on supporting bad behavior.

I don't think that's the main reason Tor has little public support.  I 
think Tor has little public support because using Tor is slower and less 
convenient than not using Tor, and people (at least in the USA) seem to 
value convenience above most other things.

> Here's my solution: Build a Tor-like network for routing anonymous data,
> but track behavior of all users' secret identities, and make their
> Internet history public.  Allow node operators to choose categories of
> public identities they which to support.

This would not be anonymous data.  You're asking people to publish their 
full internet histories for the privilege of being able to use the 
network.  Are you aware of the work being done toward de-anonymization 
of rich data sets?  I think many people's web browsing habits alone 
would be sufficient to discover their physical identity with relatively 
high certainty.  Even if we were to assume that the data was not 
possible to tie back to someone's physical location to put them in 
harm's way, if their network use patterns are how they do their 
activism, then publishing their network use patterns provides an 
adversary with a lot of information that is very helpful to disrupt this 
same activity (e.g. "Which web sites do they usually use to distribute 
their [tools|analysis|incitements]?  Which chat channels do they 
frequent?  Where/how do they get their e-mail?  Can we destroy or 
subvert those services?)

> For example, I would choose to promote all forms of non-violent free
> speech.  I should be able to contribute my bandwidth to this purpose.
> If a dissident in China goes by the public ID of ChinaCat, and has a
> high reputation for promoting freedom, they are welcome to use my
> bandwidth.  If someone just wants access to redtube.com, they can get
> that access from someone else.

If you prefer this, then you should personally make arrangements with 
ChinaCat directly.  I'm not convinced that you could ever make such an 
arrangement scale cleanly without gross oversimplifications that 
wouldn't meet many people's assumptions about what the terms mean.  Is a 
sit-in at a restaurant "non-violent free speech"?  What about a work 
stoppage at a factory?  how about when the workers barricade the factory 
against its owners?  What about people who sabotage or destroy machinery 
in their factory?  What about destruction of machinery that is prepared 
to destroy desparately needed housing stock?  What about people who 
smash the windows of low-wage corporate franchises?  What about smashing 
the windows and doors of fire-prone sweatshops?  Are all of these things 
non-violent free speech?  can you imagine that someone else might have a 
different answer for any of them than you do?

> There are various technical aspects to this idea.  For example, would
> prefer that the social graph between secret identities be public so I
> can use a simple network flow algorithm over trust edges between
> identities to determine how much I trust someone.

I think it would be worthwhile to spec out such an algorithm, and then 
think through the spec under a handful of real-world use cases.  what 
does it mean to do "network flow over trust edges"?  What specifically 
does "trust" mean in this context?  Can you give an example of how that 
would let you automatically determine how much you trust someone?  What 
does that kind of automated trust discovery mean from a human 
perspective?  What are the ways it could be exploited by an adversary 
intent on causing trouble?

sorry to be a pessimist, but i'm not convinced this is an effective or 
even desirable framework.

	--dkg