aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2006-11-12 22:05:18 +0000
committerNick Mathewson <nickm@torproject.org>2006-11-12 22:05:18 +0000
commitaa647d9e47fcbb8bfe4366a61d79c38f07202a73 (patch)
tree95cd6fc085ab84257a0685e0cf54173b73adb0ea
parent54ec19252f6e873cd549d59274962a39d82f0ca5 (diff)
downloadtor-aa647d9e47fcbb8bfe4366a61d79c38f07202a73.tar
tor-aa647d9e47fcbb8bfe4366a61d79c38f07202a73.tar.gz
r9299@totoro: nickm | 2006-11-12 17:05:09 -0500
mention that Tor provides anonymity and that anonymity is important. Heh. svn:r8939
-rw-r--r--doc/design-paper/blocking.tex18
1 files changed, 15 insertions, 3 deletions
diff --git a/doc/design-paper/blocking.tex b/doc/design-paper/blocking.tex
index 93ce7846b..1168cd483 100644
--- a/doc/design-paper/blocking.tex
+++ b/doc/design-paper/blocking.tex
@@ -274,7 +274,8 @@ location~\cite{google-geolocation}.
The Tor design provides other features as well that are not typically
present in manual or ad hoc circumvention techniques.
-First, the Tor directory authorities automatically aggregate, test,
+First, Tor has a fairly mature way to distribute information about servers.
+Tor directory authorities automatically aggregate, test,
and publish signed summaries of the available Tor routers. Tor clients
can fetch these summaries to learn which routers are available and
which routers are suitable for their needs. Directory information is cached
@@ -283,8 +284,8 @@ need to interact with the authorities directly. (To tolerate a minority
of compromised directory authorities, we use a threshold trust scheme---
see Section~\ref{subsec:trust-chain} for details.)
-Second, Tor clients can be configured to use any directory authorities
-they want. They use the default authorities if no others are specified,
+Second, the list of directory authorities is not hard-wired.
+Clients use the default authorities if no others are specified,
but it's easy to start a separate (or even overlapping) Tor network just
by running a different set of authorities and convincing users to prefer
a modified client. For example, we could launch a distinct Tor network
@@ -345,6 +346,17 @@ network~\cite{econymics,usability:weis2006}. This user base also provides
something else: hundreds of thousands of different and often-changing
addresses that we can leverage for our blocking-resistance design.
+Finally and perhaps most importantly, Tor provides anonymity and prevents any
+single server from linking users to their communication partners. Despite
+initial appearances, {\it distributed-trust anonymity is critical for
+anticensorship efforts}. If any single server can expose dissident bloggers
+or compile a list of users' behavior, the censors can profitably compromise
+that server's operator applying economic pressure to their employers,
+breaking into their computer, pressuring their family (if they have relatives
+in the censored area), or so on. Furthermore, in systems where any relay can
+expose its users, the censors can spread suspicion that they are running some
+of the relays and use this belief to chill use of the network.
+
We discuss and adapt these components further in
Section~\ref{sec:bridges}. But first we examine the strengths and
weaknesses of other blocking-resistance approaches, so we can expand