diff options
| author | Nick Mathewson <nickm@torproject.org> | 2006-11-12 22:05:18 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2006-11-12 22:05:18 +0000 |
| commit | aa647d9e47fcbb8bfe4366a61d79c38f07202a73 (patch) | |
| tree | 95cd6fc085ab84257a0685e0cf54173b73adb0ea | |
| parent | 54ec19252f6e873cd549d59274962a39d82f0ca5 (diff) | |
| download | tor-aa647d9e47fcbb8bfe4366a61d79c38f07202a73.tar.gz tor-aa647d9e47fcbb8bfe4366a61d79c38f07202a73.zip | |
r9299@totoro: nickm | 2006-11-12 17:05:09 -0500
mention that Tor provides anonymity and that anonymity is important. Heh.
svn:r8939
| -rw-r--r-- | doc/design-paper/blocking.tex | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/doc/design-paper/blocking.tex b/doc/design-paper/blocking.tex index 93ce7846b1..1168cd4839 100644 --- a/doc/design-paper/blocking.tex +++ b/doc/design-paper/blocking.tex @@ -274,7 +274,8 @@ location~\cite{google-geolocation}. The Tor design provides other features as well that are not typically present in manual or ad hoc circumvention techniques. -First, the Tor directory authorities automatically aggregate, test, +First, Tor has a fairly mature way to distribute information about servers. +Tor directory authorities automatically aggregate, test, and publish signed summaries of the available Tor routers. Tor clients can fetch these summaries to learn which routers are available and which routers are suitable for their needs. Directory information is cached @@ -283,8 +284,8 @@ need to interact with the authorities directly. (To tolerate a minority of compromised directory authorities, we use a threshold trust scheme--- see Section~\ref{subsec:trust-chain} for details.) -Second, Tor clients can be configured to use any directory authorities -they want. They use the default authorities if no others are specified, +Second, the list of directory authorities is not hard-wired. +Clients use the default authorities if no others are specified, but it's easy to start a separate (or even overlapping) Tor network just by running a different set of authorities and convincing users to prefer a modified client. For example, we could launch a distinct Tor network @@ -345,6 +346,17 @@ network~\cite{econymics,usability:weis2006}. This user base also provides something else: hundreds of thousands of different and often-changing addresses that we can leverage for our blocking-resistance design. +Finally and perhaps most importantly, Tor provides anonymity and prevents any +single server from linking users to their communication partners. Despite +initial appearances, {\it distributed-trust anonymity is critical for +anticensorship efforts}. If any single server can expose dissident bloggers +or compile a list of users' behavior, the censors can profitably compromise +that server's operator applying economic pressure to their employers, +breaking into their computer, pressuring their family (if they have relatives +in the censored area), or so on. Furthermore, in systems where any relay can +expose its users, the censors can spread suspicion that they are running some +of the relays and use this belief to chill use of the network. + We discuss and adapt these components further in Section~\ref{sec:bridges}. But first we examine the strengths and weaknesses of other blocking-resistance approaches, so we can expand |