The Tor network is a widely used tool which provides a degree of anonymity to users. Users have their location obscured from those watching certain destinations as well as what they are doing from those who know their location.
But Tor has a major problem. Only a relatively small number of people are running servers on the network. These so-called relay node operators would be rewarded under schemes currently being considered, by issuing a token in exchange for proof of bandwidth provided to the network. In this article, we explore how this clever scheme might work.
Recently, we reviewed a whitepaper proposing a plan to issue a crypto currency with the goal of incentivizing those key players who make it all possible. This would institutionalize a rewards structure, in the same spirit as a recently announced EFF initiative that gives prizes and recognition to people who operate network nodes for twelve months.
Currently, Tor network accomplishes this difficult feat of fuzzing what users do and where they are located by routing traffic through a set of randomly chosen nodes before reaching the intended destination. This can only be done because of volunteers who run nodes on the Tor network. As you might imagine, there is a shortage of volunteers. The brave folks who run these most important of network components are not only unpaid, but face frequent attacks by malicious agents and make themselves persons of interest to the NSA.
This recent proposal aims to offer a small financial reward to those who contribute to the continued operation of Tor. Network nodes that route traffic toward its destination can receive tokens for doing so, and would have an opportunity to exchange them for fiat, bitcoins, or another cryptocurrency.
Tor Terminology
The Tor network is made up of servers referred to as nodes and are further categorized based on their specific roles. Servers used to relay information through the network are called relay nodes.
Guard nodes are the entry into the Tor network. They act as gatekeepers, but due to Tor's ingenious onion routing scheme, the guard node cannot know the intended destination - only the next hop within the network.
Exit nodes are most important. They send traffic from within Tor network to the actual destination. These critical nodes are more scarce than ordinary relay nodes, largely because they are prime targets for attack. Exit nodes are in a unique position to attack user sessions since they directly connect to the destination endpoint. If they are able to collude with guard nodes they can de-anonymize users, since together they will know both endpoints; i.e. who is using Tor and what they're doing.
Each trip through Tor network is called a circuit. This consists of three pseudorandom nodes including a guard node, a relay node, and an exit node. These nodes are chosen from a list of active nodes provided by a Directory Server. There are very few of these since a high level of trust is essential. These Directory Servers are also key to making the proposed incentive scheme work.
So who gets the coins, how would they be issued, and what exactly gets rewarded?
The basic idea is to reward relay node operators who can demonstrate that they provided bandwidth which was used to route requests on the network. Every node interacts with at least one other node and the nodes within a circuit can validate claims by adjacent nodes in a given circuit. Under this proposal, these nodes could be rewarded with tokens each time they participate. A bit more information needs to be published by the Directory Servers. Additionally, the nodes will need to do a little more work.
It is widely believed that NSA and other agencies run many Tor nodes, especially high speed exit nodes. The nodes with the most available bandwidth get chosen more often and, as mentioned earlier, exit nodes are in a unique position to collude and to execute man-in-the-middle attacks. It has been shown also that the NSA targets Tor users for extra scrutiny and key players even more so.
But, before we forsake Tor, thinking it's a rigged game, it is important to realize that the facts are somewhat more confusing. Tor was built and funded by the US Navy. It's very useful for government agents conducting operations in the field desiring anonymity. But there are many other applications for law enforcement, as well as whistleblowers, political dissidents, and more.
The US Government has continued to provide most of the funding for Tor over the years, and still does. But this does not mean that it's a honeypot. There is a need to have operatives in faraway places able to interact with their colleagues inconspicuously. The fact that people hide from government surveillance and even use the network for criminal activity does not make it less useful.
The leaked Snowden documents clearly suggest that the NSA has had mixed results trying to breach the anonymity of users on Tor. It's also clear that the more people who can be persuaded to run nodes on the network, the more anonymity is afforded to users. More guard and exit nodes mean less chance of some single entity operating both of these nodes for a given circuit. Generally, the more users on a network, the harder it is to match users with destinations.