19 years ago · 058ae90539
--- a/doc/design-paper/blocking.tex
+++ b/doc/design-paper/blocking.tex
@@ -4,11 +4,11 @@
 
				 \usepackage{amsmath}
			
 
				 \usepackage{epsfig}
			
 
				 
			
 
				-%\setlength{\textwidth}{5.9in}
			
 
				-%\setlength{\textheight}{8.4in}
			
 
				-%\setlength{\topmargin}{.5cm}
			
 
				-%\setlength{\oddsidemargin}{1cm}
			
 
				-%\setlength{\evensidemargin}{1cm}
			
 
				+\setlength{\textwidth}{5.9in}
			
 
				+\setlength{\textheight}{8.4in}
			
 
				+\setlength{\topmargin}{.5cm}
			
 
				+\setlength{\oddsidemargin}{1cm}
			
 
				+\setlength{\evensidemargin}{1cm}
			
 
				 
			
 
				 \newenvironment{tightlist}{\begin{list}{$\bullet$}{
			
 
				   \setlength{\itemsep}{0mm}
			
@@ -20,7 +20,7 @@
 
				 
			
 
				 \begin{document}
			
 
				 
			
 
				-\title{Design of a blocking-resistant anonymity system}
			
 
				+\title{Design of a blocking-resistant anonymity system\\DRAFT}
			
 
				 
			
 
				 %\author{Roger Dingledine\inst{1} \and Nick Mathewson\inst{1}}
			
 
				 \author{Roger Dingledine \and Nick Mathewson}
			
@@ -763,16 +763,28 @@ available bridges),
 
				 
			
 
				 \subsection{Social networks with directory-side support}
			
 
				 
			
 
				-In the above designs, 
			
 
				+Pick some seeds --- trusted people in the blocked area --- and give
			
 
				+them each a few hundred bridge addresses. Run a website next to the
			
 
				+bridge authority, where they can log in (they only need persistent
			
 
				+pseudonyms). Give them tokens slowly over time. They can use these
			
 
				+tokens to delegate trust to other people they know. The tokens can
			
 
				+be exchanged for new accounts on the website.
			
 
				 
			
 
				-- social network scheme, with accounts and stuff.
			
 
				+Accounts in ``good standing'' accrue new bridge addresses and new
			
 
				+tokens.
			
 
				 
			
 
				+This is great, except how do we decide that an account is in good
			
 
				+standing? One answer is to measure based on whether the bridge addresses
			
 
				+we give it end up blocked. But how do we decide if they get blocked?
			
 
				+Other questions below too.
			
 
				 
			
 
				+\subsection{Public bridges, allocated in different ways}
			
 
				 
			
 
				-- public proxies. given out like circumventors. or all sorts of other rate limiting ways.
			
 
				-
			
 
				+public proxies. given out like circumventors. or all sorts of other rate
			
 
				+limiting ways.
			
 
				 
			
 
				 
			
 
				+\subsection{Remaining unsorted notes}
			
 
				 
			
 
				 In the first subsection we describe how to find a first bridge.
			
 
				 
			
@@ -836,23 +848,21 @@ There are two reasons why we're in better shape. Firstly, the users don't
 
				 actually need to reach the watering hole directly: it can respond to
			
 
				 email, for example. Secondly, 
			
 
				 
			
 
				-% In fact, the JAP
			
 
				-%project~\cite{web-mix,koepsell:wpes2004} suggested an alternative approach
			
 
				-%to a mailing list: new users email a central address and get an automated
			
 
				-%response listing a proxy for them.
			
 
				-% While the exact details of the
			
 
				-%proposal are still to be worked out, the idea of giving out
			
 
				+In fact, the JAP
			
 
				+project~\cite{web-mix,koepsell:wpes2004} suggested an alternative approach
			
 
				+to a mailing list: new users email a central address and get an automated
			
 
				+response listing a proxy for them.
			
 
				+While the exact details of the
			
 
				+proposal are still to be worked out, the idea of giving out
			
 
				 
			
 
				 
			
 
				 
			
 
				 \subsection{Discovery based on social networks}
			
 
				 
			
 
				-A token that can be exchanged at the BDA (assuming you
			
 
				-can reach it) for a new IP:dirport or server descriptor.
			
 
				-
			
 
				-The account server
			
 
				+A token that can be exchanged at the bridge authority (assuming you
			
 
				+can reach it) for a new bridge address.
			
 
				 
			
 
				-runs as a Tor controller for the bridge authority
			
 
				+The account server runs as a Tor controller for the bridge authority.
			
 
				 
			
 
				 Users can establish reputations, perhaps based on social network
			
 
				 connectivity, perhaps based on not getting their bridge relays blocked,
			
@@ -971,6 +981,22 @@ solution though.
 
				 \section{Security considerations}
			
 
				 \label{sec:security}
			
 
				 
			
 
				+\subsection{Possession of Tor in oppressed areas}
			
 
				+
			
 
				+Many people speculate that installing and using a Tor client in areas with
			
 
				+particularly extreme firewalls is a high risk --- and the risk increases
			
 
				+as the firewall gets more restrictive. This is probably true, but there's
			
 
				+a counter pressure as well: as the firewall gets more restrictive, more
			
 
				+ordinary people use Tor for more mainstream activities, such as learning
			
 
				+about Wall Street prices or looking at pictures of women's ankles. So
			
 
				+if the restrictive firewall pushes up the number of Tor users, then the
			
 
				+``typical'' Tor user becomes more mainstream.
			
 
				+
			
 
				+Hard to say which of these pressures will ultimately win out.
			
 
				+
			
 
				+...
			
 
				+% Nick can rewrite/elaborate on this section?
			
 
				+
			
 
				 \subsection{Observers can tell who is publishing and who is reading}
			
 
				 \label{subsec:upload-padding}