|
It could be possible to enable someone you trust to use your infrustracture. You don't have to know who this person is. For example, this devconsole HN account that I'm using now is an anonymous HN account, meaning as long as Tor is secure, and I don't reveal myself through e.g. text analysis or timing correlations, it should be hard to figure out who I am. If I were to come to you and ask to use your infrastructure to help me maintain my anonymity, you may read my comment history and decide that you trust me not to do illegal things. Providing such a service would be extremely valuable, because if Tor is indeed not completely impervious, your extra layer of anonymity may be all that preserves one's privacy. If an authority were to come to you and demand you cooperate in determining my identity, then there would be no way for you to oblige, except by providing them with a log of the VPN activity, or allowing them to set up a pen trap to log the VPN activity. At that point, the privacy is still as strong as the Tor network, so both Tor and this extra layer would have to fall in order to be unmasked. (In practice, it's more complicated than that: your infrastructure would be a fixed endpoint, meaning that if it's compromised then an adversary would gain a log of your activity. That would provide an overall picture of what you're up to on the internet. Tor rotates endpoints, making it hard to piece together that info. So in practice a user should want your service to be something like a middleman between two different anonymity services. But that's outside the scope of this comment for now.) This becomes a pretty attractive idea, because it's not necessarily a great idea to assume that Tor should be the world's one realistic defense. Since Snowden used Tor, you can be absolutely certain that various powers are going to take a keen interest in penetrating Tor. They may use dirty tricks to do it, such as joining the Tor project as an apparently-trustworthy developer. Extra layers of defense such as the one outlined above may be worth pursuing. |
Am I the only one to whom this sounds absolutely crazy? How can I trust you if I don't know who you are? (I mean the general you, not you personally, devconsole.)
Your comments could have been deliberately sanitized -- perhaps you have trolling accounts elsewhere that you are exceptionally good at keeping separate from this one, and spend time making this one look good. One could be posing as a mild-mannered Python developer here on HN, but be spending one's evenings being Super-Mallory the Malicious, trolling and trading illegal information.
I really want to be able to support things like mesh networks and Tor, but the very risk the GP noted (people will use your resources for Bad Things, and good luck defending from the feds) prevents me from being willing to do so. There's no way I would trust you or someone else that I don't personally know enough to use my resources, unless I were somehow able to keep meticulous logs which exonerate me from any activity they do. (And, I don't trust that such logs would even do that...)
Saying that you should be able to trust a stranger is like saying that you should be able to run a courier service for strangers where you have no idea whether they are transporting drugs or counterfeit money.