This morning I stumbled over a little link proclaiming news of the Tor Cloud Project which brings together two interesting projects in one convenient package: Using Amazon’s free usage tier micro instance, you could run a Tor node for a year for nothing with a bandwidth limit built in. Or you could also shell out their estimated $30 per month if you don’t qualify for the free tier and your usage is around 10 GB/week.
Tor is one of those things that makes my brain bend. Over the years I have seen the benefit and abuse of all of those anonymized packets on the internet. On one hand, I truly want people in Iran or behind the great Firewall of China to be able to get onto public forums and tell their truths without fear of censorship or government reprisal. But the reality is that it doesn’t take very many individuals with negative motivation to ruin it for everyone.
At one point we had to track a giant list of for nodes and flag them simply because the spam coming from for was overwhelming our forums. That’s just not cool. We came to a point where we could allow read traffic, but not write traffic. No posting from the anonymous nodes. Which means that while information could squeeze into the forbidden zone behind some mysterious government firewall, it couldn’t get back out. I’m not sure which is more important in this case: I’ve read about how radio broadcasts into eastern europe was a powerful tool during the cold war, but that’s also a one way communication stream. If outsiders don’t know what’s happening inside, the whole system is missing out.
The worst part is that most folks running nodes on the Tor network are honestly doing something they believe in. They think that by adding another anonymous link in the chain, they are making the world a little bit better place for everyone. And they are mostly right. But it doesn’t take very many spoil sports to turn the generosity of a dozen people into a liability for everyone. A forum flooded with spam or anonymized trolling is a net loss for the internet as a whole. And the individuals who generously gave of their bandwidth to run the proxy server might pay the price for the indiscretions of a malicious parasite.
Now Slashdot is a bit unique on-line because we actually allowed and in fact encouraged Anonymous posting. I strongly believed that only by allowing anonymous posting and putting the moderation tools into the hands of the users would we be able to get to some place better. But anonymity is a tricky beast- it brings out the best and worst in so many. Ultimately I think one of the keys to being anonymous is that you need to disclose that you are BEING anonymous. On a forum like 4chan everyone knows that everyone is anonymous, so it’s a level playing field. But when you try to mix anonymous users and logged in ones, things get tricky.
In the earliest days of the site, there were no user accounts. So readers could simply use whatever name they felt like when they posted. This led to countless amusing jokes, but unfortunately sometimes it led to people pretending to be me. Which could be funny. Or it could be infuriating: Being anonymous is one thing, but impersonating someone else is another. So user accounts became inevitable… it makes me sad that they were so necessary, but there is good stuff associated with logging in as well: like being able to build trust and reputation, and ultimately participate in the site in a more meta capacity. The forum would not have been able to scale without them.
Any time I see something that makes Tor a little easier to widen its network I simultaneously feel Joy and Fear. Joy because I know that someone somewhere will use the added capacity to defeat censorship. To sidestep government monitoring. And to speak out against oppression. But I feel fear because I know that someone else will use that same wonderful power to post ASCII art of genitals onto a forum about some equally serious subject matter.
It’s up to the forums to control the jerks, but it’s up to the anonymizing networks to disclose the fact that they are relaying anonymized, and therefore riskier content… X-Forwarded-For: Freedom!
Of course the last question here is the role of Amazon in all of this. They certainly don’t want any liability in these matters. And they are undoubtedly logging a lot of packets as well. Might they break the chain of privacy at the request of a government agency? Or might they just shut down the VM that is at best engaged in riskier than normal activity? All are within their rights.