We will be presenting our research at the HotPETS 2014 privacy conference in Amsterdam, in July. Please come by if you can. :)

At a glance, the point of this research is to introduce an alternative cryptocurrency, called TorCoin, that rewards relays with coins for transferring bandwidth. Relay operators can then sell those coins on any altcoin exchange. TorCoin is like Bitcoin, but it's bandwidth intensive, rather than CPU intensive. So in effect, relay operators "mine" TorCoins and make money selling them on exchanges.

Let me know if you have any questions or want to discuss. The next step is developing a prototype, and/or a network simulation to run experiments. Anyone interested in helping, let me or any of the authors know. Email is miles.richardson@yale.edu

While this might be an interesting resource allocation technology, and tor itself has strong assumptions about non-collusion of directory authorities (and their services like bandwidth authorities), it seems disingenuous to compare it to Bitcoin.

Your point about botnets is a very good one, and one we haven't considered fully. We will certainly address this further in future versions of the paper.

However, we do consider sybil attacks. Addressing them is the primary purpose of the TorPath assignment protocol. It ensures that, even if an adversary controls over 50% of the relays, there is a very low chance that (1/16 if I remember correctly) a new circuit will consist of three evil relays. Since we limit the number of coins that can be mined on a given circuit, we call this security a "good enough" margin of error for bad coins. Since it's predictable it can be baked into economic models.

But you're right, these are important considerations that we are taking very seriously.

The directory servers don't assign clients to a circuit, they publish a directory of eligible nodes from which all clients can use to select a circuit. The distinction is smaller than it might seem since control of the list ultimately means control of the nodes in the circuit and while, in theory detecting directories giving different nodes different views should be easy I don't think any infrastructure exists for that. I'm just being pedantic on this point because some people might be confused here.

> However, we do consider sybil attacks. Addressing them is the primary purpose of the TorPath assignment protocol. It ensures that, even if an adversary controls over 50% of the relays

Definitional disagreement, I guess. I don't consider this to be sybil resistance. It's very easy to describe things which are secure when a majority is honest, to call something sybil resistant I would want to have an argument as to how its costly (or impossible) for the attacker to achieve the required threshold.

Yes, the odds are low at 50%, but they're certantly not at 99%. You have an amplification, but I didn't see any argument why 99% is substantially harder than 50% (or 1%). Maybe it is if you invoke back in centralized trusted authorities (well, ignoring botnets), and indeed— this could be an advance over tor— but I think some careful though should be given to audibility of the authorities, since I think you lose that if you hope to hide the participation in the network from the public.

One of the key pieces seems to be the Neff shuffle (verifiable random shuffling of an ordered list of public keys). The Neff shuffle builds on ElGamal pairs (which themselves are the core algorithm in the verifiable voting system helios[3]). Dissent looks to be the application of a Neff shuffling technique to ferret out the malicious nodes in a DC-net (a provably anonymous communication network). CoinShuffle is basically the use of a DC-net to anonymously pool together a set of bitcoin public keys, and the coinShuffle prototype is a fork of the Dissent codebase. The TorCoin protocol specifies using anonymous or mixed bitcoin transactions (such as by using CoinShuffle or ZeroCoin). And tying it all back together, in the TorPath protocol we again find Neff shuffling, used by the assignment servers to generate provably-random Tor relay circuits from groups of relays.

1. http://crypsys.mmci.uni-saarland.de/projects/CoinShuffle/

2. http://dedis.cs.yale.edu/dissent/

3. https://vote.heliosvoting.org

Looks really cool by the way.

You're right, one of the early reasons for purchasing TorCoins would likely be donating to Tor. But they are a totally usable altcoin, just like Dogecoin for example. What reason do people have to buy Dogecoin? Not much, beyond using it as a currency or speculating with it as an investment. I could see TorCoin working the same way.

The more bandwidth you share for TOR, the more free wifi you get. If you only "sell" wifi to torcoin owners, you simply trade internet access time, but running a tor relay would be like "mining" in the traditional bitcoin world.

EDIT: The point I'm trying to make is that instead of "just" the way to create torcoins, this would also create a way to spend it (and provide value to people by spending it).

From branding decisions ("Let's stop people talking about us as the joke coin, and start people talking about us as the community coin") to PR (Constantly reaching out to big news outlets, carrying out small-to-medium PR campaigns) to content marketing (the tools available for Dogecoin have quickly grown in number and sophistication - check out moolah.io for instance, which began on /r/dogecoin) to incentive marketing (they're constantly giving people small stakes in Dogecoin's success).

Quite frankly, it's weird. I think of Dogecoin as the marketing coin now, which is most of the reason I've withdrawn from the community somewhat. I really don't want my day job getting mixed up with my free time.

> What reason do people have to buy Dogecoin?

No technical, practical reason. But you may find that without that consistent, sustained marketing that people won't use your coin so much.

Essentially miners would be bandwidth providers and consumers buy torcoin to pay miners. The monetary value of torcoin will be decided by free market.

But the context you've given is similar to the argument that *coins have value because of the electricity costs required for their creation. Unless I can trade those coins for units of energy, those coins are not a store of the value of their energy cost.

Similarly, unless I can trade these coins for access to higher bandwidth on tor (and/or if the lack of them denies me access to tor ), they hold no value to anyone except as a speculation vehicle (as any other coin of the day).

If that is their only value - if there is no economy built around them and they have no purchasing power on their own - then they'd only see a brief pump-and-dump rise/fall like any other new altcoin.

Certainly it's an experiment worth trying, but if its sole value is in its potential for exchange, I don't see anything preventing it from becoming yet another short-lived altcoin.

Then again, the same could be said of many coins out there now that have been lingering whole weeks* without dropping to 0 value

1. some have even been surviving for months...

Can TorCoin be used to subsequently purchase more bandwidth? How would this bandwidth differ from the free bandwidth? Lower latency?

Minor nitpick: what is up with PDF naming? When I "save" the PDF to my computer I don't even get the choice to rename it (I guess I could configure that but I am too lazy). So now I have a PDF called "paper.pdf" on my HD. If I ever want to find the paper on TorCoin again, it will fail. This problem seems very common in the world of academic papers.

(And yes, this argument theoretically applies to Bitcoin, but you have to use bitcoins to pay the transaction fee to use the bitcoin network, which has value because of its network effect for use in value transfer).

Bitcoin units are rare collectibles. Like gold coins or USD paper bills. They are scarce, hard to counterfeit and they are portable and fungible. They are easy to collect. Once you have a club of people who collect them and speculatively value them, this club can grow (or shrink). If such token is superior than others, then some people will likely sell their inferior tokens in order to acquire superior ones. This way the club grows.

Plus, there is value in liquidity. People generally want to store wealth in something "secure" which means not only secure in terms of storage (personal vault, swiss bank account etc.), but also in terms of purchasing power. The more and quicker I can buy myself something I suddenly need, the more secure my wealth is. E.g. if my computer breaks and I need a new one, my cash will help me buy a new one better than a collection of postal stamps. So people will generally prefer to keep savings in money that is more marketable, i.e. valued by more people. This means that once a superior collectible starts to grow, it will drive the value of inferior collectibles down to zero. (However, if there are currency controls and banking regulation in your country, then you might be stuck with a less marketable local currency.)

Nick Szabo explains how money evolved: http://szabo.best.vwh.net/shell.html

I explained why we all want one universal money: http://blog.oleganza.com/post/54121516413/the-universe-wants...

Framing a situation as an economic transaction has been shown to interfere with other motivations. The classic research paper would be http://papers.ssrn.com/sol3/papers.cfm?abstract_id=180117 where introducing a fine to make parents pick up their children at daycare considerably worsened the situation. The interpretation is that behaviour that was evaluated in a context of prosocial motivations such as being decent towards the staff, keeping a good relation with them, etc, were supplanted by a view that 'it's worth the cost of the fine'. It is worthy of note that going to an economic reference frame is often easy whereas going from an economic reference frame to one based on social values is frequently difficult - it certainly can't be expected to recover spontaneously just because the money is taken out of the picture again.

Now, TOR is very much about prosocial values - liberty, free speech, the right to communicate without being unjustly surveilled, and so on, and because of that, I think it is potentially quite vulnerable to these kinds of effects.

I think there is a substantial chance that running a TOR node is not going to be worth the economic profit in the long run, but that shouldn't matter, because running a TOR node is about something other and something more important than making an economic profit. If we start framing it as a business transaction there is a risk we hurt the (in this context) much more important motivations to operate a node. I think the TOR initiative should be developed on motivation based in the human rights values it naturally supports. And in this case I believe the option of monetary compensation is genuinely at odds with that.

I'm somewhat sad to be saying this, because as I mentioned, it seems to me that the project is based in the best of intentions. Some components of the TorCoin system may be valuable for other service functions in the network.

I summary, I think the psychological effects of introducing the compensation scheme really should be carefully evaluated before any attempts to introduce it in practice. My spontaneous impression is that it is the wrong method of motivation for growing and maintaining the TOR network and should not be introduced at such. If it is after all introduced, that should be done in a manner that is informed of the psychological consequences.

As a preferred alternative we should emphasize the social and ideological benefits of TOR for core motivation and lower the threshold for contributing by making it technically trivial for the contributor and by making the situation as clear as possible about risks and benefits of operating a node.

There are very few tor nodes currently because there societal incentive is very low. If you can actually start making money off it, many more people will start doing it. It's a concept so basic I'm wondering how one can miss it.

And the paper you linked to not applicable to the situation at all.

In fact, it would probably be better if the whole idea of Tor was further removed from prosocial values. This will help disassociate the idea that contributing to and using Tor is for people who have something to hide, and turn it into an economic decision.

At the very least, if the economics of using Tor were closer to neutral. Right now it costs money to run a Tor relay, would be nice if it was self-funded.

I would like to see an attempt to quantify the two effects, but I would venture to say that switching from an altruistic motivation to a financial motivation will increase the bandwidth available by orders of magnitude. For example, compare private trackers with public trackers.

That may be true if the economic incentives available are sufficiently strong, but that is not a given.

It would also be great if people provided internet content out of altruism and didn't want any compensation for it, but it doesn't work that way. A lot of websites can only survive by putting up web-ads, even if the compensation is pretty low.

If you start paying people tiny amounts of money to run a Tor relay, they will calculate that it's not worth it and they will stop doing it.

Parking fines work because people respond more strongly to the monetary incentive than to stern looks. Paying doctors high wages works because monetary incentives work better than handshakes from patients. You don't get a paper published for that, because it's obvious.

I don't believe this is true. I know numerous studies have shown that, for example, software developers enjoy their work less and feel less in control of it the more they are paid to work on it.

This case does not necessarily apply to Tor nodes, since one does not really do any persistent "work" when running one. But the concept of monetary incentive is definitely not nearly as shallow as you make it out to be.

Demoralization can happen when the social situation emphasizes pay as the only reward. The problem isn't that the pay is not an incentive, but the lack of social rewards acts as a disincentive.

If I tell you that I love the quality of the lemonade you are making for customers and I want to give you a raise so you will be happy to work longer hours making such great lemonade you will feel very appreciated and motivated.

If in the exact same situation I tell you that we need more lemonade and I know you don't want to work more but I am going to give you money so you need to do it, you are going to feel very differently. Its not that the money wouldn't have been an incentive, its that it is presented as if that is all you care about, which means your personal character and work ethic are being ignored. Very demoralizing.

This isn't a problem at all, they have actually found another source of revenue for their company with a service their customers value and are willing to pay for.

Of all places where I would expect someone to be oblivious to this I find the fact that it's on a site focused on entrepreneurship and nurturing start ups to become profitable hilariously ironic.

They have literally blundered their way into a source of revenue, fail to see it as an opportunity and are resentful of it.

If the fee wasn't supposed to be a price then they shouldn't have made it a price. If they really hate money as much as it sounds they could instead give tardy parents 3 strikes before banning them from the daycare altogether.

Yes, that's what I'm saying. If we replace the altruistic motivation with a monetary one, and we don't have enough money to incentivize people, they will just stop. They won't take the altruistic motivation plus the monetary one.

It's plain to see that altruism isn't enough to keep enough tor nodes going. I've never even considered running one until now because of the real costs and risk it incurs upon me. Now I'm actually considering it because it might be worth it. This is a good thing and there are more people willing do to something for money than people willing to do something out of the kindness of their heart to people they will never meet or interact with in any way.

"As it stands I wouldn't be surprised if the majority of nodes were operated by various national intelligence agencies simply because they have vastly more incentive to do so than anyone else. Potentially being able to profit from this changes things dramatically and gives people who wouldn't consider themselves stakeholders actual reason to 'sell' their bandwidth to the tor network."

It's possible that most of the nodes aren't run for altruistic reasons at all. And are in fact run to datamine the network to discover the identity of people using it.

Paying people won't affect the people who are doing it for altruistic reasons alone, their price is already met. It's just an added bonus for them. But it will have the affect of bringing in additional people who wouldn't have considered it before. The only problem with the daycare's solution is the fact they didn't charge enough to offset the "cost" of feeling bad about being late. To the customers it was a worthy exchange.

Similarly, the tor coin needs to have a value that will offset the 'cost' of feeling bad about not contributing to the network which I know is extremely low.

In the example, the parents picking up their kids on time beforehand were doing so for altruistic reasons alone. When the choice became framed economically, parents started picking up their kids on time less often.

You say they need to raise the fine, but the point here is that it's not economically feasible to raise the reward for running a Tor node indefinitely. The max amount paided out for running a node may be less of an incentive than the existing prosocial incentive to do so.

I think you're missing the point of the example, though. It's not "OMG there is no solution for this daycare" - there is, as you say, an obvious economic solution. It's that it is interesting (and relevant) that the different kinds of incentive don't stack, which is contrary to the naive assumption. Therefore, if the proposed mechanism cannot come up with sufficient money, it might actually make the situation worse - this may not be a "every little bit helps" situation.

The market rate in my area is $15 for each 10 minute increment, with contract termination after a certain number of incidents.

As it stands I wouldn't be surprised if the majority of nodes were operated by various national intelligence agencies simply because they have vastly more incentive to do so than anyone else.

Potentially being able to profit from this changes things dramatically and gives people who wouldn't consider themselves stakeholders actual reason to 'sell' their bandwidth to the tor network.

And with more users, the privacy is increased. That said, incentive schemes are famous topics for sociology and economics research, so there is validity in being careful.

Parents interact with daycare staff. Tor relay operators don't interact with Tor users.

I run a relay, and I interact with all sorts of Tor users on irc.oftc.net #tor

In fact, there are lots of relay operators and regular tor users there on IRC, and some of them get pretty chatty.

It's good to interact with and get to know the community you're involved with.

I can definitely see the problem if an incentive was offered say on a stackoverflow type of website, because it would directly hinder the quality of the questions but in the case of running a Tor node, it's only a matter of turning it on or off. If someone decides to run it on a better hardware, they would be compensated more.

I'm really excited for TorCoin, it is a serious alternative to Bitcoin.

[1] https://bitcoinj.github.io/working-with-micropayments

Assuming I'd like to 'donate' to TOR by just running a node myself, what would be a cost-effective hosting provider to use for this?

This would be a relay node, not an exit node (I can imagine that hosting providers wouldn't be so happy about exit nodes).

there's one disadvantage though : a lot of sites refuse my ip because it's an exit node. which is no problem because all my own traffic runs through a vpn anyway...