Social Graph for Tor?

Posted on Oct 3, 2025

Intro

Is a web of trust a good idea? This idea is a meta layer on top of relays, for showing who runs this network (to counter “50% of relays is operated by CIA” FUD), but being able to show the connections between relay operators Show it as web application or in a database.

Internal tool: TagTor can be used for tagging who knows the relay operator. The idea is that in the future maybe we restrict flags or weights for relays we do not have any contact with.

It’s not used for the purpose it was build for today.

Contact info field adds a lot of metadata about relay operators, but not used for anything within the network.

Idea

Register as a user with a mechanism for claiming ownership of relays or families. Many of the relays are run by organizations with legal council and generally be were organised.

The user can mark other users as a relation for creating a “Social Graph”

Can also be used to help with Flagging relays.

We want to know the entities running relays

Should trust be added? (Knowing someone vs. trusting the relay)

Register by tor relay operators meetup like events (CCC)

Not a mandatory requirement for running relays, but a help for creating trurst within relay operators.

Approval process for linking like keysigning parties where one part sign and the owning part publish (to be in control of published data)

  • You should not be able to link to anyone who hasn’t signed up for this social graph tool.

Register for a public promotion (eg. your are an organization and want sponsorships/donations)

If this is a success with many registered relays down the road it can be uesed for restricting running different kind of relays (guard, exit, HSDir)

Adding this outside of the concensus the cost is low and can be discarded if it doesn’t work.

No requirement of TLS or DNSSEC as this service can exist as a onion service.

Could PGP be used?

  • Link a tor relay with a PGP key.

Answer question like:

  • Is this relay within n amount of hops of a trusted anchor
  • Max flow / min cut for limiting the number of nodes that can be trusted within the graph

Backlash:

  • Some relay operators would like to run relays anonymous and wont signup, so making use of this social graph could block the network
  • How to motivate operators for joining the social graph?

Proof of ownership deserves to be done by a tor spec as its generally beneficial

Gamify the entity linking

Publish all data and allow for building other tools on top of this

Next step:

  • Community portal for publishing gatherings
  • Register an event like (CCC C39 Room 2.13 we will have a gathering)
  • Use a source like QR code for operators to scan at a gathering for proof of present (BUT NOT proof of linking/trust)

Features

Should this be hosted by Tor Project, Inc. or a community hosted service?

  • Weather service was run externally.
  • Edge metadata
    • Approval for edges
    • Tags
      • From who?
      • Types of relationship (Know, Meet, Trust)
        • In PGP you add a 0-5 of trust level
    • As a user add private notes to other entities

Should everything collected be published.

  • All can be published except for private notes about other entities.
  • Only be able to access and mark other entities as a user or member of an organization.

Use proof of ownership of a relay and not emails for signup for mitigating abuse.

  • Send out joining links from organizations to members.

Add a garbage collection step for clean up when relays goes offline

  • Mitigating that spinning up 10.000 relays and get 10.000 voices in the system

All relays should be in the system, and operators then “claims” the ownership by key signing.

Indirect trust

  • Could a signing by proxy be done, so people who don’t want to be registered, could be added by another trusted party?
  • You can sign up without disclosing who is behind running a relay already by signing with a relay key which exist in the DirAuth.

Conclusion

Links between entities should not be cryptographically signed, only the “claim ownership of relays”

Multiple people in an organization, do you mark the organization or the people within the organization?

  • Mark the people you know,trust etc. within the organization.

Expire the claim of a relay for making an incentive to keep meeting up and uphold the trust from others.

When joining you create username, password and MFA for later login and use this account to claim relay ownership and be member of organizations.

  • A user can create an organization
  • An organization can invite other users

Trust:

  • A person can trust a person.
  • A person can trust an organization
  • An organization should be able to trust another organization
  • An organization should be able to trust a person