Do exit nodes get paid? How to you prevent exit nodes from tampering with traffic anyway?

[Destroyinator69420]

There is a prototype network called Riffle which has a method to force exit nodes to send traffic as intended. They call it the hybrid verifiable shuffle. The best property of the hybrid verifiable shuffle is that it requires only one honest node in order for the entire system to be honest, in Riffle, a node that is found to be tampering with traffic is kicked off the network, this would work even better on Lokinet if exit nodes found to be found to be tampering with traffic lost their service node registration. Do you have something similar already? I disagree with paid exit nodes, since it would hamper Lokinet in its ability to replace Tor, in which exit nodes are free, but exit nodes should be able to earn $oxen just like other service nodes, however, since running an exit node puts the operator in legal risk, they should be paid 10% more than other Lokinet service nodes, but since they can see all the traffic that is routed through them, they should have to pay 10% more for Lokinet service node registration to hinder attackers. If a hybrid verifiable shuffle is possible, it should be enforced at all times. Even though Go, the Riffle prototype's native language, is slower than C, Riffle was shown in simulations to be Ten times faster than Tor with the same amount of nodes with the same bandwidth per node. So the hybrid verifiable shuffle would not slow down traffic too much. I included the open access a below. riffle.pdf

[jagerman]

... Riffle ...

This paper is describing a mixnet, which is fundamentally different than what Lokinet offers. While mixnets are an interesting concept for certain use cases, Lokinet's explicit objective is to be low latency anonymity network so that it can be suitable, for example, for voice chat, video streaming, or gaming where some additional latency is acceptable for the gained privacy as long as it is not too large. A mixnet, on the other hand, offers increased privacy but at the cost of an order of magnitude increase in latency that makes many low-latency internet services effectively impossible.

Oxen SNs as exits

Regarding exit nodes, while our original plan was to have exit nodes be service nodes, this has some significant downsides that have led us to move in a different direction, namely:

• no incentive for providing more than the minimum requirement
• if all exit access is free then the negligible marginal cost of pushing data over exits means exits are highly likely to be in a constantly overloaded state with not-particularly-value traffic (i.e. spam).
• no meaningful reputation that exit operators can build as being reliable.
• no way to connect users willing to pay more for better service with operators willing to provide better service.
• by mandating minimum requirements, we would be effectively trying to guess the correct price, rather than letting market forces determine what the worthwhile level should be.
• Oxen service nodes provide more than just exit service: they also store messages for storage server and handling blockchain security for testing/checkpointing/blink transactions. More importantly, this means that an exit provider is considerably riskier to run compared to a regular service node; should the ISP disconnect an exit, that means a 30-day lockup on staked Oxen and a network disruption, neither of which are desirable.

With a mix of free and paid exits, there can be a great deal more alignment of incentives between users and providers, which we hope will mean a better experience for those users willing to pay a little bit for better access.

10% more for 10% more

This equation doesn't make sense to me. If you require a 10% larger stake for a 10% larger reward then you end up with exactly the same return on your stake, in which case why bother with the added complexities and work required to run an exit node?

But even if you adjusted it to, say, 20% more reward for 10% more stake, it isn't clear to me why this number is the right one. Is an extra 10% enough to convince someone to set up an exit? If not, what is the right now? If so, is 10% too high? Not having a market feedback mechanism (i.e. where you have competition between exit providers to provide better service at lower prices) is almost certainly going to end up in a significantly suboptimal solution (especially because changing the structure requires a hard-fork, which we only try to do every few months at most).

[Destroyinator69420]

The hybrid verifiable shuffle is the only way for me to know that the exit is not tampering with traffic in a classical computing system. The question is, how much error rate is tolerable and how much is tampering? If the exit node is caught tampering, than what should happen to it. What do you think about ad supported exit nodes in lokinet, with half the purchase price of the ad minus the transaction fee going to the exit node and half going to the user? On the flip side, if the site is a SNapp, then half goes to the SNapp and half goes to the user. Paying the user is necessary to get the users onboard to WANT to see ads. This is similar to how brave does their ads. I think that this could offset the extra risk of running the exit node as a service node without the user having to pay the exit node, needing to pay for exits would lower the barrier to entry. The hybrid verifiable shuffle for exits, without implementing the rest of riffle, would automatically make lokinet more trustworthy than Tor, so long as there is at least one honest exit node. The Decentralized ADvertising System would allow laypeople to earn oxen for just browsing lokinet, and would increase the userbase drastically, which would benefit everyone using the network. This system, if fully private, could give Brave a run for their money.