Exit relays are very valuable for the Tor network, but they're also small in number because people running them expose themselves to abuse complaints and legal risks. It's their IP address that shows up in other people's logs in case of malicious activity routed through Tor.
Tor is a great privacy tool and is very useful to users in countries that censor the Internet or where political and human rights activism can land people in jail. However, it's also used by criminals to hide their location and evade law enforcement.
U.S. Assistant Attorney General Leslie Caldwell reportedly said at a conference this week that 80 percent of Tor traffic is related to child pornography, citing a University of Portsmouth study. That estimation is wrong, Wired reported, because the study was about traffic to Tor hidden services, websites that are only accessible within the Tor network, not all traffic routed through Tor.
Most people use Tor to hide their IP address when visiting regular Internet sites, not to access Tor hidden services. According to the Tor Project, the traffic to Tor hidden services accounts for around 1.5 percent of the overall traffic that goes through Tor.
Like Caldwell, many law enforcement leaders complain that widespread adoption of encryption technologies by Internet companies and device manufacturers makes it much harder for their agencies to do their jobs. They call this the Going Dark problem.
But, there's no denying that some Tor traffic is malicious. There are documented botnets and ransomware programs that use Tor to hide the real location of their command-and-control servers.
By running middle and not exit relays, Mozilla is avoiding potential illegal activities by Tor users tracing back to its IP addresses and the legal issues that might arise from that. But the Tor network most likely needs additional exit nodes more than middle ones.
Mozilla did not immediately respond to a request for comment.
Increasing middle capacity will improve the traffic flow inside the Tor network — including to those illegal sites that operate as Tor hidden services — but also has other benefits. By having trusted, high-capacity middle relays the network can better defend itself against traffic confirmation and other types of attacks aimed at deanonymizing users.
"Depending on the results of the POC [proof-of-concept], we may move the nodes to a managed part of our infrastructure," Younsi said. "As long as their private keys stay the same, their reputation will follow them wherever they go, no more ramp up period."
Sign up for CIO Asia eNewsletters.