# The Economics of Censorship Resistance ###### tags: `Tag(HashCloak - Validator Privacy)` Authors: George Danezis and Ross Anderson Paper: https://www.cl.cam.ac.uk/~rja14/Papers/redblue.pdf Definitions: ### Table of Contents [toc] :::info >Abstract: We propose the first economic model of censorship resistance. Early peer-to-peer systems, such as the Eternity Service, sought to achieve censorshop resistance by distributing content randomly over the whole Internet. An alternative approach is to encourage nodes to serve resources they are interested in ::: ### 1. Introduction > Although maintaining the availability of the files and censorship resistance is the raˆıson d’´etre of such systems, only heuristic security arguments have been presented so far to assess how well they fulfil their role. Other network design issues have often overshadowed this basic security goal. Two main paradigms have emerged in the last few years in peer-to-peer systems. 1. The first is to scatter resources randomly across all nodes, hoping that this will increase the opponent’s censorship costs (we will call this the random model). 2. The second paradigm allows peer nodes to serve content they have downloaded for their personal use, without burdening them with random files (we will call this the discretionary model). In this paper we are going to compare the two paradigms’ ability to resist censorship, as per the original intention of peer-to-peer systems. We will use this to estimate the cost of defending networks against censorship using the two different paradigms. ### 2. The red-blue utility model > We consider a network of N peer nodes. Each node likes having and serving resources, but it prefers to have or serve a balance of resources according to its preference ri and bi. This utility function increases as the total number of resources does, but is also maximal when the balance between red and blue resources matches the preferences of the node This model diverges from the traditional economic analysis of peer-to-peer networks, under which peers have ex-ante no incentives to share. This assumption might be true for copied music, but does not hold for other resources such as news, political opinions, or scientific papers. > Personal Note: Why? ### 3. The utility of discretionary and random distribution > We will first examine the utility of the network nodes when they can choose which files they store and help to serve (the discretionary model). Assuming that a node has the ability to serve T files in total, its utility is maximised for a distribution of red and blue resources that perfectly matches its preferences. Where the utility function places more value on consumption than on service, nodes have incentives to free-ride. Voting theory, also known as social choice theory, tells us that it is hard to create a voting system that is both efficient and equitable. The additional constraints of peer-to-peer networks – nodes frequently joining and leaving, transient identities, and decentralisation – make a ‘democratic’ system a non-trivial problem. > Private Note: Why do you need to trust the nodes coming and leaving the network at all? Some systems attempt to hide from the nodes which resources they are storing or serving, by encrypting them or dispersing them. This is thought to protect the nodes by providing plausible deniability against censors, but also preventing nodes deleting resources they do not like. ### 4. Censorship > So far we have compared the utility of nodes in the random model versus the discretionary model, and have found the latter to always provide as good or higher utility for all nodes in the absence of censorship. We model censorship as an external entity’s attempt to impose on a set of nodes a particular distribution of files rc and bc. The effect of the censor is not fixed, but depends on the amount of resistance offered by the affected nodes. Not all nodes will be motivated to resist the censor! Their utility under censorship increases. This is not an improbable situation: in a network where half the resources are red and half are blue (rs = 0.5, bs = 0.5) a censor that shifts the balance to rc = 0 will benefit the blue-loving nodes, and if they are free to set their own defence budgets then they will select t = 0. ### 5. Who fights censorship harder? > The aggregate defence budget, and thus the cost of consorship, is greater in the discretionary model than in the random one, except in the case where all the nodes have the same preferences (in which case equality holds). The cost to censor a set of nodes will be maximised when resources are distributed according to their preferences rather than randomly. ### 6. Discussion > Until now, much work on censorship resistance has seen censorship as a binary matter. We believe such models are as unrealistic as the global adversary sometimes posited in cryptography – an opponent that can record or modify all messages on network links. > It is also possible that developments such as online publishing and trusted computing may make censorship easier once more, with effects we can only guess at. Therefore trying to analyse the cost of both censorship and resistance to censorship is important. Our work presents a first model and a framework for doing this. **Preferences and utility** > Modelling the node’s preferences also provides important insights. Simply assuming that all nodes will fight censorship for an abstract notion of “freedom of speech” restricts the model to a fraction of potential real-world users. While there are some individuals who would take a stand on freedom of speech on a broad range of issues, there may be many more who are prepared to defend it on a specific issue. On the other hand, assuming that nodes will not put up any resistance at all and meekly surrender any disputed documents or photographs, is also unfaithful to real-world experience. Allowing nodes to express heterogeneous interests, and preferences, when it comes to material they want to promote and protect, enables us to enhance the system’s stability and security. It also enables us to defend against certain types of service-denial attack. > Objectionable content need not provide a universal attack tool. **Censorship** > The censor is targeting a set of individual nodes, and the success or not of his attack on a particular node depends only on the defence budget of that node. In the case where nodes are subject to legal action, a victory against one node may create a precedent that makes enforcement against other nodes cheaper in the future. Finally, our model may have wider implications. It is well known that rather than fighting against government regulation and for market freedom in the abstract, firms are more likely to invest effort, through trade associations, in fighting for the freedoms most relevant to their own particular trade. > There is also the current debate about whether increasing social diversity will necessarily undermine social solidarity. ### Ch. 7 Conclusion > We have presented a model of node preferences in peer-to peer systems, and assessed how two different design philosophies (random and discretionary distribution of resources) resist censorship. * Our main finding is that, under the assumptions of our model, discretionary distribution is better. The more heterogeneous the preferences are, the more it outperforms random distribution. * Nodes will on average invest more in fighting censorship of resources they value. * In the discretionary model nodes do not have to collectively manage the overall content of the network, which gives them fewer incentives to subvert the control mechanisms. * This allows for simpler network designs that do not require election schemes, reputation systems or electronic cash, which can be cumbersome and difficult to implement. * The discretionary model also leads to a more stable network. Each node can better maximise its utility and is less likely to leave the network to seek a better deal somewhere else. > Personal Note: For ETH2.0, nodes staying in the network could have reputation as well. How long will nodes stay?