No. They should not try to survive such attacks. The best defense to a temporary attack is often to pull the plug. Better than than potentially expose users. When there are 10x as many bad nodes as good, the base protection of any anonymity network is likely compromised. Shut down, survive, and return once the attacker has moved on.
This is why Tor is centralized, so that they can take action like cutting out malicious nodes if needed. It’s decentralized in the sense that anyone can participate by default.
While anyone can run a Tor node and register it as available, the tags that Tor relays get assigned and the list of relays is controlled by 9 consensus servers[1] that are run by different members the Tor project (in different countries). They can thus easily block nodes.
It's 10, not 9. And there are severe problems with having a total of 10 DA be the essential source of truth for whole network. It would be trivial to DDoS the DAs and bring down the Tor network or at the very least, disrupt it: https://arxiv.org/abs/2509.10755.
It's the only complaint I have of the current state of Tor. Anyone should be able to run directory authority, regardless if you trust the operator or not (same as normal relays).
Anyone can. The DA code is open source and is used whenever you run a testnet. You can also run a DA on the mainnet - how do you think the 10 primary DAs exist? They're not 10 computers owned by a single organization - they're 10 mutually trusting individuals. However, most of the network won't trust you.
