[tor-relays-universities] Looking to chat with University Tor operators

Alex Ryan ialex.ryan at gmail.com
Thu Jul 2 18:18:24 UTC 2015 

It's not glamorous, but I've had a lot of success just personally running a
guard/middle relay
<https://globe.torproject.org/#/relay/A3EC6973400E79B6377D134419D429978030BC97>
from my dorm room. I'm an undergraduate at Caltech and we get free power
and 40mbps symmetric in the dormitories. I've pushed 3TB in the last three
months or so. I run it purely as a public service/donation. Since it's not
an exit node, there have been no issues with university administrators, no
complaints (DMCA or otherwise), and no issues with accidentally opening up
access to university resources.

I doubt this is exactly what you're looking to hear, but I would certainly
encourage any students with uncooperative administrators or without the
resources to go through formal channels to take this approach.

Feel free to contact me with any questions :)

Cheers,
Alex

On Thu, Jul 2, 2015 at 10:55 AM, Philipp Winter <phw at nymity.ch> wrote:

> On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
> > I'm currently working on formulating a best-practices and how-to
> > document for running Tor nodes in University and other academic
> > settings. My primary focus is on running production Tor nodes, but I'm
> > also happy to hear about research uses of Tor. I'd love to chat with
> > anyone involved with the day-to-day operation of Tor nodes on
> > University networks as well as anyone involved with the process of
> > standing up Tor nodes on University networks and any administrative
> > overhead that involved.
> >
> > I'm happy to chat via phone or email. If you're currently operating a
> > University-based Tor node and are interested in sharing some of your
> > experiences, let me know. Some potential questions I'd be curious to
> > hear about include:
>
> Such guidelines would be very useful, so thanks for starting this, Andy!
> I can share our experience with running a relay at Karlstad University
> in Sweden.  We tried to start an exit relay, but failed on an
> organisational level, so we are now running a guard relay:
> <
> https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645
> >
> <
> https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912
> >
>
> > + Why do you operate a Tor node? For research? As a public service?
> > For student experience?
>
> Our main motivation was public service.  Our network link had plenty of
> spare capacity that might as well be used for a good cause.  That said,
> our relay turned out to be useful for research too.  We used it on
> several occasions to learn more about global censorship events.
>
> > + What's the governance/organizational structure for your nodes? Who's
> > in charge of their operation?
>
> CS researchers are in charge of operations.  Our department head, campus
> IT, as well as the head of the university is aware of us running it, but
> not interfering with operations.
>
> > + Who handles the day-to-day operation of the nodes? Run by campus IT?
> > Run by a dept? Run by students? Etc?
>
> Operations is done by three CS researchers.  We worked closely with
> campus IT, which changed our network topology so we are directly
> connected to our university's uplink.  Without that, our Tor relay could
> have interfered with the network measurements done by our networking
> group.
>
> > + Who handles complaints?
>
> We created a mailing list for that purpose, which is part of our relay's
> contact information.  Our three operators as well as campus IT folks are
> part of that mailing list.  That way, we hope to always have at least
> one person that is able to reply to complaints quickly.
>
> > + Was it difficult to convince university administration/legal/IT to
> > support the deployment of Tor nodes? What were their concerns?
>
> It was quite difficult in our case.  We started with a guard relay,
> which was straightforward to set up as there are no legal implications.
>
> We then tried to turn it into an exit relay.  We talked to campus IT,
> our department head, our university lawyer, our university PR person,
> and the university head.  Unfortunately, our university head shut down
> our plans; apparently because her 5-minute-Google-search made her
> believe that the Tor network is mainly used for child abuse.  After
> that, there was no talking to her any more, which was very frustrating.
>
> The higher we went up the hierarchy, the harder it became.  We were told
> that we aren't a charity and if the relay is not related to research, we
> cannot have it.  Luckily, our research group did quite a bit of Tor
> research.  What definitely helped was that our work got some positive
> media attention, which pleased our decision makers.  It was also helpful
> to show that other universities are already doing the same thing without
> major issues.
>
> > + How many and what kind of complaints do you receive?
>
> We receive no complaints since we don't run an exit relay.
>
> > + What kinds of costs are associated with the operation of your node
> > and how are these justified/budgeted?
>
> First, there's the cost of having a physical machine.  That was
> negligible as we simply took an old computer from student lab rooms.
> There might also be bandwidth costs, but we don't pay for usage, so that
> doesn't affect us.  Finally, there's also the time spent for
> administration.  Once the relay is up-and-running, we only spend about
> an hour a month.  It boils down to keeping an eye on log files and
> running updates.  After our initial setup, the cost is close to zero for
> us.  I expect that to be different for an exit relay as some complaints
> might have to be escalated to lawyers, whose time is pricey.
>
> > + How are the nodes placed within the campus network? Outside the
> > firewall/IDS? On their own public subnet? How do you handle isolation
> > of reputational issues?
>
> Reputational issues were a big deal for us.  First, we obtained a new
> /29 netblock from our upstream provider to isolate it from the rest of
> the network.  We did that back when we were working on starting an exit
> relay, so our exit couldn't be used to scrape the scientific databases
> we have subscriptions for (e.g., IEEE Xplore, ACM DL).
>
> We also set the netblock description in the whois record to "Privacy
> research at Karlstads Universitetet" to make it clear to irritated
> network administrators what we are up to.  Our relay also had a small
> web server whose index page informed about what a Tor relay is.
>
> Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for
> our relay's reverse DNS record.  We wanted to decouple it from our
> university domain (kau.se), just in case of a nasty media disaster.
>
> > Similarly, if anyone knows of existing published write-ups related to
> > operating or standing-up Tor nodes in university settings that you
> > could point me to, I'd greatly appreciate it. I'm already familiar
> > with:
> >
> > https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
> > https://www.eff.org/torchallenge/tor-on-campus.html
>
> I'd be happy to help out in any way I can.  After we went through all
> these hoops, I wanted to write up our experience but I never got to it.
>
> Cheers,
> Philipp
> _______________________________________________
> tor-relays-universities mailing list
> tor-relays-universities at lists.torproject.org
>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays-universities/attachments/20150702/6beb1693/attachment.html>

More information about the tor-relays-universities mailing list