<div dir="ltr">It's not glamorous, but I've had a lot of success just personally running <a href="https://globe.torproject.org/#/relay/A3EC6973400E79B6377D134419D429978030BC97">a guard/middle relay</a> from my dorm room. I'm an undergraduate at Caltech and we get free power and 40mbps symmetric in the dormitories. I've pushed 3TB in the last three months or so. I run it purely as a public service/donation. Since it's not an exit node, there have been no issues with university administrators, no complaints (DMCA or otherwise), and no issues with accidentally opening up access to university resources.<div><br></div><div>I doubt this is exactly what you're looking to hear, but I would certainly encourage any students with uncooperative administrators or without the resources to go through formal channels to take this approach.</div><div><br></div><div>Feel free to contact me with any questions :)</div><div><br></div><div>Cheers,</div><div>Alex</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jul 2, 2015 at 10:55 AM, Philipp Winter <span dir="ltr"><<a href="mailto:phw@nymity.ch" target="_blank">phw@nymity.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:<br>
> I'm currently working on formulating a best-practices and how-to<br>
> document for running Tor nodes in University and other academic<br>
> settings. My primary focus is on running production Tor nodes, but I'm<br>
> also happy to hear about research uses of Tor. I'd love to chat with<br>
> anyone involved with the day-to-day operation of Tor nodes on<br>
> University networks as well as anyone involved with the process of<br>
> standing up Tor nodes on University networks and any administrative<br>
> overhead that involved.<br>
><br>
> I'm happy to chat via phone or email. If you're currently operating a<br>
> University-based Tor node and are interested in sharing some of your<br>
> experiences, let me know. Some potential questions I'd be curious to<br>
> hear about include:<br>
<br>
</span>Such guidelines would be very useful, so thanks for starting this, Andy!<br>
I can share our experience with running a relay at Karlstad University<br>
in Sweden. We tried to start an exit relay, but failed on an<br>
organisational level, so we are now running a guard relay:<br>
<<a href="https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645" rel="noreferrer" target="_blank">https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645</a>><br>
<<a href="https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912" rel="noreferrer" target="_blank">https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912</a>><br>
<span><br>
> + Why do you operate a Tor node? For research? As a public service?<br>
> For student experience?<br>
<br>
</span>Our main motivation was public service. Our network link had plenty of<br>
spare capacity that might as well be used for a good cause. That said,<br>
our relay turned out to be useful for research too. We used it on<br>
several occasions to learn more about global censorship events.<br>
<span><br>
> + What's the governance/organizational structure for your nodes? Who's<br>
> in charge of their operation?<br>
<br>
</span>CS researchers are in charge of operations. Our department head, campus<br>
IT, as well as the head of the university is aware of us running it, but<br>
not interfering with operations.<br>
<span><br>
> + Who handles the day-to-day operation of the nodes? Run by campus IT?<br>
> Run by a dept? Run by students? Etc?<br>
<br>
</span>Operations is done by three CS researchers. We worked closely with<br>
campus IT, which changed our network topology so we are directly<br>
connected to our university's uplink. Without that, our Tor relay could<br>
have interfered with the network measurements done by our networking<br>
group.<br>
<br>
> + Who handles complaints?<br>
<br>
We created a mailing list for that purpose, which is part of our relay's<br>
contact information. Our three operators as well as campus IT folks are<br>
part of that mailing list. That way, we hope to always have at least<br>
one person that is able to reply to complaints quickly.<br>
<span><br>
> + Was it difficult to convince university administration/legal/IT to<br>
> support the deployment of Tor nodes? What were their concerns?<br>
<br>
</span>It was quite difficult in our case. We started with a guard relay,<br>
which was straightforward to set up as there are no legal implications.<br>
<br>
We then tried to turn it into an exit relay. We talked to campus IT,<br>
our department head, our university lawyer, our university PR person,<br>
and the university head. Unfortunately, our university head shut down<br>
our plans; apparently because her 5-minute-Google-search made her<br>
believe that the Tor network is mainly used for child abuse. After<br>
that, there was no talking to her any more, which was very frustrating.<br>
<br>
The higher we went up the hierarchy, the harder it became. We were told<br>
that we aren't a charity and if the relay is not related to research, we<br>
cannot have it. Luckily, our research group did quite a bit of Tor<br>
research. What definitely helped was that our work got some positive<br>
media attention, which pleased our decision makers. It was also helpful<br>
to show that other universities are already doing the same thing without<br>
major issues.<br>
<span><br>
> + How many and what kind of complaints do you receive?<br>
<br>
</span>We receive no complaints since we don't run an exit relay.<br>
<span><br>
> + What kinds of costs are associated with the operation of your node<br>
> and how are these justified/budgeted?<br>
<br>
</span>First, there's the cost of having a physical machine. That was<br>
negligible as we simply took an old computer from student lab rooms.<br>
There might also be bandwidth costs, but we don't pay for usage, so that<br>
doesn't affect us. Finally, there's also the time spent for<br>
administration. Once the relay is up-and-running, we only spend about<br>
an hour a month. It boils down to keeping an eye on log files and<br>
running updates. After our initial setup, the cost is close to zero for<br>
us. I expect that to be different for an exit relay as some complaints<br>
might have to be escalated to lawyers, whose time is pricey.<br>
<span><br>
> + How are the nodes placed within the campus network? Outside the<br>
> firewall/IDS? On their own public subnet? How do you handle isolation<br>
> of reputational issues?<br>
<br>
</span>Reputational issues were a big deal for us. First, we obtained a new<br>
/29 netblock from our upstream provider to isolate it from the rest of<br>
the network. We did that back when we were working on starting an exit<br>
relay, so our exit couldn't be used to scrape the scientific databases<br>
we have subscriptions for (e.g., IEEE Xplore, ACM DL).<br>
<br>
We also set the netblock description in the whois record to "Privacy<br>
research at Karlstads Universitetet" to make it clear to irritated<br>
network administrators what we are up to. Our relay also had a small<br>
web server whose index page informed about what a Tor relay is.<br>
<br>
Finally, we bought a dedicated domain, <a href="http://tor-exit-kau.se" rel="noreferrer" target="_blank">tor-exit-kau.se</a>, and used it for<br>
our relay's reverse DNS record. We wanted to decouple it from our<br>
university domain (<a href="http://kau.se" rel="noreferrer" target="_blank">kau.se</a>), just in case of a nasty media disaster.<br>
<span><br>
> Similarly, if anyone knows of existing published write-ups related to<br>
> operating or standing-up Tor nodes in university settings that you<br>
> could point me to, I'd greatly appreciate it. I'm already familiar<br>
> with:<br>
><br>
> <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities" rel="noreferrer" target="_blank">https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities</a><br>
> <a href="https://www.eff.org/torchallenge/tor-on-campus.html" rel="noreferrer" target="_blank">https://www.eff.org/torchallenge/tor-on-campus.html</a><br>
<br>
</span>I'd be happy to help out in any way I can. After we went through all<br>
these hoops, I wanted to write up our experience but I never got to it.<br>
<br>
Cheers,<br>
Philipp<br>
<div><div>_______________________________________________<br>
tor-relays-universities mailing list<br>
<a href="mailto:tor-relays-universities@lists.torproject.org" target="_blank">tor-relays-universities@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities</a><br>
</div></div></blockquote></div><br></div></div>