commit 3d459016fd4d6b49038a74b74ce19a33a97f58e6 Author: emma peel emma.peel@riseup.net Date: Tue May 18 14:27:48 2021 +0200
remove moved resource --- .../training/resources/tor-training/contents.lr | 549 --------------------- 1 file changed, 549 deletions(-)
diff --git a/content/training/resources/tor-training/contents.lr b/content/training/resources/tor-training/contents.lr deleted file mode 100644 index 50e292f..0000000 --- a/content/training/resources/tor-training/contents.lr +++ /dev/null @@ -1,549 +0,0 @@ -_model: slideshow ---- -title: The Tor Network ---- -_template: slideshow.html ---- -background: white ---- -image: /static/images/onion.png ---- -slides: - -#### slide #### -title: Topics ----- -description: -- What is Tor? -- Types of relays -- Technical setup -- More about relays -- Relay diversity -- Getting help - - -#### slide #### -title: What is Tor? ----- -description: -- Tor is free software and an open network. -- Mitigates against tracking, surveillance and censorship. -- Run by a US non-profit and volunteers from all over the world. -- It's Tor, not TOR. - - -#### slide #### -title: The Tor network ----- -description: -- An open network that everyone can be a part of. -- The network is composed of different types of servers run by volunteers around the world. -- Your server will relay the Tor traffic to another server on the Internet. -- Before entering the network, your server will automatically go through the relay lifecycle. - - -#### slide #### -title: Why run a Tor relay? ----- -description: -By running a Tor relay, you can help make the Tor network: -- faster (and therefore more usable) -- more robust against attacks -- more stable in case of outages -- safer for users (spying on more relays is harder than on a few) - - -#### slide #### -title: Types of Relays ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Guard/middle (aka non-exit) relay ----- -description: -- A guard is the first relay in the chain of 3 relays building a Tor circuit. -- A middle relay is neither a guard nor an exit, but acts as the second hop between them. -- To become a guard, a middle relay has to be stable and fast (at least 2MByte/s); otherwise, it will remain a middle relay. - - -#### slide #### -title: Exit relay ----- -description: -- The exit relay is the final relay in a Tor circuit, and sends the traffic to its destination. -- That is why exit relays have the most significant legal exposure and liability of all relays. -- Before running an exit relay, talk with your local digital rights organization. -- **You should not run a Tor exit relay from your home.** - - -#### slide #### -title: Bridge ----- -description: -- A bridge is a node in the network that is not listed in the public Tor directory, making it harder for ISPs and governments to block it. -- Bridges are relatively easy, low-risk, and low bandwidth Tor relays to operate. -- And there's another special kind of bridge: Pluggable transports. These hide your Tor traffic by adding a layer of obfuscation. - - -#### slide #### -title: The lifecycle of a new relay ----- -description: -Non-exit relays go through a lifecycle of four phases (defined in days): -- Days 0-3: the unmeasured phase. -- Days 3-8: network authorities start the remote measurement phase (the ramp-up guard phase). -- Days 8-68: guard phase (where load counter intuitively drops and then rises higher). - - -#### slide #### -title: The lifecycle of a new relay ----- -description: -- After 68 days, if stable and fast enough, the relay will receive a **Guard flag** (steady-state guard phase). -- Read about all the phases in: https://blog.torproject.org/lifecycle-new-relay - - -#### slide #### -title: Relay requirements ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Before we start ----- -description: -- Never run a relay without the consent of the network administrator or machine owner. - Read the Terms of Service (ToS) first, so you don’t risk losing money. -- Choose which type of relay you will host. A non-exit relay is an easy way to start helping the network. -- Read the documentation: https://community.torproject.org/relay - - -#### slide #### -title: Bandwidth requirements ----- -description: -- It’s recommended to have at least 16 Mbit/s (Mbps) upload and download bandwidth available for Tor. More is better. -- The minimum requirements for a relay are 10 Mbit/s (Mbps). -- If you have less than 10 Mbit/s but at least 1 Mbit/s, we recommend running a bridge with obfs4 support. - - -#### slide #### -title: Monthly outbound traffic ----- -description: -- Relays must use at least 100 GByte of outbound/incoming traffic per month. -- If you have a metered plan, you might want to configure Tor to use only a given amount of bandwidth or monthly traffic. -- More (>2 TB/month) is better and recommended. - - -#### slide #### -title: Public IPv4 address ----- -description: -- Every relay needs a public IPv4 address - either directly on the host (preferred) or via NAT and port forwarding. -- The IPv4 address is not required to be static, but static IP addresses are preferred. -- Your IPv4 address should remain unchanged for at least 3 hours (network consensus). -- You can only run two Tor relays per public IPv4. - - -#### slide #### -title: Other requirements ----- -description: -- Memory: A <40 Mbit/s non-exit relay should have at least 512 MB of RAM available. -- Disk storage: Tor does not need much disk storage. A typical Tor relay needs less than 200 MB. - - -#### slide #### -title: Other requirements ----- -description: -- Any modern CPU should be fine. -- Uptime: Ideally, the relay runs on a server which runs 24/7. - - -#### slide #### -title: Choosing your relay hosting ----- -description: -- The Tor community team maintains GoodBadISPs – a list about the experience of running relays: https://community.torproject.org/relay/community-resources/good-bad-isps/ -- Some providers only allow non-exit relays, so check the GoodBadISPs list before buying a service. -- Running a relay can cost anywhere between a few bucks to hundreds per month. - - -#### slide #### -title: Technical setup ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Non-exit relay - Debian/Ubuntu ----- -description: -- Enable the Tor Project package repository -- Install the tor package - -``` - $ apt update && apt install tor -``` - - -#### slide #### -title: Non-exit relay - Debian/Ubuntu ----- -description: -- Add relay configuration to the `/etc/tor/torrc` file: -``` - Nickname myNiceRelay - ExitRelay 0 - SocksPort 0 - ControORPort 443 - lSocket 0 - ContactInfo tor-operator@your-emailaddress-domain - Log notice syslog -``` - - -#### slide #### -title: Non-exit relay - Debian/Ubuntu ----- -description: -- Restart the tor daemon: - -``` - $ systemctl restart tor@default -``` - - -#### slide #### -title: Non-exit relay - FreeBSD ----- -description: -- Install the tor package - -``` - pkg install tor ca_root_nss -``` - - -#### slide #### -title: Non-exit relay - FreeBSD ----- -description: - - Edit the configuration file `/usr/local/etc/tor/torrc` - -``` - Nickname myNiceRelay - ORPort 9001 - ExitRelay 0 - SocksPort 0 - ControlSocket 0 - ContactInfo tor-operator@your-emailaddress-domain - Log notice syslog -``` - - -#### slide #### -title: Non-exit relay - FreeBSD ----- -description: -- Ensure that the random_id sysctl setting is enabled: - -``` - echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf - sysctl net.inet.ip.random_id=1 -``` - - -#### slide #### -title: Non-exit relay - FreeBSD ----- -description: -- Start the tor daemon and make sure it starts at boot: - -``` - sysrc tor_enable=YES - service tor start -``` - - -#### slide #### -title: Non-exit relay - FreeBSD ----- -description: - -- Optional, but recommended to get package updates faster: https://community.torproject.org/relay/setup/guard/freebsd/ - - -#### slide #### -title: Verify that your relay works ----- -description: - -After restarting the service, verify that the log file contains the following entry: -``` - Self-testing indicates your ORPort is - reachable from the outside. - Excellent. - Publishing server descriptor. -``` - -About 3 hours after you started your relay, it should appear on Metrics portal in Relay Search. - - -#### slide #### -title: More about relays ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Technical tips ----- -description: -- Enable automatic software updates. -- Backup your Tor Identity Keys. -- It's possible to limit bandwidth usage (and traffic). Check the parameters, for example, AccountingMax, AccountingRule, AccountingStart. -- If you run more than one Tor relay, you need to set the MyFamily parameter. - - -#### slide #### -title: Orchestrating ----- -description: -- Running multiple relays by hand can be challenging. -- Configuration management tools can make relay operators' lives easier: -- Ansible-relayor: http://github.com/nusenu/ansible-relayor - - -#### slide #### -title: Metrics ----- -description: -- Metrics portal: https://metrics.torproject.org -- You can search for how many relays are in the network, how many are exits, etc. -- In 2021 there are ~6,600 public relays and ~1,500 bridges. -- Check: how many relays are in your country? Who runs these relays? How diverse are they? - - -#### slide #### -title: Network diversity ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Monoculture ----- -description: -- A single kernel vulnerability in GNU/Linux impacting all Tor relays could be devastating. -- Diversity of Operating System (OS): ~90% of relays are Linux. - - -#### slide #### -title: Monoculture ----- -description: -- Diversity of Autonomous Systems (AS). -- Try to avoid the following hosters: OVH SAS (AS16276), Online S.a.s. (AS12876), Hetzner Online GmbH (AS24940), DigitalOcean, LLC (AS14061). - - -#### slide #### -title: The TorBSD Diversity Project ----- -description: -- The Tor BSD Diversity Project (TDP) is an initiative seeking to extend the use of BSD Unix operating systems in the network. -- Goals: increase the number of Tor relays running BSDs; Engage the BSD community about Tor anonymity; Port Tor related programs to BSD operating systems. - - -#### slide #### -title: More about exit relays ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Legal information ----- -description: -- Many countries have regulations that exclude internet service providers from liability. -- It's a good idea to consult with a lawyer or your local digital rights organization. -- Under most circumstances, you will be able to handle legal matters by having an abuse response letter. - - -#### slide #### -title: Legal resources ----- -description: -- The EFF Tor Legal FAQ: https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/ -- It's important to respond to abuse complaints in a timely manner (usually within 24 hours). -- Abuse letter templates: https://community.torproject.org/relay/community-resources/tor-abuse-templates - - -#### slide #### -title: Tips for running an exit relay ----- -description: -- Get a separate IP for the relay, and don’t use it for other services. -- Set up a Tor Exit Notice, so if someone checks your exit IP they'll know that it’s a Tor Exit. -- If you receive excessive complaints, consider running a Reduced Exit Policy. -- For more tips: https://blog.torproject.org/tips-running-exit-node - - -#### slide #### -title: Running relays with others ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Running a relay with others ----- -description: -- You can work with your university department, employer or institution, or an organization like Torservers.org, Nos oignons, etc. -- Some organizations – known as Relay Associations – are solely dedicated to this purpose: https://community.torproject.org/relay/community-resources/relay-associations/. - - -#### slide #### -title: Relays associations ----- -description: -- It's often advised to create some type of non-profit organization. This is useful for having a bank account and shared ownership. -- The most important thing is to have a group of people (3-5 suggested to start) interested in helping. - - -#### slide #### -title: Running a relay with universities ----- -description: -- Universities are typically home to a reliable, robust, and well-equipped network. -- Many computer science departments and university libraries run relays: Massachusetts Institute of Technology, Universität Stuttgart, the University of Waterloo. - -#### slide #### -title: Running a relay with universities ----- -description: -- Read more: https://community.torproject.org/relay/community-resources/tor-relay-universities/ - - - -#### slide #### -title: At your company or organization ----- -description: -- If you work at a Tor-friendly company or organization, that's another ideal place to run a relay. -- Companies like Brass Horn Communications, Quintex Alliance Consulting, and many others run relays. -- And organizations like Digital Courage, Access Now, Derechos Digitales, Calyx Institute, and Lebanon Libraries in New Hampshire. - - -#### slide #### -title: Bad relays ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: What is a bad relay? ----- -description: -- A bad relay is one that either doesn't work properly or tampers with our users' connections. That can be either through maliciousness or misconfiguration. - - -#### slide #### -title: What is a bad relay? ----- -description: -- For example: tampering with exit traffic in any way (including dropping accepted connections). Or, running HSDirs that harvest and probe .onion addresses - - -#### slide #### -title: Reporting a bad relay ----- -description: -- The "Bad relays" private working group at the Tor Project work to detect misconfigured, malicious, or suspicious relays. -- Users can report bad relays by sending an email to bad-relays@lists.torproject.org with the relay’s IP address or fingerprint, what kind of behavior you see, and any additional information needed to reproduce the issue. - - -#### slide #### -title: What happens to bad relays? ----- -description: -- After a relay is reported and behavior has been verified, the Tor Project will attempt to contact the relay operator. -- The relay will be flagged to prevent it from being used (BadExit, Invalid, Reject). -- The working group actively looks for bad relays using open source tools like exitmap, sysbilhunter. - - -#### slide #### -title: How do I get help running a Tor relay? ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: -- - - -#### slide #### -title: Getting help ----- -description: -- Read the Tor Relay documentation: - https://community.torproject.org/relay -- Subscribe to the tor-relays mailing list: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Join our IRC channel: #tor-relays in irc.oftc.net - - -#### slide #### -title: Thank you! ----- -slide_layout: title-slide ----- -background_image: /static/images/onion-white.png ----- -description: --