commit 795bfd57083bc5ed2cff0259b35b3d688e90d664 Author: hiro <hiro@torproject.org> Date: Mon Mar 15 20:04:58 2021 +0100 Finish template and slides --- assets/static/revealjs/dist/theme/tor.css | 6 +- .../training/resources/tor-training/contents.lr | 400 +++++++++++++++++++-- templates/blocks/slide.html | 3 +- 3 files changed, 382 insertions(+), 27 deletions(-) diff --git a/assets/static/revealjs/dist/theme/tor.css b/assets/static/revealjs/dist/theme/tor.css index 2c55510..0ff2e67 100644 --- a/assets/static/revealjs/dist/theme/tor.css +++ b/assets/static/revealjs/dist/theme/tor.css @@ -301,8 +301,12 @@ section.has-dark-background, section.has-dark-background h1, section.has-dark-ba *********************************************/ @media print { .backgrounds { - background-color: #fff; } } + background-color: #fff; } +} +.print-pdf .footer { + display: none; +} /********************************************* * FOOTER *********************************************/ diff --git a/content/training/resources/tor-training/contents.lr b/content/training/resources/tor-training/contents.lr index 16254df..4a38efa 100644 --- a/content/training/resources/tor-training/contents.lr +++ b/content/training/resources/tor-training/contents.lr @@ -22,8 +22,7 @@ description: - Relay diversity - Getting help ----- -background: white + #### slide #### title: What's Tor? @@ -34,8 +33,7 @@ description: - Run by a US non-profit and volunteers from all over the world - It' s Tor, not TOR ----- -background: white + #### slide #### title: The Tor network @@ -44,8 +42,7 @@ description: - An open network, everyone can be part of it. Basically, your server will relay the tor traffic to another server in the Internet. - The network is composed by different types of servers run by volunteers around the world. - To ingress in the network, the new server will pass automatically to a new relay lifecycle. ----- -background: white + #### slide #### title: Why run a Tor relay? @@ -56,8 +53,7 @@ By running a Tor relay you can help make the Tor network: - more robust against attacks - more stable in case of outages - safer for its users (spying on more relays is harder than on a few) ----- -background: white + #### slide #### title: Types of Relays @@ -66,6 +62,7 @@ layout: title ---- background-image: /static/images/onion-white.png + #### slide #### title: Guard/middle (aka non-exit) relay ---- @@ -73,8 +70,7 @@ description: - A guard is the first relay in the chain of 3 relays building a Tor circuit. - A middle relay is neither a guard nor an exit, but acts as the second hop between the two. - To become a guard, a relay has to be stable and fast (at least 2MByte/s) otherwise it will remain a middle relay. ----- -background: white + #### slide #### title: Exit relay @@ -84,8 +80,7 @@ description: - That's why exit relays have the greatest legal exposure and liability of all the relays. - Before running an exit relay, check it with your local digital rights organization. - **You should not run a Tor exit relay from your home** ----- -background: white + #### slide #### title: Bridge @@ -94,8 +89,7 @@ description: - A bridge is a node in the network that isn't listed in the public Tor directory, which make it harder for ISPs and governments to block it. - Bridges are relatively easy, low-risk and low bandwidth Tor nodes to operate. - And there's another special kind of bridge: Pluggable transports. It hides your tor traffic by adding an additional layer of obfuscation. ----- -background: white + #### slide #### title: The lifecycle of a new relay @@ -105,8 +99,7 @@ Non-exit relays pass by a lifecycle of four phases (defined by days): - Days 0-3: the unmeasured phase - Days 3-8: network authorities start the remote measurement phase (the ramp-up guard phase) - Days 8-68: guard phase (where load counter intuitively drops and then rises higher) ----- -background: white + #### slide #### title: The lifecycle of a new relay @@ -115,8 +108,7 @@ description: - And after 68 days, if the relay is stable and fast enough, it receives a Guard flag (steady-state guard phase). - Exit relays also have a lifecycle more or less similar. - Read about all the phases in: [https://blog.torproject.org/lifecycle-new-relay](https://blog.torproject.org/lifecycle-new-relay) ----- -background: white + #### slide #### title: Relay requirements @@ -125,6 +117,7 @@ layout: title ---- background-image: /static/images/onion-white.png + #### slide #### title: Before we start ---- @@ -132,8 +125,7 @@ description: - Never run a relay without the consent of network administrator or machine owner. Read the Terms of Service (ToS) first, so you don’t lose money. - Choose which type of relay you will host. Non-exit relay is a easy way to start helping the network. - Read the documentation: [https://torproject.org/tor-relays](https://torproject.org/tor-relays) ----- -background: white + #### slide #### title: Bandwidth requirements @@ -142,8 +134,7 @@ description: - At least 16 Mbit/s (Mbps) upload and download bandwidth available for Tor. More is better. - The minimum requirements for a relay are 10 Mbit/s (Mbps). - If you have less than 10 Mbit/s but at least 1 Mbit/s we recommend you run a bridge with obfs4 support. ----- -background: white + #### slide #### title: Monthly outbound traffic @@ -152,8 +143,7 @@ description: - It is required to use a minimum of 100 GByte of outbound/incoming traffic per month. - If you have a metered plan you might want to configure tor to only use a given amount of bandwidth or monthly traffic. - More (>2 TB/month) is better and recommended ----- -background: white + #### slide #### title: Public IPv4 address @@ -163,5 +153,365 @@ description: - The IPv4 address is not required to be static but static IP addresses are preferred. - Your IPv4 address should remain unchanged for at least 3 hours (network consensus). - You can only run two Tor relays per public IPv4. + + +#### slide #### +title: Other requirements ---- -background: white +description: +- Memory: A <40 Mbit/s non-exit relay should have at least 512 MB of RAM available. +- Disk storage: Tor does not need much disk storage. A typical Tor relay needs less than 200 MB. + +#### slide #### +title: Other requirements +---- +description: +- Any modern CPU should be fine. +- Uptime: Ideally the relay runs on a server which runs 24/7. + + +#### slide #### +title: Choosing your relay hosting +---- +description: +- Tor community maintain the list GoodBadISPs, about the experience of running relays: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs +- Some providers only allow non-exit relays, so before buying a service, check the GoodBadISPs. + + +#### slide #### +title: Choosing your relay hosting +---- +description: +- This can cost anywhere between $3.00/mo and thousands per month. + + +#### slide #### +title: Technical setup +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Non-exit relay - Debian/Ubuntu +---- +description: +- Enable the Torproject package repository +- Install the tor package + +``` + $ apt update && apt install tor +``` + + +#### slide #### +title: Non-exit relay - Debian/Ubuntu +---- +description: +- Put the configuration file `/etc/tor/torrc` in place: +``` + Nickname myNiceRelay + ExitRelay 0 + SocksPort 0 + ControORPort 443 + lSocket 0 + ContactInfo tor-operator@your-emailaddress-domain + Log notice syslog +``` + + +#### slide #### +title: Non-exit relay - Debian/Ubuntu +---- +description: +- Restart the tor daemon: + +``` + $ systemctl restart tor@default +``` + + +#### slide #### +title: Non-exit relay - FreeBSD +---- +description: +- Install the tor package + +``` + pkg install tor ca_root_nss +``` + + +#### slide #### +title: Non-exit relay - FreeBSD +---- +description: + - Edit the configuration `file/usr/local/etc/tor/torrc` + +``` + Nickname myNiceRelay + ORPort 9001 + ExitRelay 0 + SocksPort 0 + ControlSocket 0 + ContactInfo tor-operator@your-emailaddress-domain + Log notice syslog +``` + + +#### slide #### +title: Non-exit relay - FreeBSD +---- +description: +- Ensure that the random_id sysctl setting is enabled: + +``` + echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf + sysctl net.inet.ip.random_id=1 +``` + + +#### slide #### +title: Non-exit relay - FreeBSD +---- +description: +- Start the tor daemon and make sure it starts at boot: + +``` + sysrc tor_enable=YES + service tor start +``` + + +#### slide #### +title: Non-exit relay - FreeBSD +---- +description: +Optional, but recommended to get package updates faster: +[https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/FreeBSD](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide/FreeBSD) + + +#### slide #### +title: Verify that your relay works +---- +description: + +After restarting the service, verify in the log file if it contains the following entry: +``` + Self-testing indicates your ORPort is + reachable from the outside. + Excellent. + Publishing server descriptor. +``` + +About 3 hours after you started your relay it should appear on Metrics portal in Relay Search. + + +#### slide #### +title: More about relays +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Technical tips +---- +description: +- Enable automatic software updates. +- Backup your Tor Identity Keys. +- It’s possible to limit bandwidth usage (and traffic). Check the parameters, for example: AccountingMax, AccountingRule, AccountingStart. +- If run more than one Tor relay, you need to set MyFamily parameter. + + +#### slide #### +title: Orchestrating +---- +description: +- Running multiple relays by hand can be challenging. +- Configuration management tools can make the relay operator life easier: +- Ansible-relayor: [http://github.com/nusenu/ansible-relayor](http://github.com/nusenu/ansible-relayor) +- Bash script: [https://github.com/coldhakca/tor-relay-bootstrap](https://github.com/coldhakca/tor-relay-bootstrap) + + +#### slide #### +title: Metrics +---- +description: +- Metrics portal - [https://metrics.torproject.org](https://metrics.torproject.org) +- It’s possible to search: how many relays are in the network, how many are exit, etc +- In 2019 there are ~6,600 relays and ~1,500 bridges. +- Check: how many relays are in your country? Who run these relays? How diverse it is? + + +#### slide #### +title: Network diversity +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Monoculture +---- +description: +- A single kernel vulnerability in GNU/Linux impacting Tor relays could be devastating. +- Diversity of Operating System (OS): ~90% of relays are Linux. + + +#### slide #### +title: Monoculture +---- +description: +- Diversity of Autonomous System (AS). Try to avoid the following hosters: OVH SAS (AS16276), Online S.a.s. (AS12876), Hetzner Online GmbH (AS24940), DigitalOcean, LLC (AS14061). + + +#### slide #### +title: More about exit relays +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Legal information +---- +description: +- In many countries there are regulations that exclude communication service providers from liability. +- It's a good idea to consult with a lawyer or your local digital rights organization. +- Under most circumstances you will be able to handle legal matters by having an abuse response letter. + + +#### slide #### +title: Legal resources +---- +description: +- The EFF Tor Legal FAQ: +[https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/](https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/) +- It’s important to respond to abuse complaints in a timely manner (usually within 24 hours). +- Abuse templates letters: +[https://community.torproject.org/relay/community-resources/tor-abuse-templates](https://community.torproject.org/relay/community-resources/tor-abuse-templates) + + +#### slide #### +title: Running relays with others +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Running a relay with others +---- +description: +- You can work with your university department, employer or institution, or an organization like [Torservers.org](Torservers.org) +- [Torservers.org](Torservers.org) is an independent, global network of organizations that helps the Tor network by running high bandwidth Tor relays. +- In many countries operating as a corporation instead of as an individual can also get you certain legal protections. + + +#### slide #### +title: Relays associations +---- +description: +- It’s often advised to create some type of non-profit corporation. This is useful for having a bank account and shared ownership. +- To start a relay association, the most important thing is to have a group of people (3-5 suggested to start) interested in helping. +- For example: Torservers.org, Cold Hak, enn.lu, nos-oignons. + + +#### slide #### +title: Running a relay with universities +---- +description: +- Universities are typically home to a reliable, robust, and well-equipped network. +- Many computer science departments and university libraries run relays, i.e., Massachussetts Institute of Technology (MIT CSAIL), Universitaet Stuttgart, the University of Waterloo. + + +#### slide #### +title: Running a relay with universities +---- +description: +- Start running a relay campaign in your university: [https://www.eff.org/torchallenge/tor-on-campus.html](https://www.eff.org/torchallenge/tor-on-campus.html) + + +#### slide #### +title: At your company or organization +---- +description: +- If you work at a Tor-friendly company or organization, that's another ideal place to run a relay. +- Companies like Brass Horn Communications, Quintex Alliance Consulting, and OmuraVPN +- And organizations like Digital Courage, Access Now, Derechos Digitales, and Lebanon Libraries in New Hampshire. + + +#### slide #### +title: Bad relays +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: What is a bad relay? +---- +description: +- A bad relay is one that either doesn't work properly or tampers with our users' connections. This can be either through maliciousness or misconfiguration. + + +#### slide #### +title: What is a bad relay? +---- +description: +- For example: tampering with exit traffic in any way (including dropping accepted connections). Or, running HSDirs that harvest and probe .onion addresses + + +#### slide #### +title: Reporting a bad relay +---- +description: +- Bad relays is also a private working group in Tor Project to detect misconfigured, malicious, or suspicious relay. +- Users can report bad relays sending an email to bad-relays@lists.torproject.org with the relay's IP address or fingerprint, what kind of behavior did you see, and any additional information it’s needed to reproduce the issue. + + +#### slide #### +title: What happens to bad relays? +---- +description: +- After a relay is reported and we've verified the behavior we'll attempt to contact the relay operator. +- We'll flag it to prevent it from continuing to be used (BadExit, Invalid, Reject). +- The working group actively look for bad relays using open source tools like: exitmap, sysbilhunter. + + +#### slide #### +title: How do I get help running a Tor relay? +---- +layout: title +---- +background-image: /static/images/onion-white.png + + +#### slide #### +title: Getting help +---- +description: +- Read the Tor Relay Guide documentation before: +- [https://torproject.org/relay-guide](https://torproject.org/relay-guide) +- Search the mailing list archive: tor-relays in [https://lists.torproject.org](https://lists.torproject.org) +- Join the IRC channel: #tor-relays in irc.oftc.net + +#### slide #### +title: Thank you! +---- +author: +name - email@example.com +---- +subtitle: +PGP FINGERPRINT +---- +layout: title +---- +background-image: /static/images/onion-white.png diff --git a/templates/blocks/slide.html b/templates/blocks/slide.html index e0421ea..809873c 100644 --- a/templates/blocks/slide.html +++ b/templates/blocks/slide.html @@ -3,9 +3,10 @@ <h3>{{ this.title }}</h3> <hr class="dark" /> <h4>{{ this.subtitle }}</h4> + <h5>{{ this.author }}</h5> </section> {% else %} -<section data-background-color="{{ this.background }}"> +<section {% if this.background != "white" %} data-background-color="{{ this.background }}" {% else %} data-background-color="white" {% endif %} > <h2>{{ this.title }}</h2> {{ this.description }}