One conversation with parties to an edu yielded that they had no real working process for evaluating and accepting tertiary projects.
<snip>
they had no particular process in place to execute on that, so it didn't happen. And without process, examples of existing tertiary (arbitrary) projects were denied as replication models for yours.
A group of friends and I have been working with the IT department at our university to get an exit set up, and one of the ways we've gotten around this problem is by forming an official, recognized student organization. Student orgs (at least here) are able to request resources from the university (e.g. rackspace/bandwidth), funds from the Government of the Student Body, etc., so there's a somewhat established channel to go through the process. The IT folks here have actually been pretty great so far (if a little slow moving), although we have some personal connections with them so it makes things a bit smoother. This is just our personal experience, so take it with a grain of salt, but we've found there are 3 major things the IT bureaucracy wants to see, and in conversations with them it's come up that individuals trying to do things like run a Tor node in the past have been shut down for lacking (at least) one of these things: 1) Accountability - they want someone/some group who will step up to handle things like DMCA requests, abuse complaints, etc. Individual undergrads don't cut it here because they aren't around long-term and tend to lose interest after a while anyway. Ideally, a long-term university employee should put their name down as a contact/responsible party (even if it's not actually them responding to issues), but perhaps a student group could step up here too if they're firmly established. 2) Clear Admin/Security Policy - they want a well-defined security policy for maintaining the box long-term and limiting abuse potential. Less so, it seems, to actually verify that the box is secure, and more to just show various administrators to say "hey, we made sure they followed best practices - if something happens it's not our fault." Additionally, they want to ensure the university isn't somehow made liable for the activities of Tor users (e.g. by providing access to people around the world to journal subscriptions that are only supposed to be available to students). 3) Precedent - one of the most important issues they've brought up. They want to see that an exit node has been run successfully at other universities with minimal headaches. They're most interested in the setups that have worked for others, specific exit-policies and abuse-response procedures primarily. This all basically boils down to "Don't make the IT people's lives more difficult." A couple resources that I think could really help/streamline this process for other students in the future are: (A) A list of currently active exits at universities, filterable by country at least (laws/regulations are different). It would be really great to have some sections here for each university listing like: the exit policy (or policies), the way they get around problems like journal subscriptions, how they handle abuse complaints, how long the exit has been running, etc. (B) Some suggestions for helping students/student groups find solutions to common problems. Not sure how to limit access to subscription databases? Try getting an IP outside the university's netblock or making friends with a librarian who can make sure you always have an updated subscription list. IT people worried about a flood of abuse complaints? Here's an exit policy that's been shown to minimize problems. I know some/most of this information exists in various places already, but it would be extremely helpful to aggregate it in a nice format for both students working to setup nodes as well as a place to point curious/skeptical administrators. This: https://www.eff.org/torchallenge/tor-on-campus.html is somewhat close to what I'm describing, but, critically, it's lacking a searchable/filterable listing of current university exits. And while it does have a "Tactics for Addressing Potential Concerns" section that lists possible *solutions* to common problems, I think it might be good to have like a "Roadblocks" section or something that lists potential *problems* themselves. A lot of the information is there, it seems, just not a clear mapping of problem -> solution. Nik On 09/19/2014 06:26 PM, grarpamp wrote:
On Fri, Sep 19, 2014 at 6:13 PM, April Glaser <april@eff.org> wrote:
Also let us know if you're currently in process and facing road blocks.
One conversation with parties to an edu yielded that they had no real working process for evaluating and accepting tertiary projects.
For example, the process did exist for faculty actively engaged in bonafide research pursuant to paper production, licensing, etc. And for students actively enrolled in a class which graded academic projects for which writing code or learning sysadmin might be their project.
However if you were merely a student in the dorms, a janitor, office or IT worker, faculty, or anyone else simply wishing to run a node outside of the above business/academic progress, even if doing so would earn public recognition and carry little risk or cost...
they had no particular process in place to execute on that, so it didn't happen. And without process, examples of existing tertiary (arbitrary) projects were denied as replication models for yours.
EFF/TOR might be able to assist those in that situation by providing a page on forming a framework, and what that framework might look like. _______________________________________________ tor-relays-universities mailing list tor-relays-universities@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universitie...