Looking to chat with University Tor operators
Hi All, I'm currently working on formulating a best-practices and how-to document for running Tor nodes in University and other academic settings. My primary focus is on running production Tor nodes, but I'm also happy to hear about research uses of Tor. I'd love to chat with anyone involved with the day-to-day operation of Tor nodes on University networks as well as anyone involved with the process of standing up Tor nodes on University networks and any administrative overhead that involved. I'm happy to chat via phone or email. If you're currently operating a University-based Tor node and are interested in sharing some of your experiences, let me know. Some potential questions I'd be curious to hear about include: + Why do you operate a Tor node? For research? As a public service? For student experience? + What's the governance/organizational structure for your nodes? Who's in charge of their operation? + Who handles the day-to-day operation of the nodes? Run by campus IT? Run by a dept? Run by students? Etc? + Who handles complaints? + Was it difficult to convince university administration/legal/IT to support the deployment of Tor nodes? What were their concerns? + How many and what kind of complaints do you receive? + What kinds of costs are associated with the operation of your node and how are these justified/budgeted? + What exit policy do you use? + How are the nodes placed within the campus network? Outside the firewall/IDS? On their own public subnet? How do you handle isolation of reputational issues? Similarly, if anyone knows of existing published write-ups related to operating or standing-up Tor nodes in university settings that you could point me to, I'd greatly appreciate it. I'm already familiar with: https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities https://www.eff.org/torchallenge/tor-on-campus.html Thanks! Sincerely, Andy Sayler Center for Democracy and Technology Technologist Intern University of Colorado, Boulder Department of Computer Science PhD Candidate www.andysayler.com
On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
I'm currently working on formulating a best-practices and how-to document for running Tor nodes in University and other academic settings. My primary focus is on running production Tor nodes, but I'm also happy to hear about research uses of Tor. I'd love to chat with anyone involved with the day-to-day operation of Tor nodes on University networks as well as anyone involved with the process of standing up Tor nodes on University networks and any administrative overhead that involved.
I'm happy to chat via phone or email. If you're currently operating a University-based Tor node and are interested in sharing some of your experiences, let me know. Some potential questions I'd be curious to hear about include:
Such guidelines would be very useful, so thanks for starting this, Andy! I can share our experience with running a relay at Karlstad University in Sweden. We tried to start an exit relay, but failed on an organisational level, so we are now running a guard relay: <https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645> <https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>
+ Why do you operate a Tor node? For research? As a public service? For student experience?
Our main motivation was public service. Our network link had plenty of spare capacity that might as well be used for a good cause. That said, our relay turned out to be useful for research too. We used it on several occasions to learn more about global censorship events.
+ What's the governance/organizational structure for your nodes? Who's in charge of their operation?
CS researchers are in charge of operations. Our department head, campus IT, as well as the head of the university is aware of us running it, but not interfering with operations.
+ Who handles the day-to-day operation of the nodes? Run by campus IT? Run by a dept? Run by students? Etc?
Operations is done by three CS researchers. We worked closely with campus IT, which changed our network topology so we are directly connected to our university's uplink. Without that, our Tor relay could have interfered with the network measurements done by our networking group.
+ Who handles complaints?
We created a mailing list for that purpose, which is part of our relay's contact information. Our three operators as well as campus IT folks are part of that mailing list. That way, we hope to always have at least one person that is able to reply to complaints quickly.
+ Was it difficult to convince university administration/legal/IT to support the deployment of Tor nodes? What were their concerns?
It was quite difficult in our case. We started with a guard relay, which was straightforward to set up as there are no legal implications. We then tried to turn it into an exit relay. We talked to campus IT, our department head, our university lawyer, our university PR person, and the university head. Unfortunately, our university head shut down our plans; apparently because her 5-minute-Google-search made her believe that the Tor network is mainly used for child abuse. After that, there was no talking to her any more, which was very frustrating. The higher we went up the hierarchy, the harder it became. We were told that we aren't a charity and if the relay is not related to research, we cannot have it. Luckily, our research group did quite a bit of Tor research. What definitely helped was that our work got some positive media attention, which pleased our decision makers. It was also helpful to show that other universities are already doing the same thing without major issues.
+ How many and what kind of complaints do you receive?
We receive no complaints since we don't run an exit relay.
+ What kinds of costs are associated with the operation of your node and how are these justified/budgeted?
First, there's the cost of having a physical machine. That was negligible as we simply took an old computer from student lab rooms. There might also be bandwidth costs, but we don't pay for usage, so that doesn't affect us. Finally, there's also the time spent for administration. Once the relay is up-and-running, we only spend about an hour a month. It boils down to keeping an eye on log files and running updates. After our initial setup, the cost is close to zero for us. I expect that to be different for an exit relay as some complaints might have to be escalated to lawyers, whose time is pricey.
+ How are the nodes placed within the campus network? Outside the firewall/IDS? On their own public subnet? How do you handle isolation of reputational issues?
Reputational issues were a big deal for us. First, we obtained a new /29 netblock from our upstream provider to isolate it from the rest of the network. We did that back when we were working on starting an exit relay, so our exit couldn't be used to scrape the scientific databases we have subscriptions for (e.g., IEEE Xplore, ACM DL). We also set the netblock description in the whois record to "Privacy research at Karlstads Universitetet" to make it clear to irritated network administrators what we are up to. Our relay also had a small web server whose index page informed about what a Tor relay is. Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for our relay's reverse DNS record. We wanted to decouple it from our university domain (kau.se), just in case of a nasty media disaster.
Similarly, if anyone knows of existing published write-ups related to operating or standing-up Tor nodes in university settings that you could point me to, I'd greatly appreciate it. I'm already familiar with:
https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities https://www.eff.org/torchallenge/tor-on-campus.html
I'd be happy to help out in any way I can. After we went through all these hoops, I wanted to write up our experience but I never got to it. Cheers, Philipp
It's not glamorous, but I've had a lot of success just personally running a guard/middle relay <https://globe.torproject.org/#/relay/A3EC6973400E79B6377D134419D429978030BC97> from my dorm room. I'm an undergraduate at Caltech and we get free power and 40mbps symmetric in the dormitories. I've pushed 3TB in the last three months or so. I run it purely as a public service/donation. Since it's not an exit node, there have been no issues with university administrators, no complaints (DMCA or otherwise), and no issues with accidentally opening up access to university resources. I doubt this is exactly what you're looking to hear, but I would certainly encourage any students with uncooperative administrators or without the resources to go through formal channels to take this approach. Feel free to contact me with any questions :) Cheers, Alex On Thu, Jul 2, 2015 at 10:55 AM, Philipp Winter <phw@nymity.ch> wrote:
On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
I'm currently working on formulating a best-practices and how-to document for running Tor nodes in University and other academic settings. My primary focus is on running production Tor nodes, but I'm also happy to hear about research uses of Tor. I'd love to chat with anyone involved with the day-to-day operation of Tor nodes on University networks as well as anyone involved with the process of standing up Tor nodes on University networks and any administrative overhead that involved.
I'm happy to chat via phone or email. If you're currently operating a University-based Tor node and are interested in sharing some of your experiences, let me know. Some potential questions I'd be curious to hear about include:
Such guidelines would be very useful, so thanks for starting this, Andy! I can share our experience with running a relay at Karlstad University in Sweden. We tried to start an exit relay, but failed on an organisational level, so we are now running a guard relay: < https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE6...
< https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C19...
+ Why do you operate a Tor node? For research? As a public service? For student experience?
Our main motivation was public service. Our network link had plenty of spare capacity that might as well be used for a good cause. That said, our relay turned out to be useful for research too. We used it on several occasions to learn more about global censorship events.
+ What's the governance/organizational structure for your nodes? Who's in charge of their operation?
CS researchers are in charge of operations. Our department head, campus IT, as well as the head of the university is aware of us running it, but not interfering with operations.
+ Who handles the day-to-day operation of the nodes? Run by campus IT? Run by a dept? Run by students? Etc?
Operations is done by three CS researchers. We worked closely with campus IT, which changed our network topology so we are directly connected to our university's uplink. Without that, our Tor relay could have interfered with the network measurements done by our networking group.
+ Who handles complaints?
We created a mailing list for that purpose, which is part of our relay's contact information. Our three operators as well as campus IT folks are part of that mailing list. That way, we hope to always have at least one person that is able to reply to complaints quickly.
+ Was it difficult to convince university administration/legal/IT to support the deployment of Tor nodes? What were their concerns?
It was quite difficult in our case. We started with a guard relay, which was straightforward to set up as there are no legal implications.
We then tried to turn it into an exit relay. We talked to campus IT, our department head, our university lawyer, our university PR person, and the university head. Unfortunately, our university head shut down our plans; apparently because her 5-minute-Google-search made her believe that the Tor network is mainly used for child abuse. After that, there was no talking to her any more, which was very frustrating.
The higher we went up the hierarchy, the harder it became. We were told that we aren't a charity and if the relay is not related to research, we cannot have it. Luckily, our research group did quite a bit of Tor research. What definitely helped was that our work got some positive media attention, which pleased our decision makers. It was also helpful to show that other universities are already doing the same thing without major issues.
+ How many and what kind of complaints do you receive?
We receive no complaints since we don't run an exit relay.
+ What kinds of costs are associated with the operation of your node and how are these justified/budgeted?
First, there's the cost of having a physical machine. That was negligible as we simply took an old computer from student lab rooms. There might also be bandwidth costs, but we don't pay for usage, so that doesn't affect us. Finally, there's also the time spent for administration. Once the relay is up-and-running, we only spend about an hour a month. It boils down to keeping an eye on log files and running updates. After our initial setup, the cost is close to zero for us. I expect that to be different for an exit relay as some complaints might have to be escalated to lawyers, whose time is pricey.
+ How are the nodes placed within the campus network? Outside the firewall/IDS? On their own public subnet? How do you handle isolation of reputational issues?
Reputational issues were a big deal for us. First, we obtained a new /29 netblock from our upstream provider to isolate it from the rest of the network. We did that back when we were working on starting an exit relay, so our exit couldn't be used to scrape the scientific databases we have subscriptions for (e.g., IEEE Xplore, ACM DL).
We also set the netblock description in the whois record to "Privacy research at Karlstads Universitetet" to make it clear to irritated network administrators what we are up to. Our relay also had a small web server whose index page informed about what a Tor relay is.
Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for our relay's reverse DNS record. We wanted to decouple it from our university domain (kau.se), just in case of a nasty media disaster.
Similarly, if anyone knows of existing published write-ups related to operating or standing-up Tor nodes in university settings that you could point me to, I'd greatly appreciate it. I'm already familiar with:
https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities https://www.eff.org/torchallenge/tor-on-campus.html
I'd be happy to help out in any way I can. After we went through all these hoops, I wanted to write up our experience but I never got to it.
Cheers, Philipp _______________________________________________ tor-relays-universities mailing list tor-relays-universities@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universitie...
Hi Alex, Thanks for the info. I'm happy to hear about "unofficial" student-run nodes as well as the larger "official" ones. I assume that your node basically flies under the radar and that you didn't get any explicit university permission to stand it up? Do you have reason to believe your university would be antagonistic to a larger scale "official" Tor operation, or have you just gone the DIY route because it was quicker/easier/required fewer resoruces? Cheers, Andy On Thu, Jul 2, 2015 at 2:18 PM, Alex Ryan <ialex.ryan@gmail.com> wrote:
It's not glamorous, but I've had a lot of success just personally running a guard/middle relay from my dorm room. I'm an undergraduate at Caltech and we get free power and 40mbps symmetric in the dormitories. I've pushed 3TB in the last three months or so. I run it purely as a public service/donation. Since it's not an exit node, there have been no issues with university administrators, no complaints (DMCA or otherwise), and no issues with accidentally opening up access to university resources.
I doubt this is exactly what you're looking to hear, but I would certainly encourage any students with uncooperative administrators or without the resources to go through formal channels to take this approach.
Feel free to contact me with any questions :)
Cheers, Alex
On Thu, Jul 2, 2015 at 10:55 AM, Philipp Winter <phw@nymity.ch> wrote:
On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
I'm currently working on formulating a best-practices and how-to document for running Tor nodes in University and other academic settings. My primary focus is on running production Tor nodes, but I'm also happy to hear about research uses of Tor. I'd love to chat with anyone involved with the day-to-day operation of Tor nodes on University networks as well as anyone involved with the process of standing up Tor nodes on University networks and any administrative overhead that involved.
I'm happy to chat via phone or email. If you're currently operating a University-based Tor node and are interested in sharing some of your experiences, let me know. Some potential questions I'd be curious to hear about include:
Such guidelines would be very useful, so thanks for starting this, Andy! I can share our experience with running a relay at Karlstad University in Sweden. We tried to start an exit relay, but failed on an organisational level, so we are now running a guard relay:
<https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645>
<https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>
+ Why do you operate a Tor node? For research? As a public service? For student experience?
Our main motivation was public service. Our network link had plenty of spare capacity that might as well be used for a good cause. That said, our relay turned out to be useful for research too. We used it on several occasions to learn more about global censorship events.
+ What's the governance/organizational structure for your nodes? Who's in charge of their operation?
CS researchers are in charge of operations. Our department head, campus IT, as well as the head of the university is aware of us running it, but not interfering with operations.
+ Who handles the day-to-day operation of the nodes? Run by campus IT? Run by a dept? Run by students? Etc?
Operations is done by three CS researchers. We worked closely with campus IT, which changed our network topology so we are directly connected to our university's uplink. Without that, our Tor relay could have interfered with the network measurements done by our networking group.
+ Who handles complaints?
We created a mailing list for that purpose, which is part of our relay's contact information. Our three operators as well as campus IT folks are part of that mailing list. That way, we hope to always have at least one person that is able to reply to complaints quickly.
+ Was it difficult to convince university administration/legal/IT to support the deployment of Tor nodes? What were their concerns?
It was quite difficult in our case. We started with a guard relay, which was straightforward to set up as there are no legal implications.
We then tried to turn it into an exit relay. We talked to campus IT, our department head, our university lawyer, our university PR person, and the university head. Unfortunately, our university head shut down our plans; apparently because her 5-minute-Google-search made her believe that the Tor network is mainly used for child abuse. After that, there was no talking to her any more, which was very frustrating.
The higher we went up the hierarchy, the harder it became. We were told that we aren't a charity and if the relay is not related to research, we cannot have it. Luckily, our research group did quite a bit of Tor research. What definitely helped was that our work got some positive media attention, which pleased our decision makers. It was also helpful to show that other universities are already doing the same thing without major issues.
+ How many and what kind of complaints do you receive?
We receive no complaints since we don't run an exit relay.
+ What kinds of costs are associated with the operation of your node and how are these justified/budgeted?
First, there's the cost of having a physical machine. That was negligible as we simply took an old computer from student lab rooms. There might also be bandwidth costs, but we don't pay for usage, so that doesn't affect us. Finally, there's also the time spent for administration. Once the relay is up-and-running, we only spend about an hour a month. It boils down to keeping an eye on log files and running updates. After our initial setup, the cost is close to zero for us. I expect that to be different for an exit relay as some complaints might have to be escalated to lawyers, whose time is pricey.
+ How are the nodes placed within the campus network? Outside the firewall/IDS? On their own public subnet? How do you handle isolation of reputational issues?
Reputational issues were a big deal for us. First, we obtained a new /29 netblock from our upstream provider to isolate it from the rest of the network. We did that back when we were working on starting an exit relay, so our exit couldn't be used to scrape the scientific databases we have subscriptions for (e.g., IEEE Xplore, ACM DL).
We also set the netblock description in the whois record to "Privacy research at Karlstads Universitetet" to make it clear to irritated network administrators what we are up to. Our relay also had a small web server whose index page informed about what a Tor relay is.
Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for our relay's reverse DNS record. We wanted to decouple it from our university domain (kau.se), just in case of a nasty media disaster.
Similarly, if anyone knows of existing published write-ups related to operating or standing-up Tor nodes in university settings that you could point me to, I'd greatly appreciate it. I'm already familiar with:
https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities https://www.eff.org/torchallenge/tor-on-campus.html
I'd be happy to help out in any way I can. After we went through all these hoops, I wanted to write up our experience but I never got to it.
Cheers, Philipp _______________________________________________ tor-relays-universities mailing list tor-relays-universities@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universitie...
Hi Philip, Thanks for the response. I'll add it to the others I've received off list. All the info is very helpful. I assume since you posted this publicly, you wont' mind if I include this information in my report? I'll let you know if I have additional follow-up questions as I start to compile my response data. Thanks, Andy On Thu, Jul 2, 2015 at 1:55 PM, Philipp Winter <phw@nymity.ch> wrote:
On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
I'm currently working on formulating a best-practices and how-to document for running Tor nodes in University and other academic settings. My primary focus is on running production Tor nodes, but I'm also happy to hear about research uses of Tor. I'd love to chat with anyone involved with the day-to-day operation of Tor nodes on University networks as well as anyone involved with the process of standing up Tor nodes on University networks and any administrative overhead that involved.
I'm happy to chat via phone or email. If you're currently operating a University-based Tor node and are interested in sharing some of your experiences, let me know. Some potential questions I'd be curious to hear about include:
Such guidelines would be very useful, so thanks for starting this, Andy! I can share our experience with running a relay at Karlstad University in Sweden. We tried to start an exit relay, but failed on an organisational level, so we are now running a guard relay: <https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645> <https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>
+ Why do you operate a Tor node? For research? As a public service? For student experience?
Our main motivation was public service. Our network link had plenty of spare capacity that might as well be used for a good cause. That said, our relay turned out to be useful for research too. We used it on several occasions to learn more about global censorship events.
+ What's the governance/organizational structure for your nodes? Who's in charge of their operation?
CS researchers are in charge of operations. Our department head, campus IT, as well as the head of the university is aware of us running it, but not interfering with operations.
+ Who handles the day-to-day operation of the nodes? Run by campus IT? Run by a dept? Run by students? Etc?
Operations is done by three CS researchers. We worked closely with campus IT, which changed our network topology so we are directly connected to our university's uplink. Without that, our Tor relay could have interfered with the network measurements done by our networking group.
+ Who handles complaints?
We created a mailing list for that purpose, which is part of our relay's contact information. Our three operators as well as campus IT folks are part of that mailing list. That way, we hope to always have at least one person that is able to reply to complaints quickly.
+ Was it difficult to convince university administration/legal/IT to support the deployment of Tor nodes? What were their concerns?
It was quite difficult in our case. We started with a guard relay, which was straightforward to set up as there are no legal implications.
We then tried to turn it into an exit relay. We talked to campus IT, our department head, our university lawyer, our university PR person, and the university head. Unfortunately, our university head shut down our plans; apparently because her 5-minute-Google-search made her believe that the Tor network is mainly used for child abuse. After that, there was no talking to her any more, which was very frustrating.
The higher we went up the hierarchy, the harder it became. We were told that we aren't a charity and if the relay is not related to research, we cannot have it. Luckily, our research group did quite a bit of Tor research. What definitely helped was that our work got some positive media attention, which pleased our decision makers. It was also helpful to show that other universities are already doing the same thing without major issues.
+ How many and what kind of complaints do you receive?
We receive no complaints since we don't run an exit relay.
+ What kinds of costs are associated with the operation of your node and how are these justified/budgeted?
First, there's the cost of having a physical machine. That was negligible as we simply took an old computer from student lab rooms. There might also be bandwidth costs, but we don't pay for usage, so that doesn't affect us. Finally, there's also the time spent for administration. Once the relay is up-and-running, we only spend about an hour a month. It boils down to keeping an eye on log files and running updates. After our initial setup, the cost is close to zero for us. I expect that to be different for an exit relay as some complaints might have to be escalated to lawyers, whose time is pricey.
+ How are the nodes placed within the campus network? Outside the firewall/IDS? On their own public subnet? How do you handle isolation of reputational issues?
Reputational issues were a big deal for us. First, we obtained a new /29 netblock from our upstream provider to isolate it from the rest of the network. We did that back when we were working on starting an exit relay, so our exit couldn't be used to scrape the scientific databases we have subscriptions for (e.g., IEEE Xplore, ACM DL).
We also set the netblock description in the whois record to "Privacy research at Karlstads Universitetet" to make it clear to irritated network administrators what we are up to. Our relay also had a small web server whose index page informed about what a Tor relay is.
Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for our relay's reverse DNS record. We wanted to decouple it from our university domain (kau.se), just in case of a nasty media disaster.
Similarly, if anyone knows of existing published write-ups related to operating or standing-up Tor nodes in university settings that you could point me to, I'd greatly appreciate it. I'm already familiar with:
https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities https://www.eff.org/torchallenge/tor-on-campus.html
I'd be happy to help out in any way I can. After we went through all these hoops, I wanted to write up our experience but I never got to it.
Cheers, Philipp
participants (3)
-
Alex Ryan -
Andy Sayler -
Philipp Winter