June 2018 - tor-relays - lists.torproject.org

Become a Fallback Directory Mirror
by Colin Childs 13 Nov '18

13 Nov '18

Hello Tor Relay Operators, Do you want your relay to be a Tor fallback directory mirror? Will it have the same address and port for the next 2 years? Just reply to this email with your relay's fingerprint. If your relay is on the current list, you don't need to do anything. If you're asking: Q: What's a fallback directory mirror? Fallback directory mirrors help Tor clients connect to the network. For more details, see [1]. Q: Is my relay on the current list? Search [2] and [3] for your relay fingerprint or IP address and port: [2] is the current list of fallbacks in Tor. [3] is used to create the next list of fallbacks. Q: What do I need to do if my relay is on the list? Keep the same IP address, keys, and ports. Email tor-relays if the relay's details change. Q: Can my relay be on the list next time? We need fast relays that will be on the same IP address and port for 2 years. Reply to this email to get on the list, or to update the details of your relay. Once or twice a year, we run a script to choose about 150-200 relays from the potential list [3] for the list in Tor [2]. Q: Why didn't my relay get on the list last time? We check a relay's uptime, flags, and speed [4]. Sometimes, a relay might be down when we check. That's ok, we will check it again next time. It's good to have some new relays on the list every release. That helps tor clients, because blocking a changing list is harder. Q. I already have a relay in the fallback list, can I add another? We will pick up to 7 relays per operator to be in the fallback list. Please send any relays that you would like considered for the fallback list. Thanks for considering and/or being a fallback directory mirror! [1]: https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors <https://trac.torproject.org/projects/tor/wiki/doc/FallbackDirectoryMirrors> [2]: https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc <https://gitweb.torproject.org/tor.git/tree/src/or/fallback_dirs.inc> [3]: https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist <https://gitweb.torproject.org/tor.git/tree/scripts/maint/fallback.whitelist> [4]: https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_… <https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_…>

8 9

FYI: Subpoena Received
by "IPfail (Tor Admin)" 23 Jul '18

23 Jul '18

FYI, I received a subpoena from a US based court to produce information about individual(s) who were using one of our exit nodes at a specific date/time. In the nearly 3 months that these exits have been in operation, this is the first subpoena and only the second complaint received. For purposes of documenting the approximate ratio of "complaints / traffic processed", these nodes have handled ~515TB and are using the recommended reduced exit policy. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

7 8

Trying to set up a relay at home, but get no connections
by Gunnar Wolf 21 Jul '18

21 Jul '18

Hello, I have set up a VM at my home server (via fiber DSL) to work as a Tor relay. I have set up port forwarding for ORport and DirPort (defaults, 9001 and 9030). The logs don't give me any useful information — or, possibly, I fail to grok anything useful ;-) The following happens every couple of hours: Jun 07 09:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 09:36:19.000 [notice] Heartbeat: Tor's uptime is 17:59 hours, with 0 circuits open. I've sent 2.71 MB and received 32.26 MB. Jun 07 09:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 12% Jun 07 09:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 14/14 NTor. Jun 07 09:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 216 v4 connections. Jun 07 09:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. Jun 07 15:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 15:36:19.000 [notice] Heartbeat: Tor's uptime is 23:59 hours, with 0 circuits open. I've sent 3.18 MB and received 42.36 MB. Jun 07 15:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 14% Jun 07 15:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 0/0 NTor. Jun 07 15:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 284 v4 connections. Jun 07 15:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. Jun 07 21:36:19.000 [notice] Heartbeat: It seems like we are not in the cached consensus. Jun 07 21:36:19.000 [notice] Heartbeat: Tor's uptime is 1 day 5:59 hours, with 0 circuits open. I've sent 3.66 MB and received 53.04 MB. Jun 07 21:36:19.000 [notice] Average packaged cell fullness: 13.454%. TLS write overhead: 16% Jun 07 21:36:19.000 [notice] Circuit handshake stats since last time: 0/0 TAP, 0/0 NTor. Jun 07 21:36:19.000 [notice] Since startup, we have initiated 0 v1 connections, 0 v2 connections, 0 v3 connections, and 21 v4 connections; and received 0 v1 connections, 0 v2 connections, 0 v3 connections, and 351 v4 connections. Jun 07 21:36:19.000 [notice] DoS mitigation since startup: 0 circuits rejected, 0 marked addresses. 0 connections closed. 0 single hop clients refused. What should I look into? Thanks,

11 13

Re: [tor-relays] Fwd: Tor Guard Relay
by Mirimir 13 Jul '18

13 Jul '18

On 06/09/2018 01:51 PM, Keifer Bly wrote: > I just scanned the picture files using Avast, which I use a a lot and it is > a pretty great anti virus program based off of my use with it. Here is the > contents of the email in programming code; I don't know about other email > services but in Gmail this can be retrieved by signing into the web version > (in a web browser) clicking the more options button (next to the replay > button) and clicking "show original". > >>From what I can tell looking at the code, it is encoded using base64 and > the ip address of the web server it was sent from is 104.161.37.109. > > However, as for telling anything else, it seems like that would be > difficult to do without the right equipment. Let me know what you think. Thanks for source with headers. I don't see anything useful, though, I do see that "In-Reply-To: <5b182b2c.1c69fb81.390f6.f0ea(a)mx.google.com>" is correct, so the sender is probably subscribed to the list. Getting that right from messages in the online archives would be nontrivial. But damn: "I joined this site so that i could weed through the guys who aren’t serious and reliable enough to invite to my house where i feel comfortable." Trolling the tor-relays list for nice guys to date? That is bizarre. > On Sat, Jun 9, 2018 at 5:26 PM Mirimir <mirimir(a)riseup.net> wrote: > >> On 06/09/2018 05:28 AM, Keifer Bly wrote: >>> I was asked by mirmir to send one of the emails as a txt file, and so >> here >>> it is. It is at the google drive link below, I had tried to send it as an >>> attachment, but got a note back saying it was being held because it was >> too >>> big. The zip file contains the contents of the email and the attached >>> images. Thank you. I will try creating a spam filter for the email domain >>> they are coming from, though a few of them have come from yahoo.com >> domain, >>> which annoyingly I can't really block as some of my legitimate contacts >> use >>> yahoo mail. I could try reporting this to Google, what do you think? >>> >>> >> https://drive.google.com/open?id=0B_cH2cPZZmbTMmE2Ni1hc1BZbXliM0hMaTZnN19Gc… >> >> Thanks. But the text there doesn't contain headers. But that's less an >> issue, because from headers aren't spoofed. The question now is whether >> this is simple trolling, or attempts to infiltrate machines of relay >> operators. Someone experienced with malware analysis could examine the >> images for attack code, as Roman suggested. But that's over my head. >> >> Blocking *.mexyst.com domains, as Neel suggested, will likely stop most >> of them, with little or no downside. But blocking yahoo.com isn't >> workable for many. But if they're all as salacious as Keifer's example, >> blocking on language seems workable. Or language plus domain. >> >> As with Efail, this is a reminder of the risks of decoding HTML, loading >> embedded images, and fetching remote content. And the importance of >> compartmentalizing email and browsing from credentials for relay >> management (and other high-impact stuff, such as finances). >> >>> On Fri, Jun 8, 2018 at 9:57 PM Mirimir <mirimir(a)riseup.net> wrote: >>> >>>> On 06/08/2018 05:03 PM, Keifer Bly wrote: >>>>> This is one of the about 20 emails that have been received. Upon >> looking >>>> it >>>>> looks like they are spoofing the [tor-relays] subject line. My >> apologies >>>>> for the subject change but could not find a way to forward the emails >>>>> without forwarding them from an old conversation. Thank you. (The >> subject >>>>> this is in reference to is "Spam Emails Received From This Mailing >>>> List"). >>>> >>>> OK, so they're just using subject lines from the list. And not spoofing >>>> the from address. >>>> >>>> But what you forwarded doesn't include the headers. By googling, I get >>>> this: >>>> >>>> | 1) Open the message in your Gmail inbox. >>>> | 2) Click the down-arrow in the top-right corner of the message. >>>> | 3) Click the "Show original" link toward the bottom of the options >>>> | box. The message will open in a separate window with the full >>>> | message headers at the top. >>>> >>>> Just save that as a text file, and send it to me as an attachment. >>>> >>>> Why the bloody hell someone would target users of this list in that way >>>> is bizarre. And why you? Rather than me, who is admittedly an outspoken >>>> jerk sometimes ;) >>>> >>>>> ---------- Forwarded message --------- >>>>> From: Becky Janet <beckyjanet335900(a)re.mexyst.com> >>>>> Date: Fri, Jun 8, 2018 at 7:48 PM >>>>> Subject: Re: [tor-relays] Tor Guard Relay >>>>> To: Keifer Bly <keifer.bly(a)gmail.com> >>>>> >>>>> >>>>> first you need to trust someone to find real sex partner. So if you >> want >>>> to >>>>> find real sex partner then you need to trust me. Always i'm telling you >>>>> it's totally f r e e. Just connect with My Private Page >>>>> <http://datingflirt.info/1stold> by submitting you mail, name, age >> etc. >>>> I'm >>>>> assure you if it's ask any cc then no need to connect with me. So just >>>>> trust and try. Trust Me & Try It Now NCTB ; After completing this task >>>>> check your mail ,Automatically you will get my personal phone no in >> your >>>>> mail within 5 min. Just check your mail (inbox/s p a m) and call me >> asap. >>>>> I'm waiting for your cam >>>>> >>>> _______________________________________________ >>>> tor-relays mailing list >>>> tor-relays(a)lists.torproject.org >>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>>> >>> >> _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> >

4 9

A general question for relay operators
by George 04 Jul '18

04 Jul '18

Greetings relay operators. A question that came up offline for relay operators can be summed up in one sentence, paraphrased from flexlibris: as a relay operator, what "things" do you wish you knew before you started running a relay? I'm really curious, in particular, to hear from those relay operators who are less connected to others, and are maybe more isolated physically from the community. In the long-ago past, many of us ran exit nodes without giving it much thought or preparation leading to ISP issues, but that seems less common today. For others, there might be a learning curve in keeping a network service up with decent uptime, while updating the relevant ports and operating system. There's no irrelevant answers to this, including more boring issues such as paying for the relay, choosing a provider or experiences as a (conscious) exit node operator. Bonus point for showing relation between your total costs per 1Mbps. Not only should this discussion be useful on list, but it might provide more content for the relay operator guide. g -- 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682

9 15

Contact info obfscation
by Keifer Bly 02 Jul '18

02 Jul '18

Hello, I am aware that email addresses used in the “ContactInfo: “ in a relay operator’s torrc file is publicly listed on the tor relay. However, what I am wondering, is there a way to obfuscate the email address on http://torstatus.blutmagie.de/router_detail.php?FP=db1af6477bb276b6ea5e7213… to appear as “k—f---b--(a)g-ail.xn--com-9o0a or something of the sorts, while keeping the real email address readable for tor cloud to send mail to? It seems like obfuscating the email address in the torrc file would cause it to become unreadable to the tor project as well. Thank you.

10 23

relayor v0.4.0 is released
by nusenu 01 Jul '18

01 Jul '18

Hi, relayor v0.4.0 is released. relayor helps you with running relays with minimal effort (automate everything). https://github.com/nusenu/ansible-relayor This release contains important changes for exit operators that define their own exit policy, please _do_ read the changelog if you are an exit operator using relayor _before_ upgrading since it requires a minor configuration adjustment. If you do not change the default value for tor_ExitPolicy no configuration change is required. Changes since v0.3.3: ------------------------------ - major: change the format of tor_ExitPolicy (single-line to multi-line) previously it you defined the exit policy like: tor_ExitPolicy: "accept *:80, accept *:443, accept *:22" now you define your exit policy like this: tor_ExitPolicy: - accept *:80 - accept *:443 - accept *:22 - support multiple IP addresses for OutboundBindAddressExit - add support for OpenBSD 6.3 (drop 6.2) - add support for Ubuntu 18.04 (drop 16.04) - add support for Fedora 28 (drop 27) - drop support for Debian 8 and HBSD - increase min. tor version to 0.2.9.x - increase min. ansible verstion to 0.2.5.3 - add support for custom addition to MyFamily members - switch tor_alpha_version from 0.3.3.x to 0.3.4.x - Debian: switch to HTTPS (from HTTP) for repository traffic - reorder some torrc items Main benefits for a tor relay operator ====================================== * automation - no more manual setup tasks * security: offline Ed25519 master keys every tor instance is run with a distinct user * automatically makes use of IPv6 IPs (if available) * automatic tor instance generation (two by default - configurable) * enables tor's Sandbox feature by default on Debian-based systems * easily choose between alpha/non-alpha releases * easily restore a relay setup * easily choose between exit relay/non-exit relay mode * automatic deployment of a tor exit notice html page via tor's DirPort * automatic MyFamily management Supported Operating Systems ---------------------------- Debian 9 and Debian Testing OpenBSD 6.3 FreeBSD 10.4, 11.1 Ubuntu 18.04 CentOS 7 Fedora 28 regards, nusenu -- https://mastodon.social/@nusenu twitter: @nusenu_

1 1

fix this please
by I 30 Jun '18

30 Jun '18

3 5

Gentoo's Github hacked
by I 29 Jun '18

29 Jun '18

1 0

Tor Exit Node Winter Shutdown
by Jason Odoom 28 Jun '18

28 Jun '18

Hello relay operators, I regret to inform you all that I will be shutting down my Tor Exit node - Winter [0] after more than five years. Digital Ocean's new bandwidth policy has made it incredibly expensive to keep this online. I incurred almost $200 of usage. I was lucky enough to have received a deduction off of my bill. I also believe that in this case asking for donations will do little to help. I did not host this Exit node for accolade but because I truly believe in what the Tor project is doing. I will allocate my budget for the Exit node towards monthly contributions to Tor as an alternative. Hopefully in the future I will be able to return. It's been fun. 0: https://metrics.torproject.org/rs.html#details/9EC5E097663862DF861A18C32B37… Best, Jason - Jason Odoom GPG 9031B50D

2 2