Dear Relay operators community,
The parliamentary elections in Turkmenistan are coming up very soon on
March 26th[1], and the Turkmen government has tightened internet censorship
and restrictions even more. In the last few months, the Anti-censorship
community has learned that different pluggable transports, like
Snowflake, and entire IP ranges, have been blocked in the country.
Therefore, running a bridge on popular hosting providers like Hetzner,
Digital Ocean, Linode, and AWS won't help as these providers' IP ranges
are completely blocked in Turkmenistan.
Recently, we learned from the Anti-censorship community[2] and via Tor user
support channels that Tor bridges running on residential connections
were working fine. Although they were blocked after some days or a week,
these bridges received a lot of users and were very important to keep
Turkmens connected.
How to help Turkmens to access the Internet
===========================================
You can help Turkmens to access the free and open internet by running an
obfs4 Tor bridge! But here's the trick: you need to run it on a
residential connection -- you won't need a static IPv4 --, and it would
ideally be run on more robust hardware than just a Raspberry Pi
(although that can help, we have found they can get overloaded).
You can set up an obfs4 bridge by following our official guide:
https://community.torproject.org/relay/setup/bridge/
After you setup a new bridge, you can share your bridge line with the
Tor support team at frontdesk(a)torproject.org, and we will share it with
users.
A complete bridge line is composed of:
IP:OBFS4_PORT FINGERPRINT cert=obfs4-certificate iat-mode=0
Check this documentation to learn how to share your bridge line:
https://community.torproject.org/relay/setup/bridge/post-install/
Just sharing your bridge fingerprint is not the best, but it's fine.
You can read more about censorship against Tor in Turkmenistan here:
- https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss…
- Snowflake blocked:
https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/iss…
Thank you for your support in helping to keep the internet free and open
for everyone.
Gus
[1] https://en.wikipedia.org/wiki/2023_Turkmen_parliamentary_election
[2] https://ntc.party/c/internet-censorship-all-around-the-world/turkmenistan/17https://github.com/net4people/bbs/issues/80
--
The Tor Project
Community Team Lead
Hello!
In case it affects you as you are still running your relay or bridge on
Tor 0.4.5.x: the 0.4.5 series is going EOL on *2023-02-15* (roughly in 3
weeks from now).
That's currently still 760 relays, which means roughly 7% of the
advertised bandwidth of the network (and 387 bridges, which means
roughly 9% of the advertised bridges bandwidth).
Please make sure you have upgraded to the 0.4.7.x series by then.
Supported releases in general can be found on the network team wiki.[1]
Thanks,
Georg
[1]
https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorRele…
Hello,
We accomplished a number of things in our fight against malicious relays
over the last 2 years[1]. One area we still need to focus on is
strengthening our relay operator community. We're therefore currently
collecting proposals from you or anyone else interested that could help
to impove the health of the Tor relay operator community and, thus,
provide our users a more trusted Tor network. We're accepting both new
and old proposals, and we're open to any ideas you may have.
Although there are various proposals for improving the network and the
Tor relay operator community, not all of them are being enforced at the
moment. Nevertheless, some proposals that can help on increasing trust
have been adopted by a meaningful fraction of the Tor community (e.g.
providing valid contact information).
Another great example of such proposals is the "Expectations for Relay
Operators"[2] document, where we guide relay operators to keep the Tor
community and the network safe, healthy, and sustainable.
We'd love to hear your proposal on how to make it more difficult for
attackers to run relays while keeping it easy for good contributors to
join our network. You can share your proposals on this GitLab ticket[3]
and our tor-relays mailing list. It is worth noting that at the moment
we are only trying to map these proposals to get an overview over the
various options available. We're not in the process of approving any of
them.
If you have any experience, positive or negative, with Sybil-resistance
and online abuse mitigation projects, we welcome your opinion as well.
Since in this debate we have seen previous bad actors trying to game
this process and thus lowering the effectiveness of our defenses, the
Tor team will take all measures to stop people acting in bad faith and
enforce the Tor Code of Conduct and policies.
During the Tor Relay Operator Meetup on Saturday (March 4, 2023 -
19UTC), we will be discussing some of these proposals we've collected so
far.
Thank you,
Gus
[1] https://blog.torproject.org/malicious-relays-health-tor-network/
[2]
https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-R…
[3] https://gitlab.torproject.org/tpo/community/relays/-/issues/55
--
The Tor Project
Community Team Lead
Now its more confusing. That tool says the port is not reachable for both
port 8080 and 8081. But the notices.log says the port is reachable. And
apparently the accountigmax is being reached.....
--Keifer
On Wed, Apr 19, 2023 at 8:06 AM meskio <meskio(a)torproject.org> wrote:
> Quoting Keifer Bly (2023-04-19 16:46:37)
> > How to find that?
>
> https://community.torproject.org/relay/setup/bridge/post-install/
>
> > It gave the message its reachable from the outside.
>
> This message is saying that the ORPort is reachable from outside, but it
> doesn't
> test for the obfs4 configured port. You can test it yourself if the port
> is
> reachable using our reachability test:
> https://bridges.torproject.org/scan/
>
> Or directly configure the bridgeline in Tor Browser and see if it connects
> correctly.
>
> --
> meskio | https://meskio.net/
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> My contact info: https://meskio.net/crypto.txt
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Nos vamos a Croatan.
Hi all,
I'm running a Tor middle/guard relay on OpenBSD. I'm wondering if there are any steps I should take to guard my relay from DoS attacks.
My thanks
Hi,
So for my bridge at
https://metrics.torproject.org/rs.html#details/4D6E3CA2110FC36D3106C86940A1…
Despite my newest torrc, which is here:
Nickname gbridge
ORPort 8080
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:8081
ExtOrPort auto
Log notice file /var/log/tor/notices.log
ExitPolicy reject *:*
AccountingMax 50 GB
ContactInfo keiferdodderblyyatgmaildoddercom
It still says "Bridge Distribution Mechanism: None".
However, that's VERY confusing as it is listed in the torrc file to be
distributed by email and apparently despite that it is not distributed, it
is overloaded somehow?
This is confusing to me as why would it say no distribution mechanism when
it is in the torrc as email, and how could it be overloaded if it's not
being used?
Thanks so much all,
--Keifer
Hello everyone,
We are hosting multiple relays under our AS 210558 and received an email from a local police station in Germany requesting user data, nothing unusual.
The weird thing is, that the relay in question is only a relay and not an exit node since its creation (185.241.208.179) (https://nusenu.github.io/OrNetStats/w/relay/B67C7039B04487854129A66B16F5EE3…) - anyone has an idea how this happens?
Best regards
Hi to all, i have setup a new tor exit relay with name TorGate, but there are only a few kb trafic on this?
the flags are exit,running,v2dir,valid and its also messured.
there are no warns or errors in the tor console
any ideas why?
regards Lin