- tor-relays - lists.torproject.org

Supporting TOR: Seeking Affordable and Reliable Server Providers in Eastern Europe
by coal_norm_0v＠icloud.com 12 Sep '24

12 Sep '24

Hello everyone, I’ve been a fan of Tor for many years now, and my affinity for anonymity naturally extends to other interests, such as Monero… 😉 I’ve successfully rallied like-minded individuals who have generously supported our cause through various grants, and we’ve even received a government subsidy from the Czech Republic to promote freedom of speech in oppressive regimes. With a substantial sum of money at our disposal, we’ve chosen to allocate a portion to support the TOR project. Currently, we operate around 60 servers. Our main challenge, unsurprisingly, is with exit servers. Convincing providers to overlook automatic complaint notifications has proven quite tricky. From our original 30 exit nodes, we’re down to about 5—the rest had to be shifted to relay nodes. We could switch them to well-known operators like RDP.sh, but they already host a large number of exit nodes, and we prefer to encourage network diversity. We’ve initiated something akin to a cost-sharing model for enabling our servers to run exit nodes, but it hasn’t made a significant impact. We want to spend our funds wisely to support Tor. Do any of you have suggestions for good, affordable providers in less conventional locations (e.g., Eastern Europe like Poland, Hungary, Ukraine)? Thanks for any ideas, Alex https://tor.foundation

5 5

Artikel 5 e.V. - Another police raid in Germany - general assembly on Sep 21st 2024
by Artikel 5 e.V. 09 Sep '24

09 Sep '24

Hello to all list-reading entities! On Aug 16th 2024 German police considered it once again appropriate to raid the home&office at the registered address of our organization. The first raid was 2017. There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users. At least that is what they claim in the paperwork. As with the first time, the raid team was fortunately a bit better educated and acted significantly more reasonable than the non-technical people applying for the raid and the judge signing it off. So again, no hardware was seized. Apart from one burnt (middle relay) node and some billing paperwork for the exit node this was all about, the team left the house after one and a half hours with mostly empty hands. We intend to legally challenge the search warrant to make sure that this does not happen again (but this is not what this email here is about). These were once again one and a half hours with armed police in a personal living room, threatening to de-facto kill a livelihood and software business (carrying a truckload hardware away) of an non-profit board member to force cooperation. As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes. That is a risk I am just no longer willing to take anymore. Artikel 5 e.V. is now calling for a general assembly on Sep 21st 2024. We are looking for new board members (who take over and organize a new registered address and keep running exits) or discuss ALL alternative options. These options include "just stop running exits" or even the most drastic step of liquidating the entire organization and distribution of the remaining budget to other German organizations (that would have to qualify under our non-profit by-laws). Assembly time&location details can be found at https://artikel5ev.de/ We intend to provide a stream primarily for our members but also for interested parties who can not attend in person. The event/stream will however be in German only. Details for the stream will be made available on the website on short notice before the event starts. If you plan to attend in person, an upfront email would be appreciated, so we can pick the right room to set things up. Thank you! Regards, Gero Kühn for Artikel 5 e.V.

3 2

Next Tor Relay Operator Meetup - September 7th, 2024 at 19UTC
by gus 08 Sep '24

08 Sep '24

Hi, Save the date: the next Tor Relay Operator will happen Saturday, September 7th, 2024 at 19 UTC! We're still working on the agenda for this meetup, however feel free to add your topics directly to this pad or just reply to the mailing list: https://pad.riseup.net/p/tor-relayop-sept7th-meetup-keep ## Agenda 1. Announcements 2. 2024 Elections & Anti-censorship news 3. Network health updates - New Metrics Network Status API 4. OTF relay operator survey summary/presentation 5. Questions & Answers <add your question below> ## How to join us Meetup details: - Room link: https://tor.meet.coop/gus-og0-x74-dzn - When: September 7th, 2024 - 19.00 UTC - Duration: 60 to 90 minutes - Tor Code of Conduct: https://community.torproject.org/policies/code_of_conduct/ - Registration: No need for a registration or anything else, just use the room-linkabove. We will open the room 10 minutes before. cheers, Gus -- The Tor Project Community Team Lead

3 5

simple instructions to the expiredkey issue, pls.?
by code9n＠pm.me 06 Sep '24

06 Sep '24

Hi, I know I should have sorted this some weeks ago but can anyone tell me a simple method of dealing with the: bullseye InRelease: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key issue, please? Thanks.

4 4

Bridge node configurations and where to find them (semi quote)
by Alessandro Greco 30 Aug '24

30 Aug '24

Dear all, In the past, I set up a middle relay node, and today I am looking to experiment with configuring a Bridge node to support the Tor project and its community. Since this is a very sensitive task, I decided to reach out to you to ensure that the setup is correct and that the configuration does not pose any risks to users who connect. First, I will summarize the `torrc` configuration file (I have removed the ports as they differ from the standard ones): ``` BridgeRelay 1 ORPort <port> ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy ServerTransportListenAddr obfs4 0.0.0.0:<port> ExtORPort auto ExitPolicy reject *:* ``` I have set two limits on the connections: ``` BandwidthRate 300 MBytes # I want to determine how much bandwidth I can allocate without impacting my network usage. IPv4Only ``` As for the information settings, I have used the usual `ContactInfo` and `Nickname`. While reading the `torrc` documentation, I discovered the Sandbox feature, which is still in development. In this regard, I would like to ask whether using experimental features like this on Bridge nodes is advisable or not. Personally, I would find a feature like this very useful. Should an anti DDoS system be configured? I wanted to ask how I can further contribute to the Tor Project's research, as I have read that there are "Statistics" features that allow the collection of useful information for the developer community. I have two main questions about this: 1. Is it advisable to use experimental features or those that collect information on a Bridge node (assuming there is a difference between a Bridge, a Guard/Middle relay, and an Exit Node)? 2. If the answer to the first question is yes, what are all the features that I can include in the `torrc` file to passively support research within the Tor Project? Finally, I would like to ask what information should be kept confidential when managing a Bridge. For example, I know for sure that it is important to keep the IP address confidential to avoid the risk of being blacklisted, but are there any other pieces of information that need to be protected? To ensure that a Bridge node can be restarted on a different machine, which files need to be preserved? Are they the same as those for a standard relay (i.e., the private key), or are there additional files that need to be securely stored? Thank you for your support and guidance. Best regards, Aleff --- Browse my WebSite: aleff-gitlab.gitlab.io Use my PGP Public Key: pgp.mit.edu/pks/lookup?op=get&search=0x7CFCE404A2168C85 Join to support: - Free Software Foundation! (my.fsf.org/join?referrer=6202114) - Electronic Frontier Foundation! (eff.org) - Tor-Project (torproject.org) - Signal (signal.org)

3 6

Request for Tor to support armhf architecture
by Landon 30 Aug '24

30 Aug '24

I am running a Raspberry Pi Raspbian OS (debian) mini computer. Tor software does not support this hardware without me having to compile it myself for my platform. Which I don't know how to do. My specific APT error message says this: N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://deb.torproject.org/torproject.org bookworm InRelease' doesn't support architecture 'armhf' The Raspberry Pi is a perfect computer to run Tor because it has 8 GB RAM, is tiny, only uses a max of 25 watts of power and works great as a network server. Plus, I don't have to leave my big power hungry desktop computer on all the time to run Tor. Raspberry Pi info page: https://www.raspberrypi.com/products/raspberry-pi-5/ Landon

3 4

a couple noob questions
by observatory123 27 Aug '24

27 Aug '24

Dear fellow relay operators, I've been hosting a tor relay on a VPS (strato) for a couple days now. I've never done this before, so I have a couple of questions: - Is it normal for my relay to only use up only about 2 MB/s after nearly 5 days of uptime despite bandwidth speed tests done with speedtest-cli generally reporting significantly higher bandwidth? - Is it normal for my relay to advertise 7.37 MiB/s on its relay search page despite bandwidth speed tests done with speedtest-cli generally reporting significantly higher bandwidth? - Do I have to mark somewhere that I'm hosting the tor relay on a VPS (which means technically a company also has control over the relay)? - Is this mailing list a good place to ask these questions? Or am I reaching too many people by doing this? When I say I performed a bandwidth test, I mean I performed a bandwidth test with the speedtest-cli debian package. The test generally tells me I have about 217 MB/s download speed and 113 MB/s upload speed. The nickname of my relay is observatory123 and its fingerprint is: 45431BF8AB66C673942C1E344BB520625CE5F817 Kind regards, observatory123

8 9

Re: [tor-relays] [network-health] help metrics torpoject
by George Hartley 21 Aug '24

21 Aug '24

Hi, don't worry, a relay will be removed from metrics 7 days after you shut it down. Sincerely, George On Sunday, August 18th, 2024 at 8:49 AM, kop kop <a5654505(a)gmail.com> wrote: > Good afternoon. how can I delete an entry in https://metrics.torproject.org/rs.html#search/134 > about fargo node? > I didn’t think twice and deployed this relay from my home network and now I’m afraid of persecution from the authorities. I ask for help.

1 0

Re: [tor-relays] DDOS alerts from my provider
by eff_03675549＠posteo.se 20 Aug '24

20 Aug '24

Hi Rafo, My apologies for the late reply in your request for the code on banning tor exits into *GUARDS or middle-relays* * * * * rm ../../etc/cron.d/updateSSHkey echo "0 0 * * * root wget -P /root/scriptsremote/ https://check.torproject.org/torbulkexitlist" > ../../etc/cron.d/blacklistTORexits echo "1 1 * * * root sed 's/^/-A ufw-before-input -s /; s/$/ -j DROP/' /root/scriptsremote/torbulkexitlist" >> ../../etc/cron.d/blacklistTORexits echo "2 1 * * * root sed -i '/# End required lines/r /root/scriptsremote/torbulkexitlist' /etc/ufw/before.rules" >> ../../etc/cron.d/blacklistTORexits echo "3 1 * * * root rm /root/scriptsremote/torbulkexitlist" >> ../../etc/cron.d/blacklistTORexits apt install -y fail2ban rm ../../etc/fail2ban/jail.d/sshd.conf touch ../../etc/fail2ban/jail.d/sshd.conf echo "[sshd]" > ../../etc/fail2ban/jail.d/sshd.conf echo "enabled = true" >> ../../etc/fail2ban/jail.d/sshd.conf echo "port = 11218" >> ../../etc/fail2ban/jail.d/sshd.conf echo "filter = sshd" >> ../../etc/fail2ban/jail.d/sshd.conf echo "logpath = /var/log/auth.log" >> ../../etc/fail2ban/jail.d/sshd.conf echo "maxretry = 5" >> ../../etc/fail2ban/jail.d/sshd.conf echo "bantime = 24h" >> ../../etc/fail2ban/jail.d/sshd.conf echo "bantime.increment = true" >> ../../etc/fail2ban/jail.d/sshd.conf echo "bantime.factor = 24" >> ../../etc/fail2ban/jail.d/sshd.conf echo "bantime.maxtime = 52w" >> ../../etc/fail2ban/jail.d/sshd.conf Here I hope this is well received, Carlos. On 7/10/24 1:19 AM, god-gave-you-mouth-ears-eyes-so-enjoy(a)posteo.net wrote: > > Hi Rafo, > > > I have a pre-defined fail2ban (jail) script that does all the job of > banning any tor-EXIT -dynamically updated via cron- from attempting > access when this helps. > > This is meant for Debian, > > the synthax could do with fedora (perhaps a few code adaptation). > > let me know when this is of interest. > > > Carlos. > > On 7/8/24 7:34 PM, Rafo (r4fo.com) via tor-relays wrote: >> Hi, >> I have been running a relay for a few months now without any >> problems. But this week I’ve received 2 DDoS alerts from my provider >> (Netcup), both are ~3 gigabits. They seem to be coming from other Tor >> relays. >> I’m running an Invidious like instance on my server (which uses >> around 600 megabits) but I have a 2.5 gigabit port. So I configured >> my Tor relay to use 300-400 megabits. >> I’m not sure where that 3 gigabit of data comes from. >> I have lowered my advertised bandwidth to 100 megabits, would that be >> enough to prevent these kind of issues? >> >> >> Kind regards, >> Rafo >> >> >> _______________________________________________ >> tor-relays mailing list >> tor-relays(a)lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- > Updated every second week. > > -----BEGIN PGP PUBLIC KEY BLOCK----- > > xjMEZfy9NxYJKwYBBAHaRw8BAQdAManzdqpnuQkafKwGP49famHD40TRuz3tlk2S > 6x9w7afNP0d1c3QgT09ITlRFUiA8Z29kLWdhdmUteW91LW1vdXRoLWVhcnMtZXll > cy1zby1lbmpveUBwb3N0ZW8ubmV0PsKPBBMWCAA3FiEEEAD7hg5vFuAk80AxAZJk > LcbaZlUFAmX8vTcFCQATxoACGwMECwkIBwUVCAkKCwUWAgMBAAAKCRABkmQtxtpm > VRErAQDPkO6rew8L0fv+YkObGBGL58dxZtWbELZqDjICDi5A6QD/QC4978BycOFq > ZAx/N9ihgNLRm6Sg1EUupAoaVMcDVA7OOARl/L04EgorBgEEAZdVAQUBAQdA0Xrh > XPXwikKTr7amFdFv57VCWtansLWJCnYqFAVWYmADAQgHwn4EGBYIACYWIQQQAPuG > Dm8W4CTzQDEBkmQtxtpmVQUCZfy9OAUJABPGgAIbDAAKCRABkmQtxtpmVfxdAQDL > TRwNnIeZ//Y4kahWP+WWS7qb6EmM1mCtjRc3IadSDgD+Nh1xGFt00AQtG+oMKF/J > GwnLbMda6bMdvCIXN+U1LQw= > =z8PX > -----END PGP PUBLIC KEY BLOCK----- -- PGP updated every second week : please actualize our communication every time.

2 1

DMARC helps prevent Tor-exit from being abused for email SPAM.
by boldsuck 20 Aug '24

20 Aug '24

Hi @all, I thought DMARC was unimportant for a small domain, but I played around with it a few days ago. There are some DMARC monitor sites that you can use for free & I was surprised when I saw that in 2-3 days about 1500 emails were sent via my exit subdomains. Then I set DKIM and SPF to strict adkim=s; aspf=s; and DMARC subdomain policy to reject sp=reject; Since then, emails about Tor-exits have dropped to 0 ;-) -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

1 0