- tor-relays - lists.torproject.org

New TOR Relay
by Kyle Levy 17 Sep '18

17 Sep '18

Hello, I am attempting to set up a TOR relay on my raspberry pi on my home network (nickname: relaydetour). I had it set up and running, but now it seems to be offline. I hadn't changed any settings, and it's still flagged as "running" and "valid". Is it functional? And is it more likely a problem with my configuration or something more problematic? Please let me know. Thank you.

4 6

Exit friendly ISPs in Australia
by Isaac Grover, Aileron I.T. 17 Sep '18

17 Sep '18

Good evening, Following up with a tongue-in-cheek suggestion to set up exit nodes in Australia, for those who are interested, there are already seven exit nodes in Australia per https://hackertarget.com/tor-exit-node-visualization/ . I have also contacted RIMU Hosting, which has servers in Australia, and they said "As an account holder under our terms of use, you would be directly responsible for all content in and out of your server. In general that is not possible to do with a tor exist node, so we are not a good fit for that use case." Make your day great, Isaac Grover, Senior I.T. Consultant Aileron I.T. - "Practical & Proactive I.T. Solutions" O: 715-377-0440<tel:715-425-0440>, F:715-690-1029<tel:715-690-1029>, W: www.aileronit.com<http://www.aileronit.com/> LinkedIn: https://www.linkedin.com/in/IsaacGrover/ YouTube: https://www.youtube.com/channel/UCqrwZNFKdR-guKtuQzFPObQ

7 8

Tor master exits with a required protocol error
by teor 16 Sep '18

16 Sep '18

(CC'd tor-relays, please direct replies to tor-dev.) Hi, If you are running Tor master, your Tor may exit with a required protocol error. The issue was introduced in commit 991bec67ee (about 8 hours ago). The following conditions will make Tor exit: * Tor will exit on startup if it has a cached consensus from the 14th of September (or earlier). It does not matter how old the consensus is. * If certain directory authorities go down, the remaining authorities may generate a consensus that will cause your Tor to exit. These consensuses require the LinkAuth=1 protocol, which Tor master believes it does not support. (The change was intended for NSS Tors, but mistakenly applies to all Tors.) Here's how you can mitigate this issue: * downgrade to 0.3.4.8 or earlier, or * delete the cached consensuses in your data directory. These consensuses may be called cached-consensus, cached-microdesc-consensus, unverified-consensus, and unverified-microdesc-consensus. Some may not be present. We should resolve this issue in master in the next 24 hours. Then it may take another 24 hours for packages to be rebuilt. The master ticket for this change is: https://trac.torproject.org/projects/tor/ticket/27288 T -- teor Please reply @torproject.org New subkeys 1 July 2018 PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ----------------------------------------------------------------------

1 0

Australian relays
by Sydney 16 Sep '18

16 Sep '18

Hi all I currently run 3 Australian exits, and 1 non-exit, in the 262E84A99F53AE1F6860267F7C5DA5B96E57A46D family. Due to personal reasons I need to take the relays down, which is disappointing as they are currently in a unique AS. This will leave 6 Australian exits. I appreciate that Australia is a long way in terms of latency, and my relays have been fairly under-utilised even though they’re on a 100mbit (Adelaide) and gigabit (Sydney) network interface. I might be in a position to bring these back in 2019. Before I do, I just wanted to know if it’s worthwhile having the Australian relays as part of the network? Cheers Sydney

2 1

Announcement: Relay operator meetings on IRC
by Colin Childs 16 Sep '18

16 Sep '18

Hello Tor relay operators! Starting September 11th @ 1:00AM UTC, we will be piloting regular relay operator meetings in #tor-relays on irc.oftc.net. These meetings will be an opportunity to introduce yourself to the operator community, make new contacts and provide updates to the group on the status of your relays. This will also be an opportunity to have questions answered by a group of dedicated relay operators, community members and Tor Project staff. For everyone overseas, we will be hosting a second meeting on September 25th @ 19:00 UTC. After these initial two meetings, we will evaluate if these dates / times need to be adjusted, as well as how frequently these meetings should be run. I will send a follow-up email at the end of September with the results of that evaluation. On the Monday of meeting weeks, I will send a reminder on this list with the channel, date and time. I look forward to seeing you all there, and thank you for running relays!

6 8

exit operators: overall DNS failure rate above 5% - please check your DNS
by nusenu 16 Sep '18

16 Sep '18

Dear Exit relay operators, first of all thanks for running exit relays! One of the crucial service that you provide in addition to forwarding TCP streams is DNS resolution for tor clients. Exits relays which fail to resolve hostnames are barely useful for tor clients. We noticed that lately the failure rates did increase again and would like to urge you to visit Arthur's "Tor Exit DNS Timeouts" page that shows you the DNS error rate for exit relays: https://arthuredelstein.net/exits/ (the page is usually updated once a day) Please consider checking your DNS if your exit relay consistently shows a non zero timeout rate - and make sure you run an up to date tor version. If you are an exit operator but have no (or no working) ContactInfo, please consider updating that field in your torrc so we can reach you if something is wrong with your relay. kind regards nusenu -- https://twitter.com/nusenu_

2 3

[release] ExoneraTor 4.0.0
by Karsten Loesing 14 Sep '18

14 Sep '18

Good evening, today we released and deployed version 4.0.0 [0] of the ExoneraTor service [1]. This new version greatly reduces database size and variance of query response times. Changes in this version are heavily based on work done by Sebastian Hahn. Earlier ExoneraTor databases can be migrated by running the new psql script [2] that comes with a migration function. Please direct comments and questions to the metrics-team mailing list [3]. All the best, Karsten [0] https://dist.torproject.org/exonerator/4.0.0/ [1] https://metrics.torproject.org/exonerator.html [2] https://gitweb.torproject.org/exonerator.git/tree/src/main/sql/exonerator2.… [3] https://lists.torproject.org/cgi-bin/mailman/listinfo/metrics-team

3 3

Torservers relay family decreased? (solved)
by niftybunny 13 Sep '18

13 Sep '18

› Hello, › › recently, I noticed some strange aspects related to networks › of Torservers/Zwiebelfreunde. Since there was no way to get any › further information on this topic so far, I am posting it here. › Maybe someone can help. Lets recap this for a moment: 1. Every relay of my family has my e-mail. Write an e-mail and ask. Problem solved. 2. The e-mails are running on a domain, registered my me, make a whois lookup for the domain. Problem solved. 3. The /24 IP space is registered by me. Make a RIPE (or whoever provides IP lookup) and you also have my name. Problem solved. 4. Ask someone from Torservers about me. They gave me the /24 for hosting Tor exits. Problem solved. 5. Take a look at the Tor relay mailing list, I was active there. Problem solved. 6. I am an registered InterExchangeCarrier under German law. Ask the Bundesnetzagentur for my Information. Problem solved. 7. The RIPE entries are maintained by F3Netze/Zwiebelfreunde. Ask Tim about me. Problem solved. 8. Write a snail mail letter to my address. Problem solved. 9. Send me a facsimile to my official RIPE abuse records. Problem solved. and the list goes on and on … Welcome to the Interwebs where people ask who you are ... To perfect sum it up: https://i.imgur.com/20wmhNT.jpg › (b) Who is the operator behind family B771AA877687F88E6F1CA5354756DF6C8A7B6B24 ? › There are some /24 IPv4 BGP allocations claiming to belong to the › umbrella organisation "Zwiebelfreunde e.V.", which operate(d|s) › the relay family mentioned above. There is still no family fingerprint. We did not ever claimed to belong to Zwiebelfreunde e.V. Stop making shit up. › I will ask further questions about this in (c) . › › However, there is a _huge_ relay family (27 members, with a › total bandwith of ~ 1,245 MB) located in 185.220.101.0/24 , › which uses Zwiebelfreunde as a contact role and has not been › changed since 2017-09-08. No, we do not. We are the ADMIN-C and the TECH-C. Zwiebelfreunde is just the MNT-REF. Look it up for yourself: https://apps.db.ripe.net/db-web-ui/#/query?bflag&searchtext=185.220.101.0&s… It even has a fucking disclaimer on it: netname: MK-TOR-EXIT remarks: ----------------------------------- remarks: This network is used for Tor Exits. remarks: We do not have any logs at all. remarks: For more information please visit: remarks: https://www.torproject.org remarks: ----------------------------------- remarks: Dieses Netz hostet nur Tor remarks: Exists. Wir haben keinerlei Logs. remarks: Mehr Informationen unter: remarks: https://www.torproject.org The (current) owner of the IPs is: https://apps.db.ripe.net/db-web-ui/#/lookup?source=ripe&key=ORG-MK113-RIPE&… and the abuse contact: https://apps.db.ripe.net/db-web-ui/#/lookup?source=RIPE&key=ACRO11287-RIPE&… › The relays itself, however, all use <abuse at to-surf-and-protect.net> › as contact address (which does not seem to be related to › Zwiebelfreunde at all) and use a description beginning with › "nifty". Have you tried to send uns an e-mail and ask? No? They are not related to Zwiebelfreunde because we are not Zwiebelfreunde. And btw, its Nifty + name of a rodent. Yes, I know hedgehogs are no rodents. But they are cute too. › Since most of them have both Guard and Exit flag assigned, I › figure they are handling a huge consensus weight. No. Complete bullshit. Exit flag indicates thats an Exit and Guard indicates a longer uptime. I can make an relay on a wee DSL line with these flags. It indicates not a huge consensus weight at all. RTFM! › Does anybody know the person/organisation behind them? Yes. › Are they related to Zwiebelfreunde/Torservers? Besides the /24, no. What is the physical location of the servers (BGP claims DE, but upstream AS200052 uses UK)? NL BGP claims DE? BGP is a routing protocol, it claims nothing. It doesnt give a flying shit about countries. It routes packets between different ASs. Show me the BGP routing table. › (c) Strange BGP allocations using Zwiebelfreunde as contact role › At the moment, 9 IPv4 BGP prefixes with a length of /24 are › known to use a contact role pointing to Zwiebelfreunde [4] . › › These are as follows: › - 37.218.246.0/24 (Upstream AS47172 "Greenhost", claims EU, but is likely NL, 0 Tor relays found) › - 193.235.207.0/24 (Upstream AS196689 "Digicube", claims EU, but is likely FR, 0 Tor relays found) › - 192.36.61.0/24 (Upstream AS60781 "Leaseweb", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.41.0/24 (Upstream AS34305 "BaseIP", claims EU, but is likely NL, 0 Tor relays found) › - 192.36.27.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.102.0/24 (Upstream AS60729 "Zwiebelfreunde" !, claims EU, physical location unknown, 0 Tor relays found) › - 185.220.101.0/24 (Upstream AS200052 "Joshua Peter McQuistan", claims DE, physical location unknown, 27 Tor relays found) BGP still claims shit. BGP is still a routing protocol. Look at a looking glas server and start reading RTFs. › What puzzles me here is: › 1. None of these networks has any Tor relays known (or Metrics › does not show them), which is strange as Torservers/Zwiebelfreunde › is more or less dedicated to operate relays. https://nusenu.github.io/OrNetStats/ https://metrics.torproject.org/rs.html › 2. The appearing relays solely belong to the strange and huge › family mentioned in (b) , which cannot be exactly pinpointed to › be run by Torservers/Zwiebelfreunde. Yeah, these strange and huge relays are here for over 3 years, growing. https://imgur.com/1jwtxHX Nusenu twitter page, https://twitter.com/nusenu_ , you should check it out. › 3. I suspected the mentioned IP ranges to be fakely allocated, › but most of them were not changed for more than half a year. Further, › I never observed any traffic from or to these networks. If anybody › does, please drop me a line. Yes! Complete right! You just destroyed our super secret FBI/NSA/BND/MI6 plan to take over the Tor network. Good job, Sherlock! › As of these coincidences, and the observations mentioned in (a) › and (b), I suspect something nasty (or highly unusual) is going on, › but I have no clue what this might be. 100% perfect conclusion. Good job, Sherlock! › It would be great if someone who is in Tor more deeply than I am › could take a look at this. Also, if there is further information › available, please tell me. › "Mit dem Wissen wächst der Zweifel. / Doubt grows with knowledge." › -- Goethe https://imgur.com/JG514ja › Best regards, › T. Westerhever Whatever, niftybunny

4 5

A vote for the amateur relay operator
by torix＠protonmail.com 13 Sep '18

13 Sep '18

My vision for the tor project (toropia, if you will) is that running a relay be normal, i.e. part of the ritual of children leaving home for college would be to make sure their parents know how to reboot the tor relay in the basement when the power goes out. But it would be a big plunge for an amateur to set up an exit relay. So when Conrad Rockenhaus offered SWIPEd freeBSD installed relays, it seemed like a chance to get my feet wet. I have no freeBSD experience, but the new torproject directions turned out fine. I'm trusting that Conrad's install will be fine while I learn about hardened freeBSD and get plugged in about security updates. So Conrad gets the grief, and I just run the relay. Maybe I'm not a "real" relay operator for this one, but I think that's okay; I'm contributing to OS diversity, and a new exit relay. When Conrad wrote about getting a court order this week, and got a reply from teor, and said he was getting help with it, my reaction was "as least he seems to be getting help" - a comforting thought for an amateur reading this list who has never seen a court order. --torix Sent with [ProtonMail](https://protonmail.com) Secure Email.

3 2

Exit node seized
by tor-relays＠geek1.de 12 Sep '18

12 Sep '18

Hello, I've found no information - after short googling - if I should take some action after an exit node got seized. Like marking the fingerprint as compromised or something like that. I'd guess it's ok to just set up a new exit node on the same IP and everything should be fine but I'm not quite 100% sure on this. Node in question: https://metrics.torproject.org/rs.html#details/AF8A3EE078EB81338461F178DBE5… And another question about this topic: Would it be better to create a new exit from scratch or is it ok to restore the latest backup with all keys, etc. ? Cheers Michael

4 6