- tor-relays - lists.torproject.org

Netscan Hetzner
by Diyar Ciftci 04 Jan '26

04 Jan '26

Good evening, Apologies as this is likely the incorrect way to do things. I'm not fantastic with mailing lists. I saw on tor forum that some people were getting these netscan emails from hetzner. https://forum.torproject.org/t/tor-relays-abuse-report-from-relays-in-famil… I got my first a few months ago and I just got my second one about an hour ago. Both times it was to the 1st amendment group IP addresses. Last time I just clicked their check button and it passed and then I gave reasoning in the next link. For some reason it doesn't seem to be liking when I click the first link this time and keeps saying not solved. I don't know what my best course of action is. I've gotten 2 reports for hetzner for a guard and 0 for netcup for an exit relay :( I saw in the forum post (which is to a clone of the mailing list) about temporarily blocking tor but that feels a bit deceptive so I don't really want to go down that route. The best thing though it may be a long process as there may be a potential harm to how circuits are built negatively affecting user anonymity is for the tor program to operate in a manner so that it doesn't look like a netscan to some sensitive providers like hetzner even though we know it isn't a netscan anyways. If this issue keeps coming up with hetzner I may look at not hosting a tor relay with them because I have a lot of stuff on this server like my personal website and project mirrors and such and don't want those to be negatively affected due to a unjust IP ban by hetzner for running a tor relay. Any advice? Kind regards, Diyar Ciftci

6 10

Questions about running an exit relay
by tor＠rehcamp.de 03 Jan '26

03 Jan '26

Hi dear list, I hope I am in the correct place for my questions regarding my tor setup. I am currently running a guard/middle relay on a vServer. The relay runs inside a docker container, exposing OrPort and DirPort externally and ControlPort and MetricsPort internally. On the same machine, but in different docker networks (except for prometheus for metrics), multiple other containers providing my personal infrastructure are running. All of them run behind caddy, which only forwards requests coming to specific subdomains on a specific domain. First of all: Is this already a bad idea? Do you seperate tor relays and personal infrastructure physically or in VMs instead of containers? Now, as netcup is my provider and they seem to tolerate exit nodes, I am thinking about allowing exits. I assume this would increase visibility of my server and maybe attract more attention. Knowing the IP address of the tor node, it could be possible to find other domains pointing to it (the PTR record however points to an irrelevant entry) and maybe find the subdomains leading to (still login-protected) infra. Do you think this is a reason not to open the relay for exits? I only have a single IPv4 address to use, additional addresses would imply additional costs. However, I do have a /64 block of IPv6 addresses. For IPv6, i could separate the tor address from the address used personally and therefore make it impossible to reach anything except tor over the designated address and covert any other domains, as they won't be associated with the tor address. Do you think this would be needed/enough? In this case, I would restrict the relay to IPv6-only exits. I am sorry if I could have found more information in the docs, but everything that I did find did not answer my questions enough. Kind regards.

5 5

CPU requirement gone up?
by gerard＠bulger.co.uk 31 Dec '25

31 Dec '25

(Linux 6.8.0-90-ge...) Tor 0.4.8.21 (recommended) I used spin up Webtunnels on very cheap VPS, bandwidth and uptime being my main consideration. But in recent days CPU is 99% even at quiet sites with under 50 outgoing connections. This is new. It would run at 30-50% before. Gerry

4 5

abuse report from relays in family 7EAAC49A7840D33B62FA276429F3B03C92AA9327
by Dimitris T. 29 Dec '25

29 Dec '25

Hey all, got an abuse report today from Hetzner concerning one middle relay we're running there. allegedly, our relay has been port scanning (port 443 only) some members of https://metrics.torproject.org/rs.html#search/family:7EAAC49A7840D33B62FA27… (just from family relays in 96.9.98.0/24 range, all using ORPort 443) anyone else got similar abuse reports? or someone here from this relay family, that can clear things out with this isp? thinking of replying to hetzner accordingly, let them know (with metrics link), that these are tor relays with 443 port open/accepting our middle relay connections, not port scans... best, d.

14 29

Consensus frequently reports relay down, despite relay passing traffic
by forest-relay-contact＠cryptolab.net 29 Dec '25

29 Dec '25

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello. One of my relays, forest19 (E21B4A2C2852298186C0EA7E2F900EF03AE38D69), frequently appears offline in the consensus despite my uptime monitors and bandwidth graphs showing uninterrupted activity. About once a day to once every other day, I get a Tor Weather notice that my relay has been offline for the last 4 hours. The relay is able to ping all authorities but Sarge, and I am not seeing abnormally high packet loss. How do I troubleshoot this? Regards, forest -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvLrj6cuOL+I/KdxYBh18rEKN1gsFAmlN4PQACgkQBh18rEKN 1gtdxg//QENLNjbb8Ukg40Cyd5vaJDw7PSmcS7XKTh1VID6ZrCdw53arHiYBfvZM Ez26SRD+4gj6//Oz+uz2A0jcBJ8fa+RewTwm4WBthiNGLs8hhyt03CN9zA/j/sm0 9VEkxORYAnjTwJmUQYZKIzfF0GdjJirfuk/daq2q5s4Uxd1tspSSTvYI/O/myE+l 7M5qXtu7OSAJynwYGySQPudt9dGgXdb7fDCATaM7gczXpkHFkSxwIrCNHGYPPL+/ Y/xewRs5rHb0TS8DRJcvDKNBSRaTTNLUQkmiRN4it7pY3w/DWkEWduTwvufMsvK3 3AOs75oaO2cs2WVkqQag12uHTtw78uzegObZl9RPaWmThrbQ8SF/co+10zUUlUa9 UXik2zgpAyQzLLb6TNmLAkNAALQUXvO6YZnZ2z6lrkiXW5ySsgmAhgKaPX9JufKz xbXJ2kkyWRt5xP4y/I5tHj+vmjhLjahmn/gy2O3S1atdTwsd5OX0sn1MzdLfsjw2 9DPaCZpvaOCXwHoQFYM5q0K+JqDNrhsgoCMbjnIhrj/J19OCCYoaLPDd4rxrMOJ8 nsl6hzxi6804hol4A9MDnWzNpAxdxFahSbEE523TfG6OaQG4rw2GyP15Ai6NK6fO Am1cgei2NDAZBquFNB7tI2gfGvle+n7boviHdaMNmlEqMhLL7Pk= =hlTa -----END PGP SIGNATURE-----

4 4

Manual calculation of the bridge-moji
by Marek Küthe 29 Dec '25

29 Dec '25

Hello, When I add a bridge in Tor Browser, the fingerprint is displayed with four emojis. I would be interested to know how I can create this fingerprint manually, for example with Ansible or a Python script. The reason for this is that I would like to list my bridges with their fingerprints on my website, preferably with emojis as well. I would appreciate a reply! Best regards, Marek Küthe -- Marek Küthe m.k(a)mk16.de er/ihm he/him

2 1

RouteFluxMap: open-source Tor relay map with historical bandwidth snapshots
by Tor at 1AEO 27 Dec '25

27 Dec '25

Hello tor-relays, I’m sharing a new open-source visualization tool for exploring Tor relay distribution and bandwidth over time (updated daily): - Live site: https://routefluxmap.1aeo.com - Open-source code: https://github.com/1aeo/routefluxmap What it does: - Interactive world map of Tor relays, with relay presence and density visualized using bandwidth-weighted aggregation - Flow-style visualization based on the probability of traffic per relay, derived from each relay’s advertised bandwidth and consensus weight (not traffic tracing) - Historical snapshots built from Tor Collector / Onionoo data, covering 2007 through present - Country-level summaries showing relay count and aggregate bandwidth Why this is useful for relay operators: - Provides a fast, high-level view of where Tor bandwidth is concentrated geographically - Helps identify broad shifts in relay distribution or bandwidth that may correlate with performance or reachability changes - Useful for gaining network-wide context when debugging issues that aren’t obvious from single-relay metrics alone Implementation notes: - Static frontend built with Astro + React using Deck.gl and MapLibre - Data pipeline aggregates publicly available Tor network metadata into versioned historical snapshots Feedback is welcome, particularly on which additional historical or aggregate views would be most useful for operators. Significant inspiration and guidance from an open source and 7 year previously retired effort, TorFlow: https://github.com/unchartedsoftware/torflow Tor at 1AEO 1st Amendment Encrypted Openness (1AEO)

2 2

(FWD) December 2025 tor-edu update
by Roger Dingledine 27 Dec '25

27 Dec '25

Hi folks! Here is the latest update from the EFF Tor university relay campaign. We've added eight new relay groups since the last update. You can see the campaign page here: https://toruniversity.eff.org/ One of its advocacy goals is to show momentum at getting more relays running in universities and other educational institutions, first because universities make sense from an education/community/research perspective: https://toruniversity.eff.org/administrators/ and also because we want to help show the world that running relays is a normal activity that many groups around the world do, for a variety of reasons. If you are connected to an educational institution and you are reading this and want to get involved, please reach out to us! --Roger ----- Forwarded message from Roger Dingledine <arma(a)torproject.org> ----- Date: Fri, 26 Dec 2025 11:16:21 -0500 From: Roger Dingledine <arma(a)torproject.org> To: toredu-announce(a)lists.eff.org Subject: [Toredu-announce] December 2025 tor-edu update Hello excellent university relay operators, Since the July update, we have added 8 more new relay groups to https://toruniversity.eff.org/: * NYU Abu Dhabi (UAE), run by Zacharia Kornas in Christina Pöpper's research group * University of Macedonia (Greece), run by professor Panagiotis Fouliras * Bern University of Applied Sciences (Switzerland), run by professor Christian Grothoff * Hampden-Sydney College (US), run by professor William Tolley * A second relay at Arizona State University (US), now an exit relay, run by Pratham Gupta connected to professor Yan Shoshitaishvili's group * Fort Hays State University (US), run by Instructor Jackie Zhang * KAIST (Korea), run by Jinseo Lee in Min Suk Kang's research group * National Taiwan Normal University (Taiwan), run by a student named NZ I've added these folks to this list -- welcome! -- and it brings our total to 43 institutions. The two new relays at KAIST and NTNU are the first relays in East Asia to join the campaign! Here is a reminder that if your educational-network relay has been running for a year and you haven't gotten your awesome EFF challenge coin gift and you haven't heard from Cooper, please reach out to me or him and we'll get your coin(s) on track. And lastly, we've been pondering how best to set up a community for the tor-edu operators to share information and grow solidarity with each other. I would feel bad adding more zoom calls to people's schedules. Maybe we should start a wiki to record advice / experiences / questions asynchronously? Let us know if you are interested to help brainstorm about community and we will happily work with you. Thanks for everything! --Roger _______________________________________________ toredu-announce mailing list toredu-announce(a)lists.eff.org https://lists.mayfirst.org/mailman/listinfo/toredu-announce ----- End forwarded message -----

1 0

Bridge "identity crisis" after reinstallation
by telekobold 26 Dec '25

26 Dec '25

Hi, about four weeks ago, I switched off one of my relays and two of my bridges running on Debian 11 ("Bullseye") systems after discovering the "not recommended" flags on the Tor metrics overview of those relays with the intension of reinstalling and reconfiguring the underlying VMs and relays the following days. (A few days later, I read on this list that those flags are not that critical, but unfortunately Tor doesn't seem to be updated for Debian 11 at the official torproject Debian repositories [1]). But as life goes, something always came up in the days that followed. However, a week ago, I finally wanted to reinstall one of the bridges. I'm using Offline Relay Identity Keys [2], so I created a new intermediate key pair consisting of ed25519_signing_cert and ed25519_signing_secret_key locally and copied them to /var/lib/tor/keys on my freshly installed VM, together with ed25519_master_id_public_key. Unfortunately, I didn't copy the old secret_id_key key file. I then realized that the fingerprint files under /var/lib/tor changed (despite that IP address, port number and identity key stayed the same) and that I wasn't able to connect to my bridge using Tor Browser. So, a week later (yesterday), I gave it a new try and did the complete reinstallation and configuration process again, but with the slight difference of also copying the files secret_onion_key, secret_onion_key_ntor and secret_id_key to /var/lib/tor/keys. This resulted in the fingerprint files being as they were on my old installation, but I read the following message at /var/log/tor/notices.log: [warn] http status 400 ("Looks like your keypair has changed? This authority previously recorded a different RSA identity for this Ed25519 identity (or vice versa.) Did you replace or copy some of your key files, but not the others? You should either restore the expected keypair, or delete your keys and restart Tor to start your relay with a new identity.") response from dirserver 66.111.2.131:9001. Please correct. So, I uninstalled tor, copied only the files ed25519_master_id_public_key, secret_id_key, ed25519_signing_cert and ed25519_signing_secret_key to /var/lib/tor/keys, which unfortunately also resulted in the above warning message. My question now: Do I still have a change to recover the "old identity" of my bridge, or did I "burn" the old identity now since the directory authorities apparently registered a new identity? Kind regards telekobold [1] https://deb.torproject.org/torproject.org/dists/bullseye/main/binary-amd64/… [2] https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorRelaySecurity/Offl…

2 2

You can delete my Relay from consensus
by code9n＠pm.me 26 Dec '25

26 Dec '25

Hi, Doubt you need to know this but you can delete my relay: 41D4F82AB54AE5C5FB8D3CD24B4FC84350EFEF03 from the consensus, etc. The price for renewing has gone up 69 per cent from two years ago and it's through put has halved for the last six months or so. Not sure if Tor just doesn't need it as much as it did or if the vps hosting provider (Hostworld) is throttling it. I'll start a completely new one early in the new year when I get some time. This one is dead and the vps hire has expired - I no longer have access to it. Just out of interest is my telling [Tor Project] this useful? Christmas-y regards, Pete

3 2