- tor-relays - lists.torproject.org

Seeking Advice on Running a Tor Exit Node in India
by RUSTEDUSTED 19 May '25

19 May '25

Dear Tor Operators, I hope this message finds you well. I am planning to set up a Tor exit node and would like to seek your valuable advice and guidance before proceeding. Specifically, I want to understand the following: - What are the essential technical and operational considerations I should be aware of before running an exit node? - Are there best practices or configurations you recommend to ensure the node runs securely and efficiently? - What kind of bandwidth allocation is ideal? I am considering allocating around 30-40 Mbps on my internet connection—would this be sufficient or optimal? - Could you please share insights on the legal responsibilities and potential risks involved with operating a Tor exit node in India? - Are there any specific resources, communities, or contacts you recommend I engage with for ongoing support? - (most importantly) what hardware accelerations should my device support?? is it fine if i run it on raspberry pi 5 or would it need a modern x86 CPU? I appreciate any advice or resources you can share. I am eager to contribute responsibly and effectively to the Tor network. Thank you very much for your time and help. Best regards, Pradnyesh Email: rustedusted(a)proton.me Location: Pune, India

3 2

Next Tor Relay Operator Meetup - Saturday, May 10th @ 1800 UTC
by gus 10 May '25

10 May '25

Hi! The next online relay operator meetup is happening on Saturday, May 10th, 2025 at 1800 UTC[1]. ## Agenda - Announcements - Happy Family and updates from Network Team - Tor @ Universities - Next Tor in-person events: WHY, Bornhack, DEF Con - Next Tor Relay Operator meeting Feel free to suggest and add other topics for the meetup on this issue here: https://gitlab.torproject.org/tpo/community/relays/-/issues/114 ## How to join Meetup details: - Room link: https://tor.meet.coop/gus-og0-x74-dzn - Date & Time: Saturday, May 10th, 2025 @ 18.00 UTC - Duration: 60 to 90 minutes - Tor Code of Conduct: https://community.torproject.org/policies/code_of_conduct/ - Registration: No need for a registration or anything else, just use the room link above. The room will open 10 minutes before the meetup starts. Gus [1] If you're confused about UTC and your timezone, anarcat maintains a cool project called undertime - https://gitlab.com/anarcat/undertime -- The Tor Project Community Team Lead

1 1

Patela: A basement full of amnesic servers
by Osservatorio Nessuno 07 May '25

07 May '25

Hi everyone! A while back, we announced[1] our project to set up a server facility in Italy to host Tor exit nodes. After several weeks of testing, we’re excited to share that our first nodes are now in production, running on our autonomous system. [2] Four of these nodes operate diskless thanks to System Transparency [3] and Patela [4], a small, pull-based tool we developed to configure exit nodes efficiently. To optimize this infrastructure, we’ve worked on multiple fronts, including mTLS for nodes authentication, TPM for crypto operation and nftables rules. In this post[5], we’ll explain how the system works, and we’d love to hear your thoughts and feedback via the mailing list. Now that we’ve completed this initial testing phase, our next goal is to acquire suitable hardware to increase bandwidth capacity. Stay tuned for updates! Bye b [1] - https://osservatorionessuno.org/blog/2024/12/how-to-bgp-from-your-basement-… [2] - https://metrics.torproject.org/rs.html#search/as:AS214094 [3] - https://docs.system-transparency.org/st-1.0.0/ [4] - https://github.com/osservatorionessuno/patela [5] - https://osservatorionessuno.org/blog/2025/05/patela-a-basement-full-of-amne…

2 2

How Best to Maximize Impact of $500/mo Budget?
by Tor at 1AEO 05 May '25

05 May '25

If you have a budget of $500/mo (EUR or USD, roughly) that could be used to strengthen Tor network, what would you use it for and why? Some ideas: Run new relays: Lease VPS or colocate hardware yourself Fund existing operators: Provide stipends or grants to help other operators Donate to the Tor Foundation: Support core development, research, and docs. Other ideas: e.g. donation platforms, bandwidth grants, research funding? Which approach (or mix) yields the best consensus-weight gain per dollar? Any tips on pitfalls, vetting, or recommended donation channels? I've been leaning towards running new relays since it seems to always benefit from more diverse growth but wondering what others think. Thanks for your insights!

2 1

Tor Relay Deployment Dilemma: Handle BGP yourself or have it done upstream to announce your own AS?
by Tor at 1AEO 02 May '25

02 May '25

I'm currently evaluating the best approach for having my AS announced with my owned (not rented) IPv4 addresses, and I've observed that hosting providers have different preferences for handling BGP sessions. For example, one provider requires that the BGP session be managed on the same server running the Tor relays, while another handles the announcement with my AS entirely on their side. This inconsistency makes it challenging to determine the most effective approach. I'm seeking guidance on the following points (or others you think are helpful): - When given the option: Should I manage the BGP session myself, or is it preferable to delegate it to the upstream provider whenever possible? - When required to manage BGP myself: - To conserve CPU/RAM resources for Tor, is it advisable to only use a default route (0.0.0.0/24) rather than a full routing table, relying on the upstream provider for full routing? - Under what circumstances should I implement multi-homed strategies myself versus allowing the upstream provider to manage them? - Are there best practices for route filtering or failover management? - What are your experiences regarding the compute and memory requirements for these configurations? - What are some preferred monitoring solutions? bgpmon.net doesn't seem free... Helpful read and suggestions at the end from this 6 year old article from nusenu, but couldn't find too much beyond this: https://nusenu.medium.com/how-vulnerable-is-the-tor-network-to-bgp-hijackin… I'm already using ROA and RPKI via ARIN for each /24 and limit max length to /24 to help as well. "The Tor exit fraction located in /24 prefixes is much higher than the guard capacity. So hijacks against exit capacity might be harder than attacks against guard capacity." - Seems also good to have /24 prefixes for guards, not just exits. Thanks!

2 2

relayor v25.0.0 is released
by nusenu 29 Apr '25

29 Apr '25

Hi, relayor v25.0.0 is released. relayor is an ansible role that helps you with running tor relays with minimal effort (automate everything). https://github.com/nusenu/ansible-relayor#main-benefits-for-a-tor-relay-ope… Most notable changes: * Support the MyFamily successor "happy families". This new relayor feature is currently opt-in as it also requires an alpha release of tor. When happy families reaches a tor stable release we will enable it by default and make the opt-in setting obsolete. I'm not so happy about the details but I also didn't want to introduce new dependencies so relayor is copying the family key file for **every** tor instance - see the background here [1]. Happy families is especially useful for large operators running many tor instances. The MyFamily configuration is not replaced by happy families, both designs are used when happy families is enabled. * prometheus integration improvement (backward incompatible change): remove variable tor_prometheus_config_file. relayor makes use of prometheus conf.d folder support instead of generating the entire configuration, relayor only drops the scrape config files into a configurable folder where prometheus is expected to read them. See prometheus' global config: scrape_config_files [1] https://gitlab.torproject.org/tpo/core/tor/-/issues/41046 Changelog: https://github.com/nusenu/ansible-relayor/releases/tag/v25.0.0 kind regards, nusenu -- https://nusenu.github.io

1 0

Self hosting bridge at home - de-anonymization risk?
by bjewrn2a＠anonaddy.com 28 Apr '25

28 Apr '25

is there any documentation on self-hosting a bridge at home and using it for your own connections? I am trying to understand why this isn't a recommended setup, would it lead to de-anonymization? Why/how much? your traffic blends with other users directly via the same connection other users use your bridge on a regular basis together with you and your hidden services ISP monitoring of your exact connection times are made harder (not sure how much exactly) I don't understand why hosting a bridge outside of your geographic location is necessary? is it a problem that the first hop is from your own IP address if the other two hops are external? were there any studies or similar questions asked before? I couldn't find anything I can't find help anywhere, so would appreciate any advice

6 16

Tor Relay Deployment Dilemma: Colocation vs Dedicated Servers for 10 Gbps
by Tor at 1AEO 05 Apr '25

05 Apr '25

Part 2 - Looking for feedback on our Tor relay configuration decision: Assuming both options cost the same and provide the same aggregate bandwidth—and by “better,” I mean improved advertised bandwidth, reliability, and diversity—is it preferable to deploy: Option 2A: Colocation, where we own the hardware, for 2 x 10 Gbps, or Option 2B: Dedicated servers, where we rent the hardware, for 4 x 10 Gbps? We lean toward Option 2B because it offers higher total bandwidth and may provide enhanced hardware redundancy and scalability. Additionally, does the ideal choice depend on the relay's role (e.g., exit vs. guard/middle nodes)? Also, is there a more comprehensive way to define “better” for this context? We appreciate any suggestions or refinements

2 1

Open source scripts for parsing CollecTor Tor server descriptor files?
by Tor at 1AEO 03 Apr '25

03 Apr '25

Couldn't find open source scripts to download and parse metrics from CollecTor server descriptor files so started creating some with help of ChatGPT. It'd be great if these already existed somewhere to build from and contribute back to! Created something very basic to parse and group relays by family fingerprint showing contact info, aggregated observed bandwidth, average observed bandwidth, unique IPv4 count, and unique AS count. Will keep dumping code here: https://github.com/1aeo/relayradar/ What would be helpful to see that you can't find elsewhere? Ex: I want to summarize total bandwidth observed by relay family per AS to see how different providers are performing Source files: https://metrics.torproject.org/collector/recent/relay-descriptors/server-de… Some initial insights, might be specifically incorrect but should have the right magnitude, from parsing March 27th, 28th and 29th server descriptor files: March 28th 6814 number of unique IPv4 addresses ~900 number of unique ASN Screenshot attached of example output in .html and attached .html file Used a 3rd party API, ipinfo.io, to lookup AS per unique IP and they shared some more metrics below via images, based on the 3 days of server descriptor unique IP to AS lookup calls. Top 5 countries and cities, highly concentrated in Europe Top 5 companies, mostly hosting companies and 1AEO, us, as #3 (guessing by quantity of IP addresses) 38 mobile carrier IPs running relays [image.png] [image.png] [image.png] [image.png] [image.png]

1 0

Running an obfs4 Bridge behind a UniFi UXG
by Malcolm MacDonald 01 Apr '25

01 Apr '25

Hello All! Not sure if anyone else is running a bridge behind a UniFi UXG but in my Flow log I am seeing blocked items with the Category of "DShield Block List" and Signature of "ET DROP Dshield Block Listed Source group 1" and the connection is being blocked. I'm thinking these alerts can be set to Allow Signature? Am I wrong on this one? Malcolm

2 1