- tor-relays - lists.torproject.org

Can I enable IPv6?
by cmeclax 26 Jan '13

26 Jan '13

I just upgraded to version 0.2.3.25 from the latest pkgsrc quarterly, and I have an IPv6 address. Can I tell other relays that they can connect to me on IPv6? The port number will be different, as I'm forwarding one port on the router to a different port on the Tor box. cmeclax

2 1

mouseHouse - Why not used more?
by Sina Eetezadi 23 Jan '13

23 Jan '13

Hi all, I am wondering why my TOR server "mouseHouse" is not used more? I configured 40k and 60k burst, buts its only barely used. Any hints? Thank you.

2 1

running relay severely degrades network performance eventually
by Nicolas Bock 22 Jan '13

22 Jan '13

Hello list, every time I run a relay on a Comcast cable connection, after a while (a few hours to days) other network operations such as DNS lookups slow down to such an extent that the network becomes unusable. Unfortunately I don't know how to exactly pinpoint what the problem is, but found that the only reliable solution at such a point seems to be to reset the cable modem. Is that a known issue? Could you suggest how I can diagnose this more accurately? Thanks, nick

4 3

Exit relaying: What regulations exist in your country?
by Moritz Bartl 20 Jan '13

20 Jan '13

Hi, I have revised https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines some more, adding the most relevant legal paragraphs for Germany and USA. What are the exact regulations in your country? If you know which sections, paragraphs etc, add it to the wiki or let me know. -- Moritz Bartl https://www.torservers.net/

2 1

DigitalOcean, cheap VPS that's ok with middle relays
by Micah Lee 13 Jan '13

13 Jan '13

FYI, I just discovered a VPS provider DigitalOcean, and they seem fine with people running non-exit nodes: https://www.digitalocean.com/community/questions/tor The cheapest plan is $5/month (256mb ram, 1 core, 20gb drive) with unlimited bandwidth. They give you New York and Amsterdam IP addresses. I haven't tried running a relay on it so I don't know how much bandwidth you can practically use, but it looks promising. -- Micah Lee https://twitter.com/micahflee

12 14

What's wrong with TorStatus?
by Steve Snyder 12 Jan '13

12 Jan '13

The TorStatus pages at rueckgr.at and all.de have stopped reflecting the actual state of the Tor relays. The page at rueckgr.at displays uptime as the length of time between 04 Jan and now, regardless of the actual history of the relays. The page at all.de is even worse, calculating uptime as the days since 06 Dec 2012. The former shows no less than uptime of 6 days and the latter shows every relay as having 35+ days of uptime. The page at blutmagie.de has an accurate representation of relay uptimes, but their bandwidth stats are always inaccurate, so there really is no single TorStatus page that one can look at to get an accurate view of Tor relays. What's going on with TorStatus?

4 3

Hello guys. Is is possible to choose one's Entry Guards?
by Coyo 11 Jan '13

11 Jan '13

I didn't realize the TOR Project had their own mailing list server, though it makes sense. I'm studying tor relays, especially obfsproxy, and I thought I'd go ahead and ask a question. If you have a hidden service, and hide that on Server A, then have it connect via obfsproxy to Relay B, can you configure a manually-chosen list of entry guard relays to enter the wider Tor Network from Relay B? [Hidden Server] -- obfsproxy --> [Bridge Relay] -- tor --> [Specific Trusted Entry Guard Relays] -- tor --> [TOR Network] Is this currently possible?

2 5

Registration of a Tor node at the German Bundesnetzagentur
by tor-admin 11 Jan '13

11 Jan '13

Hi, this is a question more specific for the German jurisdiction. At the 29C3 in Hamburg I attended a interesting talk about open WIFI (http://is.gd/9G8AVA unfortunately in German) who was given by Reto Mantz (http://www.offenenetze.de/) He gave the advice to register open WIFIs which are operated by non-profits at the German Bundesnetzagentur, because this is required under German law for companies (http://is.gd/vcz2pZ) I am wondering if there are Tor nodes operated by Germans who have been registered at the Bundesnetzagentur. >From my layman’s understanding of the law this should at least be required for nodes operated by German non-profits like CCC and Torservers. I am specially interested in the case of a node which runs in a data center outside of Germany but is operated by a German non-profit. As I operate my nodes privately I am unsure if registration of my tor nodes is required. I will check with my lawyer if a registration should be done and could help to run the nodes more securely concerning law enforcement. Having information from others would help to clarify this. Thanks & regards, torland

5 12

Call for discussion: turning funding into more exit relays
by Roger Dingledine 09 Jan '13

09 Jan '13

For a few years now, funders have been asking if they can pay Tor to run more relays. I kept telling them their money was better spent on code and design improvements: https://blog.torproject.org/blog/why-tor-is-slow https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance since a) network load would just grow to fill whatever new capacity we have, especially if we don't deal with the tiny fraction of users who do bulk downloads, and b) reducing diversity of relay operator control can harm anonymity. But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load: https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-06-0… At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. https://trac.torproject.org/projects/tor/ticket/6443 Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays. If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users. We've lined up our first funder (BBG, aka http://www.voanews.com/) and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits. ---------------------------------------------------------------------- Open questions we need to decide about: 1) What exactly would we pay for? I think the right way to do it is to offer to reimburse bandwidth/hosting costs -- I don't want to get into the business of paying people to run relays, and I don't want people to be trying to figure out how to "profit". That leads to all sorts of horrible incentive structures. More broadly, we should keep in mind that the primary cost of running an exit relay is effort, not dollars: it takes dedication to find an ISP who will host it, and to hold that ISP's hand when an abuse complaint arrives. Or said another way, hosting costs are in many cases not the biggest barrier to running an exit relay. I think we should aim to constrain ourselves to talking about >=100mbit exits, assuming that turns out to give us enough choices. That said, we don't want to concentrate bandwidth too much in any given relay, so we should limit the amount we'll reimburse per relay. 2) Should we fund existing relays or new ones? The worst failure mode here would be that we screw up the current community of relay operators. That's why it's extra important to keep them involved at each step of this discussion. I think the right answer is probably a balance of reimbursing costs from current exits and encouraging new exits to appear. Before we can get more precise though, we need to get a handle on how many current fast exits there are, and what their constraints are (whether their hosting situation could give them more bandwidth, whether they're paying now or getting a deal through a friend/employer, etc). Even then, there are interesting further questions like: - Should we prefer big collectives like torservers, noisetor, CCC, dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan. - For existing relays who pay for hosting, should we prefer that our money go to covering their existing costs (and then we encourage them to save their money for use, say, after this experiment finishes), or should we aim to add additional funding so the relay can use more bandwidth? I'd say it comes down to the preferences of the relay operator. That said, if we have plenty to choose from, we should pick the relays that will make the network grow -- but we should take extra care to avoid situations where operators in the first category say "well, fine" and shut down their relay. More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine. 4) What exactly do we mean by diversity? There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdictional (country) diversity, funding diversity, data-center diversity, and more. We've started to answer some of these questions at https://trac.torproject.org/projects/tor/ticket/6232 https://blog.torproject.org/blog/research-problem-measuring-safety-tor-netw… but this research topic will need ongoing attention. I'd love to get to the point where our diversity metrics can recommend network locations that best improve the various diversity scores. 5) How much "should" an exit relay cost? Since we're aiming for diversity, we can't send all our volunteers to the same cut-rate German VPS provider. After all, much of the work in setting up an exit relay is finding a good provider that doesn't already host a bunch of Tor relays. But if we declare that we'll reimburse $50/month for 100mbit, we're going to attract a different set of volunteers -- and a different set of network locations -- than if we reimburse $100/month for 100mbit. We need to learn about current bandwidth pricing: I know there are 10 cheap hosting places that will tolerate exit relays, but are there 200? And do all of those 200 turn out to overlap diversity-wise? Initial guesses appreciated. I'm inclined toward the $100 number to give our volunteers more flexibility. If we want to reimburse on a monthly basis, how do we handle situations where the ISP wants a longer-term contract? I think the answer will come down to how many choices we have. 6) How exactly should we choose which exit relay operators to reimburse? It might be premature to speculate until we better understand what choices are available to us. But I think the answer must include doing it in a way that encourages continued growth of the relay operator _community_. People who are active in the Tor community, and well-known to many other people, should be part of the answer. At the same time, we should be willing to put some of the money into trying out new places and people, especially if they're in good locations diversity-wise. The broader answer is that we as a community need to figure out a good answer here. I definitely don't want it to be "Roger picks people in an opaque way". But I also don't want the answer to be "anybody on the Internet who offers to take our money". Maybe we should put together a consortium of current Tor activists who run fast exits? 7) How do we audit / track the sponsored relays? How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money). But as the plan scales, we need good ways to track statistics on how many relays are being sponsored and how much bandwidth they're providing (so funders can see how effective their money is), and what fraction of the overall network these sponsored relays are (to keep an eye on the diversity questions). 8) Legal questions? Tor exit relays raise plenty of legal questions already, especially when you consider jurisdiction variety. But reimbursing relays introduces even more excitement, such as: - Does such a relay operator end up in a different situation legally? - Does the overall Tor network change legal categories in some country, e.g. becoming a telecommunications service when it wasn't before? - Does The Tor Project Inc incur new liabilities for offering this money? Tor has a history of creating fascinating new challenges for legal scholars, and this exit relay funding experiment will be no exception. I believe if we position it correctly, we won't really change the legal context. But I encourage people to investigate these questions for their jurisdiction. ---------------------------------------------------------------------- Next steps: I'm going to do a short blog post pointing to this thread, since many interested parties aren't on tor-relays yet. Then I'll send individual emails to exit relay operators pointing them to it and asking for their feedback (on the list or private, whichever they prefer). I'll also try to get some sense of how much their hosting costs, whether they'd want to participate in our experiment, whether they're in a position to ramp up to a faster connection, etc. Once we have some concrete facts about how many current exit relays want to participate, how many new volunteers want to help, and how many ISPs could handle more exit relays and at what prices, we'll be in a better position to decide how to proceed. --Roger

25 59

Re: [tor-relays] [tor-talk] On the Theory of Remailers
by grarpamp 08 Jan '13

08 Jan '13

> It is an interesting questions, if with a modern user interface, can they > get to new life? I see no reason the state of the art from the legacy remailer types can't be combined and updated into a new service running on some of the same relay machines we have for Tor today. Even if only 10% ran them it would probably be more hosts than were ever behind the old remailer nets. And relay operators already have the abuse experience in place.

1 0