Hello,
Thanks everyone who joined us in the last meetup, in April. Here are the meetup notes, sorry for taking a long time to send it to the list.
We're still figuring out the next meetup date -- probably June 24 -- and we will announce officialy soon here in the list. :)
In the next weeks Tor staff will be at SIF[1] and Rightscon[2]. If you're joining these events, come to say hi!
cheers, Gus [1] https://stockholminternetforum.se/ [2] https://www.rightscon.org/
# Tor Relay Operator meetup - 2023-04-15 . 19.00 - 20 UTC
## Agenda
### Announcements
- Update on Censorship in Turkmenistan: - obfs4 bridges on residential connections + obfs4 port 80, 443, 8080 - Paper: https://arxiv.org/abs/2304.04835 - TMC dashboard: https://tmc.np-tokumei.net/ - Article: https://globalvoices.org/2023/04/12/new-study-finds-internet-censorship-in-t... - Tor relays running EOL - Tor Weather - https://weather.torproject.org - `HTTP/1.1 503 Service Unavailable` womp womp. - Right, I'll enable the service on Monday again and, hopefully, it will stay available longer than the last time(s). Pretty bumpy launch :) --GeKo - Google Summer of Code - We might have two network health related projects; the application deadline is over and we are sorting through proposals. Those are for the relay-to-relay connectitity checking tool and the network status API projects on: https://gitlab.torproject.org/tpo/team/-/wikis/GSoC. If we are lucky, we get mentees for both of them, we'll see... --GeKo - DoS update "Load decreased by ~80% for our servers consistently. It's quite manageable now. Servers are mostly idling now even without all the attacks"
- Upcoming EFF university Tor relay advocacy campaign, still taking shape but now with a more detailed roadmap: https://gitlab.torproject.org/tpo/community/relays/-/issues/67 - The Tor network has a status page! https://status.torproject.org/ -- on this page we try to summarize critical issues about which pieces of our infrastructure are having issues.
### (Discussion) Proposals towards a more trusted relay operator community https://gitlab.torproject.org/tpo/community/relays/-/issues/55
- Timeline of this process
October 2022 - January 2024
- We called for proposals from the community (March 3 2023) - Work on proposals (TPO) (like meta proposal about the process and governance and different stake holders) (March/April) - Proposal evaluation (May/July) - Events and offline discussions with community (August/September) - Approving proposals after feedback from the community and figuring out the details of enforcement/adhering to them (September-December) - Proposals go live (January 2024)
### Status update on the "Bumping the 4 relays per ip to 8 relays per ip"? https://gitlab.torproject.org/tpo/core/tor/-/issues/40744#note_2896285: We want to do the analysis for the bump to 4 relays per IP which won't happen in April anymore but I try to sneak this into my May ToDo list. Afterwards we can consider bumping the limit further in case the analysis looks fine as expected. --GeKo ^^ I made a change to moria1 so it publishes its
AuthDirMaxServersPerAddr value in its v3 vote: https://consensus-health.torproject.org/#consensusparams so we can know if the dir auths are even allowing the new 4 number yet. Alas, it appears that I am still the only dir auth using this patch. https://gitlab.torproject.org/tpo/core/tor/-/issues/40753 seems to think it will be in an upcoming Tor version. --Roger
### Q&A
Q: Is there a way for me to tell if my bridge is reachable from Turkmenistan? A: Alas we don't have an automated vantage point inside .tm. But we can pass your bridge address to users in-country and ask them to test your bridge. Email gus@ if you want to learn the answer! Only residential connections are working there, so 'cloud' (data center) obfs4 bridges probably do not work.
Q: Is it still unwise to run both a snowflake and also an obfs4 bridge at home? A: Correct, you should run either one or the other. The reason is that if one of them gets your IP address blocked by a censor somewhere, then the other one will end up blocked too.
Q: What if my IP address changes every few hours? A: It doesn't make sense to run an obfs4 bridge in this situation, because clients will learn about your address too late to use it. *But*, this is a perfect situation for running a Snowflake proxy!
Q: When will we start bumping out Tor relays running 0.4.5? A: Starting beginning of May. And bridges we will treat differently, because they are more scarce. We might make an exception for 0.4.5 bridges that are popular. Update: https://forum.torproject.net/t/tor-relays-psa-tor-0-4-5-reaches-end-of-life-...
Q: Re: the EFF University Relay campaign, University libraries will be helpful here; did anything much result from the Library Freedom Project's Tor Exit Relay Project? (https://libraryfreedomproject.org/torexitpilotphase1/) A: Yes, we have a few university libraries running exits right now, such as UNC's ibiblio project. But yes you make a great point that Alison and the LFP folks are good resources here. I will make an internal note to remind ourselves to connect to them when the time is right. ^ It seems there are some relays running right now in the network that are LFP-related, so an easy first step would be to label them better so we can celebrate them more.
Q: Does anyone know why increased inbound ORPort connection rates no longer result in increased CPU usage on relays? A: Hmm! There is not an obvious answer here. Maybe, if there are too many connections then receiving another one involves a surprising amount of work because Tor is inefficient with its data structures somehow? Or maybe, the inbound connections used to be doing something especially expensive and denial-of-service-y, and 'normal' Tor connections don't do that? Let us know if you have any more hints and have any new info.
Q: Do you have an estimate of how many relay operators there are? (Or maybe a count of "good" operators) A: We have a count of how many *relays* there are, but that's not the same thing. One of our upcoming plans is to build a tool for us to annotate which relays and relay operators we 'know', which will let us better understand how much of our relay operator community we are already connected to. The idea isn't to accuse the un-annotated people of being bad, but it's to have a starting point to map who we know.
Q: Are there any long-term plans to have Arti be used for relays? A: Yes, that is on the roadmap see https://gitlab.torproject.org/tpo/core/arti#roadmap https://blog.torproject.org/announcing-arti/ "And then? We also want support for running a Tor Relay in Rust." It probably won't even start until 2024, *if* our funding proposals get approved etc. Alex and Micah are good people to ask about details and timeline.
Q: What would it take to get an official Docker image for relays? It would be very helpful for those of us running multiple daemons on the same machine on high bandwidth uplinks. Currently available open source versions each have severe limitations or bugs
Q: Could you include a dateful.com link for future events? It makes it easier across timezones. - Maybe an ical people can import would be nice? Could someone provide a website that doesn't track and collect users data?
Q: After the last meetup trinity worked on https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/698 and it is stuck since then. What is the best way to get this moving again? A: I (trinity) sent a reminder to dgoulet. Hopefully it will get unstuck?
Q: Can you publish a list of events and offline meetings (including date) that you have in mind regarding the trusted relay operator community? A: We try to publish a list of interesting public events on a sidebar on https://blog.torproject.org/ but you're right that we don't have a separate section specifically for relay operators. It is a good suggestion -- we should try harder to organize and announce and schedule in-person meetups at various hacker cons.
Q: Can we get metricsport documentation at some point, what is a realistic timeframe? https://gitlab.torproject.org/tpo/core/tor/-/issues/40762
Q: I recently tried Freedombox, which can operate over Tor. Per default it enables relay functionality after installing the Tor app. However, if using Tor to access Freedombox via a hidden service, this is considered to potentially deanonymize the server location, right? A: It is recommended to not run a relay and also an onion service, because being a relay exposes some potential side-channel issues: people can send traffic through your relay, and also send traffic to the onion service, and notice congestion that correlates. So if you care enough about the privacy of your onion service, consider not doing both. (If you don't care much about the privacy of your onion service, it is fine to do both.)
Q: Another issue with Freedombox, or Debian (as it is based on it) is that Tor version is 0.4.16, which is considered obsolete. However, adding the Debian Tor repository doesn't work either, as upgrading fails due to missing libevent>=2.1.8 dependency. Any workaround or solution for that? A: Maybe you can get tor or libevent from backports? Else, the upcoming Debian bookworm might have exactly the packages you want.
On Thu, Mar 30, 2023 at 11:04:39AM -0300, gus wrote:
Hello,
The next Tor Relay Operator Meetup will happen on April 15th, 2023, at 19 UTC.
We're still working on the agenda, feel free to add your topics and/or questions on the pad: https://pad.riseup.net/p/tor-relay-op-meetup-april-keep onionsite: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor-...
WHERE Room link: https://tor.meet.coop/gus-og0-x74-dzn
Registration
No need for a registration or anything else, just use the room-link above. We will open the room 10 minutes before so you can test your mic setup.
Please share with your friends, social media and other mailing lists!
Gus
The Tor Project Community Team Lead