13 Aug
2013
13 Aug
'13
1:04 p.m.
Hi,
Over the past month I've been running a tor exit relay in a spare VPS machine that I am not using.
It occurs to me know that this was probably a very poor idea, as I can't control the physical access to the machine or encrypt private key.
In the good bad ISPs pagehttps://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs, I see that some cloud providers are listed (aws, etc). This implies that such a practice is okay, but If linode or a malicious party wanted to read the contents of /var/lib/tor/keys I don't think they'd have any difficulty whatsoever. How do folks secure their relay's keys on a vps environment? Or should I shutdown this relay and run a relay only when I am sure the keys are secured?
-JB