For those who may skip emails by the subject line, I resend my own email.
There is a sinking feel in general over here, where a bunch of us learn more about Tor. We learnt we cannot run our own relays because here censorship is very strong; at the same time, we realize we have many relay operators in other countries to thank, for giving us a window into the world.
Thank you. And I write this email over Tor.
- Jack
Date: 4. Apr 2018 03:55 From: jackoreamnos@tutanota.com mailto:jackoreamnos@tutanota.com To: tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org Cc: tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org Subject: Re: [tor-relays] tor-relays Digest, Vol 87, Issue 4
We had some more discussions over here, and someone pointed out a key fact which we novices did not get at first - the Tor network does not REALLY trust the relay operators until the directory authorities DAs (whose IPs are hardcoded into the source code) can check them out and then vote about what they have learnt about these relays. If relays pass that test, they get onto a live document called the "Consensus" (between the DAs). So new clients to the network trust these DAs and they trust the consensus reached by the DAs. That is how new clients learn the network topology and find relays to connect to.So we were wrong on a few points: (1) we thought we can contribute to the relay networks without being detected, but basically no - you cannot contribute to the relay network unless you are in the consensus, and if you are in the consensus, your IP address is world readable. (2) a private bridge is providing relay WITHOUT publishing descriptors to the consensus, so it is a hybrid creature: (a) it appears as a client to the Tor network proper, being hidden from the consensus, and therefore cannot help relay traffic; (b) it appears as a relay server to connecting clients but unlike relays already on the consensus certain clients trust it because they know about the private bridge from channels they trust outside the Tor consensus; and these clients gain a extra measure of security from whatever obfuscation the bridge can offer.
So by design, Tor does not trust and cannot completely trust a relay that just pops up one day. There is no way for Tor DAs to work with a relay node that hides itself behind a VPN.
So in the area where we live, if we run a relay, we will be caught, plain and simple. No way around it. No way for us to contribute by running a relay. Zero, nada. We utterly depend on bridges hosted outside our geography, to have any hope of accessing Tor. Some of us who have facilities in another country might help, but for us that is comparatively difficult and expensive.
The only reason I can access the "outside world" is due to people who hosts bridges for us. If you guys pack and go home, nothing we can do. Zero, nada. I am writing this email over Tor.
- Jack
- Apr 2018 16:02 by > development@jivanamara.net mailto:development@jivanamara.net> :
Hey Jack,
Here's my understanding of your concerns, anyone else please chime in if I'm mistaken anywhere.
For running a normal relay compared to a client connecting to a relay via obfs4, it's less likely to be discovered by examining the content of traffic. The obfs4 protocol is designed to disguise the connection between a client (i.e. torbrowser). Once the traffic hits a relay, the interaction between relays contains less opportunities to identify it as tor traffic as opposed to any other encrypted traffic.
That being said, there are a couple of other things that would make it very easy to identify a TOR relay. First, by default, relays are listed for anyone to examine.
Second, if the authorities are watching, the change in traffic to/from your home computer will be pretty obvious.
Regarding your concerns about children being inappropriately exposed to the dark web, running a relay will make very little difference compared to not running one. For your children to see the content of the dark web they'll need to install torbrowser (or equivalent) and that's going to be the same whether or not you're running a relay. The only potential difference is that if in your area it's very difficult to connect to the tor network and your children know you're running a relay, with some knowledge they could configure torbrowser to connect first to your relay. In some sense, if the authorities are successful in blocking access to the tor network, you could be enabling their romps on the dark web.
HTH
Jivan
On 04/03/2018 02:38 AM, >> tor-relays-request@lists.torproject.org mailto:tor-relays-request@lists.torproject.org>> wrote:
Send tor-relays mailing list submissions to
tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@lists.torproject.org mailto:tor-relays-request@lists.torproject.org
You can reach the person managing the list at
tor-relays-owner@lists.torproject.org mailto:tor-relays-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..."
Today's Topics:
- Re: failed setup of obfs4 on relay (>>> jackoreamnos@tutanota.com mailto:jackoreamnos@tutanota.com>>> )
- Re: failed setup of obfs4 on relay (>>> jackoreamnos@tutanota.com mailto:jackoreamnos@tutanota.com>>> )
- Re: Estimation of bridge traffic / Bridge or relay needed? (>>> jackoreamnos@tutanota.com mailto:jackoreamnos@tutanota.com>>> )
Message: 1 Date: Tue, 3 Apr 2018 05:00:18 +0200 (CEST) From: <>>> jackoreamnos@tutanota.com mailto:jackoreamnos@tutanota.com>>> > To: <>>> tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org>>> > Cc: <>>> tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org>>> > Subject: Re: [tor-relays] failed setup of obfs4 on relay Message-ID: <>>> L98Ret7--3-0@tutanota.com mailto:L98Ret7--3-0@tutanota.com>>> > Content-Type: text/plain; charset="utf-8"
Thank you all, that was very helpful. - Jack
- Mar 2018 20:53 by >>> arma@mit.edu mailto:arma@mit.edu>>> <>>> mailto:arma@mit.edu mailto:mailto:arma@mit.edu>>> >:
On Fri, Mar 30, 2018 at 04:52:23PM -0400, Roger Dingledine wrote:
For obfs4, the active prober doesn't know the secret "cert" parameter,
For far far more detail on the various pluggable transports and how they look on the wire, check out this awesome page that David Fifield put together:
https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTr... https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports>>>> <>>>> https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTr... https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports>>>> >
--Roger
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org>>>> <>>>> mailto:tor-relays@lists.torproject.org mailto:mailto:tor-relays@lists.torproject.org>>>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>>>> <>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>>>> >