For those who may skip emails by the subject line, I resend my own email.

There is a sinking feel in general over here, where a bunch of us learn more about Tor.  We learnt we cannot run our own relays because here censorship is very strong; at the same time, we realize we have many relay operators in other countries to thank, for giving us a window into the world. 

Thank you.  And I write this email over Tor.

- Jack


Date: 4. Apr 2018 03:55
From: jackoreamnos@tutanota.com
To: tor-relays@lists.torproject.org
Cc: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] tor-relays Digest, Vol 87, Issue 4

We had some more discussions over here, and someone pointed out a key fact which we novices did not get at first - the Tor network does not REALLY trust the relay operators until the directory authorities DAs (whose IPs are hardcoded into the source code) can check them out and then vote about what they have learnt about these relays.  If relays pass that test, they get onto a live document called the "Consensus" (between the DAs).  So new clients to the network trust these DAs and they trust the consensus reached by the DAs.  That is how new clients learn the network topology and find relays to connect to.

So we were wrong on a few points:
(1) we thought we can contribute to the relay networks without being detected, but basically no - you cannot contribute to the relay network unless you are in the consensus, and if you are in the consensus, your IP address is world readable.
(2) a private bridge is providing relay WITHOUT publishing descriptors to the consensus, so it is a hybrid creature: (a) it appears as a client to the Tor network proper, being hidden from the consensus, and therefore cannot help relay traffic; (b) it appears as a relay server to connecting clients but unlike relays already on the consensus certain clients trust it because they know about the private bridge from channels they trust outside the Tor consensus; and these clients gain a extra measure of security from whatever obfuscation the bridge can offer.

So by design, Tor does not trust and cannot completely trust a relay that just pops up one day.  There is no way for Tor DAs to work with a relay node that hides itself behind a VPN.

So in the area where we live, if we run a relay, we will be caught, plain and simple.  No way around it.  No way for us to contribute by running a relay.  Zero, nada.  We utterly depend on bridges hosted outside our geography, to have any hope of accessing Tor.  Some of us who have facilities in another country might help, but for us that is comparatively difficult and expensive.

The only reason I can access the "outside world" is due to people who hosts bridges for us.  If you guys pack and go home, nothing we can do.  Zero, nada.  I am writing this email over Tor.

- Jack

3. Apr 2018 16:02 by development@jivanamara.net:

Hey Jack,

Here's my understanding of your concerns, anyone else please chime in if
I'm mistaken anywhere.

For running a normal relay compared to a client connecting to a relay
via obfs4, it's less likely to be discovered by examining the content of
traffic.  The obfs4 protocol is designed to disguise the connection
between a client (i.e. torbrowser).  Once the traffic hits a relay, the
interaction between relays contains less opportunities to identify it as
tor traffic as opposed to any other encrypted traffic.

That being said, there are a couple of other things that would make it
very easy to identify a TOR relay.  First, by default, relays are listed
for anyone to examine.

Second, if the authorities are watching, the change in traffic to/from
your home computer will be pretty obvious.

Regarding your concerns about children being inappropriately exposed to
the dark web, running a relay will make very little difference compared
to not running one.  For your children to see the content of the dark
web they'll need to install torbrowser (or equivalent) and that's going
to be the same whether or not you're running a relay.  The only
potential difference is that if in your area it's very difficult to
connect to the tor network and your children know you're running a
relay, with some knowledge they could configure torbrowser to connect
first to your relay.  In some sense, if the authorities are successful
in blocking access to the tor network, you could be enabling their romps
on the dark web.

HTH

Jivan


On 04/03/2018 02:38 AM, tor-relays-request@lists.torproject.org wrote:
Send tor-relays mailing list submissions to
tor-relays@lists.torproject.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
or, via email, send a message with subject or body 'help' to
tor-relays-request@lists.torproject.org

You can reach the person managing the list at
tor-relays-owner@lists.torproject.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-relays digest..."


Today's Topics:

1. Re: failed setup of obfs4 on relay (jackoreamnos@tutanota.com)
2. Re: failed setup of obfs4 on relay (jackoreamnos@tutanota.com)
3. Re: Estimation of bridge traffic / Bridge or relay needed?
(jackoreamnos@tutanota.com)


----------------------------------------------------------------------

Message: 1
Date: Tue, 3 Apr 2018 05:00:18 +0200 (CEST)
From: <jackoreamnos@tutanota.com>
To: <tor-relays@lists.torproject.org>
Cc: <tor-relays@lists.torproject.org>
Subject: Re: [tor-relays] failed setup of obfs4 on relay
Message-ID: <L98Ret7--3-0@tutanota.com>
Content-Type: text/plain; charset="utf-8"

Thank you all, that was very helpful. - Jack

30. Mar 2018 20:53 by arma@mit.edu <mailto:arma@mit.edu>:

On Fri, Mar 30, 2018 at 04:52:23PM -0400, Roger Dingledine wrote:
For obfs4, the active prober doesn't know the secret "cert" parameter,
For far far more detail on the various pluggable transports and how
they look on the wire, check out this awesome page that David Fifield
put together:

https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports <https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports>

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180403/1e860483/attachment-0002.html>

------------------------------

Message: 2
Date: Tue, 3 Apr 2018 05:00:18 +0200 (CEST)
From: <jackoreamnos@tutanota.com>
To: <tor-relays@lists.torproject.org>
Cc: <tor-relays@lists.torproject.org>
Subject: Re: [tor-relays] failed setup of obfs4 on relay
Message-ID: <L98Ret7--3-0@tutanota.com>
Content-Type: text/plain; charset="utf-8"

Thank you all, that was very helpful. - Jack

30. Mar 2018 20:53 by arma@mit.edu <mailto:arma@mit.edu>:

On Fri, Mar 30, 2018 at 04:52:23PM -0400, Roger Dingledine wrote:
For obfs4, the active prober doesn't know the secret "cert" parameter,
For far far more detail on the various pluggable transports and how
they look on the wire, check out this awesome page that David Fifield
put together:

https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports <https://trac.torproject.org/projects/tor/wiki/doc/AChildsGardenOfPluggableTransports>

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180403/1e860483/attachment-0003.html>

------------------------------

Message: 3
Date: Tue, 3 Apr 2018 10:38:38 +0200 (CEST)
From: <jackoreamnos@tutanota.com>
To: <tor-relays@lists.torproject.org>
Cc: <tor-relays@lists.torproject.org>
Subject: Re: [tor-relays] Estimation of bridge traffic / Bridge or
relay needed?
Message-ID: <L99e63k--3-0@tutanota.com>
Content-Type: text/plain; charset="utf-8"

Want to follow up the discussion on encouraging people to run relays.

The powers that be where I live now heavily frowns upon VPN and Tor.  And a fair number in our community is sensing further tightening in the air.

Today we had a discussion, we had a lot of questions.  I try to summarize below and see if we can fact-check and learn more.

(1) Advocacy: Background - Someone raised the idea that we should each run a Tor relay in each of our house.  Someone said the powers that be cannot put all of us in jail if we get enough people to host Tor.  A parent among us said, "I never before had an urge to run a VPN or Tor.  But when running encryption and sharing a VPN tunnel with a criminal on the next packet is required to ensure your freedom to read BBC, you feel queasy and you worry what your underage kids might stumble on, things they are too young to deal with on the dark web.  But loosing the freedom to read BBC makes me feel beyond queasy, beyond nauseated, and bilious, and sick..."  He used a few more adjectives that I cannot spell.  There were non technical users who expressed interest to run a non-exit relay, but only if they will be able to run an installer and click the next button and only use default options.  And only if they can feel assured they understand the risks.

  (1.a) Their underage kids will not stumble on the dark web before they are old enough to know they are doing.  Underage kids should not be able to stumble on the dark web on the computer the Tor relay is run (and what must be done to assure that).  And underage kids should not be able to stumble on the dark web by being on the same WIFI network in the house.

  (1.b) There are different degrees of fear of risks.  Some are brave enough to run a non-relay in the house where they live.  We think they need to assume they can be detected.  Some were only willing to consider if the non-exit Tor cannot be easily detected.  The definition of not easily varies:
  - as difficult to detect as the obfs4 bridge protocol (but someone said the bridge protocol only works between a Tor client and a Tor relay, but not between a Tor relay and another Tor relay; we have not been able to confirm this by our own efforts)
 - as difficult as the meek protocol (someone said the idea of meek is to encrypt Tor packets and send it to a unblocked IP/domain, where the traffic is decrypted and copied to a proper Tor network); someone said he is willing to run a meek server to accept incoming connections, but only if the outgoing connections are at least obfs4.  Someone said if we have many thousands of these tiny meek nodes hosted at our home address, we offload the official meek proxies run on amazon and azure.  And even if we contribute only 1kb/s each, it is going to be more than sharing the cost - the idea is we want a high level of household penetration so that the powers that be find it hard to clamp us down.
  - as difficult to detect as protected by a VPN.  Someone said he would pay for a VPN package, run a relay on a machine which only talks to the world through the VPN.  But someone said that works for a Tor client, but not for a relay because a relay would need to have its own IP and listen on certain ports on that IP, and so because you VPN exit point will not let you listen on any port numbers, even if he is willing to pay for a commercial VPN that exits in another country, his tor relay cannot accepts incoming connections.  Some people would give up running a non-exit if this cannot be done.  The only IP they can access is where they sleep, and they want to be able to sleep well.  Not just them, but their wife and their children needs to sleep well too.  Is the ability to accept incoming connections a requirement to running a non-exit relay? 

(2) There is a sentiment that we should get "every household to run a Tor" so that the powers that be will find it much harder to clamp down.  Someone said he would install a Tor relay on every single computer he controls, to support journalism and news reporting, if what he contributes ONLY goes towards beating censorship against the media.  He said he feels it is a much easier sell if the sole function of that node is to allow people living under censorship to read newspaper.  He said if there is a funding campaign to deploy the onion enterprise toolkit for news media, he will want to direct his donation specifically to those.  Or if he can run an exit relay ONLY for for the BBC news domain.  He said, then running Tor is a much easier sell to his family and friends.  If the police brings him in, the back and forth will not be "we observed spams and hacks and viruses and copyright infringements on your IP", but the back and forth will just be "you are reading something you should not read on the web" and we can have a much better chance of advocating for "Tor relay in every home".  We know in general Tor supports more network access than reading the news.  But compared to countries where the freedom to run Tor exits are protected by law, living where we live we want to make it a much easier sell, and eventually to get a higher penetration so that the penetration itself becomes a barrier for the powers that be to clamp us down.

And as we are not experts, and as we run real risks, and as we want our family to sleep well, we have framed our "requirements" or "prerequisites" to run Tor relays almost beyond the reasonable.  You might want to call us paranoid.  If there is a way for us paranoid people to run relays and to advocate, please help us.

Jack

2. Apr 2018 07:36 by arma@mit.edu <mailto:arma@mit.edu>:

    On Mon, Apr 02, 2018 at 03:32:00AM -0400, grarpamp wrote:

        > https://www.torproject.org/docs/faq#RelayOrBridge <https://www.torproject.org/docs/faq#RelayOrBridge>
        >
        > "If you have lots of bandwidth, you should definitely run a normal relay.
        > If you're willing to be an exit, you should definitely run a normal
        > relay, since we need more exits. If you can't be an exit and only have a
        > little bit of bandwidth, be a bridge. Thanks for volunteering!"

        The 'normal's above are ambiguous and conflicting.
        Replace them with 'non-exit' and 'exit'.


    Ah, actually no, replace them with "relay" and "relay".

    In that text, "normal relay" is as opposed to "bridge relay".

    The FAQ text sure needs some updating.

    --Roger

    _______________________________________________
    tor-relays mailing list
    tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org>
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180403/ead69030/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


------------------------------

End of tor-relays Digest, Vol 87, Issue 4
*****************************************


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays