Hello, I just wanted to make a comment on hosting a relay at home.
Many sites and services block access to all traffic coming from a Tor relay IP address
Having hosted a relay at my house for over a year and in an institutional setting prior to that, I have ran into very few instances of this personally. It does indeed happen and often it's extremely hard to troubleshoot because you don't realize what the problem is.
If you host a relay on your home IP, you'll likely find that you are blocked from streaming services and other web sites
I personally don't use many streaming services, but people I live with use them as their main source of entertainment. They haven't been blocked from any streaming services, at least so far.
The only two things (that I remember/think are important) that I've been "banned" from for being a Tor Guard/Middle relay are:
1. Insurance company 2. My bank
I live in a small town and have a good working relationship with my bank, who I was able to get in touch with their hosting provider to whitelist my IP (and when it rarely changes due to a router switch-out etc. they have been very good and whitelisted my new IP no questions asked.) As for the insurance company, which is a large nationwide provider, there is no feasible way to get in contact with anyone who even knows what I am talking about. The only solution to access them unfortunately is to use my phone as a cellular hotspot to get a different WAN IP.
This doesn't always work because some routers don't announce themselves in a traceroute, but it can be very useful to run a traceroute to the website you are blocked on to see what router is actually blocking the traffic. That way when you contact the site operator you can point them in the right direction (if they are willing to help you.) If a website's upstream hosting provider is blocking the traffic, you would want to tell the website operator to tell their hosting provider that so they don't chase a red herring.
I'm not downplaying your concerns, they are 100% valid, just sharing that in my experience it has been a non-issue (except the insurance company lol.) Of course, if my bank wasn't a small local organization and they weren't willing to assist, then it would be a different story entirely and I would feel very different about it. Just for perspective, my Pihole has caused vastly more issues cutting off legitimate content than being blocked for being a relay.
Just wanted to share my thoughts. (:
Zachary
-----------
On Saturday, March 29th, 2025 at 7:00 AM, tor-relays-request@lists.torproject.org tor-relays-request@lists.torproject.org wrote:
Send tor-relays mailing list submissions to tor-relays@lists.torproject.org
To subscribe or unsubscribe via email, send a message with subject or body 'help' to tor-relays-request@lists.torproject.org
You can reach the person managing the list at tor-relays-owner@lists.torproject.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of tor-relays digest..."
Today's Topics:
- Re: Self hosting bridge at home - de-anonymization risk?
(Ron Risley) 2. Re: Self hosting bridge at home - de-anonymization risk? (mpan) 3. Self hosting bridge at home - de-anonymization risk? (bjewrn2a@anonaddy.com) 4. Re: Self hosting bridge at home - de-anonymization risk? (gerard@bulger.co.uk)
Message: 1 Date: Thu, 27 Mar 2025 07:50:44 -1000 From: Ron Risley ronqtorrelays@risley.net
Subject: [tor-relays] Re: Self hosting bridge at home - de-anonymization risk? To: tor-relays@lists.torproject.org Message-ID: c1978073-7a34-4be4-ba69-feaada8028ac@risley.net
Content-Type: text/plain; charset=UTF-8; format=flowed
On 3/26/25 11:56, bjewrn2a--- via tor-relays wrote:
That would incentivize users to also become relays - why isn't it recommended more often?
All Tor relays -- even non-exit relays -- are in a public list. Many sites and services block access to all traffic coming from a Tor relay IP address. Either they don't understand how Tor works or (more likely, in my experience) they're just hostile to Tor.
If you host a relay on your home IP, you'll likely find that you are blocked from streaming services and other web sites (Cloudflare, for one, facilitates this and by some reports they control about 30% of web traffic).
Message: 2 Date: Thu, 27 Mar 2025 19:59:48 +0100 From: mpan tor-1qnuaylp@mpan.pl
Subject: [tor-relays] Re: Self hosting bridge at home - de-anonymization risk? To: tor-relays@lists.torproject.org Message-ID: 3c48cbbf-1693-4f05-ab6d-9e8032989848@mpan.pl
Content-Type: text/plain; charset=UTF-8; format=flowed
but what if you used tor normally, not through your own bridge, but through "regular" randomly chosen 3-hop circuits and at the same time run a tor relay (entry/middle)
This wouldn't require weakening the tor circuit model anymore. Yes, this is correct. The more Tor traffic goes through the machine that identifies you, the more confused an adversary is. It also makes naïve correlation attacks impossible,⁽¹⁾ and increases cost of more advanced ones.
That is great news mpan, thank you. That would incentivize users to also become relays - why isn't it recommended more often? This is the first time I ever hear about it and it sounds like a powerful idea. Normally I only see tor relay operators claim that they run tor relays purely altruistically: https://www.reddit.com/r/TOR/comments/6znjkg/why_would_anyone_setup_a_tor_re...
To know why Tor Project itself doesn’t speak on this matter, you’d need to wait for a reply from somebody from the project.
I may speculate, that the two topics are orthogonal: running a relay and using Tor. They don’t interfere with each other. In your original question they didn’t either. The problem was not running a relay and using Tor, but using Tor with the number of hops effectively reduced.
It would also be a poor advice, if directed towards a person wishing to only connect to Tor. Running a relay from home isn’t without downsides. Both for the operator (bandwidth use, facing hostility) and the network itself (completely inexperienced person is an easier attack target).
Are you aware of any articles from torproject or research papers confirming that hosting tor relay at your own IP does in fact help your own traffic blend in? I've looked through all tor proposals (https://spec.torproject.org/proposals) and many research papers (https://www.freehaven.net) and couldn't find any mentions of this? Specifically for Tor? No. For exactly the same reason I can’t point
you to any research that confirms, that downloading 500 kB/s and 200 kB/s over Tor requires 700 kB/s. It’s a trivial consequence of basic knowledge for the given field. In this case probabilistics, flavored with practicality of correlation attacks and with signal processing basics (none of this in Tor specifically).
Message: 3 Date: Thu, 27 Mar 2025 22:08:31 +0000 From: bjewrn2a@anonaddy.com Subject: [tor-relays] Self hosting bridge at home - de-anonymization risk? To: tor-relays@lists.torproject.org Message-ID: d0d4ecac8b6e815e6a1768fb7cf32523@anonaddy.com
Content-Type: multipart/alternative; boundary=fOfmQjRb
My personal opinion is that hosting a bridge or middle at your home doesn't risk de-anonymizing
Thank you, I am counting on that too. However, I haven't seen it recommended anywhere else before. Are you aware of any articles or studies backing this up? If that's a preferred setup I would have expected it to be more popular?
I would host a tor exit at home if I could get extra IPv4 addresses
Interesting, I haven't thought about that.
tor-relays@lists.torproject.org
-
Zachary