Question about middle relays and common web usage annoyances
Hello, I'm located in Belgium. I keep two small middle relays (no exit, not even guard)… https://metrics.torproject.org/rs.html#details/89B4597169A9DBB171F0B4629C73C... https://metrics.torproject.org/rs.html#details/07E3A0DC6AD4A5F07D1AF942626EB... If I browse the web using a common browser using the basic services of the ISPs (no torbrowser, no tor network) and at least since may 2023, I've observed that some websites (banks, federal services,…) simply don't respond when I want to open their webpages. If I use another IP from the same locations (using vpn, ssh proxy, whatever), those same websites simply respond and works without issue. If I switch back to the local ISP IP, those are unreachable, and so on. If I contact those ISPs or the banks IT services, for them there are no problem. For me, it's clear that hosting simple middle relays puts my ISPs IPs to some black lists handled by who knows who. If hosting basic middle relays is blocking common web services, it will be hard / nearly impossible for me to encourage family, friends or customers to host a basic middle relays. Maybe there is no need for more and more middle relays, I don't know. Does someone encounter the same kind of annoyances ? regards, tierce
Hello, you will encounter this, Guard node, middle node, or exit node. If a website operator is going to blacklist all relays, then you will not be able to connect to their site, simple as. Also, we need any kind of clean node - especially exit nodes, but also any type of other good (high uptime and throughput) as well as clean (i.e. not government or surveillance agency controlled nodes). You can message the websites administrator and tell him to use the Tor Exit block-list only - this makes much more sense than blocking traffic from nodes that do not allow exiting. However, good luck convincing any major website (especially banks) to do this. You should ideally get a dedicated server or encrypted VM in a datacenter that is not crowded with Tor nodes already. I recommended "Wedos.cz" a while ago, zero trouble with Guards, middles and bridges, and it's only 6€ a month for a truly unlimited (but 1:3 shared) 100 MbE port. They also support ordering through Tor Browser and payment using cryptocurrency, I posted about them a while ago when someone claimed they stopped supporting Tor hosting or ordering through Tor exit nodes. I will forward the e-mail to you. On Tuesday, December 24th, 2024 at 8:07 AM, gniping via tor-relays <tor-relays@lists.torproject.org> wrote:
Hello,
I'm located in Belgium.
I keep two small middle relays (no exit, not even guard)…
https://metrics.torproject.org/rs.html#details/89B4597169A9DBB171F0B4629C73C...
https://metrics.torproject.org/rs.html#details/07E3A0DC6AD4A5F07D1AF942626EB...
If I browse the web using a common browser using the basic services of the ISPs (no torbrowser, no tor network) and at least since may 2023, I've observed that some websites (banks, federal services,…) simply don't respond when I want to open their webpages.
If I use another IP from the same locations (using vpn, ssh proxy, whatever), those same websites simply respond and works without issue.
If I switch back to the local ISP IP, those are unreachable, and so on.
If I contact those ISPs or the banks IT services, for them there are no problem.
For me, it's clear that hosting simple middle relays puts my ISPs IPs to some black lists handled by who knows who.
If hosting basic middle relays is blocking common web services, it will be hard / nearly impossible for me to encourage family, friends or customers to host a basic middle relays.
Maybe there is no need for more and more middle relays, I don't know.
Does someone encounter the same kind of annoyances ?
regards, tierce _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Hi, tierce, can confirm (germany), and afaik a known issue for quite a long time now. Middle node here, too, and i remember being quite pissed since during the covid heydays, most of the official governmental sites were unreachable from an IP used for a relay. Same goes for communal sites. I asked for a fix once (don't remember where) and received an answer so clearly untouched by any understanding of tech and problems, i immedialy gave up on escalating it further. My guess is "some standard blocklist being part of the common ddos/attack protection noone knows the details of". People from the institution don't know about details, people from the hosting service would say "well, being more granular here will cost more and attacs are in your own resbonsibility then", and nothing happens. Migitation here: same as yours, luckily i can use an own proxy through my server. Being in a webserver IP range, this one is blocked for wikipedia editing and totally on some *cough* warez *cough* sites, so yes, it is a bit annoying. The more relays/middle nodes, the better. But of course, one should warn any interested person on these known side effects (and thell them/offer them migitation methods). I'd be happy to hear success stories on deblocking tor relay IPs, but i doubt that i'll see this happen. Thanks for running a relay, Richie Am 24.12.24 um 08:07 schrieb gniping via tor-relays:
Hello,
I'm located in Belgium.
I keep two small middle relays (no exit, not even guard)…
https://metrics.torproject.org/ rs.html#details/89B4597169A9DBB171F0B4629C73C0FD55D767C7
https://metrics.torproject.org/ rs.html#details/07E3A0DC6AD4A5F07D1AF942626EBBF6CC0C72C7
If I browse the web using a common browser using the basic services of the ISPs (no torbrowser, no tor network) and at least since may 2023, I've observed that some websites (banks, federal services,…) simply don't respond when I want to open their webpages.
If I use another IP from the same locations (using vpn, ssh proxy, whatever), those same websites simply respond and works without issue.
If I switch back to the local ISP IP, those are unreachable, and so on.
If I contact those ISPs or the banks IT services, for them there are no problem.
For me, it's clear that hosting simple middle relays puts my ISPs IPs to some black lists handled by who knows who.
If hosting basic middle relays is blocking common web services, it will be hard / nearly impossible for me to encourage family, friends or customers to host a basic middle relays.
Maybe there is no need for more and more middle relays, I don't know.
Does someone encounter the same kind of annoyances ?
regards, tierce _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
I'm also facing the same problem. I'm wondering whether this also happens to bridges and if it doesn't, why not running a bridge ? -- ndub On 25/12/2024 08:29, Richie via tor-relays wrote:
Hi, tierce,
can confirm (germany), and afaik a known issue for quite a long time now. Middle node here, too, and i remember being quite pissed since during the covid heydays, most of the official governmental sites were unreachable from an IP used for a relay. Same goes for communal sites. I asked for a fix once (don't remember where) and received an answer so clearly untouched by any understanding of tech and problems, i immedialy gave up on escalating it further. My guess is "some standard blocklist being part of the common ddos/attack protection noone knows the details of". People from the institution don't know about details, people from the hosting service would say "well, being more granular here will cost more and attacs are in your own resbonsibility then", and nothing happens.
Migitation here: same as yours, luckily i can use an own proxy through my server. Being in a webserver IP range, this one is blocked for wikipedia editing and totally on some *cough* warez *cough* sites, so yes, it is a bit annoying.
The more relays/middle nodes, the better. But of course, one should warn any interested person on these known side effects (and thell them/offer them migitation methods). I'd be happy to hear success stories on deblocking tor relay IPs, but i doubt that i'll see this happen.
Thanks for running a relay, Richie
Am 24.12.24 um 08:07 schrieb gniping via tor-relays:
Hello,
I'm located in Belgium.
I keep two small middle relays (no exit, not even guard)…
https://metrics.torproject.org/ rs.html#details/89B4597169A9DBB171F0B4629C73C0FD55D767C7
https://metrics.torproject.org/ rs.html#details/07E3A0DC6AD4A5F07D1AF942626EBBF6CC0C72C7
If I browse the web using a common browser using the basic services of the ISPs (no torbrowser, no tor network) and at least since may 2023, I've observed that some websites (banks, federal services,…) simply don't respond when I want to open their webpages.
If I use another IP from the same locations (using vpn, ssh proxy, whatever), those same websites simply respond and works without issue.
If I switch back to the local ISP IP, those are unreachable, and so on.
If I contact those ISPs or the banks IT services, for them there are no problem.
For me, it's clear that hosting simple middle relays puts my ISPs IPs to some black lists handled by who knows who.
If hosting basic middle relays is blocking common web services, it will be hard / nearly impossible for me to encourage family, friends or customers to host a basic middle relays.
Maybe there is no need for more and more middle relays, I don't know.
Does someone encounter the same kind of annoyances ?
regards, tierce _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Individual bridge IPs are not published anywhere and so cannot be blocked like this. Unless they are collateral damage from a block of IPs being banned because of relays. Like all IPs from a VPS provider. Cheers. On 12/26/2024 4:02 AM, ndub via tor-relays wrote:
I'm also facing the same problem. I'm wondering whether this also happens to bridges and if it doesn't, why not running a bridge ? -- ndub On 25/12/2024 08:29, Richie via tor-relays wrote:
Hi, tierce,
can confirm (germany), and afaik a known issue for quite a long time now. Middle node here, too, and i remember being quite pissed since during the covid heydays, most of the official governmental sites were unreachable from an IP used for a relay. Same goes for communal sites. I asked for a fix once (don't remember where) and received an answer so clearly untouched by any understanding of tech and problems, i immedialy gave up on escalating it further. My guess is "some standard blocklist being part of the common ddos/attack protection noone knows the details of". People from the institution don't know about details, people from the hosting service would say "well, being more granular here will cost more and attacs are in your own resbonsibility then", and nothing happens.
Migitation here: same as yours, luckily i can use an own proxy through my server. Being in a webserver IP range, this one is blocked for wikipedia editing and totally on some *cough* warez *cough* sites, so yes, it is a bit annoying.
The more relays/middle nodes, the better. But of course, one should warn any interested person on these known side effects (and thell them/offer them migitation methods). I'd be happy to hear success stories on deblocking tor relay IPs, but i doubt that i'll see this happen.
Thanks for running a relay, Richie
Am 24.12.24 um 08:07 schrieb gniping via tor-relays:
Hello,
I'm located in Belgium.
I keep two small middle relays (no exit, not even guard)…
https://metrics.torproject.org/ rs.html#details/89B4597169A9DBB171F0B4629C73C0FD55D767C7
https://metrics.torproject.org/ rs.html#details/07E3A0DC6AD4A5F07D1AF942626EBBF6CC0C72C7
If I browse the web using a common browser using the basic services of the ISPs (no torbrowser, no tor network) and at least since may 2023, I've observed that some websites (banks, federal services,…) simply don't respond when I want to open their webpages.
If I use another IP from the same locations (using vpn, ssh proxy, whatever), those same websites simply respond and works without issue.
If I switch back to the local ISP IP, those are unreachable, and so on.
If I contact those ISPs or the banks IT services, for them there are no problem.
For me, it's clear that hosting simple middle relays puts my ISPs IPs to some black lists handled by who knows who.
If hosting basic middle relays is blocking common web services, it will be hard / nearly impossible for me to encourage family, friends or customers to host a basic middle relays.
Maybe there is no need for more and more middle relays, I don't know.
Does someone encounter the same kind of annoyances ?
regards, tierce _______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
_______________________________________________ tor-relays mailing list -- tor-relays@lists.torproject.org To unsubscribe send an email to tor-relays-leave@lists.torproject.org
ndub via tor-relays wrote:
I'm also facing the same problem. I'm wondering whether this also happens to bridges and if it doesn't, why not running a bridge ?
Because of how everyone *thinks* that understands internet and particularly internet security... not to mention the amount of real users you lose when you implement such primitive and extreme techniques such as blocking all the IP addresses of MIDDLE relays. If you can continue to run it, continue to run the middle relay - it helps the network, especially for onion services traffic. If not, I understand it could be annoying, of course. Bridges are not public, that is why they don't get the same treatment, however a middle relay will provide more bandwidth to the network than a bridge. Bridges are also important but I think a middle relay is superior in the current network topology and network needs.
participants (6)
-
Eddie -
George Hartley -
ndub -
Richie -
s7r -
tor@computhings.be