For a few years now, funders have been asking if they can pay Tor to run more relays. I kept telling them their money was better spent on code and design improvements: https://blog.torproject.org/blog/why-tor-is-slow https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance since a) network load would just grow to fill whatever new capacity we have, especially if we don't deal with the tiny fraction of users who do bulk downloads, and b) reducing diversity of relay operator control can harm anonymity.
But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load: https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-0...
At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. https://trac.torproject.org/projects/tor/ticket/6443
Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays.
If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users.
We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.
----------------------------------------------------------------------
Open questions we need to decide about:
1) What exactly would we pay for?
I think the right way to do it is to offer to reimburse bandwidth/hosting costs -- I don't want to get into the business of paying people to run relays, and I don't want people to be trying to figure out how to "profit". That leads to all sorts of horrible incentive structures.
More broadly, we should keep in mind that the primary cost of running an exit relay is effort, not dollars: it takes dedication to find an ISP who will host it, and to hold that ISP's hand when an abuse complaint arrives. Or said another way, hosting costs are in many cases not the biggest barrier to running an exit relay.
I think we should aim to constrain ourselves to talking about >=100mbit exits, assuming that turns out to give us enough choices. That said, we don't want to concentrate bandwidth too much in any given relay, so we should limit the amount we'll reimburse per relay.
2) Should we fund existing relays or new ones?
The worst failure mode here would be that we screw up the current community of relay operators. That's why it's extra important to keep them involved at each step of this discussion.
I think the right answer is probably a balance of reimbursing costs from current exits and encouraging new exits to appear. Before we can get more precise though, we need to get a handle on how many current fast exits there are, and what their constraints are (whether their hosting situation could give them more bandwidth, whether they're paying now or getting a deal through a friend/employer, etc).
Even then, there are interesting further questions like:
- Should we prefer big collectives like torservers, noisetor, CCC, dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan.
- For existing relays who pay for hosting, should we prefer that our money go to covering their existing costs (and then we encourage them to save their money for use, say, after this experiment finishes), or should we aim to add additional funding so the relay can use more bandwidth? I'd say it comes down to the preferences of the relay operator. That said, if we have plenty to choose from, we should pick the relays that will make the network grow -- but we should take extra care to avoid situations where operators in the first category say "well, fine" and shut down their relay.
More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
4) What exactly do we mean by diversity?
There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdictional (country) diversity, funding diversity, data-center diversity, and more.
We've started to answer some of these questions at https://trac.torproject.org/projects/tor/ticket/6232 https://blog.torproject.org/blog/research-problem-measuring-safety-tor-netwo... but this research topic will need ongoing attention. I'd love to get to the point where our diversity metrics can recommend network locations that best improve the various diversity scores.
5) How much "should" an exit relay cost?
Since we're aiming for diversity, we can't send all our volunteers to the same cut-rate German VPS provider. After all, much of the work in setting up an exit relay is finding a good provider that doesn't already host a bunch of Tor relays.
But if we declare that we'll reimburse $50/month for 100mbit, we're going to attract a different set of volunteers -- and a different set of network locations -- than if we reimburse $100/month for 100mbit. We need to learn about current bandwidth pricing: I know there are 10 cheap hosting places that will tolerate exit relays, but are there 200? And do all of those 200 turn out to overlap diversity-wise? Initial guesses appreciated. I'm inclined toward the $100 number to give our volunteers more flexibility.
If we want to reimburse on a monthly basis, how do we handle situations where the ISP wants a longer-term contract? I think the answer will come down to how many choices we have.
6) How exactly should we choose which exit relay operators to reimburse?
It might be premature to speculate until we better understand what choices are available to us. But I think the answer must include doing it in a way that encourages continued growth of the relay operator _community_. People who are active in the Tor community, and well-known to many other people, should be part of the answer. At the same time, we should be willing to put some of the money into trying out new places and people, especially if they're in good locations diversity-wise.
The broader answer is that we as a community need to figure out a good answer here. I definitely don't want it to be "Roger picks people in an opaque way". But I also don't want the answer to be "anybody on the Internet who offers to take our money". Maybe we should put together a consortium of current Tor activists who run fast exits?
7) How do we audit / track the sponsored relays?
How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money).
But as the plan scales, we need good ways to track statistics on how many relays are being sponsored and how much bandwidth they're providing (so funders can see how effective their money is), and what fraction of the overall network these sponsored relays are (to keep an eye on the diversity questions).
8) Legal questions?
Tor exit relays raise plenty of legal questions already, especially when you consider jurisdiction variety. But reimbursing relays introduces even more excitement, such as:
- Does such a relay operator end up in a different situation legally? - Does the overall Tor network change legal categories in some country, e.g. becoming a telecommunications service when it wasn't before? - Does The Tor Project Inc incur new liabilities for offering this money?
Tor has a history of creating fascinating new challenges for legal scholars, and this exit relay funding experiment will be no exception.
I believe if we position it correctly, we won't really change the legal context. But I encourage people to investigate these questions for their jurisdiction.
----------------------------------------------------------------------
Next steps:
I'm going to do a short blog post pointing to this thread, since many interested parties aren't on tor-relays yet.
Then I'll send individual emails to exit relay operators pointing them to it and asking for their feedback (on the list or private, whichever they prefer). I'll also try to get some sense of how much their hosting costs, whether they'd want to participate in our experiment, whether they're in a position to ramp up to a faster connection, etc.
Once we have some concrete facts about how many current exit relays want to participate, how many new volunteers want to help, and how many ISPs could handle more exit relays and at what prices, we'll be in a better position to decide how to proceed.
--Roger
This is in response to something from Roger's email on funding exit relays, but I didn't want to derail such an important conversation by responding directly.
He mentioned:
"At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays."
This has probably been discussed before, but the first thing that came to my mind was, "how does this simplify surveillance of tor traffic flows?" I know we badly need the performance improvement to continue moving Tor into the mainstream, but when it comes at the cost of a huge amount of all tor requests are exiting through a small subset of nodes, are we baking in a serious vulnerability?
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
For monied countries that practice aggressive electronic surveillance (China, Russia, and the larger western states), it becomes more and more tempting to set up (or subvert) expensive, fast exits (with tshark and an SSL-stripper on it) and be guaranteed significant amounts of traffic from people that they view as having something to hide. And if the same routing calculus applies to non-exit nodes, they can do the same thing on the non-exit layers, not only improving their correlation attacks, but creating a plausible chance of controlling some tunnels end-to-end. I don't think that's a good situation for anybody other than the monitors.
I know that this is one of the reasons why "more nodes" is the largest everyday push (I went from 1 to 3 in the last month), and "we're working on it," and the node-funding push should help some of this, but I think it's important to review what direction relay diversity is heading in the long-term when the metrics start leaning in a certain way.
On Mon, Jul 23, 2012 at 11:03:24AM -1000, Name Withheld wrote:
I know that this is one of the reasons why "more nodes" is the largest everyday push (I went from 1 to 3 in the last month), and "we're working on it," and the node-funding push should help some of this, but I think it's important to review what direction relay diversity is heading in the long-term when the metrics start leaning in a certain way.
I agree.
Note that we could instead reduce the influence of the fastest exits by just refusing to allocate as much traffic to such fast exits. This choice goes back to the original discussion that Mike Perry and I were wrestling with a few years ago, when deciding about deploying the bwauth design [1]: if we want to end up with a fast safe network, do we get there by having a slow safe network and hoping it'll get faster, or by having a fast less-safe network and hoping it'll get safer? We opted for the "if we don't stay relevant to the world, Tor will never grow enough" route. I think that's still a good decision today.
That said, diversity is about more than just "are there two relays to choose from or one" -- against bigger adversaries, we should be wondering about what country they're in, what upstream they have, and so on. I hear that running exit relays in the US is increasingly difficult these days, which is an extra shame because that's where a lot of Internet diversity is (unless NSA is your adversary, in which case you probably have bigger problems).
There's a lot of research work in this direction [2, 3, 4], and we're going to have to keep pushing on it.
--Roger
[1] https://blog.torproject.org/blog/torflow-node-capacity-integrity-and-reliabi... [2] https://blog.torproject.org/blog/research-problem-measuring-safety-tor-netwo... [3] https://trac.torproject.org/projects/tor/ticket/6232 [4] http://freehaven.net/anonbib/
We opted for the "if we don't stay relevant to the world, Tor will never grow enough" route. I think that's still a good decision today.
This is probably an ok thing as everyone knows a useless network is a dead network. So maybe in times of glut, do some release or authority based tuning to keep the balance.
I would launch a project to map/AS/speed/etc the current relays and base tuning/funding on that.
I hear that running exit relays in the US is increasingly difficult these days, which is an extra shame because that's where a lot of Internet diversity is
That diversity can be true. It's kindof hard for small countries/regions to be diverse when essentially the only people they peer with are maybe two Tier-n's from other countries, usually piped in via their one or two fiber links, buried, paid for and run by their own government.
One place to look for some is the EDU space. They've got tons of bandwidth, it's a matter of finding the ear of an outranking professor or humanities/law/whatever department since central IT usually won't.
Unfortunately, most AUP's roll down from the Tier-1's. So the only real way to defeat that, in the US and elsewhere, is to become the ISP. Much as torservers tries to own complaints. It's just pricier in work, funds and responsibility.
Non-exit relays are certainly easier to deploy with nearly unlimited diversity and speed. Perhaps keeping a PR/funding push there to the point of glut is an easy and valid win as well. Then you're left with just the exits.
I would accept funds to do some of this at cost plus beer, but just as it's hard to hand them out, it can be just as hard to receive them.
Sorry, I think most of this goes in the funding thread, so please feel free to quote any of this over to that one.
On Mon, 23 Jul 2012 11:03:24 -1000 Name Withheld survivd@gmail.com allegedly wrote:
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
I'm surprised that no-one else seems to have picked up on this. But no, "we have /not/ all seen traffic where users" are doing something.... Because we aren't looking at user's traffic. And we damned well should not be.
Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------
On Thursday, July 26, 2012 1:57pm, "mick" mbm@rlogin.net said:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays On Mon, 23 Jul 2012 11:03:24 -1000 Name Withheld survivd@gmail.com allegedly wrote:
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
I'm surprised that no-one else seems to have picked up on this. But no, "we have /not/ all seen traffic where users" are doing something.... Because we aren't looking at user's traffic. And we damned well should not be.
I took "seen" to mean looking over someone's shoulder as they used Tor, not sniffing their traffic.
On Thu, 26 Jul 2012 14:30:02 -0400 (EDT) "Steve Snyder" swsnyder@snydernet.net allegedly wrote:
I took "seen" to mean looking over someone's shoulder as they used Tor, not sniffing their traffic.
He specifically used the word "traffic". That does not imply shoulder surfing.
--------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------
On Thu, Jul 26, 2012 at 2:47 PM, mick mbm@rlogin.net wrote:
He specifically used the word "traffic". That does not imply shoulder surfing.
I think the original messages point was simply: ``we all know that some people don't use Tor properly." I doubt he is actually sniffing traffic on his relay (or looking over a friend's shoulder). Perhaps not though — I just wouldn't jump to any conclusions.
Best, Sam
I meant "we" as in "our nodes." I can guarantee any node you run (of size) sees that kind of traffic run through it. If you think it doesn't, I suspect you'll change your mind after spending 30 seconds on IRC talking to an average user.
On 7/26/2012 7:57 AM, mick wrote:
On Mon, 23 Jul 2012 11:03:24 -1000 Name Withheld survivd@gmail.com allegedly wrote:
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
I'm surprised that no-one else seems to have picked up on this. But no, "we have /not/ all seen traffic where users" are doing something.... Because we aren't looking at user's traffic. And we damned well should not be.
Mick
blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/
On Thu, 2012-07-26 at 18:57 +0100, mick wrote:
On Mon, 23 Jul 2012 11:03:24 -1000 Name Withheld survivd@gmail.com allegedly wrote:
Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number
I'm surprised that no-one else seems to have picked up on this. But no, "we have /not/ all seen traffic where users" are doing something.... Because we aren't looking at user's traffic. And we damned well should not be.
You don't need to be sniffing exit traffic to see this. I use Tor for a lot of traffic, including traffic that personally identifies me. That's not contrary to the purpose of Tor or onion routing in general, which is to separate routing from identity. My email provider doesn't need to know where I'm connecting from, even if they know my legal name.
Roger,
I used to run a larger exit node a while back, and have a few quick comments.
$100 is not going to cut it most likely, even for only 100 mbit traffic only. Most providers are really antsy about spam/DMCA reports, and aren't willing to deal with it for that cheap. I'd suspect that you are looking at the $150-$200+ range, at least in my experience. People spend a lot of time looking for server hosting on the cheap, and torservers.net has some useful experiences on what to look for.
Finding providers is a pain, unless you can get them to SWIP your address block or otherwise reassign the IP address space abuse contacts to you.
What are the requirements going to be on the exit nodes? Can the reduced exit policy be used?
And last of all I'd love to volunteer if you go the individual route, I ran an exit node before and know what it entails, FBI visits included.(Which is a separate and very real issue, equipment gets seized and doors get knocked on, make sure anyone going into this knows that).
-Andrew
On Jul 23, 2012, at 2:58 PM, Roger Dingledine wrote:
For a few years now, funders have been asking if they can pay Tor to run more relays. I kept telling them their money was better spent on code and design improvements: https://blog.torproject.org/blog/why-tor-is-slow https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance since a) network load would just grow to fill whatever new capacity we have, especially if we don't deal with the tiny fraction of users who do bulk downloads, and b) reducing diversity of relay operator control can harm anonymity.
But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load: https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-0...
At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. https://trac.torproject.org/projects/tor/ticket/6443
Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays.
If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users.
We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.
Open questions we need to decide about:
- What exactly would we pay for?
I think the right way to do it is to offer to reimburse bandwidth/hosting costs -- I don't want to get into the business of paying people to run relays, and I don't want people to be trying to figure out how to "profit". That leads to all sorts of horrible incentive structures.
More broadly, we should keep in mind that the primary cost of running an exit relay is effort, not dollars: it takes dedication to find an ISP who will host it, and to hold that ISP's hand when an abuse complaint arrives. Or said another way, hosting costs are in many cases not the biggest barrier to running an exit relay.
I think we should aim to constrain ourselves to talking about >=100mbit exits, assuming that turns out to give us enough choices. That said, we don't want to concentrate bandwidth too much in any given relay, so we should limit the amount we'll reimburse per relay.
- Should we fund existing relays or new ones?
The worst failure mode here would be that we screw up the current community of relay operators. That's why it's extra important to keep them involved at each step of this discussion.
I think the right answer is probably a balance of reimbursing costs from current exits and encouraging new exits to appear. Before we can get more precise though, we need to get a handle on how many current fast exits there are, and what their constraints are (whether their hosting situation could give them more bandwidth, whether they're paying now or getting a deal through a friend/employer, etc).
Even then, there are interesting further questions like:
- Should we prefer big collectives like torservers, noisetor, CCC,
dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan.
- For existing relays who pay for hosting, should we prefer that our money
go to covering their existing costs (and then we encourage them to save their money for use, say, after this experiment finishes), or should we aim to add additional funding so the relay can use more bandwidth? I'd say it comes down to the preferences of the relay operator. That said, if we have plenty to choose from, we should pick the relays that will make the network grow -- but we should take extra care to avoid situations where operators in the first category say "well, fine" and shut down their relay.
More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
- What exactly do we mean by diversity?
There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdictional (country) diversity, funding diversity, data-center diversity, and more.
We've started to answer some of these questions at https://trac.torproject.org/projects/tor/ticket/6232 https://blog.torproject.org/blog/research-problem-measuring-safety-tor-netwo... but this research topic will need ongoing attention. I'd love to get to the point where our diversity metrics can recommend network locations that best improve the various diversity scores.
- How much "should" an exit relay cost?
Since we're aiming for diversity, we can't send all our volunteers to the same cut-rate German VPS provider. After all, much of the work in setting up an exit relay is finding a good provider that doesn't already host a bunch of Tor relays.
But if we declare that we'll reimburse $50/month for 100mbit, we're going to attract a different set of volunteers -- and a different set of network locations -- than if we reimburse $100/month for 100mbit. We need to learn about current bandwidth pricing: I know there are 10 cheap hosting places that will tolerate exit relays, but are there 200? And do all of those 200 turn out to overlap diversity-wise? Initial guesses appreciated. I'm inclined toward the $100 number to give our volunteers more flexibility.
If we want to reimburse on a monthly basis, how do we handle situations where the ISP wants a longer-term contract? I think the answer will come down to how many choices we have.
- How exactly should we choose which exit relay operators to reimburse?
It might be premature to speculate until we better understand what choices are available to us. But I think the answer must include doing it in a way that encourages continued growth of the relay operator _community_. People who are active in the Tor community, and well-known to many other people, should be part of the answer. At the same time, we should be willing to put some of the money into trying out new places and people, especially if they're in good locations diversity-wise.
The broader answer is that we as a community need to figure out a good answer here. I definitely don't want it to be "Roger picks people in an opaque way". But I also don't want the answer to be "anybody on the Internet who offers to take our money". Maybe we should put together a consortium of current Tor activists who run fast exits?
- How do we audit / track the sponsored relays?
How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money).
But as the plan scales, we need good ways to track statistics on how many relays are being sponsored and how much bandwidth they're providing (so funders can see how effective their money is), and what fraction of the overall network these sponsored relays are (to keep an eye on the diversity questions).
- Legal questions?
Tor exit relays raise plenty of legal questions already, especially when you consider jurisdiction variety. But reimbursing relays introduces even more excitement, such as:
- Does such a relay operator end up in a different situation legally?
- Does the overall Tor network change legal categories in some country,
e.g. becoming a telecommunications service when it wasn't before?
- Does The Tor Project Inc incur new liabilities for offering this money?
Tor has a history of creating fascinating new challenges for legal scholars, and this exit relay funding experiment will be no exception.
I believe if we position it correctly, we won't really change the legal context. But I encourage people to investigate these questions for their jurisdiction.
Next steps:
I'm going to do a short blog post pointing to this thread, since many interested parties aren't on tor-relays yet.
Then I'll send individual emails to exit relay operators pointing them to it and asking for their feedback (on the list or private, whichever they prefer). I'll also try to get some sense of how much their hosting costs, whether they'd want to participate in our experiment, whether they're in a position to ramp up to a faster connection, etc.
Once we have some concrete facts about how many current exit relays want to participate, how many new volunteers want to help, and how many ISPs could handle more exit relays and at what prices, we'll be in a better position to decide how to proceed.
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Jul 23, 2012 at 05:14:44PM -0400, Andrew Lewis wrote:
$100 is not going to cut it most likely
That could be. I look forward to learning more about the options. Another approach to explore is subsidizing bandwidth, that is, if you find a place that's $175/mo we can make it like it's $75/mo for you.
That said, if it takes $200/mo to get a good 100mbit exit situation, and we can't get enough other ways, then we shouldn't rule it out.
I'm especially nervous about creating a culture where our volunteers flock to super-cheap colos, generate a few abuse complaints and make those colos hate Tor, and then move on to the next one. There's only one Internet, and we want ISPs to like Tor. That means building relationships.
People spend a lot of time looking for server hosting on the cheap
Yes. We need volunteers continuing to do this work.
Finding providers is a pain, unless you can get them to SWIP your address block or otherwise reassign the IP address space abuse contacts to you.
What are the requirements going to be on the exit nodes? Can the reduced exit policy be used?
The sponsor wants 80, 443, 554, and 1755 open. I guess 554 and 1755 aren't in the standard reduced exit policy, but it's mighty close.
And last of all I'd love to volunteer if you go the individual route, I ran an exit node before and know what it entails, FBI visits included.(Which is a separate and very real issue, equipment gets seized and doors get knocked on, make sure anyone going into this knows that).
We as a community need to continue to interact with law enforcement groups to educate them about how this Internet thing works. I've had great conversations with law enforcement in Germany, Sweden, and the US, and I'm working on setting up meetings later this year with Dutch, Belgian, and Austrian law enforcement groups. Andrew Lewman (our executive director) is off to an Interpol meeting in a few months, to teach them about Tor. We need to make it more than just a few of us though.
--Roger
Hey all, Has anyone contemplated pitching this towards hackerspaces running their own fast nodes? While most have a decent connection to support their space and users I'm sure it would pair well and also allow them to supplement their meager income. Plus if they're already incorporated or non-prof it allows them a bit more protection from random LEO problems and a common community to draw experience from. -kupo
On Tue, Jul 24, 2012 at 02:36:32AM +0000, kupo@damnfbi.tk wrote:
Hey all, Has anyone contemplated pitching this towards hackerspaces running their own fast nodes?
I wouldn't recommend running an exit node on a network link that will make you sad if it goes away for a few days. Most hackerspaces would be very sad without Internet, and "shut off the account" is a common ISP response to even fairly small amounts of abuse traffic.
While most have a decent connection to support their space and users I'm sure it would pair well and also allow them to supplement their meager income.
I didn't get the impression from Roger's email that "profit" is part of the equation. The purpose of the proposed funding is to defray costs; most hackerspaces that run exit nodes run them at break-even with donations, not even counting the value of the volunteer time needed to run the node. That would probably continue with the proposed funding.
-andy
On Mon, Jul 23, 2012 at 05:14:44PM -0400, Andrew Lewis wrote:
$100 is not going to cut it most likely, even for only 100 mbit traffic only. Most providers are really antsy about spam/DMCA reports, and aren't willing to deal with it for that cheap. I'd suspect that you are looking at the $150-$200+ range, at least in my experience.
We are a small group of people trying to setup something like torservers.net in France. We already made quite a bunch of contacts with a small amount of french ISP to ask them about hosting Tor exit relays. The list is long and we are not over yet. But here is what we know as today.
We already have ruled out the three major cheap hosting providers: OVH, Gandi and Dedibox. All of them are listed as bad ISPs on GoodBadISPs as prohibiting relays in their ToS. What is fun is that exit nodes running on their french IPs still account for 2.3353% of total P_exit (out of 2.6573% for all french exit nodes).
We have approached some other big commercial ISPs. It was not a formal inquiry, but they did not look very happy at the idea of hosting exit nodes.
What we have found though, is that several smaller (not-for-profits or coops) ISPs would be happy to help the Tor network, provided there is a clear legal boundary. Something that our not-for-profit would create. The downside is that they are small, so the cost of their bandwidth is between a monthly 3€ and 10€ (when it is not even more) for each Mbps (95%ile). But they would stand in case of trouble. And some of them have an economic interest as using more bandwidth would lower their overall cost per Mbps.
One of them is willing to sponsor some of the bandwidth, and it looks like a good place to start an initial set of nodes. But even with their sponsoring, $100/month will not cover hosting+bandwidth expenses.
It might be something desirable though. If external funding does not cover all the costs, then we will have to campaign for other donations. A good habit, as it makes it more likely that at least some of the nodes would survive in case the external funding stops.
Am 25.07.2012 um 21:31 schrieb delber:
On Mon, Jul 23, 2012 at 05:14:44PM -0400, Andrew Lewis wrote:
$100 is not going to cut it most likely, even for only 100 mbit traffic only. Most providers are really antsy about spam/DMCA reports, and aren't willing to deal with it for that cheap. I'd suspect that you are looking at the $150-$200+ range, at least in my experience.
We are a small group of people trying to setup something like torservers.net in France. We already made quite a bunch of contacts with a small amount of french ISP to ask them about hosting Tor exit relays. The list is long and we are not over yet. But here is what we know as today.
Je l'aime!
We already have ruled out the three major cheap hosting providers: OVH, Gandi and Dedibox. All of them are listed as bad ISPs on GoodBadISPs as prohibiting relays in their ToS. What is fun is that exit nodes running on their french IPs still account for 2.3353% of total P_exit (out of 2.6573% for all french exit nodes).
You can still go do it and try... but I suppose its not a good idea, once you run a relay big enough, with a policy that is open enough.
We have approached some other big commercial ISPs. It was not a formal inquiry, but they did not look very happy at the idea of hosting exit nodes.
You can also take a look at our wiki at torservers.net/wiki/. There is a list of ISPs that we've been in contact with, about Tor. We only run nodes with a small number of them. Thats also on our page/wiki. And Please, document your ISP contact, so that others don't have to redo that.
What we have found though, is that several smaller (not-for-profits or coops) ISPs would be happy to help the Tor network, provided there is a clear legal boundary. Something that our not-for-profit would create. The downside is that they are small, so the cost of their bandwidth is between a monthly 3€ and 10€ (when it is not even more) for each Mbps (95%ile). But they would stand in case of trouble. And some of them have an economic interest as using more bandwidth would lower their overall cost per Mbps.
Cool! There are also some of those, in Germany. Check them out, too. I don't know how cool they will be about Tor, or how much money they'll charge, though.
One of them is willing to sponsor some of the bandwidth, and it looks like a good place to start an initial set of nodes. But even with their sponsoring, $100/month will not cover hosting+bandwidth expenses.
True, but I think that you cannot expect Torproject or its sponsor to cover all of your costs. There are many, who are willing to give money to sponsor Tor nodes and they are the ones, who make sure, that the operators stay independent and diverse by giving their money or effort.
It might be something desirable though. If external funding does not cover all the costs, then we will have to campaign for other donations. A good habit, as it makes it more likely that at least some of the nodes would survive in case the external funding stops.
If money to kick this off is your problem I'm sure you'll find someone who will give it to you. Without a good sole like that, torservers wouldn't exist, either.
-- delber
If you have any questions, or if we can help you guys in any way or want to stay in contact just write me an email at this address or julian [at] torservers.net. Would be great!
slightly ot: Serez-vous au Congress cet hiver? Ce serait bien de vous y rencontrer et boire une biere ou mate. - Same applies to everyone else who will be there.
Julian
On Wed, Jul 25, 2012 at 07:31:42PM +0000, delber wrote:
What we have found though, is that several smaller (not-for-profits or coops) ISPs would be happy to help the Tor network, provided there is a clear legal boundary. Something that our not-for-profit would create. The downside is that they are small, so the cost of their bandwidth is between a monthly 3??? and 10??? (when it is not even more) for each Mbps (95%ile). But they would stand in case of trouble. And some of them have an economic interest as using more bandwidth would lower their overall cost per Mbps.
One of them is willing to sponsor some of the bandwidth, and it looks like a good place to start an initial set of nodes. But even with their sponsoring, $100/month will not cover hosting+bandwidth expenses.
It might be something desirable though. If external funding does not cover all the costs, then we will have to campaign for other donations. A good habit, as it makes it more likely that at least some of the nodes would survive in case the external funding stops.
This sounds like a great idea. One of our goals here is to give other organizations a chance to start up and be like torservers.net.
It is definitely a smart idea to get your community helping to cover the costs. Having just one sponsor makes you very fragile.
It's also a smart idea to keep talking to ISPs, and find some that want to sponsor some of the bandwidth as you describe above. They're out there if you look hard enough! :)
Be sure to use the resources here (like Julian) for advice too.
--Roger
On Mon, Jul 23, 2012 at 02:58:54PM -0400, Roger Dingledine wrote:
Next steps:
[...]
Then I'll send individual emails to exit relay operators pointing them to it and asking for their feedback (on the list or private, whichever they prefer). I'll also try to get some sense of how much their hosting costs, whether they'd want to participate in our experiment, whether they're in a position to ramp up to a faster connection, etc.
For context and transparency, here's the mail I've been sending current fast exit relay operators. Please feel free to answer it here if you prefer.
""" I want to draw your attention to a thread I've started on the tor-relays list: https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html
In short, we have a funder who wants to sponsor more and faster Tor exits, and we're brainstorming about how to use the money in a way that makes the network stronger but also doesn't screw up the "community" side of the Tor relay operator community. The first step is collecting facts about the current fast Tor exit relays.
It would be great if you could join the conversation and give us your perspective (either on the tor-relays list or in private, whichever you prefer). I really want to make sure the current relay operators are included in the decisions.
Also, if you are interested in sharing, it would be great to learn (separated by exit relay if you run more than one):
- What do you currently pay for hosting/bandwidth, and how much bandwidth do you get for that?
- Is it a stable hosting situation? For example, how do they handle abuse complaints so far?
- Is your hosting situation one where it could make sense for us to reimburse your bandwidth costs? (Some people have a deal through their employer, friend, etc where they don't pay for hosting.)
- Are you in a position to get more bandwidth if you pay more? At what rates? We're most interested in sponsoring >=100mbit relays.
- Do you have other locations in mind where you would run another exit relay if you didn't have to pay for it?
- What else should we be asking here? :)
Thanks! --Roger """
Hey all, Have you contemplated sending this over to the hackerspaces list? They are often:
geographically diverse can be be incorporated or non-profit understand or have heard of Tor usually pay for a decently fast connection for their space already are familiar with hosting services already
I'm sure being able to supplement their small income by doing something like this would interest them as well. -kupo
Thus spake kupo@damnfbi.tk (kupo@damnfbi.tk):
Hey all, Have you contemplated sending this over to the hackerspaces list?
There exists THE list for hackerspaces? Well hot damn. Are these them: http://lists.hackerspaces.org/mailman/listinfo/
Is there a specific sub-list we should focus on? Announce? Discuss? Other?
Also, how do we recognize reputable Hackerspaces from "Sketchy bunch of d00dz who think it will be totally awesome fun to pwn a bunch of Tor users?" Should we check for previous reliable Tor relays from them? Should we just not care?
Hi,
On Tue, Jul 24, 2012 at 9:17 AM, Mike Perry mikeperry@torproject.orgwrote:
Thus spake kupo@damnfbi.tk (kupo@damnfbi.tk):
Hey all, Have you contemplated sending this over to the hackerspaces list?
There exists THE list for hackerspaces? Well hot damn. Are these them: http://lists.hackerspaces.org/mailman/listinfo/
Yeah, that's the one :-)
Is there a specific sub-list we should focus on? Announce? Discuss? Other?
Probably the main list, possibly discuss.
Also, how do we recognize reputable Hackerspaces from "Sketchy bunch of d00dz who think it will be totally awesome fun to pwn a bunch of Tor users?" Should we check for previous reliable Tor relays from them? Should we just not care?
It's funny this comes up now :) I know for a fact that most Dutch hackerspaces either run a tor node, or have a member running a Tor node. Their motives have never been questioned, so why start now :)
In most countries there is a foundation covering multiple hackerspaces, these are usually where you'd want to start. If you need some more contacts in the Benelux and UK area, I can lend a hand.
In my short experience of running an exit relay on a cheap vps I can say. You can do this on less than 30 a month. It might not be true 100 mbit 24/7 but does that really matter? If you get enough interested parties it should balance out right? For surfing/email etc 10 mbit is plenty I think? Mine averaged around 10 mbit/s 24/7 which isn't bad for a cheap unlimited vps. Who doesn't like a fast ToR network but the reality is, those speeds are perfectly acceptable for most of what ToR users do. If for some reason you need to upload a few gigs of leaked files, than force the network to connect to one of the faster relays. (but even still there are a lot residential connections that can't utilize the full upstream bandwidth the exit offers anyway) If you lock the exit ports down, there should not be any DMCA issues with the provider and you. I never was called out for issues with spam. Forum admins who deal with spam have several ways of dealing with it. So unless someone decides to use your exit for email spam and a lot of it. I wouldn't worry about the spam shutting down any exit relays. Haven't read of that on the list yet actually. DMCA will indeed make your provider not like you. in closing, don't discredit the cheaper solutions. They do work just fine and you don't need a pocket of money to throw at something. Telling the provider what you plan on doing and educating them works wonders as well. It has for me at least.
On Tue, Jul 24, 2012 at 3:23 AM, Nils Vogels bacardicoke@gmail.com wrote:
Hi,
On Tue, Jul 24, 2012 at 9:17 AM, Mike Perry mikeperry@torproject.orgwrote:
Thus spake kupo@damnfbi.tk (kupo@damnfbi.tk):
Hey all, Have you contemplated sending this over to the hackerspaces list?
There exists THE list for hackerspaces? Well hot damn. Are these them: http://lists.hackerspaces.org/mailman/listinfo/
Yeah, that's the one :-)
Is there a specific sub-list we should focus on? Announce? Discuss? Other?
Probably the main list, possibly discuss.
Also, how do we recognize reputable Hackerspaces from "Sketchy bunch of d00dz who think it will be totally awesome fun to pwn a bunch of Tor users?" Should we check for previous reliable Tor relays from them? Should we just not care?
It's funny this comes up now :) I know for a fact that most Dutch hackerspaces either run a tor node, or have a member running a Tor node. Their motives have never been questioned, so why start now :)
In most countries there is a foundation covering multiple hackerspaces, these are usually where you'd want to start. If you need some more contacts in the Benelux and UK area, I can lend a hand. -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, 24 Jul 2012 07:05:41 -0400 Mike jackoroses@gmail.com allegedly wrote:
in closing, don't discredit the cheaper solutions. They do work just fine and you don't need a pocket of money to throw at something. Telling the provider what you plan on doing and educating them works wonders as well. It has for me at least.
Seconded.
--------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------
Thus spake Nils Vogels (bacardicoke@gmail.com):
On Tue, Jul 24, 2012 at 9:17 AM, Mike Perry mikeperry@torproject.orgwrote:
Thus spake kupo@damnfbi.tk (kupo@damnfbi.tk):
Hey all, Have you contemplated sending this over to the hackerspaces list?
There exists THE list for hackerspaces? Well hot damn. Are these them: http://lists.hackerspaces.org/mailman/listinfo/
Also, how do we recognize reputable Hackerspaces from "Sketchy bunch of d00dz who think it will be totally awesome fun to pwn a bunch of Tor users?" Should we check for previous reliable Tor relays from them? Should we just not care?
It's funny this comes up now :) I know for a fact that most Dutch hackerspaces either run a tor node, or have a member running a Tor node. Their motives have never been questioned, so why start now :)
Yeah, I was asking a subset of Roger's parent question: "Should we fund new relays by new people, fund new relays by existing community members, or fund upgrades to existing relays by existing community members?"
I think if we just start dumping money on total strangers who have never run Tor exits before, it is less likely to lead to a stable outcome where those exits continue to exist.
In most countries there is a foundation covering multiple hackerspaces, these are usually where you'd want to start. If you need some more contacts in the Benelux and UK area, I can lend a hand.
Good suggestion. I do generally agree that hackerspaces are a great untapped potential for running more Tor nodes. It is definitely something that should be explored. Not sure who (if anyone) is tasked with driving this whole exit sponsoring initiative yet, though.
I also like the idea of favoring larger, better organized hackerspaces that are more likely to be able to continue to manage their exits over the long term.
On Tue, Jul 24, 2012 at 01:50:20PM -0700, Mike Perry wrote:
Hey all, Have you contemplated sending this over to the hackerspaces list?
There exists THE list for hackerspaces? Well hot damn. Are these them: http://lists.hackerspaces.org/mailman/listinfo/
In most countries there is a foundation covering multiple hackerspaces, these are usually where you'd want to start. If you need some more contacts in the Benelux and UK area, I can lend a hand.
Good suggestion. I do generally agree that hackerspaces are a great untapped potential for running more Tor nodes. It is definitely something that should be explored. Not sure who (if anyone) is tasked with driving this whole exit sponsoring initiative yet, though.
I also like the idea of favoring larger, better organized hackerspaces that are more likely to be able to continue to manage their exits over the long term.
I think getting hackerspaces involved is a great idea. If any of you know any, or are involved in the broader hackerspace lists, please let them know about this thread and help them get involved! The more the merrier at this point.
(I think Andy's "you probably shouldn't run your exit relay on your hackerspace's only network connection, in case your ISP unplugs it for a while" point is a good one to keep in mind too.)
Thanks, --Roger
Hi Roger, list
I want to draw your attention to a thread I've started on the tor-relays list: https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html
In short, we have a funder who wants to sponsor more and faster Tor exits, and we're brainstorming about how to use the money in a way that makes the network stronger but also doesn't screw up the "community" side of the Tor relay operator community. The first step is collecting facts about the current fast Tor exit relays.
Awesome!
It would be great if you could join the conversation and give us your perspective (either on the tor-relays list or in private, whichever you prefer). I really want to make sure the current relay operators are included in the decisions.
Also, if you are interested in sharing, it would be great to learn (separated by exit relay if you run more than one):
- What do you currently pay for hosting/bandwidth, and how much bandwidth
do you get for that?
This differs a lot, please all keep in mind, that we get supported by some of our hosters through cheaper pricing, etc. I'll try to point that out.
nforce.nl 565€ for 100TB outbound traffic on GBit, inbound is free and a second node sponsored by them. 2 Tor nodes running on each
axigy $199 for unmetered GBit (currently down due to law enforcement). This price is half of their regular rate.
limehost/voxility 104€ for unmetered, shared GBit Three Tor nodes running on it
Our 100mbit nodes are actually all sponsored. One by psilo.fr, four by defaultroute.net
- Is it a stable hosting situation? For example, how do they handle
abuse complaints so far?
We currently only use hosters, that SWIP IPs to us, as we've not made good experiences otherwise. All of our current hosters are very tolerant when it comes to abuses and can be considered stable (not counting in technical difficulties that we've had with one node).
- Is your hosting situation one where it could make sense for us to
reimburse your bandwidth costs? (Some people have a deal through their employer, friend, etc where they don't pay for hosting.)
For some of our nodes it would make sense, for others not so much. The problem we face as a non profit is, that while we get lots of donations not all of them (and especially not the larger ones, as those usually are one-time) are plannable. So essentially this would be a great opportunity for us (assumibg, that this would run uninterrupted for more than a year) to get a larger amount of long term plannable funding.
- Are you in a position to get more bandwidth if you pay more? At what
rates? We're most interested in sponsoring >=100mbit relays.
Depends on what you mean. In the sense of getting more servers: Yes, definitely. For the sake of diversity it is hard to estimate, though, as nearly every ISP has a different pricing and different reliability. It would probably be hard to find another hoster in the limehost/voxility pricerange, but I think that somewhere in between axigy and nforce is certainly doable for GBit, which would give 2-3 Tor nodes.
- Do you have other locations in mind where you would run another exit
relay if you didn't have to pay for it?
Definitely. As I've mentioned in my other email, we've got an offer for 10GBit unmetered@750€, which is kind of sweet spot performance/buck wise and I guess, that it could handle 8-12 Tor nodes performance wise to satisfy the pipe. It would be a large number of high performance nodes run by just one operator, though, so I'm unsure if it really is that great idea :-(
If we're not doing that we'll look into getting at least one other gbit node, though.
- What else should we be asking here? :)
One question, that immediately came to my mind was: How will this affect other donors?
Only time will tell, I guess and I hope that people will realize, that it is just an additional incentive to get operators to run reliable, fast nodes.
What about legal stuff?
We haven't had legal problems, so far. We're operating out of germany and have a cool lawyer, but what about others? How do they tackle the legal situation, what about covering the financial burden, if they get in legal trouble over Tor. In other words: Do we need a Tor legal fund to go with operator funding or will the community be willing/committed/able to absorb the risks.
Julian
Thanks! --Roger """
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, Jul 25, 2012 at 06:32:30PM +0200, Julian Wissmann wrote:
we've got an offer for 10GBit unmetered@750?, which is kind of sweet spot performance/buck wise and I guess, that it could handle 8-12 Tor nodes performance wise to satisfy the pipe. It would be a large number of high performance nodes run by just one operator, though, so I'm unsure if it really is that great idea :-(
I think 10gbit is too big for the current Tor network.
The total bandwidth of the network is something like 24gbit currently: https://metrics.torproject.org/network.html#bandwidth and it's more like 10gbit if you just count exits.
So it makes sense to get a bunch of 1gbit spots (to offset the couple of 1gbit spots we have already), but I think 10gbit would make things too uneven at this point.
--Roger
On 24.07.2012 00:09, Roger Dingledine wrote:
- What do you currently pay for hosting/bandwidth, and how much bandwidth
do you get for that?
109 Euro for Gbit in Romania (Voxility/Limehost) $400 each for Gbit in Budapest and USA (Axigy)* 300 Euro for 200 Mbps in Sweden 375 Euro for 200TB (~800 Mbps) in Netherlands (NForce)
*) currently down, should be back up within the next two months
- Is it a stable hosting situation? For example, how do they handle
abuse complaints so far?
All good.
- Is your hosting situation one where it could make sense for us to
reimburse your bandwidth costs? (Some people have a deal through their employer, friend, etc where they don't pay for hosting.)
Totally.
- Are you in a position to get more bandwidth if you pay more? At what
rates? We're most interested in sponsoring >=100mbit relays.
Yes, at likely the same rates.
- Do you have other locations in mind where you would run another exit
relay if you didn't have to pay for it?
At the moment: No.
On 30.07.2012, at 12:54, Moritz Bartl moritz@torservers.net wrote:
On 24.07.2012 00:09, Roger Dingledine wrote:
- What do you currently pay for hosting/bandwidth, and how much bandwidth
do you get for that?
109 Euro for Gbit in Romania (Voxility/Limehost) $400 each for Gbit in Budapest and USA (Axigy)* 300 Euro for 200 Mbps in Sweden 375 Euro for 200TB (~800 Mbps) in Netherlands (NForce)
You have to well differentiate here if you get shared traffic or dedicated one. In othe rwords if you pay 109€ for 1GBit you are unlikely able fill that gigabit 95% of the time. And the forth offer is for transferred traffic not speed.
In international wholesale, prices per megabit range from 1€ - 50€ depending on location. Those are dedicated backbone prices so for a fully dedicated 1Gbps, you should expect a minimum of 1000€. Otherwise you simply get overbooked connectivity
On 30.07.2012 12:57, Andreas Fink wrote:
109 Euro for Gbit in Romania (Voxility/Limehost) $400 each for Gbit in Budapest and USA (Axigy)* 300 Euro for 200 Mbps in Sweden 375 Euro for 200TB (~800 Mbps) in Netherlands (NForce)
You have to well differentiate here if you get shared traffic or dedicated one.
I don't know how they do it, but we get 600-800 Mbps constantly since properly configuring the nodes at Limehost. Axigy provides dedicated Gbit at that price to us as sponsorship - same for NForce (actually their deal is 2x100TB outbound, inbound free).
In othe rwords if you pay 109€ for 1GBit you are unlikely able fill that gigabit 95% of the time.
See http://voxility1.torservers.net/vnstat_d.png and http://voxility1.torservers.net/vnstat.png (pretty constant daily pattern)
In international wholesale, prices per megabit range from 1€ - 50€ depending on location.
That's why we go with ISPs who do a mixed calculation. Say, one in ten customers uses the full Gbit.
On 30.07.2012, at 13:03, Moritz Bartl moritz@torservers.net wrote:
On 30.07.2012 12:57, Andreas Fink wrote:
109 Euro for Gbit in Romania (Voxility/Limehost) $400 each for Gbit in Budapest and USA (Axigy)* 300 Euro for 200 Mbps in Sweden 375 Euro for 200TB (~800 Mbps) in Netherlands (NForce)
You have to well differentiate here if you get shared traffic or dedicated one.
I don't know how they do it, but we get 600-800 Mbps constantly since properly configuring the nodes at Limehost. Axigy provides dedicated Gbit at that price to us as sponsorship - same for NForce (actually their deal is 2x100TB outbound, inbound free).
Then they are giving away bandwidth below cost or you profit of the fact that most of their other customers are not doing anything.
In othe rwords if you pay 109€ for 1GBit you are unlikely able fill that gigabit 95% of the time.
See http://voxility1.torservers.net/vnstat_d.png and http://voxility1.torservers.net/vnstat.png (pretty constant daily pattern)
In international wholesale, prices per megabit range from 1€ - 50€ depending on location.
That's why we go with ISPs who do a mixed calculation. Say, one in ten customers uses the full Gbit.
True but then you are simply using empty capacity of the others which is not guaranteed to you. So if the other customers start pumping your connection speed drops.
True but then you are simply using empty capacity of the others which is not guaranteed to you. So if the other customers start pumping your connection speed drops.
Not necessarily if we are on a dedicated Gbit port (which we are at least at Axigy) and the ISP has enough upstream capacity. Limehost now only offers "best effort" shared Gbit. Back when we ordered our server, it clearly said dedicated Gbit.
Also, we don't really care as the deals have already paid out. We only make monthly contracts so we can easily move in case something happens. There's no reason to pay extra just because.
My strategy was to go through web hosting forums and pick out very cheap ISPs. FDCservers for example claims to give away "enterprise 10Gbit, dedicated port" for $599 at the moment. Who cares if it's "just" 2Gbps in the end. It's still a great deal. We have been kicked from FDC in the past and they don't have RIPE IPs so we're not going after that deal - it might still be good for running some fast non-exit relays.
On 30.07.2012 13:27, Moritz Bartl wrote:
We have been kicked from FDC in the past
With only port 80, 443, 554, and 1755 open, this might be different and worth a try. Same goes for the similar offer for shared 10 Gbps by Limehost.
On 07/30/2012 11:53 AM, Moritz Bartl wrote:
On 30.07.2012 13:27, Moritz Bartl wrote:
We have been kicked from FDC in the past
With only port 80, 443, 554, and 1755 open, this might be different and worth a try. Same goes for the similar offer for shared 10 Gbps by Limehost.
It wouldn't be different. FDC threatened to cancel my account after several complaints of spamming via webmail. (I was using the Reduced Exit Policy found on Tor's website.) They only backed down after I changed my exit node into a middle node.
Allowing exits from ports 80 and 443 will always carry the risk of abuse complaints.
It would be better to retain 80 and 443 as exit ports and just block traffic to the Google/Yahoo/AOL/etc. mail servers but I don't how that could be done with their respective load-balancing schemes.
On Mon, 30 Jul 2012 18:51:35 -0400 Steve Snyder swsnyder@snydernet.net allegedly wrote:
Allowing exits from ports 80 and 443 will always carry the risk of abuse complaints.
It would be better to retain 80 and 443 as exit ports and just block traffic to the Google/Yahoo/AOL/etc. mail servers but I don't how that could be done with their respective load-balancing schemes.
IP address based policy is tricky to use when large systems can use wide address ranges. And these addresses change over time.
Question for tor developers. How hard would it be to change the logic (and syntax) of exit policy in tor to allow domain based formulations like:
reject *.gmail.com reject *aol.com
etc.
Mick --------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------
On 31.07.2012 12:21, mick wrote:
Question for tor developers. How hard would it be to change the logic (and syntax) of exit policy in tor to allow domain based formulations like:
reject *.gmail.com reject *aol.com
We see webmail based spam reports from all kinds of addresses. The better approach is to use ISPs that don't get upset by such reports.
On Tue, Jul 31, 2012 at 11:21:01AM +0100, mick wrote:
Question for tor developers. How hard would it be to change the logic (and syntax) of exit policy in tor to allow domain based formulations like:
reject *.gmail.com reject *aol.com
Very hard.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Exitpoliciesshouldb...
--Roger
On Mon, Jul 23, 2012 at 2:58 PM, Roger Dingledine arma@mit.edu wrote:
Open questions we need to decide about:
- What exactly would we pay for?
As you said, reimbursing users for hosting is probably the best idea here, however, we also don't want to get in the situation where users feel that they _must_ be reimbursed to run an exit relay. What happens if the sponsors funding dries up in a year and no one wants to donate bandwidth anymore?
Perhaps only registered companies should be sponsored — as much as I hate to limit the scope of the project, I think this (might) prevent abuse to a certain extent. Individuals who wanted to run an exit relay of their own could still do so, they would just have to use some of the money to form an LLC (or whatever their countries equivalent is if the scope of this project extends outside of the US). This gives them a bit more of an incentive to separate their Tor node form their personal server/computing resources (in the form of limited liability), which they should probably be doing anyways.
I think we should aim to constrain ourselves to talking about >=100mbit exits
I disagree; as others have said, lots of 10mbit relays will do as much for the network as a few 100mbit relays. Most peoples use case is simply checking email, browsing the web, reading news, etc. which don't necessarily need a huge 100mbit relay.
- Should we fund existing relays or new ones?
It's probably not wise to distinguish between the two. If you only fund new relays, you may see a lot of old relays shut down (and then restarted as "new relays" to get funding). So you might as well just sponsor both. More thoughts on this in a bit.
- Should we prefer big collectives like torservers, noisetor, CCC,
dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan.
"Explore both approaches" sounds good; I think we'll find that operator diversity leads to a healthier (more anonymous) network. Again, I lean towards small guys that will run a few nodes at different data centers, but not Sole proprietorship's.
- For existing relays who pay for hosting…
Picking a certain monthly transfer target might solve this; so existing relays that are fast could apply for aid, and it would give slower relays incentive to speed up. The challenge then becomes, where do we set this cutoff? I'm inclined to think it could be kept relatively low and still be very beneficial for the network.
the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
This is the core of the entire discussion. We might also consider only funding relays in areas where we need the diversity by taking into account…
There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdictional (country) diversity, funding diversity, data-center diversity, and more.
…this stuff.
- How do we audit / track the sponsored relays?
How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money).
Probably better to monitor this carefully from the get-go. Sponsors like to know where their money is going, and continued funding could hinge on it.
Then I'll send individual emails to exit relay operators pointing them to it and asking for their feedback
Consider asking some of the faster / more stable non-exit relay operators as well. Many of these folks (myself included) have run an exit relay at one point or another and stopped—or want to run an exit but won't—because of the financial burden, or because of legal ramifications, etc.
Some of them might want to run an exit relay, or change their existing nodes to exit relays if they could only get a bit of funding to help cover bandwidth and separate their personal resources / business from their exit node(s) (via a new server, or a separate business entity, etc.)
Best, Sam
I am impressed with the amount of good discussion so far, in stead of the ' mine is better than yours ' syndrome or ' i know more than you ' .
Along with what has been discussed and beginning proposals so far, in the infancy here, What about finding a way, if not to much of a headache, trying to utilize some of the exit relays we already have that their allocated bandwidth is not being used now.
I know their are some factor that need to be considered, and the latest is the balancing that was recently incorporated into the Tor system, which was brought up in earlier threads.
It would be nice for those people that already have a server running, that have the sources to be able to use more of their bandwidth.
I can only speak for my self here, but I know that I had hoped that when I started a exit relay, that more of my bandwidth would be used. Which at the present on a dedicated server is at very minimal usage..
Just food for thought :)
Jon
I largely agree with Sam, I just want to make some additions, here.
On Mon, Jul 23, 2012 at 2:58 PM, Roger Dingledine arma@mit.edu wrote:
Open questions we need to decide about:
- What exactly would we pay for?
As you said, reimbursing users for hosting is probably the best idea here, however, we also don't want to get in the situation where users feel that they _must_ be reimbursed to run an exit relay. What happens if the sponsors funding dries up in a year and no one wants to donate bandwidth anymore?
Perhaps only registered companies should be sponsored — as much as I hate to limit the scope of the project, I think this (might) prevent abuse to a certain extent. Individuals who wanted to run an exit relay of their own could still do so, they would just have to use some of the money to form an LLC (or whatever their countries equivalent is if the scope of this project extends outside of the US). This gives them a bit more of an incentive to separate their Tor node form their personal server/computing resources (in the form of limited liability), which they should probably be doing anyways.
Please don't forget non profits, like 501(c)3, under which probably many hackerspaces in the US fall or the german e.V., like Zwiebelfreunde e.V., who run torservers.net. In general this is the right direction to go. I think organizations are most likely to be the most reliable partners for this, and they are easy enough to establish. Organizations have their own accounting, usually donations to them are tax deductible, and they are normally run by more than one person, which allows for a certain scalability by sharing work. Overall, this gives them, and you more transparency and I think, that makes stuff like 501(c)3 or whatever equivalent in any other other country near perfect for everyone involved in this.
I think we should aim to constrain ourselves to talking about >=100mbit exits
I disagree; as others have said, lots of 10mbit relays will do as much for the network as a few 100mbit relays. Most peoples use case is simply checking email, browsing the web, reading news, etc. which don't necessarily need a huge 100mbit relay.
I disagree again. We're on the verge of cheap,affordable 10GBit (as in torservers has just gotten an offer for unlimited traffic 10GBit for $750 with SWIP from a hoster who seems Tor friendly). This means, that 100mbit is getting cheaper and cheaper, as does GBit. 100mbit already comes at a price diadvantage compared to gbit, we don't nead to start on cost-effectiveness of 10mbit, not to mention that many people in the west could run 10mbit nodes from home by now.
- Should we fund existing relays or new ones?
It's probably not wise to distinguish between the two. If you only fund new relays, you may see a lot of old relays shut down (and then restarted as "new relays" to get funding). So you might as well just sponsor both. More thoughts on this in a bit.
Exactly.
- Should we prefer big collectives like torservers, noisetor, CCC,
dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan.
"Explore both approaches" sounds good; I think we'll find that operator diversity leads to a healthier (more anonymous) network. Again, I lean towards small guys that will run a few nodes at different data centers, but not Sole proprietorship's.
Maximize diversity, definitely, but do the organizations approach at the same time. Counting in hackerspaces and the existing organizations running Tor nodes should give enough diversity for a start, while going organizations only will (hopefully) encourage more people to establish organizations around Tor.
- For existing relays who pay for hosting…
Picking a certain monthly transfer target might solve this; so existing relays that are fast could apply for aid, and it would give slower relays incentive to speed up. The challenge then becomes, where do we set this cutoff? I'm inclined to think it could be kept relatively low and still be very beneficial for the network.
the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
This is the core of the entire discussion. We might also consider only funding relays in areas where we need the diversity by taking into account…
There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdictional (country) diversity, funding diversity, data-center diversity, and more.
…this stuff.
- How do we audit / track the sponsored relays?
How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money).
Probably better to monitor this carefully from the get-go. Sponsors like to know where their money is going, and continued funding could hinge on it.
My opinion, too. Sponsors like to see whats going on and they also like to hear from you on a regular basis.
Julian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 07/25/2012 12:34 PM, Julian Wissmann wrote:
Please don't forget non profits, like 501(c)3, under which probably many hackerspaces in the US fall or the german e.V., like Zwiebelfreunde e.V., who run torservers.net http://torservers.net/.
Absolutely! I meant to use LLC's as an example as they are much easier to form than a 501(c)3 exempt organization, but my wording was poor. I intended that to be read, "any company that's not a sole proprietorship."
I disagree again. We're on the verge of cheap,affordable 10GBit (as in torservers has just gotten an offer for unlimited traffic 10GBit for $750 with SWIP from a hoster who seems Tor friendly). This means, that 100mbit is getting cheaper and cheaper, as does GBit. 100mbit already comes at a price diadvantage compared to gbit, we don't nead to start on cost-effectiveness of 10mbit, not to mention that many people in the west could run 10mbit nodes from home by now.
Perhaps you're right; has anyone done any network simulations or run any tests to see what would be better for network latency and/or anonymity (more low-throughput relays, or a few larger relays)?
Regardless, I don't think the speed/bandwidth cap (if there is one) should be set too high. In many countries it may be difficult—if not impossible—to run a 10, or even a 1GBit node. As great as lots of 1(0+)GBit nodes would be, we don't want to end up with plenty of nodes in the USA, GB, Germany, etc. and very few elsewhere. Geographic diversity is also extremely important for the project. That being said, if we can get good geographic diversity while only paying for larger nodes it might be more cost-effective. Again, this might need (further?) research.
—Sam
- -- Sam Whited pub 4096R/EC2C9934
SamWhited.com sam@samwhited.com 404.492.6008
On Tue, Jul 24, 2012 at 10:49:49AM -0400, Sam Whited wrote:
Perhaps only registered companies should be sponsored ??? as much as I hate to limit the scope of the project, I think this (might) prevent abuse to a certain extent. Individuals who wanted to run an exit relay of their own could still do so, they would just have to use some of the money to form an LLC (or whatever their countries equivalent is if the scope of this project extends outside of the US).
I think encouraging people to create an organization around their exit(s) is fine, but ultimately I'd prefer to leave it up to them how they want to organize.
For example, there are several exits running in great hosting locations based on handshake agreements with a friend at the ISP. That seems at least as stable as somebody who sets up an LLC to pay some ISP whose abuse department doesn't know or care about Tor. Ideally we'd have both.
I think we should aim to constrain ourselves to talking about >=100mbit exits
I disagree; as others have said, lots of 10mbit relays will do as much for the network as a few 100mbit relays. Most peoples use case is simply checking email, browsing the web, reading news, etc. which don't necessarily need a huge 100mbit relay.
Remember that there are 500000+ Tor clients running now, with only 3000 relays (and considering weights, it's way less than 3000). So while 10mbit should indeed be enough for most clients, if you try to squeeze 500 clients through a 10mbit connection, it works way way less well than squeezing them through a 100mbit connection.
The "small pipe" issue is exacerbated by our end-to-end flow control issues: http://freehaven.net/anonbib/#pets2011-defenestrator https://trac.torproject.org/projects/tor/ticket/4486
Consider asking some of the faster / more stable non-exit relay operators as well. Many of these folks (myself included) have run an exit relay at one point or another and stopped???or want to run an exit but won't???because of the financial burden, or because of legal ramifications, etc.
Good idea. Once I catch up with all the private mails from exit relay operators (yay), I'll send out another burst to the operators of large non-exit relays.
--Roger
Hi,
I am not in the position to comment on what would be good for the network, there are others more knowledgeable - like yourself. There's not much to add to your remarks. Having said that, I can comment on what I would change for me.
I am currently providing a fast exit node on a colocated server I already was running. It's using spare traffic and bandwidth. Current limitations are based on the policy "use anything that's left, as long as it doesn't cost me any bucks". I am more than happy to spend time and effort in running relays, but I don't have the budget to pay for more.
- Should we fund existing relays or new ones?
I would be able to help out with both. For me there would be at least three scenario's.
1) If there's reimbursement for (additional traffic on) existing relays, I would be able to add more traffic a month on my current relay. I would increase the limits on bandwidth and traffic. That way, an existing relay would be able to do more traffic.
2) If there's reimbursement for everything that is needed to run a relay, I would be able to add a new server. I would find other ISP's that sell VPS's or, when I would be able to get a new box, I could add another one at my current ISP. That way, a new relay would be added.
3) If there's reimbursement for even more, I would set up a non-proft foundation running multiple nodes. These nodes would ideally be spread amongst a couple of ISP's. That way, I would be able to add a couple of new relays.
More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
Given the above scenario's the sustainability largely depends on the scale. For example, when I would be reimbursed for the additional costs of the additional traffic, I can easily back down after 12 months. When running a foundation it would be more difficult to simply quit just because the sponsoring comes to a halt. On the other hand, a foundation would be run by multiple people, and as long as there is money to cover the costs of the relays, it would be a lot more stable than a number of smaller nodes.
- How do we audit / track the sponsored relays?
How should we check that your 100mbit relay is really working? What do we measure to confirm its capacity? To a first approximation I'm fine assuming that nobody is going to try to cheat (say, by colluding with an ISP to write legit-looking invoices but then just split the money).
And what happens if there's doubt about the node someone is running? For a starter, maybe a solution would be: individuals are reimbursed a limited amount only, where larger amounts is available to legally registered foundations.
Hi,
What can I say that hasn't been said by others before... :)
We are in contact with reliable ISPs with endpoints in various countries. They would be willing to cooperate on exits at these locations. We have not yet talked about prices.
I would say we (as in Torservers.net) are in the position to run multiple Gbit/s servers for prices at below $1/Mbit at "not your typical ISP". In theory, we would be able to fulfill the 12.5 Gbit/s alone. We're about to test a 10Gbit uplink with a Xeon behind it to find out how far we can push a single server.
That said, we should discuss and come up with a good organizational structure to reimburse people. Personally, I would only sponsor 100 Mbit/s or more (or maybe even only Gbit). I would set up a template that asks for ISP information, so we can reject too many exits at one place (say, a maximum of 1 Gbit/s or even one server per datacenter?).
Do you plan on reimbursing up front for a longer period, or only after? We would likely need the money up front at least on a monthly basis.
Another option we have that might be more convenient is to decide on the twelve/thirteen server locations up front and then ask the community to fill the slots.
Given that there are places where you get Gbit for around or less than $500, we could use the "extra money" to fund some slower locations. I would very much like to see a high-bandwidth Iceland exit. The last quote I got was 500 Euro for 200 Mbit/s (including hardware) at Advania/ThorDC.
On 26.07.2012 16:14, Moritz Bartl wrote:
That said, we should discuss and come up with a good organizational structure to reimburse people. Personally, I would only sponsor 100 Mbit/s or more (or maybe even only Gbit).
To make this more explicit: I opt to have 13 organizations/people running 1 Gbit/s each. If an organization already runs 1 Gbit/s or more from other funding (like CCC and Torservers), they are not eligible for receiving a node stipend.
Hi Moritz, We should probably talk further then since I'm _in_ Iceland atm and would also like to see a high capacity node here. May I ask for your reasoning though? A lot of people on both sides of the pond have believed that IMMI https://en.wikipedia.org/wiki/IMMI has been passed here already when it has in fact not (yet). I'm in touch with those trying to pass it and it comes up for major review in september. Have you tried talking to DataCell http://www.datacell.com/? They would be much more open to running an Exit node and if you talked to them personally might be able to offer some discounted rate here. -kupo
On 07/26/2012 02:14 PM, Moritz Bartl wrote:
Hi,
What can I say that hasn't been said by others before... :)
We are in contact with reliable ISPs with endpoints in various countries. They would be willing to cooperate on exits at these locations. We have not yet talked about prices.
I would say we (as in Torservers.net) are in the position to run multiple Gbit/s servers for prices at below $1/Mbit at "not your typical ISP". In theory, we would be able to fulfill the 12.5 Gbit/s alone. We're about to test a 10Gbit uplink with a Xeon behind it to find out how far we can push a single server.
That said, we should discuss and come up with a good organizational structure to reimburse people. Personally, I would only sponsor 100 Mbit/s or more (or maybe even only Gbit). I would set up a template that asks for ISP information, so we can reject too many exits at one place (say, a maximum of 1 Gbit/s or even one server per datacenter?).
Do you plan on reimbursing up front for a longer period, or only after? We would likely need the money up front at least on a monthly basis.
Another option we have that might be more convenient is to decide on the twelve/thirteen server locations up front and then ask the community to fill the slots.
Given that there are places where you get Gbit for around or less than $500, we could use the "extra money" to fund some slower locations. I would very much like to see a high-bandwidth Iceland exit. The last quote I got was 500 Euro for 200 Mbit/s (including hardware) at Advania/ThorDC.
On 26.07.2012 18:05, kupo@damnfbi.tk wrote:
Hi Moritz, We should probably talk further then since I'm _in_ Iceland atm and would also like to see a high capacity node here. May I ask for your reasoning though?
Country/legal diversity.
Have you tried talking to DataCell?
No, I have not yet.
Contrary to what has been posted on the list: Yes, we could afford higher priced bandwidth than the average person, but we don't want to: We are still committed to using donations for cheap bandwidth. Without an additional "dedicated" Iceland sponsor, I don't feel I should touch our current money for that.
On Thu, 26 Jul 2012 16:05:53 +0000 kupo@damnfbi.tk wrote:
We should probably talk further then since I'm _in_ Iceland atm and would also like to see a high capacity node here. May I ask for your reasoning though? A lot of people on both sides of the pond have believed that IMMI https://en.wikipedia.org/wiki/IMMI has been passed here already when it has in fact not (yet). I'm in touch with those trying to pass it and it comes up for major review in september. Have you tried talking to DataCell http://www.datacell.com/?
I talked to Datacell roughly a year ago. They were fine with an exit relay, but at the time were distracted by suing Visa.
The only issue was pure cost. Traffic leaving Iceland costs a lot. I wasn't prepared to spend ISK300,000 per month for a 100 mbps exit relay.
Maybe times have changed and traffic from Iceland is not so expensive anymore.
On 26.07.2012, at 19:52, Andrew Lewman andrew@torproject.is wrote:
On Thu, 26 Jul 2012 16:05:53 +0000 kupo@damnfbi.tk wrote:
We should probably talk further then since I'm _in_ Iceland atm and would also like to see a high capacity node here. May I ask for your reasoning though? A lot of people on both sides of the pond have believed that IMMI https://en.wikipedia.org/wiki/IMMI has been passed here already when it has in fact not (yet). I'm in touch with those trying to pass it and it comes up for major review in september. Have you tried talking to DataCell http://www.datacell.com/?
I talked to Datacell roughly a year ago. They were fine with an exit relay, but at the time were distracted by suing Visa.
The only issue was pure cost. Traffic leaving Iceland costs a lot. I wasn't prepared to spend ISK300,000 per month for a 100 mbps exit relay.
Maybe times have changed and traffic from Iceland is not so expensive anymore.
Traffic from Iceland is still relatively expensive. However we could host some machines in other places where we interconnect on internet exchanges. We are still distracted by suing Visa due to Wikileaks case but that doesn't stop us doing good business.
I believe we have a couple of users running tor on their VM's. Not sure if exit or not. But the first law enforcement request (identify the owner) was already in (however not in proper format and from the wrong country so we didn't have to answer it anyway. They couldn't even read whois entries correctly or use traceroute to get an idea where the server really is).
Andreas Fink CEO DataCell ehf
-- Andrew http://tpo.is/contact pgp 0x6B4D6475 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, 26 Jul 2012 20:08:05 +0200 Andreas Fink afink@datacell.com wrote:
Traffic from Iceland is still relatively expensive. However we could host some machines in other places where we interconnect on internet exchanges.
Is this true for IPv6 too? I've found asking for IPv6-only servers is almost free, because ISPs are trying to justify their investment of IPv6-capable equipment. And having a customer run IPv6 without needing IPv4 address space is a unicorn.
Andreas Fink:
On 26.07.2012, at 19:52, Andrew Lewman andrew@torproject.is wrote:
On Thu, 26 Jul 2012 16:05:53 +0000 kupo@damnfbi.tk wrote:
We should probably talk further then since I'm _in_ Iceland atm and would also like to see a high capacity node here. May I ask for your reasoning though? A lot of people on both sides of the pond have believed that IMMI https://en.wikipedia.org/wiki/IMMI has been passed here already when it has in fact not (yet). I'm in touch with those trying to pass it and it comes up for major review in september. Have you tried talking to DataCell http://www.datacell.com/?
I talked to Datacell roughly a year ago. They were fine with an exit relay, but at the time were distracted by suing Visa.
The only issue was pure cost. Traffic leaving Iceland costs a lot. I wasn't prepared to spend ISK300,000 per month for a 100 mbps exit relay.
Maybe times have changed and traffic from Iceland is not so expensive anymore.
Traffic from Iceland is still relatively expensive. However we could host some machines in other places where we interconnect on internet exchanges. We are still distracted by suing Visa due to Wikileaks case but that doesn't stop us doing good business.
I believe we have a couple of users running tor on their VM's. Not sure if exit or not. But the first law enforcement request (identify the owner) was already in (however not in proper format and from the wrong country so we didn't have to answer it anyway. They couldn't even read whois entries correctly or use traceroute to get an idea where the server really is).
Hi Andreas,
Thanks for continuing to sue Visa and thanks for your support of well, everything you seem to support.
If we wanted to collectively pool some cash and pay for 100Mb or 1Gb of bandwidth on a rented machine, specifically as a Tor exit - what would you want to see from the Tor community in terms of a monthly payment?
All the best, Jacob
Roger Dingledine:
- Should we prefer big collectives like torservers, noisetor, CCC,
dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan.
You should explore both approaches, but expect that individuals that haven't run an exit before - but are willing to do so - could require more support.
I could imagine that interested people would be concerned about abuse complaints. Finding an reasonable ISP is another problem. I'm quite confident that the Tor community would assist, but don't know how it could be organized.
- Does the overall Tor network change legal categories in some
country, e.g. becoming a telecommunications service when it wasn't before?
I wonder what would happen when Tor had "official abuse devisions", where some people care about the abuse complaints the Tor network "produces". Compared to "TelcoUK" and "TelcoUS" where each "Telco" reacts to abuse complaints. Could that make Tor a telecommunications service?
Everything else has mostly said, I guess.
Regards, Sebastian
On Mon, 23 Jul 2012 14:58:54 -0400 Roger Dingledine arma@mit.edu allegedly wrote:
The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. https://trac.torproject.org/projects/tor/ticket/6443
That cannot be good for the health of the network. It reduces the size and complexity of the attackers target.
Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays.
If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users.
Improving diversity (rather than outright speed) is, in my view, a greater priority given your point above.
We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.
Forgive me, but what do they want in return? ("He who pays the piper...")
I'm ambivalent about the idea of funding. Whilst I can see that it might help the Tor network to grow, I see downstream problems if funding dries up (or is "threatened" to be withdrawn). Whilst volunteer funding (and resourcing) can probably never provide the size and speed of network we would all like to see, it has the advantage of freedom from a lot of potential constraints. Being a Brit, I also prefer the model of "unpaid blood donation" to the commercial model used in some countries. (It just makes you feel good....)
More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine.
I agree 100%
Mick
--------------------------------------------------------------------- blog: baldric.net fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
Note that I have recently upgraded my GPG key see: http://baldric.net/2012/07/20/gpg-key-upgrade/ ---------------------------------------------------------------------
On Thu, Jul 26, 2012 at 07:34:14PM +0100, mick wrote:
We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.
Forgive me, but what do they want in return? ("He who pays the piper...")
Part of BBG's job is to make sure that everybody in the world can reach their content for Voice of America, Persian News Network, etc. Certain countries censor those websites, so they need tools like Tor that let people reach their websites anyway.
The individuals we're working with at BBG are sympathetic to the notion that security is an important component of circumvention: https://svn.torproject.org/svn/projects/articles/circumvention-features.html But when centralized-design tools like Ultrasurf put all their energy into performance and little into security: https://blog.torproject.org/blog/ultrasurf-definitive-review this disparity in performance overshadows the disparity in security, making it harder for them to justify recommending Tor. So they want to make the Tor network more pleasant for their users.
So long as we don't lose track of the fact that anonymity loves company (we need Tor to work well for all sorts of users in all sorts of locations), it's a great match.
--Roger
- What exactly would we pay for?
Agree on 100+ mbps exit node funding. Also agree with Moritz's suggestion that there be a form that limits fund disbursement on a per-ISP level, to encourage ISP diversity (and contribute to the discovery of new "known good" ISPs for tor).
*Continued* funding should be contingent on *simple* review requirements (e.g. node must be up and passing decent traffic during period, fund recipient must document experience with ISP on GoodBadISP wiki page, etc) without making it a paperwork nightmare.
- Should we fund existing relays or new ones?
Difficult question. Would say allow both, with the agreement that anyone those running existing relays agree to improve service in some way (increase monthly b/w cap, set up an additional node [even if it's a small vps that doesn't require the amount of money funded], etc). This would allow our big important providers to offset some of their existing costs while still expanding the network (even if it's in nominal terms in limited circumstances).
If there's suspected abuse, run a annual/semiannual funding review, but I imagine those gaming the system are more likely to be small players than the larger, established providers who were running nodes without any help.
- What exactly do we mean by diversity?
I would look at this almost entirely from a jurisdictional and ISP level. I believe the biggest "sudden impact" threats to the tor network are going to be from legal changes (jurisdictional, i.e. "save the children, nullroute the nodes") and local business policy changes ("sorry tor customers, no more tor egress from our DC due to complaints").
Other threats are more likely to occur slowly, requiring less focus on pre-planning.
- How much "should" an exit relay cost?
$150/mo minimum. I pay roughly $130/mo with limehost/voxility, and they're almost the cheapest physical servers & bandwidth to be had on the internet. Western Europe, US, & Asian locations are going to be more expensive for a quality provider. Perhaps offer different funding amounts based on the ISP's region?
Also, review funding minimums and maximums every 3-6 months -- I think that as VPS providers become more competitive and reliable for tor purposes (i.e. losing the metering), this is going to could change very favorably.
- How exactly should we choose which exit relay operators to reimburse?
I think history is a good metric for determining how successfully an operator will be in setting up a new node. If you get money to one of a the major operators on the condition of setting up a new node, I don't think they will have trouble setting up a new node. If you give it to new guy, you had better have strong a strong indication that they have the skills necessary to handle becoming an overnight systems administrator.
- How do we audit / track the sponsored relays?
Are there any known weaknesses with just checking the stats pages? Require those selected for funds to register their node nicknames, then check to see if they're online (and passing a reasonable amount of traffic) couple time a month (or week, or day... whatever).
- Legal questions?
Really should ask friendly lawyer blogs about this one. Given the million different jurisdictions involved with tor, there's probably no safe answer, but I would suggest phrasing everything as a "reimbursement" or "award" rather than a payment to try and limit any perception that this is a commercial activity. State in the agreement that the funds are not to be used for commercial purposes, or something similar, and that they do not constitute a commercial relationship between funder and fundee.
Excuse me, as I'm rather new to mailing lists an the sort, but I've been tailing the conversation on and off the last few days.
I'm currently using Secured Servers through PheonixNAP as my dedicated provider. I've used them for roughly a year now and have had no real problems. They are located in Pheonix, Arizona.
Bandwidth through them is relatively cheap. I'm paying $25/month for a 1Gbps line with 15TB of bandwidth. $10 for the 1Gbps line itself, then $1/TB of bandwidth I need per month. The overall cost of my server is around $170/month. It is a quad core Xeon E3-1270 with 16GB of RAM and a 2TB hard disk. It's obviously not just for a Tor relay, but it is more than powerful enough to run one.
I had contacted one of my techs twice in the past and asked for confirmation that they would not have any problems with me running a Tor exit node on my server. I explained what Tor was, and explained what running an exit node would likely entail. They stated that they would not have a problem with it unless it caused a large amount of abuse reports in a short time span, and if it did, they would simply ask me to take it offline or take steps to reduce the rate of abuse reports, but he said it would likely not be a problem as long as I was not hosting anything illegal myself.
I have not talked to them regarding a SWIP on my IP range, but they seem like they might be willing to at least negotiate. They had no problems setting me up with Microsoft's JMRP (Junk Mail Reporting Program), which forwards all Hotmail/MSN abuse complaints to me personally.
Regardless, they're one of the most affordable dedicated hosting providers I've used, and I'm quite happy with their service. They may be a viable option for running TOR Relays, but I cannot 100% guarantee they will have no problems with it. It may be worth calling or e-mailing them yourselves to inquire further.
(If you don't mind me sending my affiliate link and using it if you decide to purchase from them, it would be greatly appreciated,) http://www.securedservers.com/396.html
Regular links to SecuredServers/PheonixNAP, http://www.securedservers.com/ http://www.securedservers.com/index.php http://www.phoenixnap.com/
On 07/26/2012 08:23 PM, Name Withheld wrote:
1) What exactly would we pay for?Agree on 100+ mbps exit node funding. Also agree with Moritz's suggestion that there be a form that limits fund disbursement on a per-ISP level, to encourage ISP diversity (and contribute to the discovery of new "known good" ISPs for tor).
*Continued* funding should be contingent on *simple* review requirements (e.g. node must be up and passing decent traffic during period, fund recipient must document experience with ISP on GoodBadISP wiki page, etc) without making it a paperwork nightmare.
2) Should we fund existing relays or new ones?Difficult question. Would say allow both, with the agreement that anyone those running existing relays agree to improve service in some way (increase monthly b/w cap, set up an additional node [even if it's a small vps that doesn't require the amount of money funded], etc). This would allow our big important providers to offset some of their existing costs while still expanding the network (even if it's in nominal terms in limited circumstances).
If there's suspected abuse, run a annual/semiannual funding review, but I imagine those gaming the system are more likely to be small players than the larger, established providers who were running nodes without any help.
4) What exactly do we mean by diversity?I would look at this almost entirely from a jurisdictional and ISP level. I believe the biggest "sudden impact" threats to the tor network are going to be from legal changes (jurisdictional, i.e. "save the children, nullroute the nodes") and local business policy changes ("sorry tor customers, no more tor egress from our DC due to complaints").
Other threats are more likely to occur slowly, requiring less focus on pre-planning.
5) How much "should" an exit relay cost?$150/mo minimum. I pay roughly $130/mo with limehost/voxility, and they're almost the cheapest physical servers & bandwidth to be had on the internet. Western Europe, US, & Asian locations are going to be more expensive for a quality provider. Perhaps offer different funding amounts based on the ISP's region?
Also, review funding minimums and maximums every 3-6 months -- I think that as VPS providers become more competitive and reliable for tor purposes (i.e. losing the metering), this is going to could change very favorably.
6) How exactly should we choose which exit relay operators to reimburse?I think history is a good metric for determining how successfully an operator will be in setting up a new node. If you get money to one of a the major operators on the condition of setting up a new node, I don't think they will have trouble setting up a new node. If you give it to new guy, you had better have strong a strong indication that they have the skills necessary to handle becoming an overnight systems administrator.
7) How do we audit / track the sponsored relays?Are there any known weaknesses with just checking the stats pages? Require those selected for funds to register their node nicknames, then check to see if they're online (and passing a reasonable amount of traffic) couple time a month (or week, or day... whatever).
8) Legal questions?Really should ask friendly lawyer blogs about this one. Given the million different jurisdictions involved with tor, there's probably no safe answer, but I would suggest phrasing everything as a "reimbursement" or "award" rather than a payment to try and limit any perception that this is a commercial activity. State in the agreement that the funds are not to be used for commercial purposes, or something similar, and that they do not constitute a commercial relationship between funder and fundee.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
- What exactly do we mean by diversity?
I would look at this almost entirely from a jurisdictional and ISP level. I believe the biggest "sudden impact" threats to the tor network are going to be from legal changes (jurisdictional, i.e. "save the children, nullroute the nodes") and local business policy changes ("sorry tor customers, no more tor egress from our DC due to complaints").
I'm not sure which thread I mentioned this on so I'll put it here to be sure. I think one main thing needed is a project to catalog all the current exits as to their diversity... Box: ISP/hoster, AS, datacenter, country, upstream AS/Tier-n path, relay-operator Relay-operator: country
Without that, seems like placing nodes amounts to, 'Well, we don't have any in Iran, let's go there'. If it turns out that IP is more or less fed as a courtesy from UAE across the gulf, there's not much gain. Repeat analysis for any of the above parameters.
More nodes are probably good, just not all as USA, Equinix, Level3, with whatever hoster has a rack in all the DC's.
Hi Roger,
On Mon, Jul 23, 2012 at 02:58:54PM -0400, Roger Dingledine wrote:
Open questions we need to decide about:
- What exactly would we pay for?
I think the right way to do it is to offer to reimburse bandwidth/hosting costs -- I don't want to get into the business of paying people to run relays, and I don't want people to be trying to figure out how to "profit". That leads to all sorts of horrible incentive structures.
You might also consider matching operator investment in a relay (similar to employer charity donation matching programs that exist in the States). I would continue to be willing to contribute my own money even with sponsor dollars, but with matching my relay would be able to take more advantage of the economics of scale. In addition, if the funding suddenly dries up, the exit node doesn't immediately die, it just goes back to the original capacity I'm comfortable funding myself.
\t
Hi,
On 23.07.2012 20:58, Roger Dingledine wrote:
We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits.
From what I understand, the reimbursement process is blocking on legal/contractual issues Andrew has to figure out first. The German Wau Holland Stiftung (WHS) [1] has agreed to channel donations towards exit operators, both for organizations and individuals. Amongst other things, this will offset load from Torproject to have it further focus on development, and allow for easy wire transfers within European borders.
I think a good approach would be to call it "Tor Exit Operation Rewards Program" (or something). I don't know what TPO's or WHS's stance is on this, but for media purposes, we could also make it be a thing that WHS offers, not TPO?
A relay operator who would be eligible for rewards, but does not want to take the money can 'donate' it to WHS instead for the specific purpose of having it used for exit bandwidth by other community members.
Let me summarize the reactions to Rogers blog post in July [2] and the/this tor-relays thread [3].
Some of the comments on the blog post were not very welcoming of the whole idea. That was to be expected, given the initial money comes from "CIA's propaganda outlet".
The feedback on tor-relays was positive. No big objections to the idea in general. Conversation derailed into how much the actual costs for operating exits are.
Some overloading of the term "fast exit" happened, and all tools mentioned below use the same definition (95+ Mbit/s configured bandwidth rate, 5000+ KB/s advertised bw capacity, exits to ports 80,443,554,1755, at most 2 relays per /24). Being a "fast relay" based on that definition can be seen as a basic requirement for a reward.
https://compass.torproject.org/ lists fast exits and almost fast exits. https://metrics.torproject.org/fast-exits.html has nice graphs on development of such relays over time. We might want to add additional caveats, to avoid too many exits at one AS, for example, and other diversity criteria mentioned in Rogers initial post. There hasn't been much feedback on that so far. If we decide whether someone can become part of the rewards program on a per-case basis and not only on a given set of hard criteria -- since we want good relationships with the operators and sustainable growth -- that might entail in hate speech and what not, so maybe we should have more strict (but fair) limits like "not more than X relays per AS" and "not more than Y relays per country", and also "not more than Z relays per operator". Thoughts on how we can make this as fair as possible?
I wrote a small incapable script [4] that visualizes how often a relay is a "fast" relay over time. In its current form, it is not very helpful, but slightly modified to output monthly overviews or just a percentage figure per relay, it might already be good enough to define when a reward is granted (after it became part of the rewards program) and when/if the operator needs to do additional explaining of downtimes etc. Feedback and patches welcome.
A good suggestion was to get the word out to hackerspaces to find (A) organizations that already exist that (B) consist of people who (my opinion) should be aligned to the goals of Tor. I have been reaching out to hackerspaces all along, but I will try to do so in larger scale once we have a defined reimbursement process. I have tried to lobby the CCC to suggest to its chapters to have a simple checkbox on member registration forms towards running Tor exits, and then either the local space would start a new exit or pass the money upstream to CCC eV or WHS.
On July 27th, 2012 Anonymous said [blog comment]:
Pay someone who answers all abuse complaints for Tor funded exit nodes in a timely manner. The individual running an exit node would be the technical contact and all complaints would be handled by the sole abuse contact. This would take some burden from the operators and the answers to complaints would be consistent. This person could also answer inquiries about Tor in a professional manner fostering public relations.
I don't think that's a bad idea. We could offer people to list abuse@torservers.net as abuse contact for their exits. Answering them is already my duty, and if this is something TPO likes I could see me doing the additional load for other relays as well. I don't think there are any legal implications of doing so; the operator would remain technical contact.
All in all, the questions Roger raised in his original post are still interesting to discuss. See [4].
[1] http://www.wauland.de/ [2] https://blog.torproject.org/blog/turning-funding-more-exit-relays [3] https://lists.torproject.org/pipermail/tor-relays/2012-July/thread.html#1433 [4] https://lists.torproject.org/pipermail/tor-relays/2012-November/001725.html
On 1/8/13 10:40 PM, Moritz Bartl wrote:
I wrote a small incapable script [4] that visualizes how often a relay is a "fast" relay over time. In its current form, it is not very helpful, but slightly modified to output monthly overviews or just a percentage figure per relay, it might already be good enough to define when a reward is granted (after it became part of the rewards program) and when/if the operator needs to do additional explaining of downtimes etc. Feedback and patches welcome.
Please see https://trac.torproject.org/projects/tor/ticket/7895 for my feedback.
Best, Karsten
[4] https://lists.torproject.org/pipermail/tor-relays/2012-November/001725.html
tor-relays@lists.torproject.org
-
Andreas Fink -
Andrew Lewis -
Andrew Lewman -
Andy Isaacson -
delber -
grarpamp -
Jacob Appelbaum -
Jon -
Josh -
Julian Wissmann -
Karsten Loesing -
kupo@damnfbi.tk -
mick -
Mike -
Mike Perry -
Moritz Bartl -
Name Withheld -
Nils Vogels -
Rejo Zenger -
Roger Dingledine -
Sam Whited -
Sebastian G. <bastik.tor> -
Steve Snyder -
Ted Smith -
Tycho Andersen