-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
You're probably fine, especially if not running an exit. You didn't list your home country, though; I'm assuming United States.
Best, -Gordon M.
While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
I was blocked from a number of websites,
Had many of my emails returned because of a flagged IP(the one listed was not my ip)
Ended up on a several blacklists within a week of starting my relay, SORBS being the most eager to BL you it seems.
a few other small but new issues/quirks that I don't know enough about to attribute to anything Tor other than the timing.
anyway, just my .02 btc That Guy grep@gmx.us _________________________________________________________________________ GnuPG Fingerprint: 7770 D186 A06E A329 2217 3161 63EB F269 37B8 8644 _________________________________________________________________________ “If you’re doing nothing wrong, you have nothing to hide from the giant surveillance apparatus that the government’s been hiding.” – Stephen Colbert
On 09/20/2013 04:17 PM, That Guy wrote:
While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
Yes, unfortunately more and more sites block Tor relay IPs, regardless of whether they allow exiting (to that site) or not. All that helps here is friendly education. Whenever you notice something like that, contact the site owner or blocklist maintainer and teach them about the problem and how to properly detect Tor exits, namely
https://check.torproject.org/cgi-bin/TorBulkExitList.py https://www.torproject.org/projects/tordnsel.html.en
This is not the kind of "trouble" Gordon M. is referring to. Especially exit relays should be run on dedicated IPs, and, if possible, dedicated machines. Non-exit relays face no such "trouble", there is no known case of law enforcement asking for customer information or abuse complaints directed at a non-exit relay.
On 9/20/2013 10:23 AM, Moritz Bartl wrote:
On 09/20/2013 04:17 PM, That Guy wrote:
While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
Yes, unfortunately more and more sites block Tor relay IPs, regardless of whether they allow exiting (to that site) or not. All that helps here is friendly education. Whenever you notice something like that, contact the site owner or blocklist maintainer and teach them about the problem and how to properly detect Tor exits, namely
https://check.torproject.org/cgi-bin/TorBulkExitList.py https://www.torproject.org/projects/tordnsel.html.en
This is not the kind of "trouble" Gordon M. is referring to. Especially exit relays should be run on dedicated IPs, and, if possible, dedicated machines. Non-exit relays face no such "trouble", there is no known case of law enforcement asking for customer information or abuse complaints directed at a non-exit relay.
That may be true, but as you point out, there are more and more cases of non-exit relay operators being denied the opportunity to spend money at certain websites or to use the services provided by certain websites. The corollary is that it is also harder for legitimate Tor browser users to access those same websites.
In one case I tried to 'educate' the person in charge of the blacklist at one large group of websites. Since he knew that it was a huge risk to allow any IP address identified as being used by any Tor relay, he would not consider any change to his policy. Whatever method he used to generate his list was certainly the only correct method. Considering more sophisticated methods to detect and differentiate legitimate activity from nefarious activity would be too difficult, i suppose.
Suggesting that he confer with other experts, for example at EFF, was pointless, because he knew that he was right. I think that he also knew that the Earth is flat.
That's my 2¢ US (btc are too valuable).
David C
On Fri, Sep 20, 2013 at 12:13:08PM -0500, David Carlson wrote:
Considering more sophisticated methods to detect and differentiate legitimate activity from nefarious activity would be too difficult, i suppose.
The step after that is when they intentionally over-list in order to try to influence policy and trends. For example, when they start blocking all your neighbors too, to get them to hate you and to encourage you to stop whatever it is the blacklist operator doesn't like.
I'm a big fan of the lessons in http://paulgraham.com/spamhausblacklist.html (as linked from https://www.torproject.org/docs/faq-abuse#TypicalAbuses )
--Roger
On 13-09-20 11:23 AM, Moritz Bartl wrote:
On 09/20/2013 04:17 PM, That Guy wrote:
... I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
Yes, unfortunately more and more sites block Tor relay IPs, regardless of whether they allow exiting (to that site) or not. All that helps here is friendly education. Whenever you notice something like that, contact the site owner or blocklist maintainer and teach them about the problem and how to properly detect Tor exits, namely
https://check.torproject.org/cgi-bin/TorBulkExitList.py https://www.torproject.org/projects/tordnsel.html.en
Once the network gets big enough so that each node and client doesnt know all the nodes ip addresses, is there a compelling reason that ip addresses of relays which are non-exit and non-guard need to be published to the outside world at all? Then if someone ran a Tor node just to leak node ip addresses, it might be easy to figure out who it was and drop them from the network, and they would at least be contributing bandwidth.
On Fri, Sep 20, 2013 at 11:08:27PM -0400, krishna e bera wrote:
Once the network gets big enough so that each node and client doesnt know all the nodes ip addresses, is there a compelling reason that ip addresses of relays which are non-exit and non-guard need to be published to the outside world at all? Then if someone ran a Tor node just to leak node ip addresses, it might be easy to figure out who it was and drop them from the network, and they would at least be contributing bandwidth.
There are several interesting research directions for how to scale the Tor directory system past the point where all the clients can learn about all the relays. See e.g. http://freehaven.net/anonbib/#ccs09-nisan http://freehaven.net/anonbib/#ccs09-shadowwalker http://freehaven.net/anonbib/#ccs09-torsk
And this PIR-based one: http://freehaven.net/anonbib/#usenix11-pirtor
But these don't at all tackle the goal of hiding who the relays are from somebody trying to enumerate them. For that, take a look at http://freehaven.net/anonbib/#DBLP:conf:ccs:VassermanJTHK09 but be prepared to say "wait, nice idea but that isn't going to scale / work / solve my problem."
--Roger
On 9/20/2013 9:17 AM, That Guy wrote:
You're probably fine, especially if not running an exit. You didn't
list your home country, though; I'm assuming United States.
Best, -Gordon M.
While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
I was blocked from a number of websites,
Had many of my emails returned because of a flagged IP(the one listed was not my ip)
Ended up on a several blacklists within a week of starting my relay, SORBS being the most eager to BL you it seems.
a few other small but new issues/quirks that I don't know enough about to attribute to anything Tor other than the timing.
anyway, just my .02 btc That Guy grep@gmx.us _________________________________________________________________________ GnuPG Fingerprint: 7770 D186 A06E A329 2217 3161 63EB F269 37B8 8644 _________________________________________________________________________ “If you’re doing nothing wrong, you have nothing to hide from the giant surveillance apparatus that the government’s been hiding.” – Stephen Colbert
I too am running a non-exit relay. I am now blacklisted from several e-commerce websites. My wife shares the modem in our house and she is having issues too. This is getting to be a significant problem for us.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2013-09-20 16:17, That Guy wrote:
You're probably fine, especially if not running an exit. You didn't list your home country, though; I'm assuming United States.
Best, -Gordon M.
While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July.
I was blocked from a number of websites,
Had many of my emails returned because of a flagged IP(the one listed was not my ip)
Ended up on a several blacklists within a week of starting my relay, SORBS being the most eager to BL you it seems.
a few other small but new issues/quirks that I don't know enough about to attribute to anything Tor other than the timing.
anyway, just my .02 btc
Hmmm... I've been running a relay for 12 days now. Haven't noticed anything special just yet, apart from being listed in tor.dan.me.uk. But that list actually intends to list all tor nodes so that's to be expected. Everything else on http://www.anti-abuse.org/multi-rbl-check/ turns green.
Well, we'll wait an see if anything happens.
Regards, AVee
tor-relays@lists.torproject.org
-
AVee -
David Carlson -
krishna e bera -
Moritz Bartl -
Roger Dingledine -
That Guy