Is it safe to run an exit node from a VPS provider?
Hi, Over the past month I've been running a tor exit relay in a spare VPS machine that I am not using. It occurs to me know that this was probably a very poor idea, as I can't control the physical access to the machine or encrypt private key. In the good bad ISPs page<https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs>, I see that some cloud providers are listed (aws, etc). This implies that such a practice is okay, but If linode or a malicious party wanted to read the contents of /var/lib/tor/keys I don't think they'd have any difficulty whatsoever. How do folks secure their relay's keys on a vps environment? Or should I shutdown this relay and run a relay only when I am sure the keys are secured? -JB
On 13.08.2013 15:04, Sindhudweep Sarkar wrote:
Over the past month I've been running a tor exit relay in a spare VPS machine that I am not using. It occurs to me know that this was probably a very poor idea, as I can't control the physical access to the machine or encrypt private key.
This is a very valid question. So far, we have weighted in favor of "more exit capacity". If you require all exits to be on dedicated machines, you lose a lot of diversity and thus, potentially, anonymity. Of course, you should prefer dedicated machines over virtual machines, and own hardened hardware over off-the-shelf servers. We're not yet in a (well-funded?) state where we can expect everyone to do this. -- Moritz Bartl https://www.torservers.net/
On 08/13/2013 09:04 AM, Sindhudweep Sarkar wrote:
Hi,
Over the past month I've been running a tor exit relay in a spare VPS machine that I am not using.
It occurs to me know that this was probably a very poor idea, as I can't control the physical access to the machine or encrypt private key.
Running an exit node in a VM is better than not running an exit node at all. That said, not all virtualization is created equally. An OpenVZ container (which is really not virtualization at all) leaves all your files being just files on the host disk. Anyone on the host console can just do a "locate fingerprint" to see those files in all containers and can list the processes running to see your relay. At least with Xen/KVM/VMware you're running on your own virtual disk, and are running all processes in a self-contained environment. The traffic can still be sniffed by the host, of course, but you get more privacy than you would in an OpenVZ container.
Hello, I would like to propose that you take a look from a different perspective (and I thought from the mail subject the question will be about that) on this. To run an exit node from a VPS provider is not safer -- TO YOU -- than running an exit node from your personal home connection. This man[1] had his house raided and his computers confiscated because of a Tor Exit node that he was running **NOT EVEN AT HOME** but in a datacenter, in a different country, on a server that he was renting (of course in his name). From what I gather from discussions surrounding that incident, the only reasonably safe way (again - to you) to run an Exit Node, is to do so on an IP range that's SWIPed to an LLC or a similar company, and not just has one physical person (you) responsible for it. [1] http://www.zdnet.com/austrian-man-raided-for-operating-tor-exit-node-7000008... -- With respect, Roman
I would like to propose that you take a look from a different perspective (and I thought from the mail subject the question will be about that) on this.
To run an exit node from a VPS provider is not safer -- TO YOU -- than running an exit node from your personal home connection.
This man[1] had his house raided and his computers confiscated because of a Tor Exit node that he was running **NOT EVEN AT HOME** but in a datacenter, in a different country, on a server that he was renting (of course in his name).
From what I gather from discussions surrounding that incident, the only reasonably safe way (again - to you) to run an Exit Node, is to do so on an IP range that's SWIPed to an LLC or a similar company, and not just has one physical person (you) responsible for it.
Some providers accept Bitcoin, cash, MO's and the like. Alternatively, companies in general (even small LLC's) often have lawyers, who have formal business offices, and will often let/encourage all business registration, whois, banking, etc... the use of that physical address while they are on retainer under concerns as to legitimate privacy, mobile convenience, and proper familiar and legal response to process of service.
participants (5)
-
grarpamp -
Moritz Bartl -
Roman Mamedov -
Sindhudweep Sarkar -
Steve Snyder