We are thinking of running a Tor Exit Node. Does anybody have a list of questions to ask before purchasing a VPS or colocation? I came up with some basic questions:
- Do you allow a Tor exit node? [with explanation] - What are the policies for handling abuse complaints? - How much uplink bandwidth do you provide?
Any other questions one should ask?
Thanks.
price?
just a reminder: to run a tor relay you need a good CPU (newer then 2011 bc of AES in ASIC) and 1 GB HDD + 1-2 gig of ram. Basically the cheapest shit they have. I ran Exists on Scaleways Atom CPUs, worked :)
You don’t want an upsell to a shiny fancy 8 core Xeon with TB of SSD storage.
Good luck finding new Datacenters!
Markus
On 17. Nov 2018, at 22:32, F67 Group f67@fastmail.com wrote:
We are thinking of running a Tor Exit Node. Does anybody have a list of questions to ask before purchasing a VPS or colocation? I came up with some basic questions:
- Do you allow a Tor exit node? [with explanation]
- What are the policies for handling abuse complaints?
- How much uplink bandwidth do you provide?
Any other questions one should ask?
Thanks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, Nov 17, 2018 at 01:32:16PM -0800, F67 Group wrote:
We are thinking of running a Tor Exit Node. Does anybody have a list of questions to ask before purchasing a VPS or colocation? I came up with some basic questions:
- Do you allow a Tor exit node? [with explanation]
- What are the policies for handling abuse complaints?
- How much uplink bandwidth do you provide?
Any other questions one should ask?
In addition to the 'price' question that nifty suggested, you might also ask about whether they can SWIP the address so you are listed in the whois entry. That way many of the abuse complaints will go directly to you and not to the ISP.
See also https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines and https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ExitRelayConfigu...
--Roger
Sorry, but not sorry for being the (negative) realistic guy here:
This will not happen in RL life. If you are working at a Fortune 500 company and you are ordering hosting for millions a year, sure, but not in the “normal” mass hosting market.
Markus
On 17. Nov 2018, at 23:59, Roger Dingledine arma@mit.edu wrote:
In addition to the 'price' question that nifty suggested, you might also ask about whether they can SWIP the address so you are listed in the whois entry. That way many of the abuse complaints will go directly to you and not to the ISP.
See also https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines and https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ExitRelayConfigu...
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
That's not true. I found plenty of providers that do WHOIS reassignments, for typical rented servers in the 50-100 Euro price range. OVH does it for any customer, Hetzner does it for any customer, regardless of price. (They are both not suitable for exits though)
It is purely a matter of labor, going through the typical hoster lists and offers, collecting lots of sales@ addresses, and sending them a mass email that you are interested in their server offers but need WHOIS reassignment. I would not mention Tor in the first email. This is how we started, with mails to ~50 hosting providers.
Moritz
On 18.11.18 12:44, niftybunny wrote:
Sorry, but not sorry for being the (negative) realistic guy here:
This will not happen in RL life. If you are working at a Fortune 500 company and you are ordering hosting for millions a year, sure, but not in the “normal” mass hosting market.
Markus
On 17. Nov 2018, at 23:59, Roger Dingledine arma@mit.edu wrote:
In addition to the 'price' question that nifty suggested, you might also ask about whether they can SWIP the address so you are listed in the whois entry. That way many of the abuse complaints will go directly to you and not to the ISP.
See also https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines and https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ExitRelayConfigu...
--Roger--
Moritz Bartl https://www.torservers.net/
Okay, I stand corrected.
Tried it 3 years ago with Hetzner (my first Tor relay) and they denied. Anyway, good luck!
markus
On 22. Nov 2018, at 21:34, Moritz Bartl moritz@torservers.net wrote:
That's not true. I found plenty of providers that do WHOIS reassignments, for typical rented servers in the 50-100 Euro price range. OVH does it for any customer, Hetzner does it for any customer, regardless of price. (They are both not suitable for exits though)
It is purely a matter of labor, going through the typical hoster lists and offers, collecting lots of sales@ addresses, and sending them a mass email that you are interested in their server offers but need WHOIS reassignment. I would not mention Tor in the first email. This is how we started, with mails to ~50 hosting providers.
Moritz
On 18.11.18 12:44, niftybunny wrote:
Sorry, but not sorry for being the (negative) realistic guy here:
This will not happen in RL life. If you are working at a Fortune 500 company and you are ordering hosting for millions a year, sure, but not in the “normal” mass hosting market.
Markus
On 17. Nov 2018, at 23:59, Roger Dingledine arma@mit.edu wrote:
In addition to the 'price' question that nifty suggested, you might also ask about whether they can SWIP the address so you are listed in the whois entry. That way many of the abuse complaints will go directly to you and not to the ISP.
See also https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines and https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#ExitRelayConfigu...
--Roger--
Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
F67 Group wrote:
We are thinking of running a Tor Exit Node. Does anybody have a list of questions to ask before purchasing a VPS or colocation? I came up with some basic questions:
- Do you allow a Tor exit node? [with explanation]
Yes, I allow Tor exit nodes. I have been doing this for the last 5 years with no pause, exception where I was kicked off from datacenters because of too many abuse complaints. I only worked with datacenters where I have explained in advance what I am doing, they said it's OK but after some time they couldn't take it any more.
I have used virtual servers at start, then dedicated servers so the hoster's wont complained about shared resources usage policy (but this still didn't make the abuse complaints go away).
So I woke up one day really mad on these hosters and purchased one class of /24 provider independent IPv4 addresses (from someone who wanted to sell them) and a /48 IPv6 (from my RIR) and an AS number (from my RIR) and contracted 2 upstream providers with BGP, 1 gbps links.
This means that now the abuse complaints are sent directly to my company, as I have provider independent resources. There is no other ISP involved, the upstream ISPs I have contract with just rented me the fiber optik cable+ bgp sessions + bandwidth, but they don't see any abuse complaints at all. All come to me. Note that these are provider independent addresses. There are also provider aggregate addresses which are about 6-7 times cheaper at allocation, that appear under your usage when someone runs whois over them, you are allowed to set an abuse mailbox but that is ignored most of the cases, because, at least at RIPE, the abuse-c field is of the ORG field that OWNS the IP space, which is not you if the resources are provider aggregate - I had such setup for some 2 years and the owner took them back finally.
- What are the policies for handling abuse complaints?
I allow all ports except 25, so I get so many bittorrent alert spam from IP Echelon Compliance that I am thinking to sue them for consuming my mail server's bandwidth.
I look over all abuse complaints I receive as quickly as possible and as careful as possible. I do not reply to spam, automated emails that are not sent by humans and do not include a valid reply-to email address. Like the ones sent from no-reply@ , blackhole@, root@ and whatever (fail2ban, automated firewall scripts, other kind of protections that simply count unsuccessful authentications, etc).
I do reply to every single abuse complaint sent by a human, or one which clearly requires something to be communicated back (not ALERT: there is a virus in your network, or to whomever it may concern kind of emails). All the emails that were sent by humans (or even law enforcement people) to which I replied and explained what Tor is, how it works and why I cannot technically help them (not that I don't want to) clearly understood, thanked me for the reply and never heard back from them again. I have even convinced one concerned person that had his email account abusively accessed via a Tor exit to run an exit himself, he was thrilled with the idea and he actually runs one (helped with instructions how to setup, etc).
These are very rare. 99% of abuse complaints received do not require reply and are simply spam or notifications/alerts/whatever. They still consume small of my time to look over them and mark them as such, make sure no reply is required for each individual email received. I have trained my assistant at the office to do this as I have less and less free time and she seams to be handling it quite good ;)
- How much uplink bandwidth do you provide?
I do not throttle via torrc config or upstream router the bandwidth, except the CPU is the bottleneck in my config. I am using an older box with a CPU that has AES-NI instruction set but pushes like 350 mbps in and 350 mbps out (full duplex) constantly with its usage at 99% - 100%. On one core... other cores are not used. I am using NUMCpus 6 in my torrc but it only rotates the used core, so I am having 100% on core1, then 100% on core3, then 100% on core 6, but not all the time 20% on all cores as it should for example. This is another topic, another problem.
So around 350 mbps download, 350 mbps upload, on average all the time (unmetered traffic).
Any other questions one should ask?
In addition to what niftybunny said, with current code architecture we have in core Tor, it's kind of a waste of resources to have a box with hexa core CPUs or high grade server CPU's with many CPU cores that are better used for making virtual machines on them. Tor would make better use of a single core CPU with higher frequency and AES-NI.
So if you have can overcloak a single core CPU to over 4 GHz and AES-NI it's better and can push more bandwidth than my 3 GHz hexa core.
RAM requirements are more normal, and easier to find in any server setup. I have 16 GB of RAM for example, and the bottleneck is my CPU.
Thanks for your interest to run exits. I assure you it will make you addicted, it's quite fun and nice. What I recommend: - don't go with VPS or shared resources, go for collocation or dedicated; - try to not choose a datacenter that is full of Tor exits,or an AS number that has so much exit consensus weight;
I use Trabia. Is cheap, unlimited bandwidth and they are very for friendly. There are a lot of exit relays on trabia; but I think that would be better to diversify the providers. I never received any complaint though I have a quite open exit policy. i think that they manage the complaints.
Urdn.com.ua/ this provider too is very very for friendly.
Keyweb too is cheap, bandwidth limited, but you have to use a restricted policy.
I'm sure that there are many others for friendly providers bit I don't know them.
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
Cheers
Il 15 febbraio 2019 09:36:16 CET, Volker Mink volker.mink@gmx.de ha scritto:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Urdn.com.ua, I'm sorry, I mean unlimited bandwidth
Il 15 febbraio 2019 09:59:13 CET, dns1983@riseup.net ha scritto:
I use Trabia. Is cheap, unlimited bandwidth and they are very for friendly. There are a lot of exit relays on trabia; but I think that would be better to diversify the providers. I never received any complaint though I have a quite open exit policy. i think that they manage the complaints.
Urdn.com.ua/ this provider too is very very for friendly.
Keyweb too is cheap, bandwidth limited, but you have to use a restricted policy.
I'm sure that there are many others for friendly providers bit I don't know them.
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
Cheers
Il 15 febbraio 2019 09:36:16 CET, Volker Mink volker.mink@gmx.de ha scritto:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità.
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
I use the second in the list.
Il 15 febbraio 2019 10:05:48 CET, Volker Mink volker.mink@gmx.de ha scritto:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I contacted keyweb and they allow exit policy with restricted policy. Maybe more open too than 53, 80 and 443
Il 15 febbraio 2019 10:14:02 CET, dns1983@riseup.net ha scritto:
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
I use the second in the list.
Il 15 febbraio 2019 10:05:48 CET, Volker Mink volker.mink@gmx.de ha scritto:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità.
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
Cheers
https://nusenu.github.io/OrNetStats/asnameshare https://nusenu.github.io/OrNetStats/asnameshare
Markus
dns1983@riseup.net:
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
you can use https://atlas.torproject.org (yes this is the old domain but less to type ;) group by AS and sort by exit probability to get the top list of exit ASNs
`https://atlas.torproject.org (yes this is the old domain but less to type ;)` seems a lot longer than `metrics.torproject.org` to me :p
On Fri, Feb 15, 2019 at 7:37 PM nusenu nusenu-lists@riseup.net wrote:
dns1983@riseup.net:
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
you can use https://atlas.torproject.org (yes this is the old domain but less to type ;) group by AS and sort by exit probability to get the top list of exit ASNs
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
LOL
Anyway, thanks nusenu, I think I'll take a look to ASN, though is a bit overwhelming for me. I was hoping for some statistics already done.
Cheers
Il 15 febbraio 2019 19:23:19 CET, Charly Ghislain charlyghislain@gmail.com ha scritto:
`https://atlas.torproject.org (yes this is the old domain but less to type ;)` seems a lot longer than `metrics.torproject.org` to me :p
On Fri, Feb 15, 2019 at 7:37 PM nusenu nusenu-lists@riseup.net wrote:
dns1983@riseup.net:
It would be interesting to know some statistics, and to know which are the most used providers for exit relay.
you can use https://atlas.torproject.org (yes this is the old domain
but
less to type ;) group by AS and sort by exit probability to get the top list of exit
ASNs
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
dns1983@riseup.net:
Anyway, thanks nusenu, I think I'll take a look to ASN, though is a bit overwhelming for me.
Do you mean Relay Search is showing to many columns? https://metrics.torproject.org/rs.html#aggregate/as
there is an open ticket about that but it is unlikely to materialize https://trac.torproject.org/projects/tor/ticket/26964
I was hoping for some statistics already done.
which one are you looking for?
I though that it was more difficult because the high number of ASs, but I didn't take a look. Now I see that is very clear.
Thanks
Il 15 febbraio 2019 20:42:00 CET, nusenu nusenu-lists@riseup.net ha scritto:
dns1983@riseup.net:
Anyway, thanks nusenu, I think I'll take a look to ASN, though is a bit overwhelming for me.
Do you mean Relay Search is showing to many columns? https://metrics.torproject.org/rs.html#aggregate/as
there is an open ticket about that but it is unlikely to materialize https://trac.torproject.org/projects/tor/ticket/26964
I was hoping for some statistics already done.
which one are you looking for?
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
Reminder, as many times before...
Anyone can pay cheap $ to pack yet more nodes on already saturated providers. This does nothing for diversity against NSA, GCHQ, BND, RCMP, AFP, FVEY+, etc... who all share fibre taps, and Sybils, all who trivially exploit tor. The simple plausibilty of such is all documented in whitepapers, and in curious cases of parallel construction.
Your odds at frustrating these adversaries are much better if you: 1) Place nodes where there are no nodes today by AS and jurisdictional geography. Don't ask who's popular, permissive, and cheap, that does nothing, ask who has naught but one other node, and finally do research on your own to find who has none. 2) Develop a PKI person to person in real life verified node infrastructure between yourselves that users can subscribe to. 3) Analyze the fuck out of node metadata and feed that into subscribable path options. 4) Don't prop up yet another Linux box.
Seems NO ONE is doing this yet, since years worth of being informed of it. That's a shame.
As regards Linux box I would say one thing: if you are worried about NSA etc.. how you could use operating systems that are not enterly free software? If your operating system contains binary blob, if your mother board hasn't a free boot loader how do you know that it has not a backdoor or some vulnerability that compromise your privacy?
On the wiki too I read "we want avoid the Debian monoculture"... Yes, it would be a great thing, but which are the other non linux options that allow to run an entirely free software system?
And why Tails use non free Linux?
I don't want to flame, but I think there is a little contradiction in this.
Bye
Il 16 febbraio 2019 05:36:33 CET, grarpamp grarpamp@gmail.com ha scritto:
Reminder, as many times before...
Anyone can pay cheap $ to pack yet more nodes on already saturated providers. This does nothing for diversity against NSA, GCHQ, BND, RCMP, AFP, FVEY+, etc... who all share fibre taps, and Sybils, all who trivially exploit tor. The simple plausibilty of such is all documented in whitepapers, and in curious cases of parallel construction.
Your odds at frustrating these adversaries are much better if you:
- Place nodes where there are no nodes today
by AS and jurisdictional geography. Don't ask who's popular, permissive, and cheap, that does nothing, ask who has naught but one other node, and finally do research on your own to find who has none. 2) Develop a PKI person to person in real life verified node infrastructure between yourselves that users can subscribe to. 3) Analyze the fuck out of node metadata and feed that into subscribable path options. 4) Don't prop up yet another Linux box.
Seems NO ONE is doing this yet, since years worth of being informed of it. That's a shame. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2/15/19, dns1983@riseup.net dns1983@riseup.net wrote:
As regards Linux box I would say one thing: if you are worried about NSA etc.. how you could use operating systems that are not enterly free software? If your operating system contains binary blob
That can be avoided with some OS, typically stringent against them like OpenBSD.
if your mother board hasn't a free boot loader how do you know that it has not a backdoor or some vulnerability that compromise your privacy?
Unfortunately at this time, you don't, at all. You must assume that Intel CPU's and NIC's, GPU screen vision, and all that integrated shit people love, AMT/ME, even AMD PSP, etc, are all backdoored hardware. You have no proof otherwise, and extremely little next to no open audit capability to disprove it. That's really beyond sad. And your fault for not calling for it in the marketplace.
So go and start your own open fabs to make backdoor free chips and build from there. That is the ONLY way to defeat and raise open auditable credibility.
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz
On the wiki too I read "we want avoid the Debian monoculture"... Yes, it would be a great thing, but which are the other non linux options that allow to run an entirely free software system?
OpenBSD, FreeBSD, Illumos, Plan9, mismatched kernel and userland combos, Windows, breadboards, etc...
And why Tails use non free Linux?
Nothing stopping you from making Whonix on BSD on Power9, or whatever else.
"That can be avoided with some OS, typically stringent against them like OpenBSD"
As far as I know, those distributions include non free firmwares, which, potentially or maybe not, could contain some backdoors.
I don't want to preach no one, but for me is a ethical, moral question. I want to avoid operating systems that haven't a clear policy about free software. It is my opinion that I am not the only one here, and that this explains the "Debian monoculture".
Maybe I'm wrong.
I would be happy to use a BSD operating system, only if I was sure that It's entirely free.
I don't want to preach no one, but for me is a ethical, moral question. I want to avoid operating systems that haven't a clear policy about free software. It is my opinion that I am not the only one here, and that this explains the "Debian monoculture".
Maybe I'm wrong.
Debian is free, stable and boring. Thats exactly what you want with a server.
Markus
On 2/16/19, dns1983@riseup.net dns1983@riseup.net wrote:
As far as I know, those distributions include non free firmwares, which, potentially or maybe not, could contain some backdoors.
I don't want to preach no one, but for me is a ethical, moral question. I want to avoid operating systems that haven't a clear policy about free software. It is my opinion that I am not the only one here, and that this explains the "Debian monoculture".
Maybe I'm wrong.
I would be happy to use a BSD operating system, only if I was sure that It's entirely free.
The BSD's tend to separate their "'base' install" as a mostly now [and still ultimately moving towards entirely] free copyright base, from their addon "ports" and "packages" which you must manually install which can then contain blobs.
Some of the Linux distros installers just try to detect all what you have and install all the blobs automagically. Some of the Linux distros are pretty good about not using blobs like that. Linux distros don't really have a concept of a "base". And generally don't care as much.
https://www.openbsd.org/goals.html
They are perhaps the most blob and copyright strict yet still reasonably commonly used OS, and free as in permissive freedom (not restrictive GPL), of anyone. The BSD's are like that. See also... https://www.freebsd.org/ https://www.netbsd.org/ https://www.dragonflybsd.org/
(Funny almost all OS offer microcode updates, another currently completely untrustworthy blob.)
However you the user must ultimately analyse the choices, and purchases, including hardware, and the advocacy, suitable for you.
If closed firmware bothers you, don't buy closed hardware that requires it, let the market sort it out. Or start your own to speed up the market.
Thanks for your response. It wasn't clear to me if those operating systems would install any kind of firmware automatically. I want to try openbsd, maybe recompiling the kernel if I can.
Cheers
Il 16 febbraio 2019 07:29:20 CET, grarpamp grarpamp@gmail.com ha scritto:
On 2/16/19, dns1983@riseup.net dns1983@riseup.net wrote:
As far as I know, those distributions include non free firmwares,
which,
potentially or maybe not, could contain some backdoors.
I don't want to preach no one, but for me is a ethical, moral
question. I
want to avoid operating systems that haven't a clear policy about
free
software. It is my opinion that I am not the only one here, and that
this
explains the "Debian monoculture".
Maybe I'm wrong.
I would be happy to use a BSD operating system, only if I was sure
that
It's entirely free.
The BSD's tend to separate their "'base' install" as a mostly now [and still ultimately moving towards entirely] free copyright base, from their addon "ports" and "packages" which you must manually install which can then contain blobs.
Some of the Linux distros installers just try to detect all what you have and install all the blobs automagically. Some of the Linux distros are pretty good about not using blobs like that. Linux distros don't really have a concept of a "base". And generally don't care as much.
https://www.openbsd.org/goals.html
They are perhaps the most blob and copyright strict yet still reasonably commonly used OS, and free as in permissive freedom (not restrictive GPL), of anyone. The BSD's are like that. See also... https://www.freebsd.org/ https://www.netbsd.org/ https://www.dragonflybsd.org/
(Funny almost all OS offer microcode updates, another currently completely untrustworthy blob.)
However you the user must ultimately analyse the choices, and purchases, including hardware, and the advocacy, suitable for you.
If closed firmware bothers you, don't buy closed hardware that requires it, let the market sort it out. Or start your own to speed up the market. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2/17/19, dns1983@riseup.net dns1983@riseup.net wrote:
It wasn't clear to me if those operating systems would install any kind of firmware automatically.
Firmware / Microcode / BIOS blobs are related to the specific hardware you have installed... if the hw requires having the blob loaded into it after each boot to even function, then some OS will support and can do that, some manually, some automatically. Driver blobs are similar but are vendors secrets running as part of the OS kernel that are used to talk to the hw. Many OS offer both closed and opensource versions of each. If you don't have hw that needs them, then while the blobs may still be on disk or in source and package repos or in the kernel and userland until compiled out, it's not much issue, other than the philosophical stance of the OS on them. Some OS essentially disavow blobs altogether... OpenBSD which is a bit famous in its own way, and maybe a few Linux distros. Most OS do have some variations in blob policy and implementation that may affect a users particular choice of OS...
https://en.wikipedia.org/wiki/Binary_blob https://news.ycombinator.com/item?id=9671025 https://web.archive.org/web/20130424125958/http://kerneltrap.org/node/6550
https://ftp.openbsd.org/pub/OpenBSD/songs/song39.ogg https://www.openbsd.org/papers/brhard2007/mgp00027.html
I want to try openbsd, maybe recompiling the kernel if I can.
That is documented for users here...
https://www.openbsd.org/faq/faq5.html
And even comes with music for while you work ... :)
https://www.openbsd.org/lyrics.html
Ultimately, if you don't want blobs, don't use them, don't buy them, hack them out, or be first to market with an auditable thus very profitable Open HW chain...
#OpenFabs , #OpenHW , #OpenSW , #OpenDev , #OpenBiz
Uhhhh no it isn’t.
On 6. Mar 2019, at 15:47, Volker Mink volker.mink@gmx.de wrote:
News from german country NRW - There is a gouvernment bill about criminalizing TOR!
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__b...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
$Tor mentioned too often, around 13 times in 17-page pdf, named specifically, and explicitly in order not to be taken seriously.
What else but criminalizing? Call it pro law-and-order populism.
Once more: Christian "Democrats" led government, this case of North Rhine-Westphalia.
-- Herbert Karl Mathé
mail@hkmathe.de PGP B9BF953500452875 https://www.hkmathe.de/pub_key_16-07-09.txt @hkmathe Beethovenstr. 13 60325 Frankfurt Germany
On Wed, 6 Mar 2019 15:48:53 +0100 niftybunny abuse@to-surf-and-protect.net wrote:
Uhhhh no it isn’t.
On 6. Mar 2019, at 15:47, Volker Mink volker.mink@gmx.de wrote:
News from german country NRW - There is a gouvernment bill about criminalizing TOR!
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__b...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Depends … shitty answer I know, but there is no good answer to this. In most cases you are more than fine with a 1 TB VPS. So buy the cheapest you can get, no need for expensive 100 mbit flatrates …
On 6. Mar 2019, at 16:52, Volker Mink volker.mink@gmx.de wrote:
Hi Folks.
Short question on TOR Bridges: What average traffic runs through a TOR Bridge? Can someone give a rough number?
br, volker _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes, but I would not advice it. Just give it a go and take a look after a week how much traffic you pushed. Enjoy your new shiny bridge :)
On 6. Mar 2019, at 17:14, Volker Mink volker.mink@gmx.de wrote:
Thats enough for me, thanks :) If - can i limit the daily quota in the torrc for a bridge?
Gesendet: Mittwoch, 06. März 2019 um 17:11 Uhr Von: "niftybunny" abuse@to-surf-and-protect.net An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] tor bridge traffic Depends … shitty answer I know, but there is no good answer to this. In most cases you are more than fine with a 1 TB VPS. So buy the cheapest you can get, no need for expensive 100 mbit flatrates …
On 6. Mar 2019, at 16:52, Volker Mink <volker.mink@gmx.de mailto:volker.mink@gmx.de> wrote:
Hi Folks.
Short question on TOR Bridges: What average traffic runs through a TOR Bridge? Can someone give a rough number?
br, volker _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
ARM does work on every relay, it doesnt discriminate. So it works just fine. Your data center should give you some stats. If not: ifconfig is your new friend.
On 6. Mar 2019, at 18:59, Volker Mink volker.mink@gmx.de wrote:
Is it really that easy? Is there any possibility to monitor this bridge with arm? Or doesnt arm see there anything?
taken from https://www.torproject.org/docs/bridges.html.en , added some lines [torrc] SocksPort 0 RunAsDaemon 1 ORPort auto DataDirectory /var/lib/tor ControlPort 9051 HashedControlPassword xxx CookieAuthentication 1 Nickname ExoneTORBridge01 ContactInfo volker <volker DOT mink AT protonmail.ch> DirPortFrontPage /etc/tor/tor-exit-notice.html ExitPolicy reject *:* # no exits allowed BridgeRelay 1
Gesendet: Mittwoch, 06. März 2019 um 17:15 Uhr Von: "niftybunny" abuse@to-surf-and-protect.net An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] tor bridge traffic Yes, but I would not advice it. Just give it a go and take a look after a week how much traffic you pushed. Enjoy your new shiny bridge :)
On 6. Mar 2019, at 17:14, Volker Mink <volker.mink@gmx.de mailto:volker.mink@gmx.de> wrote:
Thats enough for me, thanks :) If - can i limit the daily quota in the torrc for a bridge?
Gesendet: Mittwoch, 06. März 2019 um 17:11 Uhr Von: "niftybunny" <abuse@to-surf-and-protect.net mailto:abuse@to-surf-and-protect.net> An: tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org Betreff: Re: [tor-relays] tor bridge traffic Depends … shitty answer I know, but there is no good answer to this. In most cases you are more than fine with a 1 TB VPS. So buy the cheapest you can get, no need for expensive 100 mbit flatrates …
On 6. Mar 2019, at 16:52, Volker Mink <volker.mink@gmx.de mailto:volker.mink@gmx.de> wrote:
Hi Folks.
Short question on TOR Bridges: What average traffic runs through a TOR Bridge? Can someone give a rough number?
br, volker _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Oct 07, 2019 at 04:56:32PM +0200, Volker Mink wrote:
<div>I am running an OBFS4 Bridge at home for a while now.</div>
<div>But everytime im looking in the logs it says <div># [notice] Bootstrapped 0%: Starting</div>
Hi Volker,
Three suggestions:
(A) Upgrade to a newer version of Tor. Tor 0.2.9.x is way way old at this point, and it's missing a bunch of fixes. https://community.torproject.org/relay/setup/
(B) Try bootstrapping it as a happy bridge without obfs4 first, to make sure that part works. Then you can add obfs4 back in.
(C) You might want to discard the current bridge identity key, now that you've sent it to the list. (With knowledge of your identity key, once the bridge is working, people can go to the bridge directory authority and fetch your descriptor, learning your IP address.)
Thanks! --Roger
On Mon, Oct 07, 2019 at 11:09:53PM +0200, Volker Mink wrote:
<div>After a fresh installation syslog is full with entries like this:</div>
[...]
Oct 7 23:05:09 pi-hole systemd[1]: Failed to start Anonymizing overlay network for TCP.<br/>
My next guess is that you have an old-style raspbian, with an old arm-based cpu architecture that is not compatible with modern Debian, but you have installed the modern Debian tor deb. If that's what's happening, the binary won't run because it's for a different arch.
Now your quest has simplified to "get Tor running at all, by figuring out what operating system you're actually running, and finding an up-to-date Tor package that is intended for that operating system." :)
--Roger
You can use "deb.torproject.org" in Raspbian: https://support.torproject.org/apt/tor-deb-repo/
Volker Mink volker.mink@gmx.de hat am 8. Oktober 2019 um 08:29 geschrieben:
Could be, i am not so deep into this whole linux-magic. Its raspian stretch with kernel 4.19.66 on a PI2B, which is -as far as i know- from august 2019. apt install tor offers me tor version 2.9.6.xx, enabling the experimental from debian-stack offers 0.3.4.x Any idea how to get a newer version? Gesendet: Dienstag, 08. Oktober 2019 um 01:09 Uhr Von: "Roger Dingledine" <arma@torproject.org> An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] obfs4 bridge stuck at 0% bootstrap On Mon, Oct 07, 2019 at 11:09:53PM +0200, Volker Mink wrote: > <div>After a fresh installation syslog is full with entries like this:</div> [...] > Oct 7 23:05:09 pi-hole systemd[1]: Failed to start Anonymizing overlay network for TCP.<br/> My next guess is that you have an old-style raspbian, with an old arm-based cpu architecture that is not compatible with modern Debian, but you have installed the modern Debian tor deb. If that's what's happening, the binary won't run because it's for a different arch. Now your quest has simplified to "get Tor running at all, by figuring out what operating system you're actually running, and finding an up-to-date Tor package that is intended for that operating system." :) --Roger _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
When I was running a bridge on my Raspberry Pi the only success I had was when I compiled from source. Don’t be overwhelmed, the instructions are very easy to follow.
https://2019.www.torproject.org/docs/debian.html.en
On Tue, Oct 8, 2019 at 4:16 AM, Alexander Dietrich alexander@dietrich.cx wrote:
You can use "deb.torproject.org" in Raspbian: https://support.torproject.org/apt/tor-deb-repo/
Volker Mink volker.mink@gmx.de hat am 8. Oktober 2019 um 08:29 geschrieben:
Could be, i am not so deep into this whole linux-magic. Its raspian stretch with kernel 4.19.66 on a PI2B, which is -as far as i know- from august 2019.
apt install tor offers me tor version 2.9.6.xx, enabling the experimental from debian-stack offers 0.3.4.x
Any idea how to get a newer version?
Gesendet: Dienstag, 08. Oktober 2019 um 01:09 Uhr Von: "Roger Dingledine" arma@torproject.org An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] obfs4 bridge stuck at 0% bootstrap On Mon, Oct 07, 2019 at 11:09:53PM +0200, Volker Mink wrote:
<div>After a fresh installation syslog is full with entries like this:</div>
[...]
Oct 7 23:05:09 pi-hole systemd[1]: Failed to start Anonymizing overlay network for TCP.<br/>
My next guess is that you have an old-style raspbian, with an old arm-based cpu architecture that is not compatible with modern Debian, but you have installed the modern Debian tor deb. If that's what's happening, the binary won't run because it's for a different arch.
Now your quest has simplified to "get Tor running at all, by figuring out what operating system you're actually running, and finding an up-to-date Tor package that is intended for that operating system." :)
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Some contradictions in the recommendations of the committee:
Take a look on page 6 and 7 (in german, translation of the sentences below).
"Zum anderen ist die Zugänglichmachung jedes internetbasierten Angebots, das auf die Begehung jeglicher Straftaten gerichtet ist, gleichermaßen strafwürdig."
"Second, the availability of each Internet-based offer, based on the commission of any Criminal offenses is equally punishable."
"Betreiber, deren Angebote ohne entsprechende Zielrichtung zur Förderung von Straftaten genutzt werden, vom Tatbestand ausgenommen. "
"Operators whose offers are used without appropriate target direction for the promotion of criminal offenses be excluded from the facts."
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-1-19.pdf?_...
I think that's the first step to forbid Tor. The text indicates operators. Is my relay abroad illegal because I'm German? Referenced to § 129 StGB in the text: reference is made to membership in a criminal organization. The Tor project will then be declared as such.
Olaf
Am 06.03.19 um 15:47 schrieb Volker Mink:
News from german country NRW - There is a gouvernment bill about criminalizing TOR!
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__b...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
"Zum anderen ist die Zugänglichmachung jedes internetbasierten Angebots, das auf die Begehung jeglicher Straftaten gerichtet ist, gleichermaßen strafwürdig."
Thats every ISP on the world. Every ISP on the world lets you connect to the internet. What they want to do is outlaw the running of markets who promote drugs, weapons and cheese pizza. Thats already the case. The just want it in one law so they don't have to process several accusations.
I read it weeks ago and Tor will not be outlawed in this case.
"Betreiber, deren Angebote ohne entsprechende Zielrichtung zur Förderung von Straftaten genutzt werden, vom Tatbestand ausgenommen. “
Ebay will not get fucked, only if you have a market which prime directive is to sell drugs, weapons and CP.
Referenced to § 129 StGB in the text: reference is made to membership in a criminal organization. The Tor project will then be declared as such.
Dear god …
On 6. Mar 2019, at 20:35, Olaf Grimm jeep665@posteo.de wrote:
Some contradictions in the recommendations of the committee:
Take a look on page 6 and 7 (in german, translation of the sentences below).
"Zum anderen ist die Zugänglichmachung jedes internetbasierten Angebots, das auf die Begehung jeglicher Straftaten gerichtet ist, gleichermaßen strafwürdig."
"Second, the availability of each Internet-based offer, based on the commission of any Criminal offenses is equally punishable."
"Betreiber, deren Angebote ohne entsprechende Zielrichtung zur Förderung von Straftaten genutzt werden, vom Tatbestand ausgenommen. "
"Operators whose offers are used without appropriate target direction for the promotion of criminal offenses be excluded from the facts."
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-1-19.pdf?_... https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-1-19.pdf?__blob=publicationFile&v=1
I think that's the first step to forbid Tor. The text indicates operators. Is my relay abroad illegal because I'm German? Referenced to § 129 StGB in the text: reference is made to membership in a criminal organization. The Tor project will then be declared as such.
Olaf
Am 06.03.19 um 15:47 schrieb Volker Mink:
News from german country NRW - There is a gouvernment bill about criminalizing TOR!
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__b... https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__blob=publicationFile&v=1
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Let's be pragmatic:
There's "anti-darkweb" propaganda been quite a while going on, mainly by Federal Criminal Police Office, backed up by Christian (so-called) Democrats, and the Nazi party, sure, pointing out like lots of children's lives could be saved, or saved from being abused, resp., when vanquishing "The Darkweb". Trucks (lorries), knifes, or similar potentially lethal objects are not on their agenda. Police spokespersons around the clock complaining being substantially disadvantaged - should say: retarded???
Unsurprisingly, police forces in any legislation are not neutral, these do not at all mirror society and its inherent diversity. Plus, police forces very indirectly are serving the public, with any misdemeanor or assaults to be prosecuted not before afterwards by taking complex, costly and risky legal actions, never immediately, or right in place. That makes a huge difference.
What this legislation is very likely ending up is various courts ruling through verdicts on eventually shutting down specific sites. These verdicts might easily appear as being random, which is due to immense lack of in-depth knowledge in related matters (see file sharing dissuasions by dedicated law firms being backed by courts having difficulties understanding IP addresses), also due to each and every court ruling independent which makes it like gambling, these courts at the same time being highly susceptible to what is believed by them to be public opinion.
The latter is what's being made up right with this legislative initiative, leveraging Tor Project for staging some threat model. Cynically enough, threat (by The Onion) again is from foreign, just like for some time refugees had been said to be (evil propaganda which obviously, and thank god, did not fully work out).
In phase of weakness, it's always the outlandish being plead guilty, being abused to deviate from domestic, and home-made, self-made failure.
No facts yet, just some reflected opinions - as soon as such legislation is out it'll be much harder to defend liberty. It's not about paragraphs, or bits and bytes, it's about freedom and democracy.
Free press, and journalists as individuals will as consequence be under heavy suspicion for cooperating with elements of Dark Web.
If Germany falls...
-- Herbert Karl Mathé
mail@hkmathe.de PGP B9BF953500452875 https://www.hkmathe.de/pub_key_16-07-09.txt @hkmathe Beethovenstr. 13 60325 Frankfurt Germany
On Wed, 6 Mar 2019 21:19:23 +0100 niftybunny abuse@to-surf-and-protect.net wrote:
"Zum anderen ist die Zugänglichmachung jedes internetbasierten Angebots, das auf die Begehung jeglicher Straftaten gerichtet ist, gleichermaßen strafwürdig."
Thats every ISP on the world. Every ISP on the world lets you connect to the internet. What they want to do is outlaw the running of markets who promote drugs, weapons and cheese pizza. Thats already the case. The just want it in one law so they don't have to process several accusations.
I read it weeks ago and Tor will not be outlawed in this case.
"Betreiber, deren Angebote ohne entsprechende Zielrichtung zur Förderung von Straftaten genutzt werden, vom Tatbestand ausgenommen. “
Ebay will not get fucked, only if you have a market which prime directive is to sell drugs, weapons and CP.
Referenced to § 129 StGB in the text: reference is made to membership in a criminal organization. The Tor project will then be declared as such.
Dear god …
On 6. Mar 2019, at 20:35, Olaf Grimm jeep665@posteo.de wrote:
Some contradictions in the recommendations of the committee:
Take a look on page 6 and 7 (in german, translation of the sentences below).
"Zum anderen ist die Zugänglichmachung jedes internetbasierten Angebots, das auf die Begehung jeglicher Straftaten gerichtet ist, gleichermaßen strafwürdig."
"Second, the availability of each Internet-based offer, based on the commission of any Criminal offenses is equally punishable."
"Betreiber, deren Angebote ohne entsprechende Zielrichtung zur Förderung von Straftaten genutzt werden, vom Tatbestand ausgenommen. "
"Operators whose offers are used without appropriate target direction for the promotion of criminal offenses be excluded from the facts."
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-1-19.pdf?_... https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-1-19.pdf?__blob=publicationFile&v=1
I think that's the first step to forbid Tor. The text indicates operators. Is my relay abroad illegal because I'm German? Referenced to § 129 StGB in the text: reference is made to membership in a criminal organization. The Tor project will then be declared as such.
Olaf
Am 06.03.19 um 15:47 schrieb Volker Mink:
News from german country NRW - There is a gouvernment bill about criminalizing TOR!
https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__b... https://www.bundesrat.de/SharedDocs/drucksachen/2019/0001-0100/33-19.pdf?__blob=publicationFile&v=1
tor-relays mailing list tor-relays@lists.torproject.org mailto:tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, 06 Mar 2019 21:19:23 +0000, niftybunny wrote: ...
Thats every ISP on the world. Every ISP on the world lets you connect to the internet.
No, that legislation is restricted to restricted-access sites, i.e. tor onion services, or technially i2p as well (but nobody cares about that).
What they want to do is outlaw the running of markets who promote drugs, weapons and cheese pizza. Thats already the case. The just want it in one law so they don't have to process several accusations.
No, they want to make the 'silkroad' operators more easily targetable. At the moment you can operate a trading platform on an an onion site and claim to not know what is actually traded on that platfrom. This legislation feels like it is attempting to change that (probably in reaction to the platfrom that faciltated selling the waepon for the munich shooting).
As for the broadness of the text - basically unless you're an onion site that isn't as well-known as walmart, you might always find yourself to be considere to fall under this law.
It's not targeting tor node operators. Neither it is trying to make the tor project into a criminal organisation - it's the other way round trying to get at 'bad' onion site operators even if they are not part of a traditional 'organization', as in the internet time and gig economy there are les and less such.
- Andreas
On 7. Mar 2019, at 10:14, Andreas Krey a.krey@gmx.de wrote:
On Wed, 06 Mar 2019 21:19:23 +0000, niftybunny wrote: ...
Thats every ISP on the world. Every ISP on the world lets you connect to the internet.
No, that legislation is restricted to restricted-access sites, i.e. tor onion services, or technially i2p as well (but nobody cares about that).
Nearly every site is restricted access. Log in to your Amazon account? Username & pw please. Restricted access. Want to read a Spiegel+ article? Log in … restricted access.
To access the dark web markets you just needed an e-mail and make yourself an account with this e-mail.
What they want to do is outlaw the running of markets who promote drugs, weapons and cheese pizza. Thats already the case. The just want it in one law so they don't have to process several accusations.
No, they want to make the 'silkroad' operators more easily targetable. At the moment you can operate a trading platform on an an onion site and claim to not know what is actually traded on that platfrom. This legislation feels like it is attempting to change that (probably in reaction to the platfrom that faciltated selling the waepon for the munich shooting).
Agreed this is linked to Munich. The problem is: Its already outlawed. There is nothing new in this besides they dont want to convict someone with multiple crimes, its now summarised in one law. The defence in Munich was: I didn’t know there would be weapons sold if I make a “sell weapons” sub forum. No shit Sherlock.
As for the broadness of the text - basically unless you're an onion site that isn't as well-known as walmart, you might always find yourself to be considere to fall under this law.
We have onion sites that do not sell drugs, weapons or cheese pizza.
It's not targeting tor node operators. Neither it is trying to make the tor project into a criminal organisation - it's the other way round trying to get at 'bad' onion site operators even if they are not part of a traditional 'organization', as in the internet time and gig economy there are les and less such.
Agreed.
One more thing:
The largest onion site should still be Facebook. You cant use Facebook without logging in. So its restricted. As we learned there are lots of cheese pizza and other illegal stuff on Facebook. So we will outlaw Facebook.
I´ll get the champagne.
- Andreas
Markus
-- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Andreas, hi Tor relay operators,
On Thu, Mar 07, 2019 at 10:14:08AM +0100, Andreas Krey wrote:
It's not targeting tor node operators. Neither it is trying to make the tor project into a criminal organisation - it's the other way round trying to get at 'bad' onion site operators even if they are not part of a traditional 'organization', as in the internet time and gig economy there are les and less such.
I wish you were right, and this may have been the original intention of this proposed law. However, influential committees have proposed an amendment to the law that could be read as an attempt to outlaw Tor.
Here is the official summary of the amendment from the Bundesrat website (from the tab “Ausschussempfehlung”). For a translation, see below. https://www.bundesrat.de/DE/plenum/bundesrat-kompakt/19/975/10.html#top-10
---------------------------8<------------------------------------------- # Ausschüsse sehen noch Strafbarkeitslücken
Rechts- und Innenausschuss halten den Gesetzesantrag für nicht weitgehend genug. Sie schlagen dem Plenum vor, die Strafverschärfung für das Anbieten krimineller Dienste im Internet generell und nicht nur im Darknet einzuführen. Alles andere sei nicht sachgerecht und würde die Dreistigkeit des unverdeckten Handelns belohnen.
# Ausweitung der Strafbarkeit gefordert
Auch im Übrigen wollen die Ausschüsse den vorgeschlagenen Straftatbestand erweitern. So soll nicht nur das „Anbieten", sondern das "Zugänglichmachen" krimineller Dienste unter Strafe gestellt werden. Diese Formulierung ginge weiter und erfasse beispielsweise auch den Betrieb von so genannten "bulletproof hosters", bei denen lediglich der Speicherplatz und das Routing für (kriminelle) Dienste Dritter zur Verfügung gestellt wird. Erforderlich sei es auch, die Tathandlungen um das „Erleichtern von Straftaten“ zu erweitern.
# Höherer Strafrahmen
Darüber hinaus fordern die Ausschüsse, den in der Vorlage enthaltenen Straftatenkatalog zu streichen und das Anbieten krimineller Dienste losgelöst von bestimmten Straftaten unter Strafe zu stellen. Aufgenommen werden soll außerdem ein Auslandsbezug: Danach könnten Leistungen eines Portalbetreibers bestraft werden, die im Ausland angeboten werden und im Inland rechtswidrige Straftaten ermöglichen. Der Strafrahmen ist nach Ansicht der Ausschüsse ebenfalls auszuweiten: Von drei auf fünf Jahre.
# Weitere Ermittlungsmaßnahmen zulassen
Eine weitere Forderung betrifft die Ermittlungsbefugnisse, die an den neuen Straftatbestand geknüpft sind: Anders als im Gesetzesantrag soll nicht nur die Telekommunikationsüberwachung, sondern gegebenenfalls auch die Online-Durchsuchung [Anmerkung: das bedeutet Staatstrojaner], die akustische Wohnraumüberwachung und die Erhebung von Verkehrsdaten zulässig sein. Um Straftaten, die mittels internetbasierter Kommunikation begangen wurden, effektiv zu verfolgen, seien diese Ermittlungsmaßnahmen erforderlich und angesichts der Schwere der Tat auch gerechtfertigt.
Das Plenum entscheidet am 15. März, welchen Empfehlungen es folgt. --------------------------->8-------------------------------------------
My translation (based on an automatic translation by DeepL):
---------------------------8<------------------------------------------- # Committees still see culpability gaps
The committees on Legal and Internal Affairs do not consider the coverage of the bill broad enough. They propose to the plenary to increase penalties for offering criminal services on the Internet generally and not only in the darknet. Anything else is not appropriate and would reward the audacity of overt action.
# Demanding an extension of culpability
In addition, the committees intend to expand the scope of what consititutes a criminal offence. Thus, not only the "offering", but also the the "making available" of criminal services will be a criminal offence. This formulation would go further and include, for example, the operation of so-called "bulletproof hosters," in which only the storage space and routing for (criminal) services is made available to third parties. The committees also deem it necessary to punish acts that "facilite committing criminal offences".
# Higher penalties
In addition, the committees request the deletion of the list of criminal offences in the legal draft, and to make punishable the offering of criminal services – without regard to certain criminal offences. In addition, they suggest to add an international aspect: According to this, it could become punishable to operate a portal abroad that offers services that enable criminal offences to be committed domestically. In the view of the committees, maximum prison sentences should also be extended: From three to five years.
# Allow further investigative measures
A further demand concerns the investigative powers that are connected with the new criminal offence: In contrast to the original proposal, not only the telecommunication surveillance, but also, if necessary online searches [by govware trojans], acoustic monitoring of living space and the collection of traffic data may be permitted. In order to effectively prevent criminal offences that are committed by means of internet-based communication, these investigative measures are deemed necessary justified considering the gravity of the crime.
The plenary will decide on 15 March which recommendations to follow. --------------------------->8-------------------------------------------
tor-relays@lists.torproject.org