Hello,

Thanks all for joining the Tor Relay Operator Meetup! You can find the meetup notes below. The next meetup will be at the beginning of April (1st or 8th, date TBD).

cheers, Gus

## Tor Relay Operator Meetup - 2023-03-04

### Before we start

Tor operators are recommended to read the Tor Code of Conduct and Expectations of Tor Operators.

Tor Code of Conduct: https://gitweb.torproject.org/community/policies.git/tree/code_of_conduct.tx...

Expectations for Relay Operators: https://gitlab.torproject.org/tpo/community/team/-/wikis/Expectations-for-Re...

### Announcements

1) The amount of Tor relays per IP address has been increased from 2 to 4. https://gitlab.torproject.org/tpo/core/tor/-/issues/40744. We will discuss further increasing this limitation during Questions & Answers section.

2) Tor version 0.4.5 has reached end-of-life status. There is no plan to create a new LTS (long term support) version. In 2-3 weeks Tor project starts the usual process of gathering the EOL relays and contacting their operators to ask if they would please upgrade. Do you run a EOL version yourself? Please update as soon as possible.

3) The aim of the Run a Tor relay (EFF Challenge @ Universities) is to give students and universities hands-on experience with Tor. For example letting students and/or labs run relays, proxies or experiment with Tor in other ways. The Tor Project made a letter to send to their closest contacts, but the difficulty is: what do you ask for?

There is a large difference between educational institutions, some of them for example work together with LEA (law enforcement agencies) to deanonymize Tor users while others work on new privacy-by-design technologies. If you're interested you can follow the mailinglist[1] or post on the forums. If you have pointers or specific input, you can also contact gman999 on IRC directly.

[1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universitie...

4) The internet in Turkmenistan is mostly censored[1], to the point where even Snowflake[2] and most Obfs4 bridges are blocked (because most of the internet is actually blocked by their government). Obfs4 bridges running from residential IP address space seems to still work. Help is greatly needed appreciated.

[1] Information about censorship in Turkmenistan: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu... [2] Snowflake is blocked: https://gitlab.torproject.org/tpo/anti-censorship/censorship-analysis/-/issu...

### Collecting proposals for improving the health of Tor

The Tor Project want to invite[1] the community (which of course includes the Tor operators) to have a discussion and creating proposals to improve the health of the Tor network by creating a healthy and trustworthy Tor operator community. Bad actors are trying frequently to hurt Tor, Tor users and Tor's community and we should try to mitigate these efforts more effectively.

This effort is part of the Community and Network Health teams their 2023 roadmap. Some of these activities are also part of sponsor work[2]. This is only the start of this process and right now proposals are only gathered (and not yet discussed/considered).

Some relevant documents and currently gathered proposals are the Expectations for Relay Operators[3], proposal for Exit relay lifecycle[4], proposal for using CISS[5], proposal for verified physical address for large operators[6] and a proposal for limiting unverified relay families[7]. Note that this call of proposals is certainly not meant to yield only technical solutions, but also social, community and other solutions to improve the Tor network health and Tor's community.

The Tor Project wants a lot of involvement from the community during this process. Don't hesitate to submit your own proposals, ideas, opinions, discussions via the usual channels. Concrete proposals can be added to GitLab[8] or the tor-relays mailing list. The proposals will also be discussed and evaluated during Tor relay operator meetups (both online and offline).

Timeframe/planing (TBD): - March 2023 - June 2023: Call for proposals (collecting/gathering)

[1] https://gitlab.torproject.org/tpo/community/relays/-/issues/55 [2] Full project: https://gitlab.torproject.org/groups/tpo/-/milestones/44 [3] https://gitlab.torproject.org/tpo/community/relays/-/issues/18 [4] https://gitlab.torproject.org/tpo/network-health/team/-/issues/220 [5] https://lists.torproject.org/pipermail/tor-relays/2020-October/019024.html [6] https://lists.torproject.org/pipermail/tor-relays/2020-July/018643.html [7] https://lists.torproject.org/pipermail/tor-relays/2020-July/018656.html [8] https://gitlab.torproject.org/tpo/community/relays/-/issues/5

### Tor Weather release & beta testing

The Tor Weather notification service helped Tor operators to get notifications about incidents, issues, removal of flags etc. regarding their relays. This service has been offline and unmaintained for a while now because of a time shortage. Such monitoring service can be very valuable for Tor operators though, and would lower the bar for new Tor relay operators to start running Tor relays without having to worry about implementing advanced monitoring to check on their Tor relays.

For the Google Summer of Code (GSoc) Project 2022 the Tor Project found a mentee to revitalize Tor-weather. The current repository can be found on GitLab[1] and after improvements Tor would like to test these with Tor operators.

The Tor operators got a short demonstration of Tor Weather and are enthusiastic about it. :)

[1] https://gitlab.torproject.org/tpo/network-health/tor-weather

### DoS situation update

The Network Team isn't available today so instead the Tor Project asks the Tor operator community how they are experiencing and dealing with the DDoS situation. On Tor's side not much has changed but the implementation of the proof of work is coming along nicely[1]. There is no input from the Tor relay operators.

#### This might be a stupid question - but what is the TL;DR on the DDos? To be honest, I didn't notice anything really even though I run quite a few exits. Is it higher network usage only or high CPU or...? Sorry for asking such a basic question (Kristian - lokodlare)

There are different DDoS attacks, some are focused on guard/middle relays while others target exit relays. Some DDoS attacks are done via the Tor network itself while other DDoS attacks are plain old UDP/TCP flood attacks. Tor Project is working on more DDoS mitigation.

For a summary, read this blog post: https://blog.torproject.org/tor-network-ddos-attack/

[1] https://gitlab.torproject.org/tpo/core/tor/-/issues/40634

### Questions and topics

#### When is the next relay operator meetup?

Gus will pick a date between April 1 19:00 UTC and April 8 19:00 UTC.

#### What about bridge enumeration attackers and how to prevent it?

Censors already have their own tools and devices to block and/or enumerate Tor bridges and circumvention tech. That said, such projects exposing bridges aren't helping Tor in any way. If you know any potential issues with BridgeDB, or if you're one of the people collecting this data, please contact the Tor Project. Don't be a jerk, be awesome instead. :)

#### When a new workshop Sysadmin 101 will be organized?

We should find a new date and topics for the next Sysadmin workshop. Suggestions are welcome: https://gitlab.torproject.org/tpo/community/relays/-/issues/63

For BSD enthusiasts, the BSD community have a IRC (#bsd-privacy) channel and everyone is welcome to join and reach out.

#### Obfs4 is totally blocked in Iran and snowflake has very little speed if not blocked at some ISPs, are there any plans to upgrade the bridge software to circumvent the stricter kinds of censorships?

- Decline in Snowflake users from Iran during the second part of February, cause unknown: https://opencollective.com/censorship-circumvention/projects/snowflake-daily... - Investigating a possible misconfiguration https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf... - There is a second Snowflake bridge (snowflake-02), available in Tor Browser since 12.0: https://blog.torproject.org/new-release-tor-browser-120/ https://bugs.torproject.org/tpo/applications/tor-browser-build/40674 But most Snowflake users in Iran use Orbot, not Tor Browser, and the second Snowflake bridge is not in any released version of Orbot yet. http://meetbot.debian.net/tor-meeting/2023/tor-meeting.2023-02-16-15.58.log.... You can activate the second bridge in Orbot by manually pasting in a bridge line. https://github.com/net4people/bbs/issues/152 - There have been intermittent blocks of the domain fronting rendezvous in some ISPs in Iran. A workaround is to use the AMP cache rendezvous. https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/115

If you're from Iran, you might be able to help the Tor project. Please reach out to us if you can provide more information about how Iran is blocking Tor.

#### Can we move forward with increasing the relays per IP limit? 4 -> 8 -> 16? We are waiting for the final step because we don't want to do the IP renumbering dance multiple times. Also: If you stop at "8 relays per IP" please document why, so we at least know why we are spending money on IP addresses instead of faster hardware to deal with the DDoS pain.

https://gitlab.torproject.org/tpo/core/tor/-/issues/40744

The Tor project wants to check the impact of the change from 2 to 4 first before further increasing the limit. This will take at least a few more weeks and then further steps can be taken (based on the data).

#### Please document MetricsPort

https://gitlab.torproject.org/tpo/core/tor/-/issues/40762

#### I wish to collaborate on the Snowflake landing page revamp. Please give me Gitlab account access. I would love to learn more about The Tor Project. https://forum.torproject.net/t/collecting-feedback-on-snowflake-landing-page... - If you're a GSoC applicant, please talk with your project mentor first.

#### DDoS mitigation: Would you implement this as a patch only so we do measurements and come up with some data for a proposal that aims to make DDoS against non-guards harder? https://gitlab.torproject.org/tpo/core/tor/-/issues/40761

The Network Team isn't available, but Tor Project will discuss this in the next week. The proposal looks fine at first sight. Thanks for submitting a proposal to improve Tor.

#### dannenberg doesn't seem up to date wrt to AuthDirMaxServersPerAddr=4, it says a lot of relays are sybil. Any idea when it will get updated?

Tor Project contacted all Authorities but for the time being you have to live with it.

#### Please help us prevent downtimes with this easy addition to MetricsPort https://gitlab.torproject.org/tpo/core/tor/-/issues/40546

The Network Team is aware of this proposal.

#### I have a question about my Snowflake node running on a DigitalOcean droplet. Its log says "NAT type: restricted" but I do see connections and traffic being relayed. Where is a good place to go for help/support? Or is this a known issue/not an issue? - "NAT type: restricted" is not really a problem; it just means that there are some Snowflake clients your proxy will not be able to connect to. The Snowflake broker takes NAT compatibility into account, so it will not assign clients with an incompatible NAT to your proxy.

https://forum.torproject.net/t/snowflake-standalone-proxy-in-docker-how-to-m...

For a full documentation about Snowflake NAT matching, please read this wiki page: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowf...

#### Do you know about an approach or hacking guide to store your ed25519_master_id_secret_key on a smartcard or hardware token like Nitrokey or Yubikey and use this smartcard in the signing process? I think this would a helpful approach to make offline key signing even more secure. (I know that there are different key formats, different firmware versions etc. - just wanted to know if someone has experiences with that).

This topic has come up a few times, but as far as is known no one really implemented this in practice.

#### will exit scanner support IPv6 anytime soon? (ExoneraTor) after the last relay meetup I realized it also affects us even without using the torrc setting to use a distinct exit IP

Not anytime soon probably.

#### I have some relays hosted on residential connection that change the IP 1-2 times per month. My ISP provides me DDNS. Can I use that to advertise my relays instead of the IP in order not repeat the lifecycle of a new relay every time IP is changed?

Yes! In theory, you can write your FQDN (dyndns address) in the "Address" field in your torrc, and Tor will resolve it periodically to see if it has changed. Also, in theory you should be able to just leave it all blank, and Tor will discover that your IP address has changed. You should maintain your relay reputation across IP address changes -- though we do count the change as a brief downtime, because client connections get cut when you change addresses.

#### Does the Tor Weather support Bridges too?

It could look at the bridgestrap output, rather than needing to scan the bridges itself.

On Wed, Mar 01, 2023 at 12:19:31PM -0300, gus wrote:

Hello,

Just a friendly reminder that the Tor Relay Operator meetup will happen this Saturday, March 4, 2023 at 19 UTC (view in your timezone: https://timee.io/20230304T1900?tl=Next%20Tor%20Relay%20Operator%20Meetup%20-... ).

cheers, Gus

On Tue, Feb 14, 2023 at 11:48:56AM -0300, gus wrote:

...

Hi,

The next Tor Relay Operator Meetup will happen on March 4, 2023, at 19 UTC!

We're still working on the agenda, feel free to add your topics and/or questions on the pad: https://pad.riseup.net/p/tor-relay-op-meetup-m4-keep onionsite: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor-...

WHERE Room link: https://tor.meet.coop/gus-og0-x74-dzn

Registration

No need for a registration or anything else, just use the room-link above. We will open the room 10 minutes before so you can test your mic setup.

Please share with your friends, social media and other mailing lists!

Gus

The Tor Project Community Team Lead

-- The Tor Project Community Team Lead

ator.org actually works. They try to get Relay Operators to mine/receive their cryptocurrency through uptime, see https://docs.ator.io/ . Also some hardware plans regarding Wifi routers with preinstalled "ator" software/routing.

Personally, i'd say "kill it with fire", but well, thats just me :) Nevertheless, i guess it could be helpful to make it clear also on behalf of torproject.org, that we're neither support nor endorse their plans and disencourage to use this stuff.

greetz Richie

Am 16.03.23 um 20:25 schrieb Christian Pietsch via tor-relays:

Dear Tor community,

maybe the notes from the Tor relay operator meetup on March 4 should have mentioned that a participant called AirTor was kicked from that BBB conference.

This happened because they were using “Tor” in their name and continued to make dubious offers like the one below which just arrived in my NGO's inbox. They did not send it to the e-mail address in the ContactInfo of our Tor relays but a generic one. In BBB's text chat, they offered to change their name “if thats best,” but as you can see, they have not. Instead, the signed as ATOR – but that might be a typo.

I am writing this to let you know that it's best to ignore e-mails like the one below. In the meetup, Roger made it increasingly clear that he does not believe that AirTor are acting in good faith.

Cheers, Christian

----- Forwarded message -----

From: AirTor Team team@airtor.org Message-ID: 1167510526.29240.1678981005095@eu1.myprofessionalmail.com Subject: Support for TOR relay associations X-Mailer: Open-Xchange Mailer v8.10.73 X-Originating-IP: 24.218.88.76

Hello from ATOR! We are a community driven initiative that provides recognition rewards to supporters and operators in the TOR ecosystem. We would love to recognize your efforts and the efforts of your relay operators, and hear your opinions on the protocol we have in mind. Please let us know if this is something of interest to you. We would also like to donate to help your operation grow and remain active. Thank you for your time, we hope to hear from you soon! Sincerely, ATOR team

----- End forwarded message -----

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

From what I read it looks like they plan to create some blockchain that uses "Proof-of-relaying-Tor-traffic" as an alternative to Proof of Work or Proof of Stake. From their blog "rather than requiring complex off-chain verification or arbitrary computation to prevent bad actors receiving fees, Proof-of-Uptime verifies on useful activity." Supposedly to give some incentives to run Tor relays because you get "recognition rewards" I guess some shitcoin. Not sure what those are for but I'll just keep "mining" consensus weight. Because you don't need a modified version of Tor and you don't need the blockchain for that. Just download the consensus and look at the consensus weight and you have your proof of uptime and relaying.

On 17.03.23 15:22, Leon D wrote:

So they’re just a cryptocurrency mining company? I’m not 100% sure how they are able to use Tor Relays to mine Cryptocurrency?

On Fri, 17 Mar 2023 at 11:53, Richie richie@zuviel.org wrote:

ator.org <http://ator.org> actually works. They try to get Relay
Operators to mine/receive
their cryptocurrency through uptime, see https://docs.ator.io/ . Also
some hardware plans regarding Wifi routers with preinstalled "ator"
software/routing.

Personally, i'd say "kill it with fire", but well, thats just me :)
Nevertheless, i guess it could be helpful to make it clear also on
behalf of torproject.org <http://torproject.org>, that we're
neither support nor endorse their
plans and disencourage to use this stuff.

greetz
Richie

Am 16.03.23 um 20:25 schrieb Christian Pietsch via tor-relays:
> Dear Tor community,
>
> maybe the notes from the Tor relay operator meetup on March 4 should
> have mentioned that a participant called AirTor was kicked from that
> BBB conference.
>
> This happened because they were using “Tor” in their name and
> continued to make dubious offers like the one below which just
arrived
> in my NGO's inbox. They did not send it to the e-mail address in the
> ContactInfo of our Tor relays but a generic one. In BBB's text chat,
> they offered to change their name “if thats best,” but as you
can see,
> they have not. Instead, the signed as ATOR – but that might be a
typo.
>
> I am writing this to let you know that it's best to ignore e-mails
> like the one below. In the meetup, Roger made it increasingly clear
> that he does not believe that AirTor are acting in good faith.
>
> Cheers,
> Christian
>
>
> ----- Forwarded message -----
>
> From:   AirTor Team <team@airtor.org>
> Message-ID:   
 <1167510526.29240.1678981005095@eu1.myprofessionalmail.com>
> Subject:        Support for TOR relay associations
> X-Mailer:       Open-Xchange Mailer v8.10.73
> X-Originating-IP:       24.218.88.76
>
> Hello from ATOR!
> We are a community driven initiative that provides recognition
rewards to
> supporters and operators in the TOR ecosystem.
> We would love to recognize your efforts and the efforts of your
relay
> operators, and hear your opinions on the protocol we have in mind.
> Please let us know if this is something of interest to you. We
would also like
> to donate to help your operation grow and remain active.
> Thank you for your time, we hope to hear from you soon!
> Sincerely,
> ATOR team
>
> ----- End forwarded message -----
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

---

tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays