-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
So, every now and then, somebody asks what the best use of a node would be--bridge, relay, or exit. And yes, this is one of those requests.
This would be a VPS from VPS Nodes. I checked the list of good and bad ISPs, and they don't seem to be listed. So I asked them directly how they felt about Tor, and this was the response:
"While we don't specifically disallow Tor by name, it does come under the ToS as it is commonly used to launch large scale DDOS and SPAM campaigns and is therefore not allowed on our network for that reason. rDNS is provided as standard, you need to have a valid FQDN A record associated with the IP address that is assigned to your container. As far as SWIP, I would have to pass the request on to management as they are the only ones with that access."
Seems pretty clear to me that they're not in favor of having an exit on their network. (I brought up the reduced exit policy and asked specifically about SWIP so that I could handle most of whatever abuse complaints come in, but they wouldn't provide anything further than this response.) That leaves bridge or standard relay. My question is, given 3TB of monthly bandwidth and a 100Mbps (shared) uplink, would it be better to run as an entry/middle node, or as an obfs3/scramblesuit bridge?
(If there are other suggestions for trying to talk VPS Nodes into allowing an exit node, I'm all ears--though it may be better left with somebody with more experience talking to ISPs.)
Thanks in advance,
-Lance
I do see some talk on this list that bridges are more in need at the moment on balance. And that some of the new obfs/scramble/pt protocols could use some deployment testing and feedback.
As far as your proposed hoster, they do not seem to have flatly refused an exit. You may wish to propose to them actually running one under your suggested responsibly handling abuse tickets for them. And make sure you can fall back to non-exit or bridge with them without losing money if exit does not mutually work out. Better to know/talk these things with your provider beforehand. You can suggest that since tor is 'slow' a genuine impactive ddos is not really possible via tor, though of course feeble packeting that people will still complain about is. Show them your proposed exit policy, non smtp spam, etc.
3TB/mo is about 10Mbps so that is more the governing factor for billing than 100Mbps port link. You can apply various rate limits on tor or your system/port.
Tor itself does not need a fwd or rev fqdn to run. Though a rev entry can help to clue people like LEA in that the IP is in fact a tor node. And matching fwd/rev can help give users access to services that check that thing. If you do not have a domain to give, the host may be able to put the node name in theirs.
Good luck, thx.
tor-relays@lists.torproject.org