Running relays in universities? Exit nodes, perhaps? Please share your experience!
TL;DR - Have you got official permission to operate Tor exit nodes within an university campus/network? Relay nodes, even? Please share me how this permission was achieved! (or even if it was denied, please tell me!) Hi, I know this list is mostly technical in nature, so sorry for presenting a very different kind of topic here; I will send a very similar message to the tor-teachers list, but I believe the population of this list to be interesting.. I am trying to get my university's (Universidad Nacional Autónoma de México) OK to run an exit node from our campus' network. I currently operate one relay, am willing to set up some extra relays, and have at least one colleague in a different research institute with a relay of his own, but I believe we should aim for exit nodes. Now, I don't want to set it up in a rogue fashion, as I'm sure that the university's NOC or CERT would not take long to get complaints and require me to shut it down. I have already made an official request for the permission to run an exit node and (as expected) it was turned down. Quoting (translation mine) the reasons for rejection, 1. This assignation is not factible because the Tor network is not compatible with the Acceptable Usage Policies of RedUNAM, being this infrastructure oriented to the service of institutional goals. 2. While the Tor network can have reseearch purposes, due to its nature and the hiding of IPv4 addresses and anonymous connectivity, it is susceptible to be used by third parties from outside the University with purposes conflicting with those specified in item 1, without any possibility of control or regulation from the University's part or from your project. 3. Even more so: The Tor network, due to its definition and structure, can potentially incorporate third people with malicious or even delictive intentions, which would affect not only the computers or networks in your Institute or all of the University, but also networks outside the institution's control So, I want to gather experiences from operators in different universities or research institutions. Which way did you have to argue? How hard was to get this OK? Did you ask a permission for a specific project, or as part of your networking infrastructure in general? Did you ask this before setting up the exit node, or as a "fait accompli" gathering not-too-ill results for a given time period? Any help and pointers are welcome!
On Tue, Apr 17, 2018 at 1:36 PM, Gunnar Wolf <gwolf@gwolf.org> wrote:
Any help and pointers are welcome!
https://lists.torproject.org/pipermail/tor-relays-universities/ https://lists.torproject.org/pipermail/tor-relays/ https://libraryfreedomproject.org/
grarpamp dijo [Wed, Apr 18, 2018 at 03:40:02AM -0400]:
On Tue, Apr 17, 2018 at 1:36 PM, Gunnar Wolf <gwolf@gwolf.org> wrote:
Any help and pointers are welcome!
https://lists.torproject.org/pipermail/tor-relays-universities/
Sadly, this list is long dead ☹ I'm reviewing its full history, but it has had no activity at all in well over a year.
Hey, this is the same list I'm writing to right now! ;-)
But I didn't know this one. Thanks!
The EFF's Tor challenge might have some useful resources for you: https://www.eff.org/torchallenge/tor-on-campus.html On Wed, Apr 18, 2018, 1:34 PM Gunnar Wolf <gwolf@debian.org> wrote:
grarpamp dijo [Wed, Apr 18, 2018 at 03:40:02AM -0400]:
On Tue, Apr 17, 2018 at 1:36 PM, Gunnar Wolf <gwolf@gwolf.org> wrote:
Any help and pointers are welcome!
https://lists.torproject.org/pipermail/tor-relays-universities/
Sadly, this list is long dead ☹ I'm reviewing its full history, but it has had no activity at all in well over a year.
Hey, this is the same list I'm writing to right now! ;-)
But I didn't know this one. Thanks! _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Wed, Apr 18, 2018 at 12:34:12PM -0500, Gunnar Wolf wrote:
https://lists.torproject.org/pipermail/tor-relays-universities/
Sadly, this list is long dead ??? I'm reviewing its full history, but it has had no activity at all in well over a year.
It actually isn't dead, it just has a very high signal to noise ratio. :) Speaking of maintaining signal, I wrote this guide long ago and it still looks useful today: https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities --Roger
On 04/18/2018 11:34 AM, Gunnar Wolf wrote:
But I didn't know this one. Thanks!
https://en.wikipedia.org/wiki/Library_Freedom_Project (Full disclosure: I wrote the article.)
I've had a similar experience at my university in the states. While they acknowledge overall public benefit, I was denied, citing the overhead of abuse complaints and "potential for subverting university firewalls" (their words...) as justification for rejection. They did, however, note if I were to bring my own addresses, they might be able to convince the board of regents network administrators to announce my prefix and allow me to handle complaints on my own. They perceived my potential leveraging of university transit as exclusive and distinct (and more secure?) than polluting their precious (and largely unused) /16, and had no interest in granting a lowly undergrad access to their beloved sanctuary. Best of luck! On 04/17/2018 10:36 AM, Gunnar Wolf wrote:
TL;DR - Have you got official permission to operate Tor exit nodes within an university campus/network? Relay nodes, even? Please share me how this permission was achieved! (or even if it was denied, please tell me!)
Hi,
I know this list is mostly technical in nature, so sorry for presenting a very different kind of topic here; I will send a very similar message to the tor-teachers list, but I believe the population of this list to be interesting..
I am trying to get my university's (Universidad Nacional Autónoma de México) OK to run an exit node from our campus' network. I currently operate one relay, am willing to set up some extra relays, and have at least one colleague in a different research institute with a relay of his own, but I believe we should aim for exit nodes.
Now, I don't want to set it up in a rogue fashion, as I'm sure that the university's NOC or CERT would not take long to get complaints and require me to shut it down. I have already made an official request for the permission to run an exit node and (as expected) it was turned down. Quoting (translation mine) the reasons for rejection,
1. This assignation is not factible because the Tor network is not compatible with the Acceptable Usage Policies of RedUNAM, being this infrastructure oriented to the service of institutional goals.
2. While the Tor network can have reseearch purposes, due to its nature and the hiding of IPv4 addresses and anonymous connectivity, it is susceptible to be used by third parties from outside the University with purposes conflicting with those specified in item 1, without any possibility of control or regulation from the University's part or from your project.
3. Even more so: The Tor network, due to its definition and structure, can potentially incorporate third people with malicious or even delictive intentions, which would affect not only the computers or networks in your Institute or all of the University, but also networks outside the institution's control
So, I want to gather experiences from operators in different universities or research institutions. Which way did you have to argue? How hard was to get this OK? Did you ask a permission for a specific project, or as part of your networking infrastructure in general? Did you ask this before setting up the exit node, or as a "fait accompli" gathering not-too-ill results for a given time period?
Any help and pointers are welcome!
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-- Jordan https://yui.cat/
Jordan dijo [Wed, Apr 18, 2018 at 11:01:28AM -0700]:
I've had a similar experience at my university in the states. While they acknowledge overall public benefit, I was denied, citing the overhead of abuse complaints and "potential for subverting university firewalls" (their words...) as justification for rejection.
They did, however, note if I were to bring my own addresses, they might be able to convince the board of regents network administrators to announce my prefix and allow me to handle complaints on my own. They perceived my potential leveraging of university transit as exclusive and distinct (and more secure?) than polluting their precious (and largely unused) /16, and had no interest in granting a lowly undergrad access to their beloved sanctuary.
"Bringing your own address"? Well, I will look into how to get that. I guess I could try again asking my university network to route my non-university's block (we have two almost full /16s; I was requesting an IP in a third range we have that's not usually associated with the university).
Hi, Gunnar Wolf:
1. This assignation is not factible because the Tor network is not compatible with the Acceptable Usage Policies of RedUNAM, being this infrastructure oriented to the service of institutional goals.
2. While the Tor network can have reseearch purposes, due to its nature and the hiding of IPv4 addresses and anonymous connectivity, it is susceptible to be used by third parties from outside the University with purposes conflicting with those specified in item 1, without any possibility of control or regulation from the University's part or from your project.
In most universities there is a person/entity that can override many if not all possible "restrictions" in order for a project to continue/start successfully. I suggest you to find these persons that can override these "controls" and convince how difficult (or impossible?) is to continue/start your research project without hosting Tor relays. Persistence usually helps, paying a weekly visit to the people responsible and asking them for the next steps or how you can help to move this forward.
3. Even more so: The Tor network, due to its definition and structure, can potentially incorporate third people with malicious or even delictive intentions, which would affect not only the computers or networks in your Institute or all of the University, but also networks outside the institution's control
Another idea will be to do a general Tor presentation at the UNAM university. The date should be based on the the availability or favored date/time of the responsible(s) for the network policies (RedUNAM) and the persons that have the special override powers Cheers, ~Vasilis -- Fingerprint: 8FD5 CF5F 39FC 03EB B382 7470 5FBF 70B1 D126 0162 Pubkey: https://pgp.mit.edu/pks/lookup?op=get&search=0x5FBF70B1D1260162
participants (8)
-
Dan Bateyko -
grarpamp -
Gunnar Wolf -
Gunnar Wolf -
Jordan -
Kenneth Freeman -
Roger Dingledine -
Vasilis