[tor-commits] [community/master] first tor training. closes: https://gitlab.torproject.org/tpo/community/training/-/issues/14, https://gitlab.torproject.org/tpo/web/community/-/merge_requests/71

Thu May 13 09:35:35 UTC 2021

commit f4ed10db6a98a11696dcb95c7c8589ae2928de08
Author: emma peel <emma.peel at riseup.net>
Date:   Thu May 13 11:34:27 2021 +0200

    first tor training. closes: https://gitlab.torproject.org/tpo/community/training/-/issues/14, https://gitlab.torproject.org/tpo/web/community/-/merge_requests/71
---
 content/outreach/contents.lr                       |   2 +-
 .../training/resources/tor-training/contents.lr    | 549 +++++++++++++++++++++
 2 files changed, 550 insertions(+), 1 deletion(-)

diff --git a/content/outreach/contents.lr b/content/outreach/contents.lr
index cd2b5fe..9cf4a65 100644
--- a/content/outreach/contents.lr
+++ b/content/outreach/contents.lr
@@ -1,4 +1,4 @@
-section: Community
+section: community
 ---
 section_id: outreach
 ---
diff --git a/content/training/resources/tor-training/contents.lr b/content/training/resources/tor-training/contents.lr
new file mode 100644
index 0000000..50e292f
--- /dev/null
+++ b/content/training/resources/tor-training/contents.lr
@@ -0,0 +1,549 @@
+_model: slideshow
+---
+title: The Tor Network
+---
+_template: slideshow.html
+---
+background: white
+---
+image: /static/images/onion.png
+---
+slides:
+
+#### slide ####
+title: Topics
+----
+description:
+- What is Tor?
+- Types of relays
+- Technical setup
+- More about relays
+- Relay diversity
+- Getting help
+
+
+#### slide ####
+title: What is Tor?
+----
+description:
+- Tor is free software and an open network.
+- Mitigates against tracking, surveillance and censorship.
+- Run by a US non-profit and volunteers from all over the world.
+- It's Tor, not TOR.
+
+
+#### slide ####
+title: The Tor network
+----
+description:
+- An open network that everyone can be a part of.
+- The network is composed of different types of servers run by volunteers around the world.
+- Your server will relay the Tor traffic to another server on the Internet.
+- Before entering the network, your server will automatically go through the relay lifecycle.
+
+
+#### slide ####
+title: Why run a Tor relay?
+----
+description:
+By running a Tor relay, you can help make the Tor network:
+- faster (and therefore more usable)
+- more robust against attacks
+- more stable in case of outages
+- safer for users (spying on more relays is harder than on a few)
+
+
+#### slide ####
+title: Types of Relays
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Guard/middle (aka non-exit) relay
+----
+description:
+- A guard is the first relay in the chain of 3 relays building a Tor circuit.
+- A middle relay is neither a guard nor an exit, but acts as the second hop between them.
+- To become a guard, a middle relay has to be stable and fast (at least 2MByte/s); otherwise, it will remain a middle relay.
+
+
+#### slide ####
+title: Exit relay
+----
+description:
+- The exit relay is the final relay in a Tor circuit, and sends the traffic to its destination.
+- That is why exit relays have the most significant legal exposure and liability of all relays.
+- Before running an exit relay, talk with your local digital rights organization.
+- **You should not run a Tor exit relay from your home.**
+
+
+#### slide ####
+title: Bridge
+----
+description:
+- A bridge is a node in the network that is not listed in the public Tor directory, making it harder for ISPs and governments to block it.
+- Bridges are relatively easy, low-risk, and low bandwidth Tor relays to operate.
+- And there's another special kind of bridge: Pluggable transports. These hide your Tor traffic by adding a layer of obfuscation.
+
+
+#### slide ####
+title: The lifecycle of a new relay
+----
+description:
+Non-exit relays go through a lifecycle of four phases (defined in days):
+- Days 0-3: the unmeasured phase.
+- Days 3-8: network authorities start the remote measurement phase (the ramp-up guard phase).
+- Days 8-68: guard phase (where load counter intuitively drops and then rises higher).
+
+
+#### slide ####
+title: The lifecycle of a new relay
+----
+description:
+- After 68 days, if stable and fast enough, the relay will receive a **Guard flag** (steady-state guard phase).
+- Read about all the phases in: <https://blog.torproject.org/lifecycle-new-relay>
+
+
+#### slide ####
+title: Relay requirements
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Before we start
+----
+description:
+- Never run a relay without the consent of the network administrator or machine owner.
+  Read the Terms of Service (ToS) first, so you donâ€™t risk losing money.
+- Choose which type of relay you will host. A non-exit relay is an easy way to start helping the network.
+- Read the documentation: <https://community.torproject.org/relay>
+
+
+#### slide ####
+title: Bandwidth requirements
+----
+description:
+- Itâ€™s recommended to have at least 16 Mbit/s (Mbps) upload and download bandwidth available for Tor. More is better.
+- The minimum requirements for a relay are 10 Mbit/s (Mbps).
+- If you have less than 10 Mbit/s but at least 1 Mbit/s, we recommend running a bridge with obfs4 support.
+
+
+#### slide ####
+title: Monthly outbound traffic
+----
+description:
+- Relays must use at least 100 GByte of outbound/incoming traffic per month.
+- If you have a metered plan, you might want to configure Tor to use only a given amount of bandwidth or monthly traffic.
+- More (>2 TB/month) is better and recommended.
+
+
+#### slide ####
+title: Public IPv4 address
+----
+description:
+- Every relay needs a public IPv4 address - either directly on the host (preferred) or via NAT and port forwarding.
+- The IPv4 address is not required to be static, but static IP addresses are preferred.
+- Your IPv4 address should remain unchanged for at least 3 hours (network consensus).
+- You can only run two Tor relays per public IPv4.
+
+
+#### slide ####
+title: Other requirements
+----
+description:
+- Memory: A <40 Mbit/s non-exit relay should have at least 512 MB of RAM available.
+- Disk storage: Tor does not need much disk storage. A typical Tor relay needs less than 200 MB.
+
+
+#### slide ####
+title: Other requirements
+----
+description:
+- Any modern CPU should be fine.
+- Uptime: Ideally, the relay runs on a server which runs 24/7.
+
+
+#### slide ####
+title: Choosing your relay hosting
+----
+description:
+- The Tor community team maintains GoodBadISPs â€“ a list about the experience of running relays: <https://community.torproject.org/relay/community-resources/good-bad-isps/>
+- Some providers only allow non-exit relays, so check the GoodBadISPs list before buying a service.
+- Running a relay can cost anywhere between a few bucks to hundreds per month.
+
+
+#### slide ####
+title: Technical setup
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Non-exit relay - Debian/Ubuntu
+----
+description:
+- Enable the Tor Project package repository
+- Install the tor package
+
+```
+  $ apt update && apt install tor
+```
+
+
+#### slide ####
+title: Non-exit relay - Debian/Ubuntu
+----
+description:
+- Add relay configuration to the `/etc/tor/torrc` file:
+```
+  Nickname myNiceRelay
+  ExitRelay 0
+  SocksPort 0
+  ControORPort 443
+  lSocket 0
+  ContactInfo tor-operator at your-emailaddress-domain
+  Log notice syslog
+```
+
+
+#### slide ####
+title: Non-exit relay - Debian/Ubuntu
+----
+description:
+- Restart the tor daemon:
+
+```
+  $ systemctl restart tor at default
+```
+
+
+#### slide ####
+title: Non-exit relay - FreeBSD
+----
+description:
+- Install the tor package
+
+```
+  pkg install tor ca_root_nss
+```
+
+
+#### slide ####
+title: Non-exit relay - FreeBSD
+----
+description:
+  - Edit the configuration file `/usr/local/etc/tor/torrc`
+
+```
+  Nickname myNiceRelay
+  ORPort 9001
+  ExitRelay 0
+  SocksPort 0
+  ControlSocket 0
+  ContactInfo tor-operator at your-emailaddress-domain
+  Log notice syslog
+```
+
+
+#### slide ####
+title: Non-exit relay - FreeBSD
+----
+description:
+- Ensure that the random_id sysctl setting is enabled:
+
+```
+  echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
+  sysctl net.inet.ip.random_id=1
+```
+
+
+#### slide ####
+title: Non-exit relay - FreeBSD
+----
+description:
+- Start the tor daemon and make sure it starts at boot:
+
+```
+  sysrc tor_enable=YES
+  service tor start
+```
+
+
+#### slide ####
+title: Non-exit relay - FreeBSD
+----
+description:
+
+- Optional, but recommended to get package updates faster: <https://community.torproject.org/relay/setup/guard/freebsd/>
+
+
+#### slide ####
+title: Verify that your relay works
+----
+description:
+
+After restarting the service, verify that the log file contains the following entry:
+```
+  Self-testing indicates your ORPort is
+  reachable from the outside.
+  Excellent.
+  Publishing server descriptor.
+```
+
+About 3 hours after you started your relay, it should appear on Metrics portal in Relay Search.
+
+
+#### slide ####
+title: More about relays
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Technical tips
+----
+description:
+- Enable automatic software updates.
+- Backup your Tor Identity Keys.
+- It's possible to limit bandwidth usage (and traffic). Check the parameters, for example, AccountingMax, AccountingRule, AccountingStart.
+- If you run more than one Tor relay, you need to set the MyFamily parameter.
+
+
+#### slide ####
+title: Orchestrating
+----
+description:
+- Running multiple relays by hand can be challenging.
+- Configuration management tools can make relay operators' lives easier:
+- Ansible-relayor: <http://github.com/nusenu/ansible-relayor>
+
+
+#### slide ####
+title: Metrics
+----
+description:
+- Metrics portal: <https://metrics.torproject.org>
+- You can search for how many relays are in the network, how many are exits, etc.
+- In 2021 there are ~6,600 public relays and ~1,500 bridges.
+- Check: how many relays are in your country? Who runs these relays? How diverse are they?
+
+
+#### slide ####
+title: Network diversity
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Monoculture
+----
+description:
+- A single kernel vulnerability in GNU/Linux impacting all Tor relays could be devastating.
+- Diversity of Operating System (OS): ~90% of relays are Linux.
+
+
+#### slide ####
+title: Monoculture
+----
+description:
+- Diversity of Autonomous Systems (AS).
+- Try to avoid the following hosters: OVH SAS (AS16276), Online S.a.s. (AS12876), Hetzner Online GmbH (AS24940), DigitalOcean, LLC (AS14061).
+
+
+#### slide ####
+title: The TorBSD Diversity Project
+----
+description:
+- The Tor BSD Diversity Project (TDP) is an initiative seeking to extend the use of BSD Unix operating systems in the network.
+- Goals: increase the number of Tor relays running BSDs; Engage the BSD community about Tor anonymity; Port Tor related programs to BSD operating systems.
+
+
+#### slide ####
+title: More about exit relays
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Legal information
+----
+description:
+- Many countries have regulations that exclude internet service providers from liability.
+- It's a good idea to consult with a lawyer or your local digital rights organization.
+- Under most circumstances, you will be able to handle legal matters by having an abuse response letter.
+
+
+#### slide ####
+title: Legal resources
+----
+description:
+- The EFF Tor Legal FAQ: <https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/>
+- It's important to respond to abuse complaints in a timely manner (usually within 24 hours).
+- Abuse letter templates: <https://community.torproject.org/relay/community-resources/tor-abuse-templates>
+
+
+#### slide ####
+title: Tips for running an exit relay
+----
+description:
+- Get a separate IP for the relay, and donâ€™t use it for other services.
+- Set up a Tor Exit Notice, so if someone checks your exit IP they'll know that itâ€™s a Tor Exit.
+- If you receive excessive complaints, consider running a Reduced Exit Policy.
+- For more tips: <https://blog.torproject.org/tips-running-exit-node>
+
+
+#### slide ####
+title: Running relays with others
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Running a relay with others
+----
+description:
+- You can work with your university department, employer or institution, or an organization like Torservers.org, Nos oignons, etc.
+- Some organizations â€“ known as Relay Associations â€“ are solely dedicated to this purpose: <https://community.torproject.org/relay/community-resources/relay-associations/>.
+
+
+#### slide ####
+title: Relays associations
+----
+description:
+- It's often advised to create some type of non-profit organization. This is useful for having a bank account and shared ownership.
+- The most important thing is to have a group of people (3-5 suggested to start) interested in helping.
+
+
+#### slide ####
+title: Running a relay with universities
+----
+description:
+- Universities are typically home to a reliable, robust, and well-equipped network.
+- Many computer science departments and university libraries run relays: Massachusetts Institute of Technology, UniversitÃ¤t Stuttgart, the University of Waterloo.
+
+#### slide ####
+title: Running a relay with universities
+----
+description:
+- Read more: <https://community.torproject.org/relay/community-resources/tor-relay-universities/>
+
+
+
+#### slide ####
+title: At your company or organization
+----
+description:
+- If you work at a Tor-friendly company or organization, that's another ideal place to run a relay.
+- Companies like Brass Horn Communications, Quintex Alliance Consulting, and many others run relays.
+- And organizations like Digital Courage, Access Now, Derechos Digitales, Calyx Institute, and Lebanon Libraries in New Hampshire.
+
+
+#### slide ####
+title: Bad relays
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: What is a bad relay?
+----
+description:
+- A bad relay is one that either doesn't work properly or tampers with our users' connections. That can be either through maliciousness or misconfiguration.
+
+
+#### slide ####
+title: What is a bad relay?
+----
+description:
+- For example: tampering with exit traffic in any way (including dropping accepted connections). Or, running HSDirs that harvest and probe .onion addresses
+
+
+#### slide ####
+title: Reporting a bad relay
+----
+description:
+- The "Bad relays" private working group at the Tor Project work to detect misconfigured, malicious, or suspicious relays.
+- Users can report bad relays by sending an email to bad-relays at lists.torproject.org with the relayâ€™s IP address or fingerprint, what kind of behavior you see, and any additional information needed to reproduce the issue.
+
+
+#### slide ####
+title: What happens to bad relays?
+----
+description:
+- After a relay is reported and behavior has been verified, the Tor Project will attempt to contact the relay operator.
+- The relay will be flagged to prevent it from being used (BadExit, Invalid, Reject).
+- The working group actively looks for bad relays using open source tools like exitmap, sysbilhunter.
+
+
+#### slide ####
+title: How do I get help running a Tor relay?
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-
+
+
+#### slide ####
+title: Getting help
+----
+description:
+- Read the Tor Relay documentation:
+  <https://community.torproject.org/relay>
+- Subscribe to the tor-relays mailing list: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>
+- Join our IRC channel: #tor-relays in irc.oftc.net
+
+
+#### slide ####
+title: Thank you!
+----
+slide_layout: title-slide
+----
+background_image: /static/images/onion-white.png
+----
+description:
+-

