[tor-dev] BOINC-based Tor wrapper

teor teor2345 at gmail.com
Tue Jul 21 15:06:41 UTC 2015 

> On 20 Jul 2015, at 11:11 , Serg <std.serg at gmail.com> wrote:
> 
>> How do you plan to map ports on NAT devices?
> 
> If it can't be done automatically using UPnP, This must be done manually. No alternative cases.

Our experience is that most routers' UPnP / NAT-PMP implementations don't work well with (our) automated tools. So this would have to be done manually, significantly reducing the pool of available volunteers.

> 
>> Eliminate relays with poor bandwidth?
> 
> I guess that the strategy test bandwidth is already implemented in Tor relays. Available bandwidth can be different at different times, regardless of runing under BOINC.
> Any tests which can be automated, can be performed after the launch of the virtual machine, but before the relay software starts.

No, the Tor network does not currently eliminate relays with poor bandwidth or poor uptime from the consensus. (As far as I recall.)

Therefore, a BOINC-based, or other widespread project, runs the risk of bloating the consensus with low-uptime, low-bandwidth, or asymmetrical-bandwidth relays.

>> Support users?
>> 
>> Teach people how to run a secure server?
>> (This is the show-stopper for me.)
> 
> The basic idea is that users running preconfigured secure server. BOINC downloads its as virtual machine image.
> Virtual machine gives secure sandbox to run relay.

I don't think we're talking about the same kind of security here.

Who will:
* configure the relay bandwidth limits and various other options for the context?
* fix the relay when it breaks?
* monitor each virtual server for suspicious activity?

I don't think the average BOINC volunteer has these skills.

That said, a similar project deployed Tor bridges on Amazon EC2 using a preconfigured image. It was discontinued as it was unmaintained.

Why not create a Tor bridge image, which tests for bandwidth and uptime (is this possible?), and then starts Tor once certain basic criteria are satisfied?

The image could then be distributed via Amazon EC2, other VPSs, and maybe even BOINC.
(And if a user has the bandwidth and uptime and skills to run a relay, they can edit the torrc to make it a relay.)

Tim


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
pgp ABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5

teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150722/4f836bc2/attachment.sig>

More information about the tor-dev mailing list