[tor-relays-universities] Tor on Campus

Thorsten Holz thorsten.holz at rub.de
Sat Sep 20 22:34:45 UTC 2014


Hi everyone,

I can also share our experience on running an exit node since March 2011 at Ruhr-University Bochum in Germany (see https://globe.torproject.org/#/relay/7935072EFBD8D5BBC30653E0F1016C2A3274E4E2 for details). I agree with all points mentioned by Philipp, maybe this can lead to some kind of guide for running exit nodes.

On 20 Sep 2014, at 13:28, Philipp Winter <phw at nymity.ch> wrote:

> - We got a new /29 netblock from our ISP for our relay.  This is to
>  avoid the scientific database issues, Ian pointed out.  While our
>  library did have a list with all our subscriptions, updating that list
>  would have been a lot of trouble they wanted to avoid.

Same for us, we obtained 195.37.190.64/27 for running our node and other research projects we are working on. The reasons are similar to the ones mentioned by Philipp and Ian.

> - We were working closely with our IT department (which liked the idea
>  of running a relay after talking to us) and our ISP.  Our relay's
>  whois record points to our university's abuse email address but the
>  agreement is that complaints can also be forwarded to a mailing list
>  we set up for dealing with Tor-specific complaints.

We have a similar setup, all abuse requests go to a mailing list or directly to me. While I received about 2-3 complaints per quarter at the beginning, I did not receive a single complaint about the node in the last 12 months. 
One request of our IT department was to prevent access to the university network via Tor, mainly since there are several other systems besides the journal sites that are only reachable with an IP address of the university. Thus our exit policy also includes a reject of 134.147.0.0/16:*. We also rate limit the connection a bit such that we do not generate too much traffic per day. 

> - In case of issues with law enforcement, we clearly marked the Tor
>  relay in our department's server room.  Should the relay ever get
>  seized, we hope that only the relay is taken and no other, unrelated
>  machines.

We also use this as a precaution, but as far as I know, seizing of Tor nodes did not happen in Germany very often in the past few years (the situation has changed after a smaller awareness campaign).

> - We registered a new domain and configured our reverse DNS
>  record in a way that it is obvious that it runs a Tor relay, i.e.,
>  relay-194.tor-exit-kau.se.

$ host 195.37.190.67
67.190.37.195.in-addr.arpa domain name pointer tor-exit.de.

Cheers,
  Thorsten


More information about the tor-relays-universities mailing list