[tor-relays-universities] Looking to chat with University Tor operators

[Philipp Winter]

On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
> I'm currently working on formulating a best-practices and how-to
> document for running Tor nodes in University and other academic
> settings. My primary focus is on running production Tor nodes, but I'm
> also happy to hear about research uses of Tor. I'd love to chat with
> anyone involved with the day-to-day operation of Tor nodes on
> University networks as well as anyone involved with the process of
> standing up Tor nodes on University networks and any administrative
> overhead that involved.
> 
> I'm happy to chat via phone or email. If you're currently operating a
> University-based Tor node and are interested in sharing some of your
> experiences, let me know. Some potential questions I'd be curious to
> hear about include:

Such guidelines would be very useful, so thanks for starting this, Andy!
I can share our experience with running a relay at Karlstad University
in Sweden.  We tried to start an exit relay, but failed on an
organisational level, so we are now running a guard relay:
<https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645>
<https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>

> + Why do you operate a Tor node? For research? As a public service?
> For student experience?

Our main motivation was public service.  Our network link had plenty of
spare capacity that might as well be used for a good cause.  That said,
our relay turned out to be useful for research too.  We used it on
several occasions to learn more about global censorship events.

> + What's the governance/organizational structure for your nodes? Who's
> in charge of their operation?

CS researchers are in charge of operations.  Our department head, campus
IT, as well as the head of the university is aware of us running it, but
not interfering with operations.

> + Who handles the day-to-day operation of the nodes? Run by campus IT?
> Run by a dept? Run by students? Etc?

Operations is done by three CS researchers.  We worked closely with
campus IT, which changed our network topology so we are directly
connected to our university's uplink.  Without that, our Tor relay could
have interfered with the network measurements done by our networking
group.

> + Who handles complaints?

We created a mailing list for that purpose, which is part of our relay's
contact information.  Our three operators as well as campus IT folks are
part of that mailing list.  That way, we hope to always have at least
one person that is able to reply to complaints quickly.

> + Was it difficult to convince university administration/legal/IT to
> support the deployment of Tor nodes? What were their concerns?

It was quite difficult in our case.  We started with a guard relay,
which was straightforward to set up as there are no legal implications.

We then tried to turn it into an exit relay.  We talked to campus IT,
our department head, our university lawyer, our university PR person,
and the university head.  Unfortunately, our university head shut down
our plans; apparently because her 5-minute-Google-search made her
believe that the Tor network is mainly used for child abuse.  After
that, there was no talking to her any more, which was very frustrating.

The higher we went up the hierarchy, the harder it became.  We were told
that we aren't a charity and if the relay is not related to research, we
cannot have it.  Luckily, our research group did quite a bit of Tor
research.  What definitely helped was that our work got some positive
media attention, which pleased our decision makers.  It was also helpful
to show that other universities are already doing the same thing without
major issues.

> + How many and what kind of complaints do you receive?

We receive no complaints since we don't run an exit relay.

> + What kinds of costs are associated with the operation of your node
> and how are these justified/budgeted?

First, there's the cost of having a physical machine.  That was
negligible as we simply took an old computer from student lab rooms.
There might also be bandwidth costs, but we don't pay for usage, so that
doesn't affect us.  Finally, there's also the time spent for
administration.  Once the relay is up-and-running, we only spend about
an hour a month.  It boils down to keeping an eye on log files and
running updates.  After our initial setup, the cost is close to zero for
us.  I expect that to be different for an exit relay as some complaints
might have to be escalated to lawyers, whose time is pricey.

> + How are the nodes placed within the campus network? Outside the
> firewall/IDS? On their own public subnet? How do you handle isolation
> of reputational issues?

Reputational issues were a big deal for us.  First, we obtained a new
/29 netblock from our upstream provider to isolate it from the rest of
the network.  We did that back when we were working on starting an exit
relay, so our exit couldn't be used to scrape the scientific databases
we have subscriptions for (e.g., IEEE Xplore, ACM DL).

We also set the netblock description in the whois record to "Privacy
research at Karlstads Universitetet" to make it clear to irritated
network administrators what we are up to.  Our relay also had a small
web server whose index page informed about what a Tor relay is.

Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for
our relay's reverse DNS record.  We wanted to decouple it from our
university domain (kau.se), just in case of a nasty media disaster.

> Similarly, if anyone knows of existing published write-ups related to
> operating or standing-up Tor nodes in university settings that you
> could point me to, I'd greatly appreciate it. I'm already familiar
> with:
> 
> https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
> https://www.eff.org/torchallenge/tor-on-campus.html

I'd be happy to help out in any way I can.  After we went through all
these hoops, I wanted to write up our experience but I never got to it.

Cheers,
Philipp