[tor-relays-universities] Looking to chat with University Tor operators

[Andy Sayler]

Hi Philip,

Thanks for the response. I'll add it to the others I've received off
list. All the info is very helpful.

I assume since you posted this publicly, you wont' mind if I include
this information in my report?

I'll let you know if I have additional follow-up questions as I start
to compile my response data.

Thanks,
Andy

On Thu, Jul 2, 2015 at 1:55 PM, Philipp Winter <phw at nymity.ch> wrote:
> On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
>> I'm currently working on formulating a best-practices and how-to
>> document for running Tor nodes in University and other academic
>> settings. My primary focus is on running production Tor nodes, but I'm
>> also happy to hear about research uses of Tor. I'd love to chat with
>> anyone involved with the day-to-day operation of Tor nodes on
>> University networks as well as anyone involved with the process of
>> standing up Tor nodes on University networks and any administrative
>> overhead that involved.
>>
>> I'm happy to chat via phone or email. If you're currently operating a
>> University-based Tor node and are interested in sharing some of your
>> experiences, let me know. Some potential questions I'd be curious to
>> hear about include:
>
> Such guidelines would be very useful, so thanks for starting this, Andy!
> I can share our experience with running a relay at Karlstad University
> in Sweden.  We tried to start an exit relay, but failed on an
> organisational level, so we are now running a guard relay:
> <https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645>
> <https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>
>
>> + Why do you operate a Tor node? For research? As a public service?
>> For student experience?
>
> Our main motivation was public service.  Our network link had plenty of
> spare capacity that might as well be used for a good cause.  That said,
> our relay turned out to be useful for research too.  We used it on
> several occasions to learn more about global censorship events.
>
>> + What's the governance/organizational structure for your nodes? Who's
>> in charge of their operation?
>
> CS researchers are in charge of operations.  Our department head, campus
> IT, as well as the head of the university is aware of us running it, but
> not interfering with operations.
>
>> + Who handles the day-to-day operation of the nodes? Run by campus IT?
>> Run by a dept? Run by students? Etc?
>
> Operations is done by three CS researchers.  We worked closely with
> campus IT, which changed our network topology so we are directly
> connected to our university's uplink.  Without that, our Tor relay could
> have interfered with the network measurements done by our networking
> group.
>
>> + Who handles complaints?
>
> We created a mailing list for that purpose, which is part of our relay's
> contact information.  Our three operators as well as campus IT folks are
> part of that mailing list.  That way, we hope to always have at least
> one person that is able to reply to complaints quickly.
>
>> + Was it difficult to convince university administration/legal/IT to
>> support the deployment of Tor nodes? What were their concerns?
>
> It was quite difficult in our case.  We started with a guard relay,
> which was straightforward to set up as there are no legal implications.
>
> We then tried to turn it into an exit relay.  We talked to campus IT,
> our department head, our university lawyer, our university PR person,
> and the university head.  Unfortunately, our university head shut down
> our plans; apparently because her 5-minute-Google-search made her
> believe that the Tor network is mainly used for child abuse.  After
> that, there was no talking to her any more, which was very frustrating.
>
> The higher we went up the hierarchy, the harder it became.  We were told
> that we aren't a charity and if the relay is not related to research, we
> cannot have it.  Luckily, our research group did quite a bit of Tor
> research.  What definitely helped was that our work got some positive
> media attention, which pleased our decision makers.  It was also helpful
> to show that other universities are already doing the same thing without
> major issues.
>
>> + How many and what kind of complaints do you receive?
>
> We receive no complaints since we don't run an exit relay.
>
>> + What kinds of costs are associated with the operation of your node
>> and how are these justified/budgeted?
>
> First, there's the cost of having a physical machine.  That was
> negligible as we simply took an old computer from student lab rooms.
> There might also be bandwidth costs, but we don't pay for usage, so that
> doesn't affect us.  Finally, there's also the time spent for
> administration.  Once the relay is up-and-running, we only spend about
> an hour a month.  It boils down to keeping an eye on log files and
> running updates.  After our initial setup, the cost is close to zero for
> us.  I expect that to be different for an exit relay as some complaints
> might have to be escalated to lawyers, whose time is pricey.
>
>> + How are the nodes placed within the campus network? Outside the
>> firewall/IDS? On their own public subnet? How do you handle isolation
>> of reputational issues?
>
> Reputational issues were a big deal for us.  First, we obtained a new
> /29 netblock from our upstream provider to isolate it from the rest of
> the network.  We did that back when we were working on starting an exit
> relay, so our exit couldn't be used to scrape the scientific databases
> we have subscriptions for (e.g., IEEE Xplore, ACM DL).
>
> We also set the netblock description in the whois record to "Privacy
> research at Karlstads Universitetet" to make it clear to irritated
> network administrators what we are up to.  Our relay also had a small
> web server whose index page informed about what a Tor relay is.
>
> Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for
> our relay's reverse DNS record.  We wanted to decouple it from our
> university domain (kau.se), just in case of a nasty media disaster.
>
>> Similarly, if anyone knows of existing published write-ups related to
>> operating or standing-up Tor nodes in university settings that you
>> could point me to, I'd greatly appreciate it. I'm already familiar
>> with:
>>
>> https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
>> https://www.eff.org/torchallenge/tor-on-campus.html
>
> I'd be happy to help out in any way I can.  After we went through all
> these hoops, I wanted to write up our experience but I never got to it.
>
> Cheers,
> Philipp