[tor-relays-universities] Looking to chat with University Tor operators

Andy Sayler andy.sayler at gmail.com
Thu Jul 2 19:53:02 UTC 2015


Hi Alex,

Thanks for the info. I'm happy to hear about "unofficial" student-run
nodes as well as the larger "official" ones.

I assume that your node basically flies under the radar and that you
didn't get any explicit university permission to stand it up? Do you
have reason to believe your university would be antagonistic to a
larger scale "official" Tor operation, or have you just gone the DIY
route because it was quicker/easier/required fewer resoruces?

Cheers,
Andy

On Thu, Jul 2, 2015 at 2:18 PM, Alex Ryan <ialex.ryan at gmail.com> wrote:
> It's not glamorous, but I've had a lot of success just personally running a
> guard/middle relay from my dorm room. I'm an undergraduate at Caltech and we
> get free power and 40mbps symmetric in the dormitories. I've pushed 3TB in
> the last three months or so. I run it purely as a public service/donation.
> Since it's not an exit node, there have been no issues with university
> administrators, no complaints (DMCA or otherwise), and no issues with
> accidentally opening up access to university resources.
>
> I doubt this is exactly what you're looking to hear, but I would certainly
> encourage any students with uncooperative administrators or without the
> resources to go through formal channels to take this approach.
>
> Feel free to contact me with any questions :)
>
> Cheers,
> Alex
>
> On Thu, Jul 2, 2015 at 10:55 AM, Philipp Winter <phw at nymity.ch> wrote:
>>
>> On Wed, Jul 01, 2015 at 05:12:07PM -0400, Andy Sayler wrote:
>> > I'm currently working on formulating a best-practices and how-to
>> > document for running Tor nodes in University and other academic
>> > settings. My primary focus is on running production Tor nodes, but I'm
>> > also happy to hear about research uses of Tor. I'd love to chat with
>> > anyone involved with the day-to-day operation of Tor nodes on
>> > University networks as well as anyone involved with the process of
>> > standing up Tor nodes on University networks and any administrative
>> > overhead that involved.
>> >
>> > I'm happy to chat via phone or email. If you're currently operating a
>> > University-based Tor node and are interested in sharing some of your
>> > experiences, let me know. Some potential questions I'd be curious to
>> > hear about include:
>>
>> Such guidelines would be very useful, so thanks for starting this, Andy!
>> I can share our experience with running a relay at Karlstad University
>> in Sweden.  We tried to start an exit relay, but failed on an
>> organisational level, so we are now running a guard relay:
>>
>> <https://atlas.torproject.org/#details/9B94CD0B7B8057EAF21BA7F023B7A1C8CA9CE645>
>>
>> <https://atlas.torproject.org/#details/CCEF02AA454C0AB0FE1AC68304F6D8C4220C1912>
>>
>> > + Why do you operate a Tor node? For research? As a public service?
>> > For student experience?
>>
>> Our main motivation was public service.  Our network link had plenty of
>> spare capacity that might as well be used for a good cause.  That said,
>> our relay turned out to be useful for research too.  We used it on
>> several occasions to learn more about global censorship events.
>>
>> > + What's the governance/organizational structure for your nodes? Who's
>> > in charge of their operation?
>>
>> CS researchers are in charge of operations.  Our department head, campus
>> IT, as well as the head of the university is aware of us running it, but
>> not interfering with operations.
>>
>> > + Who handles the day-to-day operation of the nodes? Run by campus IT?
>> > Run by a dept? Run by students? Etc?
>>
>> Operations is done by three CS researchers.  We worked closely with
>> campus IT, which changed our network topology so we are directly
>> connected to our university's uplink.  Without that, our Tor relay could
>> have interfered with the network measurements done by our networking
>> group.
>>
>> > + Who handles complaints?
>>
>> We created a mailing list for that purpose, which is part of our relay's
>> contact information.  Our three operators as well as campus IT folks are
>> part of that mailing list.  That way, we hope to always have at least
>> one person that is able to reply to complaints quickly.
>>
>> > + Was it difficult to convince university administration/legal/IT to
>> > support the deployment of Tor nodes? What were their concerns?
>>
>> It was quite difficult in our case.  We started with a guard relay,
>> which was straightforward to set up as there are no legal implications.
>>
>> We then tried to turn it into an exit relay.  We talked to campus IT,
>> our department head, our university lawyer, our university PR person,
>> and the university head.  Unfortunately, our university head shut down
>> our plans; apparently because her 5-minute-Google-search made her
>> believe that the Tor network is mainly used for child abuse.  After
>> that, there was no talking to her any more, which was very frustrating.
>>
>> The higher we went up the hierarchy, the harder it became.  We were told
>> that we aren't a charity and if the relay is not related to research, we
>> cannot have it.  Luckily, our research group did quite a bit of Tor
>> research.  What definitely helped was that our work got some positive
>> media attention, which pleased our decision makers.  It was also helpful
>> to show that other universities are already doing the same thing without
>> major issues.
>>
>> > + How many and what kind of complaints do you receive?
>>
>> We receive no complaints since we don't run an exit relay.
>>
>> > + What kinds of costs are associated with the operation of your node
>> > and how are these justified/budgeted?
>>
>> First, there's the cost of having a physical machine.  That was
>> negligible as we simply took an old computer from student lab rooms.
>> There might also be bandwidth costs, but we don't pay for usage, so that
>> doesn't affect us.  Finally, there's also the time spent for
>> administration.  Once the relay is up-and-running, we only spend about
>> an hour a month.  It boils down to keeping an eye on log files and
>> running updates.  After our initial setup, the cost is close to zero for
>> us.  I expect that to be different for an exit relay as some complaints
>> might have to be escalated to lawyers, whose time is pricey.
>>
>> > + How are the nodes placed within the campus network? Outside the
>> > firewall/IDS? On their own public subnet? How do you handle isolation
>> > of reputational issues?
>>
>> Reputational issues were a big deal for us.  First, we obtained a new
>> /29 netblock from our upstream provider to isolate it from the rest of
>> the network.  We did that back when we were working on starting an exit
>> relay, so our exit couldn't be used to scrape the scientific databases
>> we have subscriptions for (e.g., IEEE Xplore, ACM DL).
>>
>> We also set the netblock description in the whois record to "Privacy
>> research at Karlstads Universitetet" to make it clear to irritated
>> network administrators what we are up to.  Our relay also had a small
>> web server whose index page informed about what a Tor relay is.
>>
>> Finally, we bought a dedicated domain, tor-exit-kau.se, and used it for
>> our relay's reverse DNS record.  We wanted to decouple it from our
>> university domain (kau.se), just in case of a nasty media disaster.
>>
>> > Similarly, if anyone knows of existing published write-ups related to
>> > operating or standing-up Tor nodes in university settings that you
>> > could point me to, I'd greatly appreciate it. I'm already familiar
>> > with:
>> >
>> > https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
>> > https://www.eff.org/torchallenge/tor-on-campus.html
>>
>> I'd be happy to help out in any way I can.  After we went through all
>> these hoops, I wanted to write up our experience but I never got to it.
>>
>> Cheers,
>> Philipp
>> _______________________________________________
>> tor-relays-universities mailing list
>> tor-relays-universities at lists.torproject.org
>>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities
>
>


More information about the tor-relays-universities mailing list