[tor-relays] Call for discussion: turning funding into more exit relays

[Andrew Beveridge]

On Mon, Jul 23, 2012 at 9:22 PM, Roger Dingledine <arma at mit.edu> wrote:

> Hello Andrew,
>
> I wanted to draw your attention to a thread I've started on the tor-relays
> list:
> https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html
>
>
Hi Roger,

I'm not too familiar with mailing lists, so hopefully I'm not top posting
or replying in the wrong place here. I'm simply replying to your email in
Gmail with a CC to the tor-relays list. Sorry for the late reply, I've been
away with no internet access for the past week.


> In short, we have a funder who wants to sponsor more and faster Tor
> exits, and we're brainstorming about how to use the money in a way that
> makes the network stronger but also doesn't screw up the "community"
> side of the Tor relay operator community. The first step is collecting
> facts about the current fast Tor exit relays.
>
>
Great! I've not been vocal in the Tor community before now, but I'd like to
start, and I'm certainly happy to share my experience / thoughts.


> - What do you currently pay for hosting/bandwidth, and how much bandwidth
> do you get for that?
>

This is a complicated question, because I run a single Tor exit in a VPS on
my company dedicated server. I run a local company doing computer repair
and web development, and lease a single dedicated server from OVH (more
specifically, Kimsufi) for a total of £64 a month (inc. VAT). That gets me
the Kimsufi 16G dedicated server, a RIPE block of 4 extra IPs, and an
external 2TB HDD. 100Mbit pipe, 10TB/month bandwidth. £0.87/TB if I go over
that, so if I were to max out the bandwidth for an entire month, using
around 30TB traffic, I would have to pay about £18 on top for the extra
bandwidth. However, according to the OVH manager I never seem to go
anywhere near the traffic limit, despite having had the exit set to use
50Mbit/s constantly for the past 3 months.

As far as I'm concerned, it costs me nothing to run this exit node - my
company needs the dedicated server regardless, and none of the ~50 websites
I host use enough traffic to be affected by the fact that my server is
using half it's available bandwidth for Tor.
In an ideal world, I would rent a second Kimsufi server just for Tor
purposes, which would cost £36/month (Kimsufi 16G) + £4/month (RIPE block).

Therefore, if I were to participate in this experiment, I would say *£40
GBP / month* would get *10TB of 100 Mbit/s* exit traffic.
Additional *20TB* traffic could be purchased for *£18 / month*, which would
bring the maximum cost to *$92 USD / month.*


> - Is it a stable hosting situation? For example, how do they handle
> abuse complaints so far?
>

This is an important one, because OVH are not Tor-friendly. In fact, they
aren't very friendly in general! Several people told me it was very foolish
to run an exit node on an OVH server, since as soon as OVH get even a whiff
of a complaint, they are quick to suspend.
All my company-hosted websites are hosted on a second redundant server with
another ISP so I'm not worried if OVH do find out and take that route and
cut me off. I'm also not worried about legal issues, as I have positioned
myself as a web-hosting customer of my own PLC, with terms and conditions
absolving my PLC of any legal risks. In the off chance some legal authority
were to come to my flat in britain, they would find no electrical equipment
to seize as I own only a single laptop and it usually lives in my car or
partners house anyway!

As I have only been running this exit for 3 months, I am far from an
authoritative voice on the issue of abuse complaints, but the most
important thing is definitely SWIP as far as I can see it - the IP address
I use for the exit is one from the RIPE block I lease and as such the abuse
email is my own.
I've had about 20 abuse report emails so far, all automated (by the looks
of things) from some system within the brazilian government, following an
Sqlmap SQL injection scan/attack on a few government sites. I replied to
the first one with the standard template, got no reply, haven't worried
about it since.

I reckon if OVH found out I was running an exit they would be likely to cut
me off fairly swiftly, but they don't seem to pay much attention to Kimsufi
customers since it is their budget range with very slow (week+ per ticket)
support and presumably low margins. I think that and me as the primary
abuse contact for the IP mean it's likely to stay up for a while. If I do
get any hassle, I'll defend it as far as I can from a business perspective,
but if they don't give in I'll likely just cancel it and open a new Kimsufi
lease - I very much doubt anyone is checking new invoices for similar
details to past customers.


> - Is your hosting situation one where it could make sense for us to
> reimburse your bandwidth costs? (Some people have a deal through their
> employer, friend, etc where they don't pay for hosting.)
>

I don't think so - as explained above, at present I don't pay a penny, but
I can only offer about half of my available bandwidth as the server is used
for many purposes. If I were to participate in this experiment, it would
probably mean purchasing another Kimsufi just for this, and the cost of the
server itself would be what I would be looking for financial help with.


> - Are you in a position to get more bandwidth if you pay more? At what
> rates? We're most interested in sponsoring >=100mbit relays.
>

Unfortunately the Kimsufi servers are capped at 100Mbit regardless of
whether you want to pay more. OVH obviously have Gbit and 10Gbit servers
available, but they are too expensive for this.
There are obviously far better alternatives for higher bandwidth servers -
a quick look tells me I could get a 1Gbit dedicated server with 100TB
traffic from Leaseweb for €99 ($121) / month, so obviously if the money is
there, more bandwidth and traffic can be had. I guess it boils down to how
many people you can get interested in this - if plenty, lots of 100Mbit
servers is presumably better than a few 10Gbit ones for the money as it
aids network diversity, even if (worst case) they are all hosted by the
same provider.


> - Do you have other locations in mind where you would run another exit
> relay if you didn't have to pay for it?
>

Definitely! As far as I'm concerned, I am not worried about legal issues as
long as I can purchase hosting through my business and SWIP the IP, and I
have plenty of free time to spend configuring servers and responding to
abuse emails, so if I had the money I would happily be running exit nodes
in any country I could find a hosting provider in - money is the hurdle for
me.


> - What else should we be asking here? :)
>

One thing which I haven't seen discussed yet is how funding would actually
be connected with operators - I'm not sure if you were thinking about the
funder(s) directly sending money to operators, or if The Tor Project Inc
would be acting as a middleman? What money transfer mechanisms would be
safe to use, how would you verify that the money was going to the right
person, would The Tor Project Inc receive invoices directly from hosting
companies or would operators email copies of invoices to someone and then
some money would turn up in their bank accounts? What about PayPal, etc?
Just a few thoughts :)

Thanks!
> --Roger


Thanks for inviting me to share my thoughts on this!
-Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120729/637ae5b2/attachment.html>