[tor-relays] Is it safe to run an exit node from a VPS provider?
Tom Ritter
tom at ritter.vg
Tue Aug 13 16:52:42 UTC 2013
On 13 August 2013 11:51, Steve Snyder <swsnyder at snydernet.net> wrote:
> Well, any VM host can mount and read an unencrypted disk image.
>
> I guess the difference is ease of snooping. While access to disk contents
> and process info can be gotten by any hypervisor, some platforms make it
> easier than others.
Exactly, that's the name of the game here. Let's raise the bar.
(Same with censorship bypassing - it's always going to be an arms
race.)
What one person I respect does is
> In my case, I keep
> all the keys and [other sensitive data] on a partition that's created with
> a random key at
> boot time. If the machine dies, the keys and messages are lost but,
> such is the reliability of Debian, this hasn't happened yet. I probably
> reboot about once a year on average and have to remember to take copies
> of these files prior to doing it.
So the hypervisor can, as always, look into the memory* of the running
guest and get that data, but if they shut down the node or machine
unexpectedly, you gain a little bit more security.
All that said... Tor nodes don't store state. You aren't keeping
people's email, or even a pool of data for a couple of hours. So this
level of security for a tor exit node is nice, but IMO you shouldn't
_not_ do an exit node because you aren't ready to set up a complicated
encrypted filesystem just yet.
-tom
* Steve Weis is a cryptographer who's working on a (commercial)
product that encrypts memory. http://privatecore.com/
More information about the tor-relays
mailing list