[tor-relays] Planning a relay

[Mirimir]

On 12/05/2014 05:41 PM, Geoff Down wrote:
> 
> 
> On Sat, Dec 6, 2014, at 12:10 AM, TT wrote:
> 
>> Busting down doors is pretty much spot on about the reason i am 
>> unwilling to run the relay on my own IP address: i've read enough news 
>> about overzealous law enforcement in my country (non-Tor related, but 
>> still), and i'm certainly not going to face the public harassment and 
>> general fuss of an unnecessary and very embarrassing seizure.
>>
>  I don't know exactly how VPNs work, but it seems to me that if you run
>  an exit relay at home and tunnel all connections through the VPN, the
>  VPN provider (and LE when they take an interest) will have no way of
>  distinguishing between your exit relay accessing illegal content via
>  the VPN tunnel, and *you* accessing the illegal content via the VPN
>  tunnel. Therefore you are at the same risk of raid and seizure (once
>  the VPN provider tells LE where to find you) as if you used your own
>  IP.
> Someone correct me if I'm wrong.
> GD

Yes, that is an issue. It's not enough that the VPN provider allows you
to run a Tor exit. You must also trust that they won't reveal your
identity to LEA, when pressed. And you must trust that LEA can't get
logs from the VPN provider's ISP or hosting provider.

There's also the issue that all Tor traffic will traverse the VPN link
in both directions. That adds latency, and doubles your traffic cost.
It's also a very distinctive traffic signature.

You could hide your identity from the VPN provider, by connecting
through some impromptu mix network, and paying with well-mixed Bitcoins.
You could use a nested chain of VPNs, and perhaps add JonDonym to the
mix for better anonymity. That would increase latency and reduce
bandwidth even more. But it might increase anonymity.

Overall, using a hosted VPS is probably best.