[tor-relays] 4 of Conrad Rockenhaus trial servers are in the top ten exit relays for Canada

Gary jaffacakemonster53 at gmail.com
Sun Sep 2 13:21:40 UTC 2018 

Conrad,

Thank you for your reply. I can now see that 4 big + 1 small (or 5 big)
providers is definitely better than only 4 big ones for diversity, but it
leads to another diversity question which needs some background:

For a while, earlier this year during the spectre / meltdown vulnerability
commotion I ran a couple of relays in VM's using Amazon Web Services (AWS).
I was confident in the knowledge that the AWS provided kernels / VM's
switched to the spectre mitigation measures. Sure they slowed down a bit
for a while, but they speeded up again when after AWS tweaked it a little.
Because I know my VM's were using the mitigation I know other VM's can't
spy on the tor traffic & what ever encryption keys happens to been in the
VM's memory at that time (the really paranoid can supply their own kernel /
boot image to run).

My VM's were probably running in a rack containing hardware that also runs
websites, web applications, corporate cloud email and backup systems the
list could go on, but it importantly it is about diversity.

If one person were to run a hardware rack full of VM's that ALL run tor -
that is a prime target for, for example, some spying government or
international hacker group. For an admittedly far fetched example, some
government can fly in, flash a court warrant to an underpaid security guard
and do whatever they want to the rack, and then ALL the tor relays that are
hosted there are compromised. Yes thats unlikely to happen but its still a
risk.

I am interested to hear your opinion on the diversity question of - How
does having many relays in one place not damage diversity, even if they are
connected to different networks / AS's are are technically controlled by
different people.

Again I want to point out what you are doing is good - I apologise if I
appear to be "trolling" you, I am genuinely interested in learning the
technical pro's and con's relating to this topic.

Thanks again,

Gary.

On Sun, 2 Sep 2018 at 02:26, Conrad Rockenhaus <conrad at rockenhaus.com>
wrote:

> Gary,
>
> It’s bad in the same way it’s bad as the other numerous other exit relays
> that run under the OVH umbrella. I am not my own independent upstream and
> run my servers at a colocation facility at OVH. I also plan on running my
> servers at a colocation facility at another location for AS-diversity
> purposes but donations aren’t enough to cover all of the bills to be
> honest, but I’m partnering up with a fellow Texan and we’ll make sure this
> nonprofit grows at the rate needed to support diversity.
>
> But if you ignore the emails sounding alarm about this or that, you should
> realize - Greypony is no different than Hetzner, OVH, or DigitialOcrean -
> which rank in the top 5 of the Tor relay providers by size and bandwidth,
> by node count, AS, and bandwidth. Someone should ask those providers the
> exact same thing, because they’re setup just like me - I don’t have root
> access to a customer’s server - they don’t have access.
>
> I’m actually a little drop in the big bucket But I’ve been trying to
> promote diversity through the use of other providers.
>
> Thanks,
>
> Conrad
>
> > On Sep 1, 2018, at 6:53 AM, Gary <jaffacakemonster53 at gmail.com> wrote:
> >
> > Conrad,
> >
> > I have been following this thread and would be grateful if you could
> clear up some confusion for me.
> >
> > Firstly, I am not 1337 haxorz, I dont have a technical profession.
> However I do believe in tor and anything that can increase the number of
> relays is good. You are donating your time and resources freely to tor for
> the benefit of everyone. You have helped me, others on this list, as well
> as countless others contribute to the Tor Project.
> >
> > All these large relays that you are managing - surely this is bad in
> terms of AS diversity? One user / network provider shouldn't have a large
> control over the network.
> >
> > My question:
> >
> > Is there anyway that these relays can be added to the network in such a
> way that does not damage diversity?
> >
> > Dont get me wrong - I believe in what you do. If these relays are been
> added without damaging diversity then I apologise for my misunderstanding
> of the topic.
> >
> > Thanks,
> >
> > Gary
> >
> > On Sat, 1 Sep 2018 at 00:12, Conrad Rockenhaus <conrad at rockenhaus.com>
> wrote:
> > Hi teor,
> >
> > It seems the criticism originated from one guy (Ralph) and one troll who
> bravely refuses to identify himself.
> >
> > You want me to stop talking about even the cool things we’re
> accomplishing thing (like pumping lots of ultra fast bandwidth into the
> community) because of these two, perhaps one yahoos?
> >
> > Thanks,
> >
> > Conrad
> >
> > On Tue, Aug 28, 2018 at 11:37 PM teor <teor at riseup.net> wrote:
> > Hi Conrad (and staff and operators),
> >
> > > On 28 Aug 2018, at 22:16, Conrad Rockenhaus <conrad at rockenhaus.com>
> wrote:
> > >
> > >>
> > >> On Aug 27, 2018, at 8:02 PM, Jordan <jordan at yui.cat> wrote:
> > >>
> > >>> ...
> > >>> The research in this paper (
> https://www.freehaven.net/anonbib/cache/DBLP:conf/ccs/EdmanS09.pdf) is
> becoming more relevent and is worth discussing as more ISPs come out with
> the goal of hosting lots and lots of exit relays.
> > >>
> > >> ...
> > >> I have the utmost belief your intentions are good, but the
> concentration of exits under a non-advertised central control warrants
> conversation, at least.
> > >>
> > >> If the end goal is turning $ into relays, not all paths are paved
> with equal mind to security and it might be worth considering
> donation-backed alternatives.
> > >
> > > Actually, Jordan, I appreciate your input, but Greypony is technically
> operating as a nonprofit organization right now. We’re completing the
> paperwork to be considered an official nonprofit. We allow people to
> operate their own relay, on their own HVM instance (which we don’t have
> access to) for a donation of $15/month for a basic model A instance.
> > >
> > > They’re totally separately and independently operated relays. We don’t
> tell them how to operate their relays. We provide support, we provide
> suggestions, but we don’t operate it for them, we don’t install anything
> for them, and we’re completely hands off unless they need support with
> something. Our job is to provide the instance and the bandwidth.
> >
> > This is the 5th list post in the last few weeks describing Greypony IT's
> > services, operators, or relays.
> >
> > There have also been several critical posts.
> >
> > Please take a break from promoting or criticising Greypony on this list
> > until at least October 2018.
> >
> > If you feel the need to respond, please use another platform.
> >
> > Thanks
> >
> > T
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > --
> > Conrad Rockenhaus
> > https://www.rockenhaus.com
> > ------
> > Get started with GreyPony Anonymization Today!
> > https://www.greyponyit.com
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180902/58b07735/attachment.html>

More information about the tor-relays mailing list