[tor-relays] Relay operators meetup @ rC3

Roger Dingledine arma at torproject.org
Tue Dec 28 23:01:47 UTC 2021 

On Mon, Dec 27, 2021 at 04:29:10AM +0100, Stefan Leibfarth wrote:
> the annual Tor relay operators meetup will be tomorrow (28th) at 2200 UTC+1.
> No rC3 ticket required


We just finished the meet-up. Thanks Leibi for organizing it, and thanks
everybody for participating. I've attached the notes that we used for
organizing the topics / discussion.

Next meet-up is planned to be around FOSDEM in early February. Stay tuned!

--Roger

-------------- next part --------------
Agenda
======

Meetup url: https://jitsi.rc3.world/tor-relay-meetup

network health team ramp-up in 2021 / 2022
  - https://gitlab.torproject.org/tpo/network-health/team
  - bringing metrics team into network-health
  - bumping out end-of-life (EOL) relays

- Community building:
  - relay operator expectations https://gitlab.torproject.org/tpo/community/relays/-/issues/18
  - Tor relay operator survey https://survey.torproject.org/index.php/459487

relay operator non-profits https://torservers.net/partners.html
  - our periodic online meetups (original plans of in-person meetups!)
  - What should be the role of a torservers.net central coordination / advocacy org?
  - Torservers.net still gets press inquiries, even though it has been dormant for a while.
  - notes from November 2021 meetup: https://lists.torproject.org/pipermail/tor-project/2021-November/003230.html

Hear from relay operators here (especially exit relay ops)
  - I'd like to hear successful experiences of running exit relays from people here. One of my friends hosts one in their home (not a good idea). I think evolution VPS sounds like a good deal for an exit relay, but I'm not sure.
  - What are the potential legal consequences of running an exit relay, if someone uses it to post illegal material?
    - In DE, the Providerprivileg should insulate you somewhat against legal consequences (Disclaimer: IANAL), but depending on your local police, you might come in contact with them. (Hasn't happened to us so far, though.)
    - In EU, it's legal: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:En:HTML but you might still have the cops "knocking" at your door at 6am and confiscate all your hardware, until their sort things out.
    - In .fr, as Nos Oignons, we ~regularly get letters from the cops, and some convocations to the police station.

Trust:
  - recent big attackers
  - trust in relays, how to quantify, how to label
  - what about nusenu's proposal ( https://nusenu.github.io/ContactInfo-Information-Sharing-Specification/ ) ?
  - What can we learn from (/ how do we feel about) Apple Private Relay & trusting companies?
    - https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF
    - https://blog.apnic.net/2021/11/26/impact-of-private-relay-netops-isps/

Relay operator support venues / options:
  - New Tor forum (https://forum.torproject.net/), useful for individual relay operator support (alternative to private helpdesk), not intending to replace tor-relays@ list
  - tor-relays@ list
  - #tor-relays irc channel
  - relaunch of TorBSDv2 coming

network performance:
- relay overload indicators
- sbws progress
- new congestion control designs should help with geographic diversity

network blocking:
- The Russia story
- 'Run a bridge' campaign
    - (un?)fortunately, most people here are running relays, so can't run bridge on the same machines
    - what types are important -> obfs4
    - what internet connection type is best -> static IP
- Belarus, previous blocking stories

ipv6:
- How to run a Relay with a dynamic IPv6 only address?
- ipv6-only relays, soon?
    - no :'(
    - chicken & egg problem - as long as most relays are ipv4 ??? tor will stay ipv4
- ipv6-only bridges?
    - (did setup one today ??? not yet listed at https://metrics.torproject.org/rs.html#search or https://bridges.torproject.org/status?id=[???] )
    - There's no reason in principle why ipv6-only bridges shouldn't work. People should try them, identify what goes wrong, and help us fix!
    - Is anyone seeing *any* ipv6 traffic to obfsproxy4? (No not handed out yet.)

Offline Master Keys:
  - How do you deal with renew of OMKs?, Best practices?
  - use https://github.com/nusenu/ansible-relayor to automate it, now with prometheus/MetricsPort support :)  -> perfect!

General Q&A, answer any questions relay operators have

Bridges still need to have reachable ORPort, even if it's never used and dangerous?
  - Yes, alas.
  - There's a ticket: https://gitlab.torproject.org/tpo/core/tor/-/issues/7349
  - The issue is that bridges do self-reachability tests, and won't publish if their ORPort is unreachable. Also, Serge won't give it the Running flag, so bridgedb won't give it out. It's all just engineering fixes, and we should do them.

Next meetup:
    - @ FOSDEM (5 & 6 February '22)
    - The exact date and time will be posted @ tor-relay list

- KAX17 and what to about it? - discussed, thanks
- How to support more diversity in the network, maybe add a flag for relays that are not in common ASes?
- I am wondering how bandwidth and consensus weight is measured. I seem to struggle to ramp up high-bandwidth nodes in Asia and even on the US West Coast. Ramping nodes up in Europe is super easy by comparison.
- Are there still free shirts/hoodies for relay operators?
  - Yes! Just ask on tshirt at torproject.org (that's for the shirts/stickers combo)
- Running a bridge and Snowflake proxy on the same host, good or bad idea?
  - Potential danger: IP address blocked for one will affect the other

More information about the tor-relays mailing list