[tor-relays] Tor Relay Operator Meetup (Saturday, March 5th @ 2000 UTC)
Georg Koppen
gk at torproject.org
Mon Mar 14 08:19:41 UTC 2022
George:
> On 3/5/22 13:40, flux via tor-relays wrote:
>> Hi,
>>
>> will there be a recording? Unfortunately I won't be able to attend.
>
> Unfortunately not flux.
>
> We will catch you next time.
>
> Pad notes will be posted after the meeting.
Here they come.
On March 5, a group of 40-50 operators joined the Tor Relay Operator meetup.
Thank you all for joining the event!
Our next online meetup will happen on *April 2nd, 2100 UTC* according to
the pad. However, I think we made a mistake here with daylight savings
time given that we wanted to have the meeting at the same time for the
folks not having shifted back then in March 5. I'll check back with Gus
for that.
Georg
## Meetup notes March 5
* Should we record this session? Some people don't have audio / can't
make it:
Conclusion is no, do not record. We want people to be free to say things
and not worry that they will show up in a youtube video later.
* Tor EOL removal (0.3.5):
The old Tor long-term-support (0.3.5.x) is no longer maintained by the
network team, since Feb 1 2022. We collected all the relay descriptors
that had a usable contactinfo, and contacted them. We also did it for
bridge operators (another reason it's important to have usable contact
info). If you are a new relay operator, check if you're running one of
these old versions!
* Torservers update:
RIP frënn vun der ënn (https://enn.lu)
(https://twitter.com/FrennVunDerEnn/status/1496129197064007692) Mainly
they decided it was too much work, and they didn't have capacity to do
it with high quality, so they decided to close.
If you have a lot of capacity, and can run a bunch of bridges, please
get in touch with Gus and Tor! We'd been using enn.lu's bridges to give
private bridges to people in China.
* Censorship situation in Russia:
Since Dec 2021, the censorship department in Russia started to block
parts of the Tor network. It's not uniform -- in some places Tor works
fine, in some places the website is reachable, in others it doesn't. Not
just the public relays, but also they were blocking the default obfs4
bridges and some other obfs4 Tor bridges.
We have three different distribution methods of Tor bridges.
- Moat: install Tor Browser on your desktop/phone, click "get some
bridges" inside Tor Browser, and bridgedb automatically populates your
bridge configuration. 60000 requests per day from users to get a bridge
by Moat. Up from 10k/day earlier.
- Request by email: mail us at bridges @ torproject.org and we'll
answer some.
- Go to our website, bridges.torproject.org, and solve a captcha and
get one.
All three of these mechanisms are under attack in Russia. That is, all
three of them are problematic. But, there is a lag between when a new
bridge appears and when Russia starts blocking it. That lag is often a
week or more these days.
We have a Telegram bot, which returns some bridges. The anti-censorship
team is testing these bridges from a vantage point in Russia, and if
they're blocked we rotate the bridge to a new address. We have 25k
people connected over the Telegram bot bridges.
The Snowflake pluggable transport (see: Snowflake surge below) also got
blocked in December, using a DPI rule. We changed the Snowflake code,
and the DPI rule no longer works to block it. At the moment Snowflake is
working in Russia. Note that the metrics of Snowflake users are
currently inaccurate, because we've been working on scaling the
Snowflake bridge, and we haven't kept up with keeping the metrics
accurate. (Gitlab ticket:
https://gitlab.torproject.org/tpo/network-health/metrics/onionoo/-/issues/40022)
Is rt.com and sputnik blocked from Europe? Does that mean it's blocked
from many Tor exits? Or was that just a proposed law or threat?
(https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R0350)
- Mostly seems to be blocked by their DDoS mitigation
- in France it's blocked by DNS if you use your ISP's, otherwise it's
fine (well, DDoS mitigation)
- Not blocked with Deutsche Telekom AG on Germany, but I'm not using
their recursive DNS. Checked their DNS get correct answer for rt.com but
forged NXDOMAIN for www.rt.com.
- How come rt.com doesn't have an onion address by now? :)
Tool from a person in the meeting, for running many bridges in a
scalable way: https://github.com/gergelykalman/torspray
I should also mention this tool: https://tor-relay.co/ and irl's
automated dynamic bridge project, and FreedomBox project
We should put together a single unified page which points to all of the
Tor community's contributions here, so we have them more organized.
* Snowflake surge
Some folks want to help run a bridge but it's complicated, or they worry
that it will draw attention to them. Many of these people are happily
running Snowflake proxies.
Snowflake, is a web-browser (FireFox, Chrome) Tor-Bridge Extension,
Snowflake uses WebRTC to act as a Bridge/Guard relay, and it runs when
your browser is online/open, as a browser extension, similar to an
AdBlocker extension. Also, SnowFlake is currently working in Russia.
Setting up a SnowFlake bridge is legally safe (being a bridge,non-exit)
as long as default Tor is legal in your country, and can be installed
and running in 1 minute, just install the browser extension.
(https://snowflake.torproject.org/)
Snowflake metrics:
https://metrics.torproject.org/collector/recent/snowflakes/
A week ago we used to have 17000 people running Snowflake proxies. Today
we have 25000 people running Snowflake proxies.
German NGO Digitalcourage e.V. published two short primers on Tor and
Snowflake in English, German, Russian an Ukrainian this week:
- How to get Tor Browser and use a bridge:
https://digitalcourage.de/blog/2022/use-tor
- How to install Snowflake as a browser addon:
https://digitalcourage.de/blog/2022/tor-for-peace
There are two ways to offer a Snowflake proxy:
- Run the browser extension. Easy and simple.
- Install a standalone headless Snowflake:
https://community.torproject.org/relay/setup/snowflake/standalone/ --
more complex, needs commandline knowledge, doesn't currently have good
packaging or a good way to get updates, but scales better.
You should run whichever one you find more fun. :)
Snowflake browser extension uses a lot of CPU and memory?
We need to an experiment where we just have one tab open, nothing else
going on, and see how heavyweight the Snowflake extension is. Gman will
open a gitlab ticket for somebody to investigate.
net/snowflake-proxy is now in OpenBSD ports/packages
Meskio did a talk this week on Snowflake status:
https://www.youtube.com/watch?v=89swMfgh-1M
Check out this old ticket on "gamifying" snowflake:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake-webext/-/issues/4
If you are a UX person, please jump in and help!
Is there a deb of Snowflake, so people can run headless snowflakes? Here
is the ticket for making the deb package, and it is apparently now in
sid:
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/issues/19409
* IP reputation
A hoster of a Nos Oignons servers had all their range marked as
"anonymous/hosting" by (amongst other) MaxMind, meaning that they're
blocked in a lot of places. Solutions/ideas on how to improve the
situation? Nos Oignons running an AS is out of scope for now
unfortunately. Nos Oignons tried to run IPV6-only exist, but it didn't
work very well™.
Could exit some traffic over IPv6, which will be less likely to be
blocked, but that depends on the destination websites having IPv6 too.
It's possible that we broke the ipv4-vs-ipv6 setup in core-Tor, please
open an issue on the bugtracker.
* Q&A session
Exit relay operator running an old bsd and their own resolver, but the
dns timeouts are really short, and getting many dns timeouts, how to fix?
- My advice would be to simply install Ubuntu 20.04 LTS and run Tor
according to TorProject instructions, and use default ISP DNS or a
Freedom-respecting DNS like https://dns.watch/. (sort of not addressing
the question)
- If using FreeBSD pkg and security/tor is old you might be using
quarterly updates and not latest; edit /etc/pkg/FreeBSD.conf
change this line from quarterly=>latest:
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest"
- for resolver issue on FreeBSD try using unbound instead of usual
local resolver. Fingerprint of relay would be useful to start.
- if the latest version of Tor is not available in the FreeBSD pkg
repositories as a binary, it might be available as a port.
With Russia blocking most western media outlets and Facebook etc. I was
expecting an uptick in traffic but I saw nothing... Is Tor not well
enough known maybe?
Sanctions against Russia, EU council regulation 2022/350
(https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R0350)
- Article 2f: It shall be prohibited for operators to broadcast or to
enable, facilitate or otherwise contribute to broadcast ... certain media
- Article 12: It shall be prohibited to participate, knowingly and
intentionally, in activities the object or effect of which is to
circumvent prohibitions
Is there a better way to share Tor Bridges? Currently (if am not
mistaken) you could request multiple times Tor Bridges, which makes it
easy for ISPs (etc.) to blacklist them. Perhaps at least the obvious
things (IP + Session Cookies) or some 'Account Creation' and
verification, anonymously stored only to monitor the requests per account.
- Would you share a magnet link for Tor Browser torrents?
- We Could publish PGP-signed messages with Tor Browser and Tor
Bridges,, torrents, on popular torrent sites, with TorProject signed
PGP messages to validate the TorBrowser and Bridges are authorized by
TorProject.
> g
>
>>
>> Best,
>>
>> flux
>>
>>
>> On 3/4/22 18:16, gus wrote:
>>> Hello everyone,
>>>
>>> This Saturday, March 5th @ 2000 UTC, we have a Tor Relay Operator
>>> Meetup!
>>>
>>> We'll share some updates about Tor Network Health, Tor Bridges and the
>>> ongoing situation in Russia/Ukraine (Snowflake surge, bridges blocked,
>>> BBC and DW onionsites). Everyone is free to bring up additional
>>> questions
>>> or topics at the meeting itself.
>>>
>>> Date & Time: March 5, 2022 - 2000 UTC
>>> Where: BigBlueButton room - https://tor.meet.coop/gus-og0-x74-dzn
>>>
>>> No need for a registration or anything else, just use the room-link
>>> above.
>>>
>>> Please share with your friends, social media and other mailing lists!
>>>
>>> cheers,
>>> Gus
>>>
>>> _______________________________________________
>>> tor-relays mailing list
>>> tor-relays at lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20220314/b143601e/attachment.sig>
More information about the tor-relays
mailing list