[tor-relays] Middle relay IP blocking

[Roger Dingledine]

On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote:
> While all the above is true, a thing to remember is to make sure we don't
> end up all renting too many VPS'es or dedicated servers in the same places /
> same AS numbers - we need network diversity, it is a very important factor,
> more AS numbers, more providers, more physical locations, etc. So, running
> at home is super good and recommended from this perspective, provides us
> with the diversity we need, however not being to login to online banking to
> pay an electricity bill because of a middle relay is also way too annoying..
> however who can afford the hassle should definitely run a middle relay or
> bridge at home

Yes, exactly this. If you are interested in running a non-exit relay at
home, and you can tolerate the hassles from occasionally finding that
some service doesn't want to hear from you, then you are definitely
helping the diversity of the Tor network.

Having the Tor traffic concentrated at a few cheapo providers like Hetzner
and OVH is not only scary in the sense that too much traffic goes through
too few cables, but it's also scary because it increases the appeal for
somebody to attack those few companies, either by breaking into their
infrastructure to watch traffic or through more traditional insider
threats like getting an employee there to help them monitor traffic.

The internet already has uncomfortably many bottlenecks -- too few
undersea cables, too few Content Distribution Networks (CDNs), too few
app stores, etc.

> (even Exit relay, I do run an Exit relay at my office place
> and I had one police visit in like 8 years or so).

Follow this advice only with great caution. :) Many people happily
run their exit relay from their home, but it only takes one fresh new
cybercrime detective (trying to make a name for himself by kicking down
a door at 7am, and with no idea what Tor is) to ruin your day.

--Roger