[tor-talk] Security concerns with running an exit relay

Matthew Finkel matthew.finkel at gmail.com
Fri Jun 6 04:49:40 UTC 2014 

On Thu, Jun 05, 2014 at 05:58:46PM -0800, I wrote:
> S7R,
> 
> That is a start.
> But where is the full and exemplary answer for someone like me who really wants to get it right but doesn't know how to set the DirFrontPage up or the NTP syncing?
> 
> Roger says to try the tor-relay list but that has almost no chance of satisfying the need. Responses to my questions have been condescending and smartarse or illinformed from people speaking beyond their ability which is worse.
> 
> There ought to be a detailed guide for Tor being set-up on hired servers well intending people answering the call for more Tor nodes and specifically exits.
> The EFF Challenge does the encouraging but points to the Tor site for what, I find, is inadequate help.
> 
> The presumption must be that the person does not know Linux well nor network security.
> 
> Robert

tl;dr Thank you for wanting to run a relay. If you think the
documentation is lacking specific information, or if it is confusing,
please say so. It usually doesn't change unless someone says something.


Hi Robert,

There are two unfortunate situations for which we need to account. 1)
It's actually very difficult for the current developers to know what
qualifies as a "full and exemplary answer". The documentation can be
written, and maybe this should be, but the reality is that Tor doesn't
have the resources to explain in detail how someone should configure
their server. At this point tor runs on many different systems, but the
only truely supported, plug-n-play OS is Debian GNU/Linux. Roger already
mentioned it, but [0] does describe some basic configuration changes and
does have some good post-installation suggestions. Admittedly, it's
not perfect and is probably lacking some vital information, so if you
can provide some suggestions then that will help everyone.

The OperationalSecurity wiki page that Roger mentioned and that is
linked from [0] is more of an ideal situation. Some of it is absolutely
a good idea to follow (please!), but the most important parts are
generally basic tasks, such as keep your OS up-to-date. If you are using
a VPS, or a similar shared hosting environment, then some of the
information will not be applicable, i.e. "Physical Security" and
"Reliability". But that page will probably be confusing to those users
with little experience, it isn't written in a way that helps someone
learn how to secure their system, which is sad. (Luckily it's on a Wiki,
so anyone can correct this ;) )

With regard to insufficient documentation about setting DirPortFrontPage
and maintaining a synchronized system clock, it may be a good idea to
add these to the "Step Four: Once it is working" section on [0].

Overall, a mix of [1] and [2] is a good combination, unfortunately it
may not be obvious which parts you want to follow from [1] and which you
want to follow on [2] (such as if you are using Debian rather than
Ubuntu). This is a great discussion to have on tor-relays. I'm sorry
that you had bad experiences in the past.

2) Expanding the Tor network is vitally important, but the network
itself and many Tor users have powerful adversaries. There must be a
way to balance adding an amazing number of insufficiently secure nodes
and growing the network at a slower rate. Maybe having a pre-configured,
installable, OS would make this easier, but the network also needs
diversity which this would hurt and creating and maintaining something
like this is not currently feasible. If someone within the community
has the time and ability to write detailed, step-by-step
documentation on the Wiki, then it sounds like this will be a great
step in the right direction, but until this happens, sites like [3] are
good places to start. Also note that if you aren't comfortable
administering a server then there are other ways you can help Tor and
the Tor network [4] (and the other "Help another way" options).

But, most importantly, if you think the documentation is lacking
specific information, or if it is confusing, please say so. It usually
doesn't change unless someone says something.


Really, though, despite everything else, thank you for wanting to run
a relay.

Thanks,
Matt

[0] https://www.torproject.org/docs/tor-relay-debian.html.en
[1] https://www.torservers.net/wiki/setup/server
[2] https://www.torproject.org/docs/debian.html.en#ubuntu
[3]
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
[4] https://www.torproject.org/donate/donate-service.html.en

More information about the tor-talk mailing list