[tor-talk] Newbie with a bunch of questions for Tor Cloud

Soul Plane soulplane11 at gmail.com
Wed Mar 19 21:05:43 UTC 2014


I would like to set up a Tor bridge in the Amazon cloud. I have read the
project page at cloud.torproject.org and I think I can do this at little to
no cost based on what I've read. Amazon just sent me a $50 credit because I
signed up to AWS but never used it so maybe I can use that to cover any
overages. Did anyone else get one of those coupons?

More questions:

Why is the only region available for the Tor images us-east virginia? I
thought I could use the free tier in other places. Wouldn't it be better to
vary the regions instead of sticking them all in one place?

And also wouldn't it be better to vary the OS and images in case there is a
vulnerability in one, the rest of the ecosystem using different OSs are ok?

I read in Tor Weekly News today that the obfs3 protocol is vulnerable to
active probing attacks and there is a replacement ScrambleSuit. If I setup
the AWS Obfsproxy image now does that mean the Chinese can detect it and
block it? Is that image obfs2 or 3 or both? Should I just wait until
ScrambleSuit is supported, or can I modify the config file to only use
ScrambleSuit, or is that not a good idea at this point? I don't want to run
something that nobody is going to be able to use because governments can
just detect it and block it.

Is Tor obfuscation specifically more likely to come under attack from
repressive governments?

How is security handled. For example suppose there's a known vulnerability
in Tor or Ubuntu does the server shut down until it's fixed and an update
is available or does the server stay up and risk being hacked? Is there any
notification sent to the AWS administrator in these cases? I would imagine
even a small window is gold for some state run group to break in.

How can I determine the integrity of the server and do I have any
responsibility to do that? Do you guys who are running these instances in
the Tor Cloud just set it and forget it or is there some oversight required?

I would take an active role in securing the instance if necessary but I
need to know what to do. What do you guys do?

Has anyone here built their own Tor setup in EC2 similar to what Tor Cloud
offers?

Thanks


More information about the tor-talk mailing list