Re: [tor-relays] Middle relay IP blocking

Date: Tue, 8 Aug 2023 02:32:03 -0400
From: Roger Dingledine <arma@torproject.org>
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Middle relay IP blocking
Message-ID: <ZNHhY1rj8rQAId0y@nogrod.csail.mit.edu>
Content-Type: text/plain; charset=us-ascii

On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote:
> While all the above is true, a thing to remember is to make sure we don't
> end up all renting too many VPS'es or dedicated servers in the same places /
> same AS numbers - we need network diversity, it is a very important factor,
> more AS numbers, more providers, more physical locations, etc. So, running
> at home is super good and recommended from this perspective, provides us
> with the diversity we need, however not being to login to online banking to
> pay an electricity bill because of a middle relay is also way too annoying..
> however who can afford the hassle should definitely run a middle relay or
> bridge at home

Yes, exactly this. If you are interested in running a non-exit relay at
home, and you can tolerate the hassles from occasionally finding that
some service doesn't want to hear from you, then you are definitely
helping the diversity of the Tor network.

Having the Tor traffic concentrated at a few cheapo providers like Hetzner
and OVH is not only scary in the sense that too much traffic goes through
too few cables, but it's also scary because it increases the appeal for
somebody to attack those few companies, either by breaking into their
infrastructure to watch traffic or through more traditional insider
threats like getting an employee there to help them monitor traffic.

The internet already has uncomfortably many bottlenecks -- too few
undersea cables, too few Content Distribution Networks (CDNs), too few
app stores, etc.

> (even Exit relay, I do run an Exit relay at my office place
> and I had one police visit in like 8 years or so).

Follow this advice only with great caution. Many people happily
run their exit relay from their home, but it only takes one fresh new
cybercrime detective (trying to make a name for himself by kicking down
a door at 7am, and with no idea what Tor is) to ruin your day.

--Roger

------------------------------

Subject: Digest Footer

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

------------------------------

End of tor-relays Digest, Vol 151, Issue 9
******************************************

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

On Tue, Aug 08, 2023 at 07:24:12PM +0200, torserver wrote:

Roger,

I had the same problem with 3 financial websites blocking my IP address while running a middle relay. Exactly 5 days after stopping the relay these sites can be reached again. They probably use the same mechanism, visible in the TPRB Firefox plug-in.

I run my home relay on a low energy consuming Raspberry Pi. Why is there no perfectly detailed instruction to install a relay on the Raspberry? With its built-in VNC it can be managed by SSH and remote desktop perfectly. Then there is no need for data congestion on a few cheap providers. One Watt power consumption only costs 3 Euros a year.

Snowflake almost uses no data with a few occasional users. I 'd like to use my 100 Megabits more efficient.

Regards, me.

> Date: Tue, 8 Aug 2023 02:32:03 -0400
> From: Roger Dingledine <arma@torproject.org>
> To: tor-relays@lists.torproject.org
> Subject: Re: [tor-relays] Middle relay IP blocking
> Message-ID: <ZNHhY1rj8rQAId0y@nogrod.csail.mit.edu>
> Content-Type: text/plain; charset=us-ascii
>
> On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote:
> > While all the above is true, a thing to remember is to make sure we don't
> > end up all renting too many VPS'es or dedicated servers in the same places /
> > same AS numbers - we need network diversity, it is a very important factor,
> > more AS numbers, more providers, more physical locations, etc. So, running
> > at home is super good and recommended from this perspective, provides us
> > with the diversity we need, however not being to login to online banking to
> > pay an electricity bill because of a middle relay is also way too annoying..
> > however who can afford the hassle should definitely run a middle relay or
> > bridge at home
>
> Yes, exactly this. If you are interested in running a non-exit relay at
> home, and you can tolerate the hassles from occasionally finding that
> some service doesn't want to hear from you, then you are definitely
> helping the diversity of the Tor network.
>
> Having the Tor traffic concentrated at a few cheapo providers like Hetzner
> and OVH is not only scary in the sense that too much traffic goes through
> too few cables, but it's also scary because it increases the appeal for
> somebody to attack those few companies, either by breaking into their
> infrastructure to watch traffic or through more traditional insider
> threats like getting an employee there to help them monitor traffic.
>
> The internet already has uncomfortably many bottlenecks -- too few
> undersea cables, too few Content Distribution Networks (CDNs), too few
> app stores, etc.
>
> > (even Exit relay, I do run an Exit relay at my office place
> > and I had one police visit in like 8 years or so).
>
> Follow this advice only with great caution. Many people happily
> run their exit relay from their home, but it only takes one fresh new
> cybercrime detective (trying to make a name for himself by kicking down
> a door at 7am, and with no idea what Tor is) to ruin your day.
>
> --Roger
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> tor-relays Info Page
>
>
> ------------------------------
>
> End of tor-relays Digest, Vol 151, Issue 9
> ******************************************
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

--
The Tor Project
Community Team Lead

Op 08-08-2023 22:39 CEST schreef gus <gus@torproject.org>:

>Why is there no perfectly detailed instruction to install a relay on the Raspberry?

There are a few projects like pi-relay[1], but if you're using a
Debian-like system, the installation is very straight forward.

However, the main issue is not the installation. The most significant
issue involves opening and forwarding ports on your modem. Sometimes
this process may require contacting your ISP and asking for support.

> Snowflake almost uses no data with a few occasional users. I 'd like to use my 100 Megabits more efficient.

If you're seeing just "a few occasional users", maybe you need to check
your NAT settings or your proxy installation. All my snowflake
standalone proxies[2] (NAT type 'unrestricted') are getting more than
200 connections per hour and ~7 TiB per month.

cheers,
Gus

[1] GitHub - scidsg/pi-relay: Transform a Raspberry Pi into a relay powering the Tor Network.
[2] Tor Project | Standalone Snowflake proxy

On Tue, Aug 08, 2023 at 07:24:12PM +0200, torserver wrote:
> Roger,
>
> I had the same problem with 3 financial websites blocking my IP address while running a middle relay. Exactly 5 days after stopping the relay these sites can be reached again. They probably use the same mechanism, visible in the TPRB Firefox plug-in.
>
> I run my home relay on a low energy consuming Raspberry Pi. Why is there no perfectly detailed instruction to install a relay on the Raspberry? With its built-in VNC it can be managed by SSH and remote desktop perfectly. Then there is no need for data congestion on a few cheap providers. One Watt power consumption only costs 3 Euros a year.
>
> Snowflake almost uses no data with a few occasional users. I 'd like to use my 100 Megabits more efficient.
>
> Regards, me.
>
> > Date: Tue, 8 Aug 2023 02:32:03 -0400
> > From: Roger Dingledine <arma@torproject.org>
> > To: tor-relays@lists.torproject.org
> > Subject: Re: [tor-relays] Middle relay IP blocking
> > Message-ID: <ZNHhY1rj8rQAId0y@nogrod.csail.mit.edu>
> > Content-Type: text/plain; charset=us-ascii
> >
> > On Mon, Aug 07, 2023 at 11:28:32PM +0300, s7r wrote:
> > > While all the above is true, a thing to remember is to make sure we don't
> > > end up all renting too many VPS'es or dedicated servers in the same places /
> > > same AS numbers - we need network diversity, it is a very important factor,
> > > more AS numbers, more providers, more physical locations, etc. So, running
> > > at home is super good and recommended from this perspective, provides us
> > > with the diversity we need, however not being to login to online banking to
> > > pay an electricity bill because of a middle relay is also way too annoying..
> > > however who can afford the hassle should definitely run a middle relay or
> > > bridge at home
> >
> > Yes, exactly this. If you are interested in running a non-exit relay at
> > home, and you can tolerate the hassles from occasionally finding that
> > some service doesn't want to hear from you, then you are definitely
> > helping the diversity of the Tor network.
> >
> > Having the Tor traffic concentrated at a few cheapo providers like Hetzner
> > and OVH is not only scary in the sense that too much traffic goes through
> > too few cables, but it's also scary because it increases the appeal for
> > somebody to attack those few companies, either by breaking into their
> > infrastructure to watch traffic or through more traditional insider
> > threats like getting an employee there to help them monitor traffic.
> >
> > The internet already has uncomfortably many bottlenecks -- too few
> > undersea cables, too few Content Distribution Networks (CDNs), too few
> > app stores, etc.
> >
> > > (even Exit relay, I do run an Exit relay at my office place
> > > and I had one police visit in like 8 years or so).
> >
> > Follow this advice only with great caution. Many people happily
> > run their exit relay from their home, but it only takes one fresh new
> > cybercrime detective (trying to make a name for himself by kicking down
> > a door at 7am, and with no idea what Tor is) to ruin your day.
> >
> > --Roger
> >
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > tor-relays Info Page
> >
> >
> > ------------------------------
> >
> > End of tor-relays Digest, Vol 151, Issue 9
> > ******************************************
> _______________________________________________
> tor-relays mailing list
> tor-relays@lists.torproject.org
> tor-relays Info Page

--
The Tor Project
Community Team Lead
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays