Just a friendly reminder that the Tor Relay Operator meetup will happen
this Saturday, March 4, 2023 at 19 UTC (view in your timezone: timee | World clock and scheduler ).
cheers,
Gus
···
On Tue, Feb 14, 2023 at 11:48:56AM -0300, gus wrote:
Hi,
The next Tor Relay Operator Meetup will happen on March 4, 2023, at 19
UTC!
Thanks all for joining the Tor Relay Operator Meetup!
You can find the meetup notes below.
The next meetup will be at the beginning of April (1st or 8th, date TBD).
cheers,
Gus
## Tor Relay Operator Meetup - 2023-03-04
### Before we start
Tor operators are recommended to read the Tor Code of Conduct and
Expectations of Tor Operators.
2) Tor version 0.4.5 has reached end-of-life status. There is no plan to
create a new LTS (long term support) version. In 2-3 weeks Tor project
starts the usual process of gathering the EOL relays and contacting
their operators to ask if they would please upgrade. Do you run a EOL
version yourself? Please update as soon as possible.
3) The aim of the Run a Tor relay (EFF Challenge @ Universities) is to
give students and universities hands-on experience with Tor. For example
letting students and/or labs run relays, proxies or experiment with Tor
in other ways. The Tor Project made a letter to send to their closest
contacts, but the difficulty is: what do you ask for?
There is a large difference between educational institutions, some of
them for example work together with LEA (law enforcement agencies) to
deanonymize Tor users while others work on new privacy-by-design
technologies. If you're interested you can follow the mailinglist[1] or
post on the forums. If you have pointers or specific input, you can also
contact gman999 on IRC directly.
4) The internet in Turkmenistan is mostly censored[1], to the point
where even Snowflake[2] and most Obfs4 bridges are blocked (because most
of the internet is actually blocked by their government). Obfs4 bridges
running from residential IP address space seems to still work. Help is
greatly needed appreciated.
[1] Information about censorship in Turkmenistan:
[2] Snowflake is blocked:
### Collecting proposals for improving the health of Tor
The Tor Project want to invite[1] the community (which of course
includes the Tor operators) to have a discussion and creating proposals
to improve the health of the Tor network by creating a healthy and
trustworthy Tor operator community. Bad actors are trying frequently to
hurt Tor, Tor users and Tor's community and we should try to mitigate
these efforts more effectively.
This effort is part of the Community and Network Health teams their 2023
roadmap. Some of these activities are also part of sponsor work[2]. This
is only the start of this process and right now proposals are only
gathered (and not yet discussed/considered).
Some relevant documents and currently gathered proposals are the
Expectations for Relay Operators[3], proposal for Exit relay
lifecycle[4], proposal for using CISS[5], proposal for verified physical
address for large operators[6] and a proposal for limiting unverified
relay families[7]. Note that this call of proposals is certainly not
meant to yield only technical solutions, but also social, community and
other solutions to improve the Tor network health and Tor's community.
The Tor Project wants a lot of involvement from the community during
this process. Don't hesitate to submit your own proposals, ideas,
opinions, discussions via the usual channels. Concrete proposals can be
added to GitLab[8] or the tor-relays mailing list. The proposals will
also be discussed and evaluated during Tor relay operator meetups (both
online and offline).
Timeframe/planing (TBD):
- March 2023 - June 2023: Call for proposals (collecting/gathering)
The Tor Weather notification service helped Tor operators to get
notifications about incidents, issues, removal of flags etc. regarding
their relays. This service has been offline and unmaintained for a while
now because of a time shortage. Such monitoring service can be very
valuable for Tor operators though, and would lower the bar for new Tor
relay operators to start running Tor relays without having to worry
about implementing advanced monitoring to check on their Tor relays.
For the Google Summer of Code (GSoc) Project 2022 the Tor Project found a mentee to
revitalize Tor-weather. The current repository can be found on GitLab[1]
and after improvements Tor would like to test these with Tor operators.
The Tor operators got a short demonstration of Tor Weather and are
enthusiastic about it.
The Network Team isn't available today so instead the Tor Project asks
the Tor operator community how they are experiencing and dealing with
the DDoS situation. On Tor's side not much has changed but the
implementation of the proof of work is coming along nicely[1]. There is
no input from the Tor relay operators.
#### This might be a stupid question - but what is the TL;DR on the
DDos? To be honest, I didn't notice anything really even though I run
quite a few exits. Is it higher network usage only or high CPU or...?
Sorry for asking such a basic question (Kristian - lokodlare)
There are different DDoS attacks, some are focused on guard/middle
relays while others target exit relays. Some DDoS attacks are done via
the Tor network itself while other DDoS attacks are plain old UDP/TCP
flood attacks. Tor Project is working on more DDoS mitigation.
Gus will pick a date between April 1 19:00 UTC and April 8 19:00 UTC.
#### What about bridge enumeration attackers and how to prevent it?
Censors already have their own tools and devices to block and/or
enumerate Tor bridges and circumvention tech. That said, such projects
exposing bridges aren't helping Tor in any way.
If you know any potential issues with BridgeDB, or if you're one of the
people collecting this data, please contact the Tor Project. Don't be a
jerk, be awesome instead.
#### When a new workshop Sysadmin 101 will be organized?
We should find a new date and topics for the next Sysadmin workshop.
Suggestions are welcome:
For BSD enthusiasts, the BSD community have a IRC (#bsd-privacy) channel
and everyone is welcome to join and reach out.
#### Obfs4 is totally blocked in Iran and snowflake has very little
speed if not blocked at some ISPs, are there any plans to upgrade the
bridge software to circumvent the stricter kinds of censorships?
If you're from Iran, you might be able to help the Tor project. Please
reach out to us if you can provide more information about how Iran is
blocking Tor.
#### Can we move forward with increasing the relays per IP limit? 4 -> 8
-> 16? We are waiting for the final step because we don't want to do the
IP renumbering dance multiple times. Also: If you stop at "8 relays per
IP" please document why, so we at least know why we are spending money
on IP addresses instead of faster hardware to deal with the DDoS pain.
The Tor project wants to check the impact of the change from 2 to 4
first before further increasing the limit. This will take at least a few
more weeks and then further steps can be taken (based on the data).
#### Please document MetricsPort
#### I wish to collaborate on the Snowflake landing page revamp. Please
give me Gitlab account access. I would love to learn more about The Tor
Project.
- If you're a GSoC applicant, please talk with your project mentor
first.
#### DDoS mitigation: Would you implement this as a patch only so we do
measurements and come up with some data for a proposal that aims to make
DDoS against non-guards harder?
The Network Team isn't available, but Tor Project will discuss this in
the next week. The proposal looks fine at first sight. Thanks for
submitting a proposal to improve Tor.
#### dannenberg doesn't seem up to date wrt to
AuthDirMaxServersPerAddr=4, it says a lot of relays are sybil. Any idea
when it will get updated?
Tor Project contacted all Authorities but for the time being you have to
live with it.
#### I have a question about my Snowflake node running on a DigitalOcean
droplet. Its log says "NAT type: restricted" but I do see connections
and traffic being relayed. Where is a good place to go for help/support?
Or is this a known issue/not an issue?
- "NAT type: restricted" is not really a problem; it just means that
there are some Snowflake clients your proxy will not be able to
connect to. The Snowflake broker takes NAT compatibility into account,
so it will not assign clients with an incompatible NAT to your proxy.
For a full documentation about Snowflake NAT matching, please read this
wiki page:
#### Do you know about an approach or hacking guide to store your
ed25519_master_id_secret_key on a smartcard or hardware token like
Nitrokey or Yubikey and use this smartcard in the signing process? I
think this would a helpful approach to make offline key signing even
more secure. (I know that there are different key formats, different
firmware versions etc. - just wanted to know if someone has experiences
with that).
This topic has come up a few times, but as far as is known no one really
implemented this in practice.
#### will exit scanner support IPv6 anytime soon? (ExoneraTor) after the
last relay meetup I realized it also affects us even without using the
torrc setting to use a distinct exit IP
Not anytime soon probably.
#### I have some relays hosted on residential connection that change the
IP 1-2 times per month. My ISP provides me DDNS. Can I use that to
advertise my relays instead of the IP in order not repeat the lifecycle
of a new relay every time IP is changed?
Yes! In theory, you can write your FQDN (dyndns address) in the
"Address" field in your torrc, and Tor will resolve it periodically to
see if it has changed. Also, in theory you should be able to just leave
it all blank, and Tor will discover that your IP address has changed.
You should maintain your relay reputation across IP address changes --
though we do count the change as a brief downtime, because client
connections get cut when you change addresses.
#### Does the Tor Weather support Bridges too?
It could look at the bridgestrap output, rather than needing to
scan the bridges itself.
···
On Wed, Mar 01, 2023 at 12:19:31PM -0300, gus wrote:
Hello,
Just a friendly reminder that the Tor Relay Operator meetup will happen
this Saturday, March 4, 2023 at 19 UTC (view in your timezone: timee | World clock and scheduler ).
cheers,
Gus
On Tue, Feb 14, 2023 at 11:48:56AM -0300, gus wrote:
> Hi,
>
> The next Tor Relay Operator Meetup will happen on March 4, 2023, at 19
> UTC!
>
> We're still working on the agenda, feel free to add your topics
> and/or questions on the pad:
> Riseup Pad
> onionsite: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor-relay-op-meetup-m4-keep
>
> WHERE
> Room link: Tor Relay Operator Meetup
>
> Registration
>
> No need for a registration or anything else, just use the room-link
> above. We will open the room 10 minutes before so you can test your mic
> setup.
>
> Please share with your friends, social media and other mailing lists!
>
> Gus
> --
> The Tor Project
> Community Team Lead
maybe the notes from the Tor relay operator meetup on March 4 should
have mentioned that a participant called AirTor was kicked from that
BBB conference.
This happened because they were using “Tor” in their name and
continued to make dubious offers like the one below which just arrived
in my NGO's inbox. They did not send it to the e-mail address in the
ContactInfo of our Tor relays but a generic one. In BBB's text chat,
they offered to change their name “if thats best,” but as you can see,
they have not. Instead, the signed as ATOR – but that might be a typo.
I am writing this to let you know that it's best to ignore e-mails
like the one below. In the meetup, Roger made it increasingly clear
that he does not believe that AirTor are acting in good faith.
Cheers,
Christian
···
----- Forwarded message -----
From: AirTor Team <team@airtor.org>
Message-ID: <1167510526.29240.1678981005095@eu1.myprofessionalmail.com>
Subject: Support for TOR relay associations
X-Mailer: Open-Xchange Mailer v8.10.73
X-Originating-IP: 24.218.88.76
Hello from ATOR!
We are a community driven initiative that provides recognition rewards to
supporters and operators in the TOR ecosystem.
We would love to recognize your efforts and the efforts of your relay
operators, and hear your opinions on the protocol we have in mind.
Please let us know if this is something of interest to you. We would also like
to donate to help your operation grow and remain active.
Thank you for your time, we hope to hear from you soon!
Sincerely,
ATOR team
ator.org actually works. They try to get Relay Operators to mine/receive their cryptocurrency through uptime, see https://docs.ator.io/ . Also some hardware plans regarding Wifi routers with preinstalled "ator" software/routing.
Personally, i'd say "kill it with fire", but well, thats just me Nevertheless, i guess it could be helpful to make it clear also on behalf of torproject.org, that we're neither support nor endorse their plans and disencourage to use this stuff.
greetz
Richie
···
Am 16.03.23 um 20:25 schrieb Christian Pietsch via tor-relays:
Dear Tor community,
maybe the notes from the Tor relay operator meetup on March 4 should
have mentioned that a participant called AirTor was kicked from that
BBB conference.
This happened because they were using “Tor” in their name and
continued to make dubious offers like the one below which just arrived
in my NGO's inbox. They did not send it to the e-mail address in the
ContactInfo of our Tor relays but a generic one. In BBB's text chat,
they offered to change their name “if thats best,” but as you can see,
they have not. Instead, the signed as ATOR – but that might be a typo.
I am writing this to let you know that it's best to ignore e-mails
like the one below. In the meetup, Roger made it increasingly clear
that he does not believe that AirTor are acting in good faith.
Cheers,
Christian
----- Forwarded message -----
From: AirTor Team <team@airtor.org>
Message-ID: <1167510526.29240.1678981005095@eu1.myprofessionalmail.com>
Subject: Support for TOR relay associations
X-Mailer: Open-Xchange Mailer v8.10.73
X-Originating-IP: 24.218.88.76
Hello from ATOR!
We are a community driven initiative that provides recognition rewards to
supporters and operators in the TOR ecosystem.
We would love to recognize your efforts and the efforts of your relay
operators, and hear your opinions on the protocol we have in mind.
Please let us know if this is something of interest to you. We would also like
to donate to help your operation grow and remain active.
Thank you for your time, we hope to hear from you soon!
Sincerely,
ATOR team
----- End forwarded message -----
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org tor-relays Info Page
ator.org actually works. They try to get Relay Operators to mine/receive
their cryptocurrency through uptime, see https://docs.ator.io/ . Also
some hardware plans regarding Wifi routers with preinstalled “ator”
software/routing.
Personally, i’d say “kill it with fire”, but well, thats just me
Nevertheless, i guess it could be helpful to make it clear also on
behalf of torproject.org, that we’re neither support nor endorse their
plans and disencourage to use this stuff.
greetz
Richie
Am 16.03.23 um 20:25 schrieb Christian Pietsch via tor-relays:
Dear Tor community,
maybe the notes from the Tor relay operator meetup on March 4 should
have mentioned that a participant called AirTor was kicked from that
BBB conference.
This happened because they were using “Tor” in their name and
continued to make dubious offers like the one below which just arrived
in my NGO’s inbox. They did not send it to the e-mail address in the
ContactInfo of our Tor relays but a generic one. In BBB’s text chat,
they offered to change their name “if thats best,” but as you can see,
they have not. Instead, the signed as ATOR – but that might be a typo.
I am writing this to let you know that it’s best to ignore e-mails
like the one below. In the meetup, Roger made it increasingly clear
that he does not believe that AirTor are acting in good faith.
Hello from ATOR!
We are a community driven initiative that provides recognition rewards to
supporters and operators in the TOR ecosystem.
We would love to recognize your efforts and the efforts of your relay
operators, and hear your opinions on the protocol we have in mind.
Please let us know if this is something of interest to you. We would also like
to donate to help your operation grow and remain active.
Thank you for your time, we hope to hear from you soon!
Sincerely,
ATOR team
From what I read it looks like they plan to create some blockchain that uses “Proof-of-relaying-Tor-traffic” as an alternative to Proof of Work or Proof of Stake. From their blog “rather than requiring complex off-chain verification or arbitrary computation to prevent bad actors receiving fees, Proof-of-Uptime verifies on useful activity.” Supposedly to give some incentives to run Tor relays because you get “recognition rewards” I guess some shitcoin. Not sure what those are for but I’ll just keep “mining” consensus weight. Because you don’t need a modified version of Tor and you don’t need the blockchain for that. Just download the consensus and look at the consensus weight and you have your proof of uptime and relaying.
Besides, no reputable relay operator would use a modified
version of Tor. (from third-party sources)
···
On Freitag, 17. März 2023 17:25:10 CET Bauruine wrote:
... but I'll
just keep "mining" consensus weight. Because you don't need a modified
version of Tor and you don't need the blockchain for that. Just download
the consensus and look at the consensus weight and you have your proof
of uptime and relaying.