TL;DR Interested in running a middle relay from home on a raspberry pi and wondering about user’s experiences with ISPs blocking services.
I am happily running a browser Snowflake proxy on a laptop and a standalone Snowflake proxy in AWS, but am interested in running a middle relay from my home. I’ve been thinking about using a Raspberry Pi set up with Science and Design’s Pi Relay. The pi will be able to match Tor’s relay requirements.
“Guard and middle relays usually do not receive abuse complaints. However, all relays are listed in the public Tor relay directory, and as a result, they may be blocked by certain services. These include services that either misunderstand how Tor works or deliberately want to censor Tor users, for example, online banking and streaming services.”
and goes on to say…
“Important: If you are running a relay from home with a single static IP address and are concerned about your IP being blocked by certain online services, consider running a bridge or a Tor snowflake proxy instead. This alternative can help prevent your non-Tor traffic from being mistakenly blocked as though it’s coming from a Tor relay.”
Is the IP being referred to above the IP of the device running the relay, or the IP of the router? I wouldn’t mind much if my ISP restricts my pi from hitting certain sites since its only purpose would be a relay, but I don’t want to impact any devices connected to the router. Has anyone had experiences where services get blocked? If so, what did you do to fix the blocking issue? There are some posts (here and here) that make me a little wary. I’ve heard some people use VPNs on their devices to get around blocks, but I’m not in a position to do that. Is this experience common?
It’s gonna be your public IP, so all devices connected to the router will be affected by the blocking. And it’s (usually?) not the ISP that blocks, it’s the target websites.
Do you have several static IPv4 addresses?
If not, then the only one static IP you have will be blocked.
When routing is set up using NAT, it means every NATed device uses IP address of router.
If it is blocked, it will mean every device behind NAT will be blocked as well.
Hello @foo In my experiance of being a relay operator middle for over 5 years my isp haven’t blocked anything ever. I’m in the UK. I have however been broadbased added to certain IP blacklisting even though I’m directly no threat at all to the organisations that have black listed me. If I google my IP addresses there’s organisations that gather the IP’s to use their IP lists to ban them.
What has been affected? A website that shares house market information for users to browse houses on the UK market! A section of Microsofts office 365 but not broadbased. I think it was a help section for a solution to a particular windows problem. Banking is fine general browsing is fine but every now and then a little stumble. I use a addon to the chrome browser I think there’s a firefox addon called UltraSurf that changes my IP as desired so that I csn just work around it. It’s like a proxy again to circum navigate censoring but nowhere near secure a Tor. NOT secure if your trying to browse anonymously
Fairly often you’ll be presented with capcha challenges are you a human cloudflare challenges browser checks but they go through just fine.
Nothing too bad so I would say as far as I’m concerned in the UK it’s ok
Do you have multiple routable IP addresses? For most people at home they have a single IPv4 public address and their devices are NATed. So the blocked UP will be your public facing IP address. If for some reason you have more than one IPv4 public facing address, then the blocks will be on the one that gets published on the Tor directory.
If you are talking IPv6, then it’s a little different. Most ISP’s hand out a full /64. That said, if your Tor relay is IPv6-only and even if it’s a unique address on that /64 assignment, the blocks may black out the whole /64. A lot of places that put IPv6 blocks just assume that the whole /64 belongs to the “offender” and the blocks get put in that way.
I experienced it running a middle relay (see my post). After a week or so of uptime, I was denied access to most of my country’s public administration websites, including those of the government, the cities, the local and national public transport, and research organizations. I was also blocked by some national newspapers.
I solved the issues by changing my public IP whenever I needed to access a blocked website, something that with my ISP of the time I could achieve simply by reconnecting my modem. If I recall correctly, I needed to do so once or twice a month. This limited the consensus I could achieve, but nonetheless the bandwidth I dedicated to relay was constantly almost saturated.
So, in my experience, if you have an easy way to switch your public IP hosting a middle relay at home is feasible, as long as you don’t need to access blocked services very often. Unluckily, the only way to find out what services actually are problematic is trying.
When I was forced to switch to an ISP who only provides static IPs, on the other hand, I had to shutdown the relay in order to make sure not to lose access to services I can’t go without.