Hi,
Opinions please - is it worthwhile running an exit node on a home DSL connection with limited bandwidth and exit policies? I'm talking 150Mb per day, 20Kb/s, and only allowing ports 80, 443 and 53 out. I'm concerned about potential abuse from exit traffic more so than limited bandwidth. I've only had it up for a few days and the bandwidth is being used.
Is such an exit policy useful for the network? Or would I be better off just running as a relay? Are there other ports that I could allow to exit that would make this node more useful, while not greatly increasing the risk of abuse reports coming my way?
Phil
Opinions please - is it worthwhile running an exit node on a home DSL
Nodes are nice to have around.
potential abuse from exit traffic more so than limited bandwidth. I've only
That's up to you. If you don't mind the odds of the queens best afp waking you up and borrowing all your stuff for a while till they figure out it probably wasn't you who posted that crap on the web... then you're fine.
Letting your ISP know you're running an exit would probably also help you there.
had it up for a few days and the bandwidth is being used.
That answers that part of your usage question, some people get no traffic thus do other things.
running as a relay?
Depends on you mostly. You could also be a bridge, obfsproxy, maintain the wiki, fix bugs, etc.
would make this node more useful, while not greatly increasing the risk of abuse reports coming my way?
Most abuse comes from http/s web cretins and sometimes filesharing. Though the infocalypse horsemen are always a threat. Specific authenticated and encrypted protocols like ssh, imaps, pop3s, submission, xmpp, and so on tend to be quiet.
Just read through the archives of this list, other answers are all there. Exit boilerplate and complaint templates, exonerator, and so on.
On Tue, 27 May 2014 16:04:00 +1000 Phil phil@urbanoia.net wrote:
Opinions please - is it worthwhile running an exit node on a home DSL connection with limited bandwidth and exit policies?
It all depends on whether or not you want to 'put up' with the potential 'hassle', which could be slightly different compared to as if it was in a datacenter somewhere. If your ISP is informed that you're an exit node, then great. Just remember, you will be mixing your own personal traffic with Tor traffic, that is the main issue I think you might face.
I honestly think that you would be better off being a bridge, especially if you have a change of public IP address every now and then, like most home lines.
--Matt
On 5/27/14, Matt Puckey matt@puckey.org wrote:
On Tue, 27 May 2014 16:04:00 +1000 Phil phil@urbanoia.net wrote:
Opinions please - is it worthwhile running an exit node on a home DSL connection with limited bandwidth and exit policies?
It all depends on whether or not you want to 'put up' with the potential 'hassle', which could be slightly different compared to as if it was in a datacenter somewhere. If your ISP is informed that you're an exit node, then great. Just remember, you will be mixing your own personal traffic with Tor traffic, that is the main issue I think you might face.
I honestly think that you would be better off being a bridge, especially if you have a change of public IP address every now and then, like most home lines.
I read a lot of the torproject.org website before running our exit node, and I found the issues laid out to be reasonable from my perspective - when we believe in something like free speech, or freedom of travel, some of us (like myself) feel a conscientious duty to take a stand to promote that which we believe in, as I did.
The website said full exits are needed the most, from the tor network perspective, so that's what I decided to set up.
With the bandwidth level you (Matt) are suggesting, I think a full exit would even be fine from that point of view. I ended up cross grading to a business level plan with our isp iiNet (Australia), in order to get a static ip, since the effect of ip changes was too severe on the exit traffic (in my personal opinion) since it usually meant an effective network drop out once a day. Then Telstra (the upstream national/backbone isp) started changing the ip address much more frequently - probably because that had a positive effect on their overall network availability, with minimal customer complaints. So I cross graded and got a static IP.
There was a brief day or so when Telstra's ip changing came back into play, and an incorrect ip was being alternately assigned to the correct ip address. Once that was sorted, the connection (gracemissionstor fwiw) has been pretty rock solid, except for the occasional rural power outage we experience.
Oh, when I cross-graded, I did speak at some length with the iiNet tech guy about our intention to run our "free speech node" being a TOR exit node, how that helps wikileaks and various minorities around the world to experience a level of freedom of speech which is not otherwise possible.
They were cool with that.
So, primarily I recommend: Speaking with tech support of your isp, and ask them some question about running a tor "free speech" exit node and are there are any issues you need to keep in mind when you set that up on their network.
In this way, you begin to build a relationship of open communication and readiness to respond to any issues that may (or may not) arise.
Make sure you are diligent in the guides/recommendations on the torproject.org website, such as having a valid contact email address etc etc.
Good luck :) Zenaan
On Sat, 31 May 2014 10:07:51 +1000 Zenaan Harkness zen@freedbms.net wrote:
I read a lot of the torproject.org website before running our exit node, and I found the issues laid out to be reasonable from my perspective - when we believe in something like free speech, or freedom of travel, some of us (like myself) feel a conscientious duty to take a stand to promote that which we believe in, as I did.
I 100% agree with this. But running a Tor exit node on the only public IP address that you have, and also running your own traffic through it doesn't sound good to me. Maybe in terms of liability of the traffic - which traffic was Phil and which was the Tor exit node etc? I suppose it depends on whether or not you care about that, but law enforcement might (if that bothers people?). Maybe in terms of services on the internet blocking Tor exit IP's e.g. Phil's home IP address, which could be a problem, assuming it's a static IP. If he was a relay, he wouldn't have these potential issues.
I don't think there is right answer with this. There are reasons either way. It all comes down to what people feel comfortable doing and their specific situation.
With the bandwidth level you (Matt) are suggesting
I haven't suggested any bandwidth levels. You might be referring to Phil I suspect. :)
--Matt
tor-relays@lists.torproject.org
-
grarpamp -
Matt Puckey -
Phil -
Zenaan Harkness