You can see the page on GoodBadISPs https://community.torproject.org/relay/community-resources/good-bad-isps/ it is clearly documented there. or type this on your web browser if that didn't work
https://community.torproject.org/relay/community-resources/good-bad-isps/
Regarding OVH it seems the page warns you against doing that or you can consider running a non-exit relay on it maybe ... correct me if I'm wrong
On Tue, 30 Mar 2021 at 11:37, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Keifer.
There are a lots of relays on OVH 😊
Best regards,
volker
Von: tor-relays tor-relays-bounces@lists.torproject.org Im Auftrag von Keifer Bly Gesendet: Dienstag, 30. März 2021 07:40 An: tor-relays@lists.torproject.org Betreff: [tor-relays] Is OVH a safe vps provider to run an exit relay on?
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
Does that include exits? Thx
On Tue, Mar 30, 2021, 1:59 AM volker.mink@gmx.de wrote:
Hi Keifer.
There are a lots of relays on OVH 😊
Best regards,
volker
*Von:* tor-relays tor-relays-bounces@lists.torproject.org *Im Auftrag von *Keifer Bly *Gesendet:* Dienstag, 30. März 2021 07:40 *An:* tor-relays@lists.torproject.org *Betreff:* [tor-relays] Is OVH a safe vps provider to run an exit relay on?
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
From my point of view - yes :)
Am 30.03.2021 um 17:48 schrieb Keifer Bly keifer.bly@gmail.com:
Does that include exits? Thx
On Tue, Mar 30, 2021, 1:59 AM volker.mink@gmx.de wrote: Hi Keifer.
There are a lots of relays on OVH 😊
Best regards,
volker
Von: tor-relays tor-relays-bounces@lists.torproject.org Im Auftrag von Keifer Bly Gesendet: Dienstag, 30. März 2021 07:40 An: tor-relays@lists.torproject.org Betreff: [tor-relays] Is OVH a safe vps provider to run an exit relay on?
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
no, OVH is the second most commonly used hosting provider, another relay hosted there would hurt the network more than it would help:
https://metrics.torproject.org/bubbles.html#as
We need to make the network as diverse as possible, in order to make it as hard as possible for law enforcement and other bad actors to de-anonymize tor circuits.
If you really want to help us out, here's what I advise you to do:
- Rent a dedicated machine, with a new-ish CPU (supporting VT-x and AES-NI, and good single thread performance since tor is mostly single-threaded). - Get your own subnet, it doesn't have to be huge, but make sure you are allowed to change the abuse-mailbox field to an e-mail you own, so your host doesn't get flooded with automated and mostly useless abuse reports and terminates your service in response. - Make use of QEMU/KVM and create one virtualized instance for each set of two relays (maximum amount of relays sharing the same public address is 2). - Make use of the CPU-pinning feature offered by libvirt, and the isolcpus kernel argument to isolate all but two cores from the kernel's scheduler, and pin two cores to each VM. - Disable all CPU mitigations (mitigations=off on the kernel command line) to increase performance, since you are only installing signed packages anyway, there is no untrusted code running on the system, which means there is no need for any mitigations to be active. - Make sure you have an unmetered traffic plan and at the very least 1, but best case 2 1Gbit/s uplinks.
With a somewhat modern CPU supporting hardware AES acceleration, this should get you 150 to 200 Mbps per tor instance, at least that's my experience when I ran the setup described above around 4 years ago.
On a last note, whatever you decide to do, please don't settle for some overused host just because it's easier or cheaper - you might as well not host a relay at all, then.
Look for a host, get it's AS ID, then input it here: https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
Example:
https://metrics.torproject.org/rs.html#search/as:AS197019
If this was a bit too much, I apologize - I will gladly answer any questions you have.
- William
On 30/03/2021, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
William,
At (about) what number of relays per provider should we be considering looking elsewhere.
Cheers.
On 4/1/2021 12:53 AM, William Kane wrote:
Hi,
no, OVH is the second most commonly used hosting provider, another relay hosted there would hurt the network more than it would help:
https://metrics.torproject.org/bubbles.html#as
We need to make the network as diverse as possible, in order to make it as hard as possible for law enforcement and other bad actors to de-anonymize tor circuits.
--Very large snip snip--
Look for a host, get it's AS ID, then input it here: https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
Example:
https://metrics.torproject.org/rs.html#search/as:AS197019
If this was a bit too much, I apologize - I will gladly answer any questions you have.
- William
On 30/03/2021, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html
Hi,
From the Community portal, Tor relay technical considerations:
## AS/location diversity
It is best to avoid hosts where many Tor relays are already hosted, but it is still better to add one there than to run no relay at all.
Try to avoid the following hosters:
OVH SAS (AS16276) Online S.a.s. (AS12876) Hetzner Online GmbH (AS24940) DigitalOcean, LLC (AS14061)
To find out which host and countries are already used by many other operators (that should be avoided) you can use Relay Search:
https://metrics.torproject.org/rs.html#aggregate/as
https://metrics.torproject.org/rs.html#aggregate/cc
Source: https://community.torproject.org/relay/technical-considerations/
cheers, Gus
On Thu, Apr 01, 2021 at 09:03:24AM -0700, Eddie wrote:
William,
At (about) what number of relays per provider should we be considering looking elsewhere.
Cheers.
On 4/1/2021 12:53 AM, William Kane wrote:
Hi,
no, OVH is the second most commonly used hosting provider, another relay hosted there would hurt the network more than it would help:
https://metrics.torproject.org/bubbles.html#as
We need to make the network as diverse as possible, in order to make it as hard as possible for law enforcement and other bad actors to de-anonymize tor circuits.
--Very large snip snip--
Look for a host, get it's AS ID, then input it here: https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
Example:
https://metrics.torproject.org/rs.html#search/as:AS197019
If this was a bit too much, I apologize - I will gladly answer any questions you have.
- William
On 30/03/2021, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on? Thank you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
This e-mail was checked for spam by the freeware edition of CleanMail. The freeware edition is restricted to personal and non-commercial use. You can remove this notice by purchasing a commercial license: http://antispam.byteplant.com/products/cleanmail/index.html
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Would running a bridge on ovh be ok? Thanks. --Keifer
On Thu, Apr 1, 2021 at 1:29 AM William Kane ttallink@googlemail.com wrote:
Hi,
no, OVH is the second most commonly used hosting provider, another relay hosted there would hurt the network more than it would help:
https://metrics.torproject.org/bubbles.html#as
We need to make the network as diverse as possible, in order to make it as hard as possible for law enforcement and other bad actors to de-anonymize tor circuits.
If you really want to help us out, here's what I advise you to do:
- Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
AES-NI, and good single thread performance since tor is mostly single-threaded).
- Get your own subnet, it doesn't have to be huge, but make sure you
are allowed to change the abuse-mailbox field to an e-mail you own, so your host doesn't get flooded with automated and mostly useless abuse reports and terminates your service in response.
- Make use of QEMU/KVM and create one virtualized instance for each
set of two relays (maximum amount of relays sharing the same public address is 2).
- Make use of the CPU-pinning feature offered by libvirt, and the
isolcpus kernel argument to isolate all but two cores from the kernel's scheduler, and pin two cores to each VM.
- Disable all CPU mitigations (mitigations=off on the kernel command
line) to increase performance, since you are only installing signed packages anyway, there is no untrusted code running on the system, which means there is no need for any mitigations to be active.
- Make sure you have an unmetered traffic plan and at the very least
1, but best case 2 1Gbit/s uplinks.
With a somewhat modern CPU supporting hardware AES acceleration, this should get you 150 to 200 Mbps per tor instance, at least that's my experience when I ran the setup described above around 4 years ago.
On a last note, whatever you decide to do, please don't settle for some overused host just because it's easier or cheaper - you might as well not host a relay at all, then.
Look for a host, get it's AS ID, then input it here: https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
Example:
https://metrics.torproject.org/rs.html#search/as:AS197019
If this was a bit too much, I apologize - I will gladly answer any questions you have.
- William
On 30/03/2021, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on?
Thank
you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi,
As gus pointed out, Hetzner, OVH, Online S.A.S (now owned by and called Scaleway), and DigitalOcean should be avoided at all costs, and yes, even for bridges.
Please try to find a host that hosts as few (publicly listed) tor relays as possible for your bridge or relay.
- William
On 02/04/2021, Keifer Bly keifer.bly@gmail.com wrote:
Would running a bridge on ovh be ok? Thanks. --Keifer
On Thu, Apr 1, 2021 at 1:29 AM William Kane ttallink@googlemail.com wrote:
Hi,
no, OVH is the second most commonly used hosting provider, another relay hosted there would hurt the network more than it would help:
https://metrics.torproject.org/bubbles.html#as
We need to make the network as diverse as possible, in order to make it as hard as possible for law enforcement and other bad actors to de-anonymize tor circuits.
If you really want to help us out, here's what I advise you to do:
- Rent a dedicated machine, with a new-ish CPU (supporting VT-x and
AES-NI, and good single thread performance since tor is mostly single-threaded).
- Get your own subnet, it doesn't have to be huge, but make sure you
are allowed to change the abuse-mailbox field to an e-mail you own, so your host doesn't get flooded with automated and mostly useless abuse reports and terminates your service in response.
- Make use of QEMU/KVM and create one virtualized instance for each
set of two relays (maximum amount of relays sharing the same public address is 2).
- Make use of the CPU-pinning feature offered by libvirt, and the
isolcpus kernel argument to isolate all but two cores from the kernel's scheduler, and pin two cores to each VM.
- Disable all CPU mitigations (mitigations=off on the kernel command
line) to increase performance, since you are only installing signed packages anyway, there is no untrusted code running on the system, which means there is no need for any mitigations to be active.
- Make sure you have an unmetered traffic plan and at the very least
1, but best case 2 1Gbit/s uplinks.
With a somewhat modern CPU supporting hardware AES acceleration, this should get you 150 to 200 Mbps per tor instance, at least that's my experience when I ran the setup described above around 4 years ago.
On a last note, whatever you decide to do, please don't settle for some overused host just because it's easier or cheaper - you might as well not host a relay at all, then.
Look for a host, get it's AS ID, then input it here: https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER>
Example:
https://metrics.torproject.org/rs.html#search/as:AS197019
If this was a bit too much, I apologize - I will gladly answer any questions you have.
- William
On 30/03/2021, Keifer Bly keifer.bly@gmail.com wrote:
Hi,
I am wondering if OVH is a safe VPS provider to run an exit relay on?
Thank
you.
--Keifer
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Eddie -
gus -
Keifer Bly -
Someone -
Volker Mink -
volker.mink@gmx.de
-
William Kane