I've spent the week talking to my contacts at US universities, to get them to spin up fast exits. Currently the fast exits in North American universities are:
- University of Waterloo (Ian Goldberg) - Boston University (Leo Reyzin)
We're now on track to add: - UPenn (Matt Blaze) - UMichigan (Alex Halderman) - CMU (Nicolas Christin) - Georgia Tech (Dave Dagon)
and I have professors from George Mason, Illinois, UNM, UMN, UConn, UW, and others looking into it.
Wendy and I are talking to some lawyers to try to write up a short (several paragraph) document targeted toward the university's general counsel, for preemptive use by the computer science professors who plan to run the Tor exit.
What else should go in a "so you want to run a big exit" info kit?
- Pointers to the legal-faq (and dmca template) and abuse-faq.
- Pointers to Mike's blog entry: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment and my old Tor-at-universities wiki page: https://trac.torproject.org/projects/tor/wiki/doc/TorGuideUniversities
- Is there some document suggesting how to SWIP your address, and explaining the importance of having your abuse mails go to someplace other than your general university abuse team? It's touched on in several places but we should make it even clearer.
- What are the good answers now to "what hardware should I use, and how should I configure it?" I've been telling people they'll be happiest with Debian, and that something 64-bit and/or with AESNI support will be best.
- We should set up a mailing list for university relay operators to share experiences and feel solidarity. I'll also encourage them to sign up here. We might also post a list of university Tor exits somewhere obvious, so new ones can gain more confidence in the idea.
What other resources exist already that would be especially useful for new fast exits? What resources don't exist but should?
--Roger
On Sat, Aug 11, 2012 at 4:08 AM, Roger Dingledine arma@mit.edu wrote:
- Georgia Tech (Dave Dagon)
This is fantastic news, I used to run an exit relay out of my dorm room at Georgia Tech. It was a bit of a pain to get set up initially — ResNET and OIT didn't really understand the concept, but ended up letting me run it. I've been wanting to set something up with the College of Computing or GTRI for a while now, so it's good to see that this is being done. Let me know if you need any help (I'll get in touch with Dave and mention it to him as well).
- We should set up a mailing list for university relay operators to share
experiences and feel solidarity. I'll also encourage them to sign up here. We might also post a list of university Tor exits somewhere obvious, so new ones can gain more confidence in the idea.
Both great ideas. Unfortunately I don't have a lot of feedback on these issues except to say that I love the idea, and I'm glad to see that Georgia Tech (which has substantial network resources) will be on board.
—Sam
On 11.08.2012 10:08, Roger Dingledine wrote:
- What are the good answers now to "what hardware should I use, and how
should I configure it?" I've been telling people they'll be happiest with Debian, and that something 64-bit and/or with AESNI support will be best.
Seconded. We have moved to Ubuntu 12.04 LTS for machines with AES-NI support as it comes with a packaged OpenSSL 1.01. All that remains is enabling the BIOS option and the kernel module as documented at https://www.torservers.net/wiki/setup/server#aes-ni_crypto_acceleration
Machines without AES-NI can do ~150 Mbps max per Tor process (and core). With AES-NI, you can see >200 Mbps. If your pipe is bigger, you need to run multiple Tor processes and likely tweak some of your kernel settings ( https://www.torservers.net/wiki/setup/server#high_bandwidth_tweaks_100_mbps )
- Is there some document suggesting how to SWIP your address, and
explaining the importance of having your abuse mails go to someplace other than your general university abuse team? It's touched on in several places but we should make it even clearer.
ARIN: https://www.arin.net/resources/request/reassignments.html The relevant template/process is called "IPv4 Reassign-Detailed".
RIPE: I could not find a location that explains how to reassign IP space, but from what I know ISPs can do it via web interface.
On 12 aug. 2012, at 15:23, Moritz Bartl wrote:
RIPE: I could not find a location that explains how to reassign IP space, but from what I know ISPs can do it via web interface.
There are two ways of updating the RIPE database. There's a form on the website one can use, alternatively one can send updates by e-mail.
On 11.08.2012 10:08, Roger Dingledine wrote:
What else should go in a "so you want to run a big exit" info kit? What other resources exist already that would be especially useful for new fast exits? What resources don't exist but should?
I've thought hard about this for the past hours, and put together what I consider the first edition of a "Relay info kit". It ended up to be more a short checklist than anything else. I think we already have excellent resources, and it does not help much to throw another large article at people that they just won't read.
The page lacks a direct contact for support. Should we add tor-assistants, or send people towards me?
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
Comments? Do you want to see something else in an article that says "Tor Exit Guidelines"?
As a prospective 100mbit+ exit or relay operator anything I can find to read about guidelines is awesome. The things relating to legal in particular, especially given the recent harshness from various orgs. Would it be possible to run multiple exits/relays under the same US based LLC? I am thinking that a few of us US based operators could pool resources to accomplish this and have 1 point of contact for the group. Would this cause more problems that it would solve?
On Thu, Aug 16, 2012 at 5:00 AM, Moritz Bartl moritz@torservers.net wrote:
On 11.08.2012 10:08, Roger Dingledine wrote:
What else should go in a "so you want to run a big exit" info kit? What other resources exist already that would be especially useful for new fast exits? What resources don't exist but should?
I've thought hard about this for the past hours, and put together what I consider the first edition of a "Relay info kit". It ended up to be more a short checklist than anything else. I think we already have excellent resources, and it does not help much to throw another large article at people that they just won't read.
The page lacks a direct contact for support. Should we add tor-assistants, or send people towards me?
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
Comments? Do you want to see something else in an article that says "Tor Exit Guidelines"?
-- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hi Andrew,
On 16.08.2012 13:20, Andrew wrote:
As a prospective 100mbit+ exit or relay operator anything I can find to read about guidelines is awesome. The things relating to legal in particular, especially given the recent harshness from various orgs. Would it be possible to run multiple exits/relays under the same US based LLC? I am thinking that a few of us US based operators could pool resources to accomplish this and have 1 point of contact for the group. Would this cause more problems that it would solve?
Good question. I don't think it would hurt to have another larger player, but it probably isn't easy to organize. It also depends on the size. I don't think any org should run more than a handful of servers.
Small groups is exactly what I had in mind. Just having 1 other person also running a relay or exit to be able to work with directly would be great. Any smaller groups that would take a TORB (TOR noob) let me know :)
On Thu, Aug 16, 2012 at 5:49 AM, Moritz Bartl moritz@torservers.net wrote:
Hi Andrew,
On 16.08.2012 13:20, Andrew wrote:
As a prospective 100mbit+ exit or relay operator anything I can find to read about guidelines is awesome. The things relating to legal in particular, especially given the recent harshness from various orgs. Would it be possible to run multiple exits/relays under the same US based LLC? I am thinking that a few of us US based operators could pool resources to accomplish this and have 1 point of contact for the group. Would this cause more problems that it would solve?
Good question. I don't think it would hurt to have another larger player, but it probably isn't easy to organize. It also depends on the size. I don't think any org should run more than a handful of servers.
-- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Thu, Aug 16, 2012 at 01:00:56PM +0200, moritz@torservers.net wrote 1.0K bytes in 27 lines about: : The page lacks a direct contact for support. Should we add : tor-assistants, or send people towards me?
I'm fine with tor-assistants. More people will see any emails in case you're on holiday or sleeping. You may want to add https://blog.torproject.org/blog/start-tor-legal-support-directory as well.
It would be good to add the exit IP to services that allow Tor Exits to register to proactively stop abuse emails.
http://www.blocklist.de is one I had to add mine to within the first month.
-tom
On Fri, Aug 17, 2012 at 09:15:46AM -0400, Tom Ritter wrote:
It would be good to add the exit IP to services that allow Tor Exits to register to proactively stop abuse emails.
http://www.blocklist.de is one I had to add mine to within the first month.
Is this generally accepted as a good idea?
What are the implications to signing yourself up on the list -- that is, what services are you asking to block your users?
I guess I'm torn, since preemptively choosing to make your relay less useful to users is both bad and good here.
I wish more services would consider https://www.torproject.org/docs/faq-abuse#Bans
--Roger
On 23 August 2012 20:40, Roger Dingledine arma@mit.edu wrote:
On Fri, Aug 17, 2012 at 09:15:46AM -0400, Tom Ritter wrote:
It would be good to add the exit IP to services that allow Tor Exits to register to proactively stop abuse emails.
http://www.blocklist.de is one I had to add mine to within the first month.
Is this generally accepted as a good idea?
What are the implications to signing yourself up on the list -- that is, what services are you asking to block your users?
For that one in particular, I don't believe they add you to the blocklist, but rather stop emailing you. The exact response I received was
Thank you for your request.
We have marked the IP [IP]
as an Tor-Exit-Node. So, we dont send ne Reports now for Spam-Comments or other Attacks to you.
-tom
On Thu, Aug 16, 2012 at 01:00:56PM +0200, Moritz Bartl wrote:
https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
Comments? Do you want to see something else in an article that says "Tor Exit Guidelines"?
Thanks!
I've updated the page to include some more suggestions. Please let me know if I screwed it up in any way.
Also, my statement about "RIPE uses something similar" could use some fleshing out.
--Roger
On 24 aug. 2012, at 02:14, Roger Dingledine wrote:
Also, my statement about "RIPE uses something similar" could use some fleshing out.
You need a more descriptive text? I can provide that. Is it just a pointer you need, or do you want the text describing how to change the IP assignment registration itself?
On 24.08.2012 08:07, Rejo Zenger wrote:
Also, my statement about "RIPE uses something similar" could use some fleshing out.
You need a more descriptive text? I can provide that. Is it just a pointer you need, or do you want the text describing how to change the IP assignment registration itself?
Both. A pointer to something similar to https://www.arin.net/resources/request/reassignments.html would be nice for TorExitGuidelines, a short text improving https://www.torservers.net/wiki/hoster/inquiry#ripe also.
tor-relays@lists.torproject.org
-
Andrew -
andrew@torproject.is -
Moritz Bartl -
Rejo Zenger -
Roger Dingledine -
Sam Whited -
Tom Ritter