I convinced a friend to run a Tor relay (he was happy to do so) but he claims he just upgraded and that this line:
ExitPolicy reject *:* # no exits allowed
is commented out by default. So his VPS got shut down over a bunch of complaints and he got banned from Freenode on it.
Is that true? I could've sworn 0.2.4.x shipped with that as the *default* exit policy - as it should, given the potentially catastrophic legal consequences in some countries for those setting up a relay who unwittingly set up an exit relay rather than a middle node.
Best, -Gordon M.
Hi,
On 29.08.2013 23:35, gordon@thisblueroom.net wrote:
I convinced a friend to run a Tor relay (he was happy to do so) but he claims he just upgraded and that this line:
ExitPolicy reject *:* # no exits allowed
is commented out by default.
This is true for many distributions, see
https://gitweb.torproject.org/debian/tor.git/blob/HEAD:/src/config/torrc.sam...
I am not sure what Tor does if you set ExitPolicy without specifying an ORPort, ie. without relaying enabled.
It's possible. One should always review all configuration files before making their node operational. You can't assume that it will be configured in a particular manner.
I mean, who would have thought the TBB would ship with JavaScript enabled... ;)
On Thu, Aug 29, 2013 at 3:35 PM, gordon@thisblueroom.net < gordon@morehouse.me> wrote:
I convinced a friend to run a Tor relay (he was happy to do so) but he claims he just upgraded and that this line:
ExitPolicy reject *:* # no exits allowed
is commented out by default. So his VPS got shut down over a bunch of complaints and he got banned from Freenode on it.
Is that true? I could've sworn 0.2.4.x shipped with that as the *default* exit policy - as it should, given the potentially catastrophic legal consequences in some countries for those setting up a relay who unwittingly set up an exit relay rather than a middle node.
Best, -Gordon M. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Bryan Carey:
It's possible. One should always review all configuration files before making their node operational. You can't assume that it will be configured in a particular manner.
I mean, who would have thought the TBB would ship with JavaScript enabled... ;)
ZING. Ouch. ;)
On 8/29/2013 9:17 PM, Gordon Morehouse wrote:
Bryan Carey:
It's possible. One should always review all configuration files before making their node operational. You can't assume that it will be configured in a particular manner.
I mean, who would have thought the TBB would ship with JavaScript enabled... ;)
ZING. Ouch. ;)
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I am confused by this thread. In fact, the specific downloaded file that the OP is referring to is not named, nor is it mentioned whether it was installed 'as-is' or with a modified configuration. Then a follow-up message refers to TBB, which is not even a relay package. David C
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc. I do not know whether he used a tarball but I think it likely he used the Tor 'experimental' repos as his VPS is Debian-family, and he said "I couldn't keep the old config"; thus debconf likely presented him with a choice, he accepted the new config, edited as far down as he needed to turn relaying on, and that's it.
Since the default exit policy is for a relay to be an exit (without, even, the benefit of ReducedExitPolicy), his VPS was shut down in about a day as he'd unknowingly turned himself into an exit node.
Partial user error, and partial - as he would argue and so would I - bad defaults. This guy is a software engineer who had a derp moment. I wonder how many less tech-savvy users may make the same mistake and then have a bad time and never relay again (or be subject to law enforcement action, particularly in hostile countries).
David Carlson:
I am confused by this thread. In fact, the specific downloaded file that the OP is referring to is not named, nor is it mentioned whether it was installed 'as-is' or with a modified configuration. Then a follow-up message refers to TBB, which is not even a relay package. David C
There was a version of Tor released in the development repos that included Accept *.* in torrc. I remember seeing it but have no idea which version it was. I too think this is a mistake. If casual relay operators are being shut down due to a misconfigured torrc, Tor will suffer more bad press by media types who have no idea how Tor actually works. We want to encourage Tor relaying no!? The more relays, the better the service. I would also suggest to any devs reading this that some kind of pretty looking auto-config needs to run the user through the physical details of the connection and then configure the torrc appropriately. The average random who simply wants to donate bandwidth isnt going to run through the whole torrc and make sure everything is dandy before sticking the relay online. I can think of many competent, intelligent friends who would happily run a relay but they're probably not tech savvy enough to ge the torrc just so for their connections. 'Plug the wire into the grey box, internet happens'....
On top of all this, if someone if wanting to run an Exit node, they will likely be the more tech savvy types. People who have a VPS etc. If that is the case then they will no doubt be able to configure Accept *.* in a text file.
TL;DR version, devs please uncomment Reject *.* in the default torrc on all future releases on Tor. I really think this will cause serious headaches for well meaning volunteers.
Tom
On 31 August 2013 19:09, Gordon Morehouse gordon@morehouse.me wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc. I do not know whether he used a tarball but I think it likely he used the Tor 'experimental' repos as his VPS is Debian-family, and he said "I couldn't keep the old config"; thus debconf likely presented him with a choice, he accepted the new config, edited as far down as he needed to turn relaying on, and that's it.
Since the default exit policy is for a relay to be an exit (without, even, the benefit of ReducedExitPolicy), his VPS was shut down in about a day as he'd unknowingly turned himself into an exit node.
Partial user error, and partial - as he would argue and so would I - bad defaults. This guy is a software engineer who had a derp moment. I wonder how many less tech-savvy users may make the same mistake and then have a bad time and never relay again (or be subject to law enforcement action, particularly in hostile countries).
David Carlson:
I am confused by this thread. In fact, the specific downloaded file that the OP is referring to is not named, nor is it mentioned whether it was installed 'as-is' or with a modified configuration. Then a follow-up message refers to TBB, which is not even a relay package. David C
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSIjFZAAoJED/jpRoe7/ujkPwIALCTA0q7/BAxn3E9cfQdjqpJ SrHJGXMmIgQlmC98b1VfpoUmmsaz8dlhHfngl1CW230exhMIKLbkXOMAlzlgIowP YfyMmdTkcx7fWg0jvFYUGMEbJP1k5thN+IYWJEQ1Myh67UTgL8gsclNmT4utH4bu 96COXJLW8i20iegTmh8qMqEQD0au2bj0Y0iI/dNRqHEF2U/XOIal3yE7HDAUUWPL VlmHWOrh6uuKKCp9/iOrmh0ZzVm1TQDQ2eYVdA2ciLHpecAXIIyRFRtXceZRm3Kh 7HNqosenW+9ecszGkQc0XZerCVUI/bWAfv1EmrgYbz4PNjZlzCy/RNfc91EgiDU= =IdH9 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tor-arm has a config feature. The arm developer is actually planning to remove it because nobody is using it. I think it's a wonderful tool, but it has some gotchas and kinks to be worked out.
Luke
2013/9/7 Thomas Hand th6045@gmail.com:
There was a version of Tor released in the development repos that included Accept *.* in torrc. I remember seeing it but have no idea which version it was. I too think this is a mistake. If casual relay operators are being shut down due to a misconfigured torrc, Tor will suffer more bad press by media types who have no idea how Tor actually works. We want to encourage Tor relaying no!? The more relays, the better the service. I would also suggest to any devs reading this that some kind of pretty looking auto-config needs to run the user through the physical details of the connection and then configure the torrc appropriately. The average random who simply wants to donate bandwidth isnt going to run through the whole torrc and make sure everything is dandy before sticking the relay online. I can think of many competent, intelligent friends who would happily run a relay but they're probably not tech savvy enough to ge the torrc just so for their connections. 'Plug the wire into the grey box, internet happens'....
On top of all this, if someone if wanting to run an Exit node, they will likely be the more tech savvy types. People who have a VPS etc. If that is the case then they will no doubt be able to configure Accept *.* in a text file.
TL;DR version, devs please uncomment Reject *.* in the default torrc on all future releases on Tor. I really think this will cause serious headaches for well meaning volunteers.
Tom
On 31 August 2013 19:09, Gordon Morehouse gordon@morehouse.me wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc. I do not know whether he used a tarball but I think it likely he used the Tor 'experimental' repos as his VPS is Debian-family, and he said "I couldn't keep the old config"; thus debconf likely presented him with a choice, he accepted the new config, edited as far down as he needed to turn relaying on, and that's it.
Since the default exit policy is for a relay to be an exit (without, even, the benefit of ReducedExitPolicy), his VPS was shut down in about a day as he'd unknowingly turned himself into an exit node.
Partial user error, and partial - as he would argue and so would I - bad defaults. This guy is a software engineer who had a derp moment. I wonder how many less tech-savvy users may make the same mistake and then have a bad time and never relay again (or be subject to law enforcement action, particularly in hostile countries).
David Carlson:
I am confused by this thread. In fact, the specific downloaded file that the OP is referring to is not named, nor is it mentioned whether it was installed 'as-is' or with a modified configuration. Then a follow-up message refers to TBB, which is not even a relay package. David C
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSIjFZAAoJED/jpRoe7/ujkPwIALCTA0q7/BAxn3E9cfQdjqpJ SrHJGXMmIgQlmC98b1VfpoUmmsaz8dlhHfngl1CW230exhMIKLbkXOMAlzlgIowP YfyMmdTkcx7fWg0jvFYUGMEbJP1k5thN+IYWJEQ1Myh67UTgL8gsclNmT4utH4bu 96COXJLW8i20iegTmh8qMqEQD0au2bj0Y0iI/dNRqHEF2U/XOIal3yE7HDAUUWPL VlmHWOrh6uuKKCp9/iOrmh0ZzVm1TQDQ2eYVdA2ciLHpecAXIIyRFRtXceZRm3Kh 7HNqosenW+9ecszGkQc0XZerCVUI/bWAfv1EmrgYbz4PNjZlzCy/RNfc91EgiDU= =IdH9 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I would like to instead make Reject *:* the default if no ExitPolicy is defined. That way we can keep the line commented out and have a safe default.
On Fri, Sep 6, 2013 at 8:47 PM, Thomas Hand th6045@gmail.com wrote:
There was a version of Tor released in the development repos that included Accept *.* in torrc. I remember seeing it but have no idea which version it was. I too think this is a mistake. If casual relay operators are being shut down due to a misconfigured torrc, Tor will suffer more bad press by media types who have no idea how Tor actually works. We want to encourage Tor relaying no!? The more relays, the better the service. I would also suggest to any devs reading this that some kind of pretty looking auto-config needs to run the user through the physical details of the connection and then configure the torrc appropriately. The average random who simply wants to donate bandwidth isnt going to run through the whole torrc and make sure everything is dandy before sticking the relay online. I can think of many competent, intelligent friends who would happily run a relay but they're probably not tech savvy enough to ge the torrc just so for their connections. 'Plug the wire into the grey box, internet happens'....
On top of all this, if someone if wanting to run an Exit node, they will likely be the more tech savvy types. People who have a VPS etc. If that is the case then they will no doubt be able to configure Accept *.* in a text file.
TL;DR version, devs please uncomment Reject *.* in the default torrc on all future releases on Tor. I really think this will cause serious headaches for well meaning volunteers.
Tom
On 31 August 2013 19:09, Gordon Morehouse gordon@morehouse.me wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
The friend was upgrading from Tor 0.2.3.x to Tor 0.2.4.16-rc. I do not know whether he used a tarball but I think it likely he used the Tor 'experimental' repos as his VPS is Debian-family, and he said "I couldn't keep the old config"; thus debconf likely presented him with a choice, he accepted the new config, edited as far down as he needed to turn relaying on, and that's it.
Since the default exit policy is for a relay to be an exit (without, even, the benefit of ReducedExitPolicy), his VPS was shut down in about a day as he'd unknowingly turned himself into an exit node.
Partial user error, and partial - as he would argue and so would I - bad defaults. This guy is a software engineer who had a derp moment. I wonder how many less tech-savvy users may make the same mistake and then have a bad time and never relay again (or be subject to law enforcement action, particularly in hostile countries).
David Carlson:
I am confused by this thread. In fact, the specific downloaded file that the OP is referring to is not named, nor is it mentioned whether it was installed 'as-is' or with a modified configuration. Then a follow-up message refers to TBB, which is not even a relay package. David C
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSIjFZAAoJED/jpRoe7/ujkPwIALCTA0q7/BAxn3E9cfQdjqpJ SrHJGXMmIgQlmC98b1VfpoUmmsaz8dlhHfngl1CW230exhMIKLbkXOMAlzlgIowP YfyMmdTkcx7fWg0jvFYUGMEbJP1k5thN+IYWJEQ1Myh67UTgL8gsclNmT4utH4bu 96COXJLW8i20iegTmh8qMqEQD0au2bj0Y0iI/dNRqHEF2U/XOIal3yE7HDAUUWPL VlmHWOrh6uuKKCp9/iOrmh0ZzVm1TQDQ2eYVdA2ciLHpecAXIIyRFRtXceZRm3Kh 7HNqosenW+9ecszGkQc0XZerCVUI/bWAfv1EmrgYbz4PNjZlzCy/RNfc91EgiDU= =IdH9 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2013-09-07, at 11:25 AM, BarkerJr barkerjr@gmail.com wrote:
I would like to instead make Reject *:* the default if no ExitPolicy is defined. That way we can keep the line commented out and have a safe default.
Agreed. I honestly thought the default was something along these lines.
-- Kevin C. Krinke kevin@krinke.ca 851662D2 - 5216953E0CBA1767D6064AB2DAC1902A http://kevin.c.krinke.ca/851662D2.asc
tor-relays@lists.torproject.org
-
BarkerJr -
Bryan Carey -
David Carlson -
Gordon Morehouse -
gordon@thisblueroom.net
-
Kevin C. Krinke -
Lukas Erlacher -
Moritz Bartl -
Thomas Hand