Relay operators meetup @ CSOA Forte Prenestino, Rome, Italy
Notes
~35 people (~12 Tor people)
People/groups from: AvANa, universities, ninux.org decentralized wireless network, researchers, system administrators, few previous relay operators, Tor user and onion services administrators.
-
Talk about legal implications by running relays
- No legal issue in Europe -> Article 12
- Non profit or other organizations could help with potential legal issues
- Onion Italia (people seem to not like it) | form/make a system that can protect relay operators in Italy
- No cases of relay operators in Europe that face legal issues for hosting relays
-
Hardware talk
- Don't use an old Raspberry Pi (depending on the hardware revision) or low powered devices for high performance relays
- Physical security: Virtual servers or bare-metal
- If you are able to run a relay and the issue is the VM/OS/System the just do it. Tor's design would help from potential compromises. Obviously if you can afford bare-metal then host a relay on bare-metal servers :)
- Usually not so new hardware is required to run a good relay, exceptions include really high bandwidth relays.
-
IP blocklists: some people take bad decisions and block the Tor exit relays but very few middle, still people don't use these blocklists.
-
How useful is to raun a bridge in residential ISPs with dynamic IPs: Good if you IP is not changing every 1-2 days.
-
How bridge relays work: [/wiki/TorRelayGuide#Bridge]
-
As a system administrator what you should be monitoring to check the health of your relay(s):
- Nagios or other monitoring software
- Tor weather
-
Improve relays network by introducing a relay gamification system (badges, swags,..)
-
IPv4/IPv6 talk
- IPv4 is a requirement: a relay must be able to communicate with every relay on the Tor network
- IPv6 is not well researched and IPv6 addresses usually not blocked/censored as the blocking infrastructures are blocking only IPv4
- Hurricane electric provides free IPv6 transit
- IPv6 exit only traffic is possible and can be configured from the
ExitPolicy
option intorrc
config file
-
What are guard relays: [/wiki/TorRelayGuide#Guardmiddleakanon-exitrelay]
-
Bad news ISPs in Italy
- Aruba ISP
- No copyright enforcement, only complains
- Did/does MiTM attacks to steal SSL keys
- BGP hijacking
- Remove all the routes linked to the the Hackingteam and Wikileaks
- Aruba ISP
-
Relay news in Italy
- Exit probability (as of now): 0,001%
- Universities can provide bandwidth, IPs and rackspace
- Universities receive copyright complaints but do not enforce
- La Sapienza university blocks all Tor domain and subdomains.
- Multiple complaints have been filled but to not extent, still blocked
-
Question: Will a relays (guidebook/handbook) [wiki/TorRelayGuide#TheTorRelayGuide] help if it's translated in Italian? Not that important currently.
-
Talk about UbuntuCore relays (snapd Ubuntu package) see email list discussion: https://lists.torproject.org/pipermail/tor-relays/2016-August/010046.html
-
Talk about the responsibility of community networks/wireless mesh
- Network centralization: Exit relays that uses a VPN is not that useful as we may end up with many relays from the same VPN network but.. Better thank nothing
- Relay operators are autonomous and decide for themselves where they should host a relay
- Network bandwidth "deals" with ISPs and uplink providers to pay less for more bandwidth/traffic
-
People can help by contributing to the documentation, testing, teaching privacy anonymity and run relays around this project, as it's easier to sustain
-
Funding ideas
- Donations
- An application similar to Bail bloc (https://bailbloc.thenewinquiry.com/)
- Organizations that already want to support running relays but don't want or know how to administer them
-
Talk about filesystem encryption on a relay
- If a relay servers gets raided, police may have harder time to view the content of the servers and cause confusion/delays
- Tor relays don't save any content on the disks so there is no really a good reason to do this
-
Talk about the Shared Whois Project (SWIP) and hosting providers that support it so that you can use your own contact info
-
In order host Tor relays with minimal issues in universities, you can find a professor that want to do a research related to Tor
-
Talk about load balancing onion services and OnionBalance (https://blog.torproject.org/cooking-onions-finding-onionbalance)