Skip to content
Snippets Groups Projects

RomeRelayOperatorsMeetupMar18

Last edited by Alexander Færøy

Relay operators meetup @ CSOA Forte Prenestino, Rome, Italy

Notes

~35 people (~12 Tor people)

People/groups from: AvANa, universities, ninux.org decentralized wireless network, researchers, system administrators, few previous relay operators, Tor user and onion services administrators.

  • Talk about legal implications by running relays

    • No legal issue in Europe -> Article 12
    • Non profit or other organizations could help with potential legal issues
    • Onion Italia (people seem to not like it) | form/make a system that can protect relay operators in Italy
    • No cases of relay operators in Europe that face legal issues for hosting relays

  • Hardware talk

    • Don't use an old Raspberry Pi (depending on the hardware revision) or low powered devices for high performance relays
    • Physical security: Virtual servers or bare-metal
      • If you are able to run a relay and the issue is the VM/OS/System the just do it. Tor's design would help from potential compromises. Obviously if you can afford bare-metal then host a relay on bare-metal servers :)
    • Usually not so new hardware is required to run a good relay, exceptions include really high bandwidth relays.

  • IP blocklists: some people take bad decisions and block the Tor exit relays but very few middle, still people don't use these blocklists.

  • How useful is to raun a bridge in residential ISPs with dynamic IPs: Good if you IP is not changing every 1-2 days.

  • How bridge relays work: [/wiki/TorRelayGuide#Bridge]

  • As a system administrator what you should be monitoring to check the health of your relay(s):

    • Nagios or other monitoring software
    • Tor weather

  • Improve relays network by introducing a relay gamification system (badges, swags,..)

  • IPv4/IPv6 talk

    • IPv4 is a requirement: a relay must be able to communicate with every relay on the Tor network
    • IPv6 is not well researched and IPv6 addresses usually not blocked/censored as the blocking infrastructures are blocking only IPv4
    • Hurricane electric provides free IPv6 transit
    • IPv6 exit only traffic is possible and can be configured from the ExitPolicy option in torrc config file

  • What are guard relays: [/wiki/TorRelayGuide#Guardmiddleakanon-exitrelay]

  • Bad news ISPs in Italy

    • Aruba ISP
      • No copyright enforcement, only complains
      • Did/does MiTM attacks to steal SSL keys
      • BGP hijacking
      • Remove all the routes linked to the the Hackingteam and Wikileaks

  • Relay news in Italy

    • Exit probability (as of now): 0,001%
    • Universities can provide bandwidth, IPs and rackspace
    • Universities receive copyright complaints but do not enforce
    • La Sapienza university blocks all Tor domain and subdomains.
      • Multiple complaints have been filled but to not extent, still blocked

  • Question: Will a relays (guidebook/handbook) [wiki/TorRelayGuide#TheTorRelayGuide] help if it's translated in Italian? Not that important currently.

  • Talk about UbuntuCore relays (snapd Ubuntu package) see email list discussion: https://lists.torproject.org/pipermail/tor-relays/2016-August/010046.html

  • Talk about the responsibility of community networks/wireless mesh

    • Network centralization: Exit relays that uses a VPN is not that useful as we may end up with many relays from the same VPN network but.. Better thank nothing
    • Relay operators are autonomous and decide for themselves where they should host a relay
    • Network bandwidth "deals" with ISPs and uplink providers to pay less for more bandwidth/traffic

  • People can help by contributing to the documentation, testing, teaching privacy anonymity and run relays around this project, as it's easier to sustain

  • Funding ideas

    • Donations
    • An application similar to Bail bloc (https://bailbloc.thenewinquiry.com/)
    • Organizations that already want to support running relays but don't want or know how to administer them

  • Talk about filesystem encryption on a relay

    • If a relay servers gets raided, police may have harder time to view the content of the servers and cause confusion/delays
    • Tor relays don't save any content on the disks so there is no really a good reason to do this

  • Talk about the Shared Whois Project (SWIP) and hosting providers that support it so that you can use your own contact info

  • In order host Tor relays with minimal issues in universities, you can find a professor that want to do a research related to Tor

  • Talk about load balancing onion services and OnionBalance (https://blog.torproject.org/cooking-onions-finding-onionbalance)

Comments

    Please register or sign in to add a comment.