It's much more fun to run an exit node and inspect the traffic using tools like the dsniff suite and Suricata.
Back in the day, 90% of the traffic I would see was just people trying to brute force Hotmail accounts via POP3, but occasionally I'd sniff the credentials for an IRC-based C2 for a botnet, and I'd log in and wreck the thing.
Well, it's fun to do this and learn from that, however in an exit node it's not something I'd want to do. People use Tor to surf the web anonymously (mostly) and have some privacy. There are certainly exit nodes that do this, and it has been proven by blog posts in the past, however the more nodes that don't engage in such activities, the better for the network overall.
> however the more nodes that don't engage in such activities, the better for the network overall.
I'd argue that it is quite the opposite.
The more people are aware that plaintext over Tor is a really, really bad idea [1], the more people will use end-to-end encryption. In particular, they will insist that more websites switch to HTTPS. Which is actually better for the network overall, and would render most of these attacks useless.
I wonder whether the Tor browser bundle should disable plain HTTP completely, only to be enabled through some obscure config setting for the seldom use cases where this is actually needed.
[1] Tor is by definition a system of man-in-the-middle through man-in-the-middle. Why would anybody want to use that without end-to-end encryption?
> The more people are aware that plaintext over Tor is a really, really bad idea [1], the more people will use end-to-end encryption.
Yes, but how does your collecting logs impact overall awareness?
Even if it did (say, you make the logs available through some snazzy web interface, it gets mass media attention), how does that balance out with the users who traffic you exposed?
I didn't mean that more exit nodes should collect and share their logs. That would indeed weaken the Tor network, by facilitating traffic correlation.
I meant inspecting/manipulating the traffic if it is unencrypted. As a political statement, this should of course never actually attack the client, but instead try to raise attention by e.g. injecting a message along the lines:
Hi, I'm a stranger and it was trivial for me to
inject this message. Please use HTTPS to prevent
me from doing this.
Thinking more about that, however, this may be a bad idea. People could perceive this to be a security hole in the Tor network itself, rather than HTTP itself, which could damage the reputation of Tor.
Last I heard, there was basically one guy handling all reports of malicious exit nodes, and I couldn't even get him to do anything about the ones very obviously intercepting traffic to Bitcoin wallets and injecting code that stole people's money
This has been done in the past: researchers visited a uniquely generated URL from Tor and then recorded which Exit Nodes visited it again. You can find their work if you google it..
"Chloe" visited unique web pages for a month last year, and also used unique credentials to log into a custom honeypot. Of the over 137,000 exit nodes tested, 15 attempted to use the credentials, 650 visited the unique websites.
Less than half of a percent, but definitely happening regularly enough to be an issue.
Not really you can always mirror the wan/uplink port and do the capture on another box so even some time based / performance analysis won't show anything.
Port mirroring means you can only be a passive eavesdropper. Attacks like SSL mitm wouldn't work because you actually have to intercept and modify the traffic
SSL MITM still won't work unless you want it to be very noticeable or you have very substantial resources.
Port mirroring is enough to capture SSL traffic and to break weak SSL keys or if you have compromised the key of the destination services (w/ some caveats like no forward secrecy etc.)
And it doesn't prevents you from executing MITM attacks from upstream or just doing specific MITM attacks from within the TOR exit node later on.
But overall there is nothing you can do to ensure that your TOR exit node, your VPN gateway or even your ISP isn't reading your traffic other than to use encrypted tunnels everywhere and even then you are for the most part only moving the problem upstream.
Exactly. Ethics is just the wrong way to think about it.
It's like the people emptying weak brainwallets. Is it unethical to empty the brainwallet for "password123"? Is it unethical to pick up a quarter lying on the sidewalk? No and no.
Saying that strangers on the internet are bound by ethics is unrealistic.
Instead, we should build systems that are resilient.
For example:
* A brainwallet generator should estimate passphrase complexity and warn if it's too low
* Tor Browser should show a red lock icon for plain HTTP and warn users clearly that their traffic may be read
Blame the program, not the person. Calling the inevitable attacker "unethical" just isn't useful. Saying the user is dumb or Doing It Wrong isn't useful either.
Good crypto software should be resistant to both misuse (by Adam) and abuse (by Eve)
You seem to be completely misunderstanding ethics. Just because you 'can' do something does not mean it should be done or is ethical to do so. You 'can' break into your neighbor's house and steal <whatever>. Just because you have that capacity does not make it suddenly ethical to do so, even if they leave their doors unlocked.
GP didn't say that strangers on the internet are bound by ethics. Ethics are not a thing we are 'bound' by. They are a value judgment we make based on whatever social contract we think we have with those around us.
If passphrase complexity is "too low", that's also a judgment. There are no universal truths about what is adequate complexity. What you think is adequate today will not be adequate tomorrow. If someone's passphrase was inadequate and was cracked, was it ethical for the cracker to take advantage of it? If the passphrase passed a certain complexity, did it suddenly become unethical?
I think in the case of brainwallets, the actual contract with the network is that anyone who knows the password has authority to transfer the funds. When you send funds to a password-based address that is literally what you are declaring. There is no additional "off-book" requirements for accessing the funds like, you must know the password and also be a specific person.
There are similar scenarios but they are also different in important ways. A properly generated private key would have to be first stolen. An improperly generated private key, or an improperly generated signature that reveals the key are technological faults which expose the funds.
But when it comes to so-called brain-wallets, if you know the password then I think you have the right to move the funds.
Without the law, the actual "contract" you have re ownership of anything is that you can prevent anyone else from owning those things. If someone else can manage to "steal" your thing, they own it now.
I think that's not a world anyone wants to live in aside from an-caps.
I'm not speaking of lawlessness, I mean the actual lawful contract of who owns or can transfer or take possession of the data. Bitcoin introduces all sorts of novel ways to store and assign ownership of the Satoshi. Flags like ANYONE_CAN_PAY and scripts which equate to ANYONE_CAN_SPEND, or in this case a script which equates to SPEND_WITH_PWD.
The vast majority of people have zero understanding of the underlying crypto contract they are entering when they use Bitcoin. But there are experts who can explain what these scripts actually mean and who in turn can access the funds and under what conditions. Like buying other commodities electronically, it is best to consult an expert if you don't know what you're doing. That doesn't change the terms of the underlying contract.
Back in the real world, contracts have a lot to do with intent. Generally, if you didn't intend to give money to whoever picks it up first, a court would rule that nobody but the intended recipient has the right to pick up the money.
Even if you leave a duffel bag full of money beside a motorway, it's not legally the property of whoever picks it up first. That would be a perfectly reasonable legal argument. In order to give it away to whoever picks it up first, you need to create clear intent - a posting in plain English, for example. Making it easy to pick up isn't intent to allow anyone to pick it up.
Code isn't contract, and behaviour isn't contract either.
> In order to give it away to whoever picks it up first, you need to create clear intent - a posting in plain English, for example.
So we have someone who takes that proverbial duffel bag full of money, lays it down on the information superhighway, and puts a sign on it which says, 'SPEND_WITH_PASSWORD'. So Malory picks up the bag, opens it up with the password, and spends the money. They didn't "intend" for that to happen, but they signed a contract which says exactly that. The best example I've heard where this is not a valid defense is the life insurance policy written by Aviva France which allowed retroactive trading (a.k.a printing money) and where the policy could now be worth billions of dollars. [1]
Can code ever be a contract? I think so. What if the code functions exactly as designed, and exactly as advertised, is it then a contract? A world where you don't have the freedom to follow clear and obvious labels does not function very well. If someone puts a water fountain on a public way, and then sues people for drinking from it claiming they stole the water, I would hope those claims would be thrown out and the claimant censured.
The right answer is, of course, no one should be laying their money down with a sign on it that says 'SPEND_WITH_PASSWORD' if that's not what they want to have happen -- because trying to recover that money after the fact when someone picks it up is going to be challenging, to say the least. But I do think it's an interesting argument to say that the person who did pick it up with the right password actually did nothing legally wrong, and even ethically or morally wrong.
Even more-so, I find arguments that 'SPEND_WITH_PASSWORD' should actually mean 'SPEND_WITH_PASSWORD_AND_CONSENT' to be highly problematic for a decentralized blockchain which can trade smart assets. A crypto-currency should be expected to do what it says on the label, and users should be expected to read the label before using it. See, for example, the many cases of inadvertently large transaction fees, and even that's a more clear cut example of programming error, or human error, than 'SPENT_WITH_PASSWORD' which does exactly what it says.
A machine flag on a data record which doesn't even say SPEND_WITH_PASSWORD, but is instead a set of machine instructions, to be interpreted by a machine that nobody really fully understands, is not human-readable English, and can reasonably be set without intent to allow anyone to spend it - it's easy to mess up and make it less secure than you intended.
Therefore, it's not a contract, by definition, no matter what a subset of the population would like to think. Also - what if there's a crypto bug somewhere in Bitcoin, or a popular key/password generator? If it turned out all SPEND_WITH_PASSWORD transactions are far weaker than expected, does that mean it would be perfectly legal for anyone to steal money from all such transactions? I can't see a court saying "yes" to that, any more than they'd say that if your computer wasn't secure enough it'd be legal to access your bank account details and steal all your money from your bank. Or you could also bring up the argument that you'd get your money back if you'd sent money to the wrong person by PayPal/Faster Payments/whatever and had to take it to court, and the term "smart contract" doesn't actually change what's almost the same action.
This doesn't necessarily mean the blockchain needs to include some sort of "revoke transaction" functionality, but it is something that you can take to court if you find out who stole your money. New tech doesn't mean that courts suddenly break every rule that's been developed over hundreds of years. Courts are very used to dealing with "irrevocable" transactions.
To talk about ethics completely independent of ability is to divorce philosophy from reality.
If I can brute force a password with a TI-83, then that should be a different conversation than if I can do so with a few hundred million dollars, a backbone tap, and a government cluster.
To argue otherwise is navel-gazing about whether the red I see is the same red you see. Maybe? But more importantly, what does it matter?
So if you murder someone with an assault rifle, you're a monster, but if you did it with your bare hands, your methods should be applauded and studied?
I'm not even going for reductio ad absurdum here, this seems to literally be what you're saying.
Did I at any point make a value judgement, as you did?
I simply said, as did dcposch, that to talk about ethics independent of ability is useless from a functional perspective. And to go farther, that applying anything other than amorality to internet actors is without functional value.
A rebuttal, if you feel otherwise, would take the form of "No, I believe pure ethical evaluation is still useful because..."
This is totally preposterous logic. It's very easy to commit many very serious crimes, like murder and rape. Ability to carry out an act has nothing to do with its morality.
I can see how you got to the conclusion you did but I think you're making the wrong analogies like the gp.
The penny you pick up on the street, despite any argument to the contrary, hasn't been put there for safekeeping. It's lost and it's value is so low that it's immaterial if you return it or not. Actually the loss in productivity and the impossibility of the task is such returning it, unless you saw the person who dropped it, is probably a negative thing.
Now if that was $65000 then you might keep it because you can and it benefits you, but the ethical thing to do is to attempt to return it to its owner.
Compare that to a weak password though, as far as you know it isn't even lost. You're just assuming that it will be stolen so it might as well be you. Do you feel the same way about the contents of other peoples houses? Pretty much anyone who wants has the ability to enter your home, we don't do that because of ethics.
You or I don't enter others' homes because of ethics, but I think lock companies bear out my point. There are a lot of technically questionable lock products out there, but people still buy them and companies produce them.
Because most people feel even a bad lock changes the ethical calculus. Because ease of transgression has a direct bearing on the actually realised ethical result.
The issue with the original "that's not ethnical" comment was not "Yes it is" but rather "You're right, but how is that relevant to this discussion?"
Tell that to all those ISPs doing DPI and injecting crap and ads in unencrypted http. Or hotels running captive portals. Or your employer doing org-wise TLS MITM and logging.
Unethical? Most certainly! A crime? Could be depending on what was done and in what jurisdiction, but far from certain.
Honestly, it is arguable that the user actually agreed to monitoring and in-flow data modification knowingly, and therefore it might constitute an Unconscionable Contract due to an Unfair Surprise (again, depending on jurisdiction).
That is assuming the user did actually agree to anything.
Now what if the exit operator put up a ToS themselves stating users of their exit node will be monitored and/or data flowing through their services might be modified on route even? Because, after all, it is the TOR users using their services, not the other way round.
"You hereby grant Tor Exit Operator Ltd, A Nigerian Prince/Russian Business Network joint venture, the right to monitor, log, modify all data you transmit to our service and an irrevocable, unlimited license to use any data you transmit for any purpose".
Tor noob here: How are exit nodes actually assigned to end-users though? So far my understanding was that the assignment happens automatically without any conscious descision by the end-user. If that's true, construing an "agreement" would be pretty hard - if the user isn't even aware they're using your service.
Same reason shady companies still at least need to make it look like they asked your agreement and can't just state "by looking into our general direction you transfer ownership of all your worldly possessions to us"
The whole point is that these things aren't illegal on you own network if you disclose it to the user. Network monitoring and traffic modification aren't illegal in and of themselves.
Consider this. If I just take your car from your driveway, that's stealing. But if you first sign a contract transferring ownership of your car to me, it's very obviously not stealing.
If by "to agree" you mean "clicking something away that nobody ever reads in order to be able to use something for which you've already paid" or "silently assuming that some hotel's house regulations that nobody ever reads does not contain a clause that allows them to tap into your private communications", then I guess you're technically right. Somewhat.
Nice one :) I do the same to IRC botnets, but mainly phishers, I must admit. The botnets I see always seem to use that one Perl script, the "servidor" one, written in Portugese.
The article keeps making reference to the types of users on the Tor network:
> The majority of Tor traffic is legitimate users accessing the web anonymously, through insecure networks like Public WiFi, etc.
> Finally, just like with everything else, we have malicious users. [...] That last, tiny portion of users is the primary reason people don't run more Exit Nodes.
> Despite malicious users being the minority of Tor users, as an absolute number, there are many of them.
Where are the facts that form the basis of these statements? I've seen studies about geographic and network demographics, and there was the disputed study about how much Tor traffic was related to child-porn, but has someone done a study on how many users are engaging in abusive behavior through Tor exit nodes?
Regardless of the number of users, a better question may what percentage of the traffic is abusive? It doesn't matter if a minority of the users are abusive if the majority of the traffic is abusive.
Tor administrator's tendency to dismiss abusive conducted through their exit nodes as "that's just the way it is to protect anonymity" reminds me of Twitter's early lack of action against abusive verbal attacks on its service. Tor's anonymity is analogous to Twitter's free speech, but in both cases, abuse of those freedoms defines the need for some practical protections in order to maintain them.
> It doesn't matter if a minority of the users are abusive if the majority of the traffic is abusive.
It doesn't? From my view it is exactly the opposite.
Let say that a bridge between Sweden and Denmark is heavily trafficked by smugglers who drives trucks, while law abiding citizen normally drive cars. The relative amount of drivers that are smugglers will then be much smaller than the relative amount of cargo being smuggled, as cars carries less cargo than trucks.
From a ethical view point, should the bridge then be judged as tool for criminals or a tool for law abiding citizens? Is the quantity of people less valuable measurement than the quantity of tons going over the bridge, and what would the argument be for that?
The online "trucks" of malicious users can be (and likely are) several order times larger in traffic than non-malicious users. Even if there was 1 million non-malicious users for every malicious user, you could still get >90% malicious traffic in the network. The only realistic way to fix that statistical problem would be to get heavy traffic on the network like video, system updates, and P2P, which are all things that a low latency anonymity network is not designed for.
A huge fraction of tor usage is illegal. Drugs, and other illicit sales mostly. Some pornography. None of this is relevant to an exit node operator because the servers for these people are using hidden services, and as such their traffic never exits the for network, and never passes through an exit node.
The illegitimate uses of tor that require exiting the network are fairly limited, and tor isn't great since the list of exit nodes is public, and blocked many places. Mostly those users are trying to bypass a firewall or browse anonymously for one of the reasons that for advocates claim.
Humm yeah a huge fraction of it is illegal. In fact in some countries it is illegal to circumvent the restrictions imposed by the State on the internet. I am non trying to start an argument, but the concept of illegality depends on the laws and very often is completely disjointed from the concept of justice.
Is it illegal to buy drugs? Yes, in a lot of countries. Is it immoral? A lot of people think it isn't.
So, don't use the metric of the US judicial system to establish what should be considered illegal/immoral on TOR. TOR is a worldwide network and shouldn't be judged based on the laws of a specific country.
Tor really sucks for sending abusive traffic, it's slow and blacklisted by everyone (IME mostly due to problematic users, rather than "hacking" and such).
Luminati for example offers a much better service, as do the hundreds of thousands of routers offering unauthenticated SSH tunneling around the world. Way better speeds, and no blacklists.
> Tor's anonymity is analogous to Twitter's free speech, but in both cases, abuse of those freedoms defines the need for some practical protections in order to maintain them.
This sounds worryingly like a call to weaken Tor, I really hope it's not.
It's not in any way a call to weaken Tor, but I think that response is indicative of an ideological viewpoint that will achieve the same result.
A perfectly secure, perfectly anonymous network that no network-neutral party will service because of the levels of abuse which come from it is no stronger a solution than an insecure, de-anonymized solution. The parent blog post implicitly acknowledges this -- the poster disables exit handling for SMTP and BGP traffic because of that traffic's likelihood for abuse and the resulting effect on the exit node, even though such traffic might have legitimate uses. Practical requirements of node functionality trump ideology, in the case of SMTP and BGP traffic at least.
While Tor operators may accept abusive traffic as a result of their greater goal, the upstream providers of their nodes may not. The ability to reliably deliver traffic for all customers, Tor and non-Tor is key to their business. If that ability becomes compromised, they take action to preserve their business.
Wow Luminati is expensive but sounds like a very premium platform for on-demand proxies. Are they running this in a shady manner where a P2P application is also serving as a web proxy for Luminati?
I never really tracked down what exactly causes the vulnerability, but it's a rather common bug in various SSH implementations (millions of affected devices). Dropbear is the most commonly affected.
I guess easiest way to demonstrate it is like this:
debug1: Next authentication method: password
root@117.243.179.217's password:
debug1: Authentication succeeded (password).
Authenticated to 117.243.179.217 ([117.243.179.217]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: Sending env LC_CTYPE = en_US.UTF-8
login failed: please enter correct username and password
Login:
Notice how for the initial login attempt the SSH server itself will accept any password, but subsequently the login is handled by the binary set as the login shell? After the initial "failed" login attempt you can freely open as many SSH tunnels as you please. You can most likely get RCE from here
I'm also wondering about that. The only recent statement I know of is from Cloudflare, where they say that 94% of the Tor traffic they see is malicious.[1]
It's good to protect anonymous way to use the internet, but it shouldn't be ignored that Tor is probably primarily used for illegal purposes.
But, also, cloudflare has made the malicious / non-malicious ratio so much worse. A staggering amount of web content has become practically inaccessible on TOR because of them. This makes TOR very difficult to use for the average law-abiding person who just wants more privacy.
They have a shitty reputation because they funnel a higher-than-normal number of users through a single IP.
And apparently cloudflare is much more aggressive on this front than anybody else in this business, including google - when I get a captcha it's always cloudflare (or hacker news). On those sites I can practically rely on getting one.
To turn it around, every time I see a cloudflare captcha they obviously have failed.
Really? I'd say there's a need to implement ever stronger successors to the likes of Tor, Ethereum, and Bitcoin, until people finally stop hand-wringing over taking action about "abuses", because it's clearly mathematically impossible.
I really want to like running a Tor exit node but I'm tired of my IP address being blacklisted to hell and back "just because Tor exit node." (To say nothing of affecting my neighbors since many of those lists take out the /24 because they can't see that I only have a /27.) I don't mind dealing with e-mailed complaints but I do mind having my e-mail and other outbound connections arbitrarily blown to smithereens.
His take on it is interesting since I hadn't considered putting my money proverbially where my mouth is and signing up for an inexpensive but standalone service elsewhere. I'll probably give this a whirl.
It's pretty much the only way to do it - even running a relay node on your home network gets you blacklisted (which is frustrating since absolutely zero malicious traffic originates from your IP). In addition to the reasons you mentioned, some people have had surprise 6am home visits from law enforcement for running exit nodes (though it was heartening to read that the author has not had any bad encounters with LE).
(Comment made from a throwaway account, because I can't be bothered with the potential for future hassle from possible employers over it)
> In addition to the reasons you mentioned, some people have had surprise 6am home visits from law enforcement for running exit nodes.
As someone who has had one of those surprise 6am home visits, I can attest to it being something you Do Not Want, especially from inexperienced British police officers who don't really understand what Tor is. To their credit they were incredibly professional about the whole thing, but it still resulted in every device in my home capable of storing data being seized, and six month's of social services asserting that I couldn't be alone with my then one year old son while those devices were inspected by police investigators. (And social services really weren't at all professional about the process - their representative as good as told my wife to leave me because I was almost certainly guilty).
You then get the additional problem that "I'm being investigated by police because they think I'm a paedophile" isn't something you can easily talk to people about without conclusions being jumped to, and potentially making things even worse.
In summary, don't run a Tor exit node from your home internet connection in the UK unless you really want to see what the inside of a police cell is like, or fancy several months of intense stress in your life. You may think this is just scaremongering, and it won't happen to you, but that was precisely the attitude that resulted in me writing this.
Man that sucks, especially the social services part. Did everything work out in the end?
> […] in the UK
Or anywhere else for that matter, unless you are absolutely sure about the legality of the matter and how law enforcement will respond. I am under the impression that only corporations and institutions should run Tor exit nodes.
Yeah, it all worked out fine eventually, apart from me still being a little bit jumpy if someone knocks the door in the morning when I'm not expecting it.
The UK is probably one of the worst places in the English-speaking world to be accused of hosting something illegal. I've considered hosting a kink social network here (competition with Fetlife), but any sort of image sharing system would leave me incredibly open to the police. I've known people who hosted specific kink-related forums and similar, even without an image upload system, and had huge problems.
As far as I can tell the most reasonable thing to do if I wanted to go through with this would be to develop the software, and sell it on an ongoing basis to a company somewhere with reasonable laws which can actually operate it.
> even running a relay node on your home network gets you blacklisted
Yeah, that was a fun week when I naively stood up a Tor not-an-exit relay on my home Internet connection and 40% of the Internet turned into "go away" or "enter CAPTCHA to proceed" madness.
> some people have had surprise 6am home visits from law enforcement for running exit nodes
Oh, right. And I even live in Seattle[0] so best not to do that.
There are some providers who "buy" their blacklists from other companies that specialize in that. They essentially get a list of X IP Addresses / Subnets and they blindly block them. Providers compete to generate the "largest blocklist" with "the most bad guys", and therefore end up adding any IP Address they can find. Tor has been used by criminals at least once, therefore any address related to it must be bad, right?
CDN's tend to block Tor. A lot of the Web is stood up behind one CDN or another. Cloudflare is the one that sticks out to me. But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.
So my thought is you probably ran into CDN's of various ilk, likely wasn't your ISP.
For the record, a fair number of large public universities run Tor relays and exits (my lab ran four relays and an exit when I was a grad student), and they seem to be doing okay; we were kind of our "own ISP" but what that really means is you lease everything from the local ISP and get to provision a large sub-block of "their" addresses as you see fit, which in our case was Comcast. I think we had a grand total of one DMCA complaint and no other issues. But it didn't hurt we did have a law school to call on if anything went south (which it didn't).
> But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.
Misinformed at best: you wouldn't want to DDoS anything over Tor, because 1) the nature of the protocol means that the target receives less data than you are sending; 2) any botnet worth worrying over has much more bandwidth available than Tor's exit bandwidth.
Regarding botnet C&C, the picture is more complicated but 1) there has been a very high-profile case of a botnet using Tor to hide it's C&C activities; “surprisingly”, it's very easy to spot when a significant amount of all Tor clients are bots (i.e. the anonymity set is much too small to hide the botnet); 2) those do not tend to be hosted on behind CDNs.
> But it didn't hurt we did have a law school to call on if anything went south (which it didn't).
That's /very/ true: I would strongly urge anybody who considers running exit nodes to do this within a framework/organization where they can get legal assistance if it is ever needed.
That's interesting. I use VPS as my VPN, but I also run tor relay there, just because I think it's the right thing to do. I can certainly say, that I didn't notice any blocks from the web sites. I tried to run tor on my home server, but, unfortunately, my provider seems to block its traffic, so it was never able to bootstrap.
> even running a relay node on your home network gets you blacklisted (which is frustrating since absolutely zero malicious traffic originates from your IP)
Are you sure about this? How would anybody even know if you're running a relay - those aren't published anywhere. Unless your ISP is doing DPI, in which case running a relay and being a Tor user would look the same to them.
How are relays not published anywhere? A very basic property of onion routing is that the client chooses the relays. Even if they are not technically "published", they certainly are public.
Correct! The list of relays (both exit and non-exit) is public. There are several tools with web frontends available as well. There are also relays that are not publically advertised but available by special requests if someone needs a "secret" entry point to the network, they are the so-called bridges,
I've seen this (running a non-exit relay), though in my experience it's been a tiny fraction of sites rather than a majority. I don't get the CAPTCHA prompts for CloudFlare (unless I'm actually browsing via tor, not just my own IP address).
Various organisations will deny their services to you just for running a relay, despite the fact that no proxied traffic will exit your network and connect to them. I hope that it is incompetence, it's often unsurprisingly difficult to contact anyone who's able to deal with the issue.
I've been running relays at home for over a year. The only sites I have trouble with are Monoprice and Apple Support Forums. I don't have any trouble watching Amazon videos.
There's probably a good reason for using a "full" list, but I can't think of one off the top of my head. That site at least offers both and just about explains the difference.
I don't wish to deal with the headaches involved in running a Tor exit node (despite this article's claim that the headaches are less than one might expect). I wonder if there is a way to contribute money to help those who ARE willing to invest the effort to run these nodes?
Yes: a number of non-profits exist, who operate high-bandwidth Tor exit nodes. In Europe and North America, many of them partnered with the German TorServers.net: https://www.torservers.net/partners.html
There are several reasons one might want to setup a non-profit for this:
- we can pool resources (money, but also technical expertise, availability to reply to abuse mails, access to legal expertise ...);
- it gives you greater (but still not great) media visibility for advocacy/outreach and running donation campaigns;
- it puts you on better footing if/when contacted by law enforcement agencies;
- it makes it easier to find networks that aren't heavily represented in the Tor network yet, and are willing to host exit nodes.
Full disclaimer: I am on the board of directors and sysadmin team of Nos oignons [NO], a French non-profit that operates Tor exit nodes.
You could just buy a vps and install tor there. I imagine it wouldn't take 30 minutes to set it up for life. For very low costs too, a 1tb of traffic goes for about 5$ with some memory and 1 core.
It should only take a few minutes to set it up.
I made an online configurator which installs everything for you.
https://tor-relay.co/
</shameless plug>
You'd have to be very wary about where you do that though, most VPS hosts don't mind relays but don't allow exit nodes, some allow both and some allow neither.
Speaking from experience, DigitalOcean and Vultr seem to be cool with relays.
Careful with cloud hosting which don't offer unlimited bandwidth. Although DO doesn't really charge for bandwidth (right now) it can at any moment it choses.
Ideally you don't host with the big guys (since there are so many relays already - diversity) which makes it a bit harder to find something. Ten times so for exits.
Like some other comments, you can find people who run tor relays and accept donations (TorServers being my personal choice), however, very few are willing to run exit nodes.
Regarding the saturation of free socket ports. I see that KeyWeb gives you 2 IP addresses per vServer (and IPv6 enabled, which I assume means a whole /64). Wouldn't it have been easier to configure Tor to bind to only a single IPv4 address and use the other one for administrative login? As far as I understand the Linux network stack, port exhaustion happens on a per-address base. So even if Tor (or anything else) exhausts all the connection ports for one address you should still be able to get back in via the other address.
We where a keyweb customer for years, using it for email and crm for many clients. When we asked to add corporate VPN to make it more secure and reduce abuse, they didn't allow it in their dFlat bandwidth terms.
So now they accept Tor exit nodes but not corporate VPN?
Hasn't Tor failed to meet its goal so far? With only 900 exit nodes, it's totally feasible to block them all, which is exactly what China has done. If Tor isn't usable for hopping over the GFW, it hasn't yet fulfilled its true potential, has it?
"Tor provides a gateway to the free Internet, bypassing most mediums of censorship that may be imposed by someone, like for example oppressive regimes."
People sure seem to believe that getting around censorship is one of the main goals, though.
It's not a matter of hiding the fact that you're using Tor, it's a matter of whether it bypasses censors or not. There's a big difference between those two. Even if a censor is able to detect that an individual node is running Tor, that doesn't mean they can globally detect all nodes and then block them.
Tor's user numbers in China in particular are very low simply because it's just straight blocked. Private bridges and pluggable transports can get around that, but they're just not used at scale because that's just too challenging for ordinary users.
The way china is blocking tor is completely independent on the number of nodes. They even go and detect the traffic to bridges.
The problem is more like that tor relies on a few directory authorities and the only protection they have is geographic distribution and the public outcry should a set of nation state go actually seize them.
> The problem is more like that tor relies on a few directory authorities and the only protection they have is geographic distribution and the public outcry should a set of nation state go actually seize them.
Seizing the DirAuth wouldn't achieve anything useful: all the data that the DirAuth has access to is a matter of public record (literally, the role of the DirAuth is to collect that data, sign it cryptographically and vote on it).
A group of nation-states looking to attack Tor this way would need to stealthily subvert a majority of the DirAuth, and manipulate the network consensus in a way that is both hard to detect and allows them to deanonymise users; that's very far from trivial.
Yes, a simultaneous seizure of the DirAuth would do that, breaking Tor relays and clients until the software is updated (the list is in src/or/config.c if you are curious).
On the other hand, it's a move that would require international cooperation <i>and</i> cost lots of political capital, whose only result would be a temporary (but global) DoS.
You can run an exit node that only allows port 80 and 443 traffic. A lot safer and a lot less bandwidth usage. I ran a server for a couple of years and not once got a complaint.
It's basically a documented exit policy (i.e. the configuration stating which outbound traffic you accept to carry) that aims to minimize the potential for abuse while still allowing useful things.
I remembered an article on motherboard about a guy's house raided by FBI for running an exit node. Now that article rendered a 404. Not sure if publicly claiming to run an exit node is safe.
If its that cheap and the bandwidth is limited by the exit nodes, why don't we just spin up 1000 exit nodes ?
I'd like to use Tor more if it was a bit speedier.
Well, one single person running 1000 exit nodes would be potentially armful.
Same for 1000 exit nodes running on the same network.
That's why it's not very practical to simply write a deployment script for some major cloud provider and let people run with it. (Also, bandwidth tends to be expensive there)
However, if you mean for 1000 HN denizens to start operating their own exit nodes, then by all means go for it :)
(Be aware, though, that some people can get quite obnoxious, regardless of the actual legality of running an exit node.)
PS: As already mentioned in this thread, for the sake of full disclosure, I run a non-profit that runs exit nodes.
People are scared by some horror stories. Terrorism in the traditional sense of the word, as done by a government, is what is happening here: raid a few people and the whole community backs off. I have to admit that it makes me more hesitant too.
> I'd like to use Tor more if it was a bit speedier.
It's more than just having enough bandwidth. Tor picks random servers to relay through. Say you are in silicon valley and want to connect to Gmail via Tor. Tor might, in a really bad case, choose a server in Germany, Japan and South Africa. Now your traffic has to travel from the US to Germany to Japan to South Africa and to the US again. Limited by the speed of light (light is slow), that takes a while -- probably almost a second for a single round-trip. Connecting via HTTPS will suck and online shooter games are out of the question, no matter whether you have 56kbps or 180gbps available.
In most cases it's a lot better than this, but it remains random chance. I used Tor daily for a few months and often didn't notice any difference between normal WiFi and Tor, but sometimes it was also a bit annoying.
I would say many people are put off by the morality of it. Sure you're helping people in oppressive regimes avoid censorship, but you're also helping scum in a way many people aren't comfortable with or want to be connected with.
TOR interests me but I'd never run an exit node because I'm assuming one of three things is gonna come out of it: dissidents, criminal activity, or spook traffic (it was literally made by and for naval intelligence /the CIA).
You can make an ethical argument for the first one but I still don't want any of those three running out of my machines...
Tor relies on various kinds of diversity to protect anonymity. Your proposal probably reduces diversity in terms of sysadmin, hoster, network and jurisdiction.
I interpret his message differently, namely the "we" I see as referring to the community as a whole. It's not that dirt-cheap that any individual could host 1000 servers anyway, even at only $5 a month that would be $60k a year, which I doubt many individuals are going to not care about.
Well, you can contribute, and it will only cost you about 5$ / month! Tor, by design, has some latency issues, and can also have exit node bottlenecks. I think people only run intermediate relays because of a "myth" that you'll get raided at 4 am if you run one. It has happened in the past to some operators, however, in this blog, I wanted to show that it's not always that way.
`test` is the oldest and most portable syntax, "[" is a POSIX synonym which is either a shell built-in (e.g. in bash) or a command i.e. /usr/bin/[ .
You are correct that the author seems to misunderstand what "[" and "test" do, probably by failed analogy with C syntax. In the case of "test foo" for any string "foo", "test" will be evaluating a non-empty expression which is always true.
Yes, that looks exactly analogous, but my question is why people don't use the perfectly good built-in conditional termination in a while or for loop and instead add on an if statement.
(Also, I don't understand why a for(;;) loop is more attractive than a while(1) loop.)
I would be really interested in setting up an exit node and doing my part to help people with privacy and other issues get access to an open internet. Where would be the best place to start? I'm afraid that I'm not quite as technically advanced as the Author of the article so setting up the auto email responders and such would be difficult - can you just ignore the emails?
Hey, it's the Author here.. You don't have to be very technical with that.. There are plenty of tutorials, some are "official" in the Tor Project website, and some not. Unfortunately you have to reply to these e-mails otherwise they may follow up or see that you never reply and follow other means of contacting you. Truth be told, I don't know. I've just read some info on their website.
A lot of small providers offer truly "unmetered" bandwidth packages at low cost because for whatever reason they have contractually overprovisioned their bandwidth. They lose nothing by giving away unused bandwidth they have already paid for. Once they attract enough business to consume that bandwidth these deals go away.
There are tons of ways that unmodified software will deanonymize you. For example, WebRTC and Flash can leak your true IP from your browser. Fingerprinting attacks are possible with lots of network-enabled software.
Back in the day, 90% of the traffic I would see was just people trying to brute force Hotmail accounts via POP3, but occasionally I'd sniff the credentials for an IRC-based C2 for a botnet, and I'd log in and wreck the thing.