Any background on who "Conformal Systems" are and why they would operate exit nodes ? I'm not really familiar with who they are and what they do, but they seem to be the only one in the top-25 that isn't either a hosting company or a residential ISP.
(apart from Formless Networking, but that one is a bit more well known)
Not that it's not nice of them, but it seems a bit out of place.
Conformal is a startup run by a group of former OpenBSD developers
including Marco Peereboom (marco@), Owain Ainsworth (oga@), and others.
I've met most of them in person, and I've interacted with them on
mailing lists for nearly a decade and a half. They are all good people
in my book, and they're very talented. On many occasions, both Marco
and Owain have helped me debug problems while adding support for new
hardware. I can think of one time when Marco asked for both root and
serial access to one of my boxes so he could debug a HBA. I gave him
root on the system, root on the serial concentrator box, and root access
to the network enabled power strip for hard reboots. Yes, I trust him.
Ha! If only it were only that ;-). (I know you are being faceticious).
No, really it was a genuinely thoughtful and respectful description of the person. I only hope that at my own level, and at some point in life, people I am associated with think of me in (somewhat) similar terms ;-)
You're welcome jy-p. I just realized that I left out something important
that nearly everyone on HN could relate with and appreciate. Conformal
is comprised of some of the same people who helped to give the world
OpenSSH which absolutely everybody uses. Of course they don't get all
the credit, but they helped, and it probably wouldn't take too long to
search the commit logs and find some of your names committing/OK'ing
patches.
Knowingly or not, anyone running OpenSSH is already trusting the work
of the people at Conformal.
we have more bandwidth than we use and we donate this bandwidth to the tor project. we are fans of the tor project and care about protecting personal privacy and individual expression.
we have 3 nodes running up to 4 processes on each node. each node is capable of pushing out up to ~600 Mbps with 4 processes on it. the nodes run bitrig, a fork of openbsd that several of our developers hack on.
EDIT: i just read the linked article and i see why we are listed - we have our own ASN and run openbgpd from our colo space.
Can you guys write up about your exit nodes, like how they are setup and whatnot? Maybe even post images of the software setup on the machines. This would make it easier for others to run an exit node, since they wouldn't have to worry about setting anything up.
Casting doubts and aspersions when you don't know anything and haven't
bothered to read up on what they do is extremely unfair.
They do some very impressive cryptographic deduplication. Essentially
it's a method to deduplicate already encrypted data reliably. If you
don't realize how amazingly cool that is, you need to do some reading.
It's a really tough problem, and it solves a major pain point for anyone
with large volumes of encrypted data (i.e. governments).
cyphertite uses a private (per-user) deduplication pool, not a global deduplication pool like dropbox and many other online storage providers.
Example 1 - user1 uploads file1, then at a later time user1 tries to upload file1 again. the 2nd occurrence of the data in file1 is recognized as a duplicate of what has already been stored, so the service does not re-upload the bulk data of file1. this saves bandwidth, time, cpu cycles etc.
Example 2 - user1 uploads file1, then at a later time user2 uploads file1. in a private (per-user) deduplication pool, both user1 and user2 would need to separately upload a copy of file1, but in a global deduplication pool, user2 would not need to actually upload the bulk file data since it can reference data that user1 uploaded earlier.
the upshot here is that each user has their own separate crypto keys that are used client-side, similar to spideroak, tarsnap, etc.
i could get into the details here, but it's pretty well summarized in our infographic and crypto whitepaper
Yes, it's possible with certain kinds of algorithms. A while back IBM found a way to do general computation on data without decrypting it, like adding encrypted dollar amounts together etc. But it's about a million times slower than normal data processing.
General computation on encrypted data was discovered by a graduate student at Stanford named Craig Gentry. He now works for IBM, and has been pretty active in that field, along with a handful of other experts. It's very slow, sure, but over the past 4 years speeds have increased to the point where it is reasonable to start talking about practical applications.
It is also worth pointing out that systems supported restricted classes of functions preceded Gentry's work. If you are willing to limit yourself to NC1 functions (i.e. those that can be represented as boolean circuits with depth that is the logarithm of the input size), you can use oblivious transfer or the SYY construction (cannot recall their names off the top of my head). If you only need products in certain groups, you can use ElGamal. If you only need an XOR, you can use the Goldwasser-Micali system.
Also, there are garbled circuits, which date back to the 1980s. That is a somewhat different notion of computing on encrypted data, since it requires messages to be sent every time the computation is performed. Garbled circuits are substantially faster than FHE right now, although that may change due to FHE's low communication overhead and the rate at which FHE speeds have been improving. Also in this category are multiparty protocols that use arithmetic circuits, which have seen at least one major real-world use:
I wish I could tell you. I understand some of the parts involved but do
not understand the method completely, so it's best for everyone that I
don't speculate blindly. The Ciphertite web site is a far better
reference than I could ever be.
I'll go to the top of the building and light up the tptacek bat signal.
Everything I can find on them indicates that they are simply an open source company who takes privacy and data security very seriously [1] -- which would explain why they are running tor exit nodes.
What information do you have that they are government contractors?
Interesting, all the Berlin exit nodes are in a place that is a huge construction area on the Museum Island. Based on this I suppose they were only able to do city-level positioning (GeoIP or something similar).
It's worth noting that the statistics may be skewed because e.g. of US-based operators run their nodes at foreign ISPs due to fear of US law enforcement. Countries with more "liberal" policies probably have more nodes because of this, but it doesn't necessarily mean there are more operators based in those countries.
I'm curious: what are the specific laws that we should be concerned about?
(Obviously the US has many draconian laws regarding cyber-anything, but I'm curious what specific lines we cross with Tor Exit Node operation. Does it include something like ownership and responsibility of the data that passes through a node that we operate?)
Yes, exactly. There's never been any case law on the issue, but in the ideal theoretical world, exit node operators would get the same protections from what their users do that ISPs do.
Unfortunately, since we're often a single guy with no legal entity, we are not afforded such protections by default. I've been running an exit node since 2005, and I've had to switch ISPs numerous times because of abuse coming out of the node. I've even had my hardware physically confiscated when network administrators couldn't figure out what kind of traffic was coming out of it.
While I believe in the goals of the Tor project, I am not really interested in being the guy who has to set the precedent here, so I don't run my exit node in the US any more. If history is any indication it would be a long legal battle to set such a precedent.
I would think that in any decent courtroom, then eventually would, since those same protections apply to forum operators, chat rooms, picture sharing sites, etc. But I don't blame you at all for not wanting to be the test case, since that would probably be rather expensive and likely to disrupt your personal life.
Your ISP is obviously an ISP, and most law enforcement agencies understand that and that it means that if something dirty comes through there, then an employee of the ISP most likely didn't do it. But if you're using your home PC as an exit node... most agencies probably have no idea what Tor is, and would assume that you personally were doing whatever came through it, and would commence with the whole search, seizure, and media circus before they figured it out.
Ah, I see the distinction you're making: this is a map of exit nodes, not exit node operators. The operators can of course be anywhere in the world. For all we know based on just this map, all the tor exit node operators live in Antarctica.
In case its not already obvious, most Geo-IP data is not particularly correct. In my experience its often off by 50-100 miles, and lucky if it even says the correct city. I've actually had Google say my IPs were in Singapore, when they were obviously not, and its a big pain to get Google to change that. Some of the other Geo-IP providers are better, but not by a whole lot in my experience.
If its also not obvious, most large TOR exit nodes are in datacenters and not in people's houses, for a variety of reasons.
I concur with your statements, as I've seen my own GeoIP resolve to someplace 3,000 miles away from my actual physical location.
Bravo for the data center mention as well.
As someone who lives in a rural area, without access to high-speed connections, the idea of running a home based server just doesn't make sense.
It is worth noting that you can run Tor in non-exit mode, but still route (secure, encrypted) tunnels around for other Tor users. This is (ideally) how every Tor user should act, if at all possible.
True. In fact I personally do this. I really want to run an exit node, but I'm also terrified of having my apartment raided and turned upside down for traffic flowing out of my place.
To take your pedant to its extreme, though, using Tor Hidden Services entirely inside the Tor network is more secure than using a Tor exit node to access web sites outside of Tor.
If you hear about sites like the Silk Road, those exist only inside the Tor network, you can't (directly) reach them the 'actual internet' / the Web.
Thats just an error, if you check the IPs they all belong to EuroVPS who in turn seem to lease their lines from Leaseweb(Netherlands).
Maybe Eurovps office used to be in Kyrgyzstan and the whois data was stale at the time this was mapped. (e.g. http://whois.domaintools.com/77.235.32.0)
Same thing for the one in Almaty, Kazakhstan which is actually located in Belgium (http://whois.domaintools.com/89.106.244.21).
Another example 46.37.160.114 maps to Vladivostok, but it actually belongs to BurstNET London.
IP geolocalisation sucks badly. For example OVH got only 1 DC (well to be precise one big room) in Paris.
Kimsufi are hosted in their DC in Roubaix (north of France).
They also got another one located in the east (near Strasbourg).
You can also buy an IP located in somewhere else in Europe but linked to your server in Roubaix.
Perhaps simply multiple network interfaces / assigned IP addresses - all could actually reside in the same physical machine. (That's probably not good practice Tor-wise, of course - the nodes should be as dispersed as possible..)
edit now that I think about it, placing Tor exits in a hospital area might be a clever tactic to avoid them being raided (e.g. to freeze memory and attempt to extract some data about other nodes etc)..
Interesting map, zooming into Utah (where I live) shows that the local ISP Xmission is running 3 exit nodes. The map shows 4, but two of them have the same IP address.
> IP:
Location:
Netblock:
AS Name:
ISP:
Reverse DNS:
50.16.161.238
Ashburn, United States
50.16.0.0/16
AMAZON-AES
AMAZON.COM INC.
ec2-50-16-161-238.compute-1.amazonaws.com
So, not a coincidence, but also not suspicious - it's just Amazon's data center.
The map puts them in Ashburn, VA, which makes sense as there are massive commercial data centers there. If you have a server or VPS whose location is "east," there's a good chance that it is in an Ashburn data center.
(apart from Formless Networking, but that one is a bit more well known)
Not that it's not nice of them, but it seems a bit out of place.