Re: [tor-relays] Call for discussion: turning funding into more exit relays
Hey all, Have you contemplated sending this over to the hackerspaces list? They are often: geographically diverse can be be incorporated or non-profit understand or have heard of Tor usually pay for a decently fast connection for their space already are familiar with hosting services already I'm sure being able to supplement their small income by doing something like this would interest them as well. -kupo ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Electronic surveillance on major tor exits
> We opted for the "if we don't stay relevant to the world, Tor will never > grow enough" route. I think that's still a good decision today. This is probably an ok thing as everyone knows a useless network is a dead network. So maybe in times of glut, do some release or authority based tuning to keep the balance. I would launch a project to map/AS/speed/etc the current relays and base tuning/funding on that. > I hear that running exit relays in the US is increasingly difficult these > days, which is an extra shame because that's where a lot of Internet > diversity is That diversity can be true. It's kindof hard for small countries/regions to be diverse when essentially the only people they peer with are maybe two Tier-n's from other countries, usually piped in via their one or two fiber links, buried, paid for and run by their own government. One place to look for some is the EDU space. They've got tons of bandwidth, it's a matter of finding the ear of an outranking professor or humanities/law/whatever department since central IT usually won't. Unfortunately, most AUP's roll down from the Tier-1's. So the only real way to defeat that, in the US and elsewhere, is to become the ISP. Much as torservers tries to own complaints. It's just pricier in work, funds and responsibility. Non-exit relays are certainly easier to deploy with nearly unlimited diversity and speed. Perhaps keeping a PR/funding push there to the point of glut is an easy and valid win as well. Then you're left with just the exits. I would accept funds to do some of this at cost plus beer, but just as it's hard to hand them out, it can be just as hard to receive them. Sorry, I think most of this goes in the funding thread, so please feel free to quote any of this over to that one. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Call for discussion: turning funding into more exit relays
On Mon, Jul 23, 2012 at 02:58:54PM -0400, Roger Dingledine wrote: > Next steps: [...] > Then I'll send individual emails to exit relay operators pointing them > to it and asking for their feedback (on the list or private, whichever > they prefer). I'll also try to get some sense of how much their hosting > costs, whether they'd want to participate in our experiment, whether > they're in a position to ramp up to a faster connection, etc. For context and transparency, here's the mail I've been sending current fast exit relay operators. Please feel free to answer it here if you prefer. """ I want to draw your attention to a thread I've started on the tor-relays list: https://lists.torproject.org/pipermail/tor-relays/2012-July/001433.html In short, we have a funder who wants to sponsor more and faster Tor exits, and we're brainstorming about how to use the money in a way that makes the network stronger but also doesn't screw up the "community" side of the Tor relay operator community. The first step is collecting facts about the current fast Tor exit relays. It would be great if you could join the conversation and give us your perspective (either on the tor-relays list or in private, whichever you prefer). I really want to make sure the current relay operators are included in the decisions. Also, if you are interested in sharing, it would be great to learn (separated by exit relay if you run more than one): - What do you currently pay for hosting/bandwidth, and how much bandwidth do you get for that? - Is it a stable hosting situation? For example, how do they handle abuse complaints so far? - Is your hosting situation one where it could make sense for us to reimburse your bandwidth costs? (Some people have a deal through their employer, friend, etc where they don't pay for hosting.) - Are you in a position to get more bandwidth if you pay more? At what rates? We're most interested in sponsoring >=100mbit relays. - Do you have other locations in mind where you would run another exit relay if you didn't have to pay for it? - What else should we be asking here? :) Thanks! --Roger """ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Call for discussion: turning funding into more exit relays
On Mon, Jul 23, 2012 at 05:14:44PM -0400, Andrew Lewis wrote: > $100 is not going to cut it most likely That could be. I look forward to learning more about the options. Another approach to explore is subsidizing bandwidth, that is, if you find a place that's $175/mo we can make it like it's $75/mo for you. That said, if it takes $200/mo to get a good 100mbit exit situation, and we can't get enough other ways, then we shouldn't rule it out. I'm especially nervous about creating a culture where our volunteers flock to super-cheap colos, generate a few abuse complaints and make those colos hate Tor, and then move on to the next one. There's only one Internet, and we want ISPs to like Tor. That means building relationships. > People spend a lot of time looking for server hosting on the cheap Yes. We need volunteers continuing to do this work. > Finding providers is a pain, unless you can get them to SWIP your address > block or otherwise reassign the IP address space abuse contacts to you. > > What are the requirements going to be on the exit nodes? Can the reduced exit > policy be used? The sponsor wants 80, 443, 554, and 1755 open. I guess 554 and 1755 aren't in the standard reduced exit policy, but it's mighty close. > And last of all I'd love to volunteer if you go the individual >route, I ran an exit node before and know what it entails, FBI visits >included.(Which is a separate and very real issue, equipment gets seized >and doors get knocked on, make sure anyone going into this knows that). We as a community need to continue to interact with law enforcement groups to educate them about how this Internet thing works. I've had great conversations with law enforcement in Germany, Sweden, and the US, and I'm working on setting up meetings later this year with Dutch, Belgian, and Austrian law enforcement groups. Andrew Lewman (our executive director) is off to an Interpol meeting in a few months, to teach them about Tor. We need to make it more than just a few of us though. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Electronic surveillance on major tor exits
On Mon, Jul 23, 2012 at 11:03:24AM -1000, Name Withheld wrote: > I know that this is one of the reasons why "more nodes" is the > largest everyday push (I went from 1 to 3 in the last month), and > "we're working on it," and the node-funding push should help some of > this, but I think it's important to review what direction relay > diversity is heading in the long-term when the metrics start leaning > in a certain way. I agree. Note that we could instead reduce the influence of the fastest exits by just refusing to allocate as much traffic to such fast exits. This choice goes back to the original discussion that Mike Perry and I were wrestling with a few years ago, when deciding about deploying the bwauth design [1]: if we want to end up with a fast safe network, do we get there by having a slow safe network and hoping it'll get faster, or by having a fast less-safe network and hoping it'll get safer? We opted for the "if we don't stay relevant to the world, Tor will never grow enough" route. I think that's still a good decision today. That said, diversity is about more than just "are there two relays to choose from or one" -- against bigger adversaries, we should be wondering about what country they're in, what upstream they have, and so on. I hear that running exit relays in the US is increasingly difficult these days, which is an extra shame because that's where a lot of Internet diversity is (unless NSA is your adversary, in which case you probably have bigger problems). There's a lot of research work in this direction [2, 3, 4], and we're going to have to keep pushing on it. --Roger [1] https://blog.torproject.org/blog/torflow-node-capacity-integrity-and-reliability-measurements-hotpets [2] https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network [3] https://trac.torproject.org/projects/tor/ticket/6232 [4] http://freehaven.net/anonbib/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Call for discussion: turning funding into more exit relays
Roger, I used to run a larger exit node a while back, and have a few quick comments. $100 is not going to cut it most likely, even for only 100 mbit traffic only. Most providers are really antsy about spam/DMCA reports, and aren't willing to deal with it for that cheap. I'd suspect that you are looking at the $150-$200+ range, at least in my experience. People spend a lot of time looking for server hosting on the cheap, and torservers.net has some useful experiences on what to look for. Finding providers is a pain, unless you can get them to SWIP your address block or otherwise reassign the IP address space abuse contacts to you. What are the requirements going to be on the exit nodes? Can the reduced exit policy be used? And last of all I'd love to volunteer if you go the individual route, I ran an exit node before and know what it entails, FBI visits included.(Which is a separate and very real issue, equipment gets seized and doors get knocked on, make sure anyone going into this knows that). -Andrew On Jul 23, 2012, at 2:58 PM, Roger Dingledine wrote: > For a few years now, funders have been asking if they can pay Tor to > run more relays. I kept telling them their money was better spent on > code and design improvements: > https://blog.torproject.org/blog/why-tor-is-slow > https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance > since a) network load would just grow to fill whatever new capacity we > have, especially if we don't deal with the tiny fraction of users who > do bulk downloads, and b) reducing diversity of relay operator control > can harm anonymity. > > But lately the Tor network has become noticeably faster, and I think it > has a lot to do with the growing amount of excess relay capacity relative > to network load: > https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-06-01&end=2012-07-21#bandwidth > > At the same time, much of our performance improvement comes from better > load balancing -- that is, concentrating traffic on the relays that can > handle it better. The result though is a direct tradeoff with relay > diversity: on today's network, clients choose one of the fastest 5 exit > relays around 25-30% of the time, and 80% of their choices come from a > pool of 40-50 relays. > https://trac.torproject.org/projects/tor/ticket/6443 > > Since extra capacity is clearly good for performance, and since we're > not doing particularly well at diversity with the current approach, > we're going to try an experiment: we'll connect funding to exit relay > operators so they can run bigger and/or better exit relays. > > If we do it right (make more faster exit relays that aren't the current > biggest ones, so there are more to choose from), we will improve the > network's diversity as well as being able to handle more users. > > We've lined up our first funder (BBG, aka http://www.voanews.com/), > and they're excited to have us start as soon as we can. They want to > sponsor 125+ fast exits. > > -- > > Open questions we need to decide about: > > 1) What exactly would we pay for? > > I think the right way to do it is to offer to reimburse bandwidth/hosting > costs -- I don't want to get into the business of paying people to > run relays, and I don't want people to be trying to figure out how to > "profit". That leads to all sorts of horrible incentive structures. > > More broadly, we should keep in mind that the primary cost of running an > exit relay is effort, not dollars: it takes dedication to find an ISP > who will host it, and to hold that ISP's hand when an abuse complaint > arrives. Or said another way, hosting costs are in many cases not the > biggest barrier to running an exit relay. > > I think we should aim to constrain ourselves to talking about >=100mbit > exits, assuming that turns out to give us enough choices. That said, > we don't want to concentrate bandwidth too much in any given relay, > so we should limit the amount we'll reimburse per relay. > > 2) Should we fund existing relays or new ones? > > The worst failure mode here would be that we screw up the current > community of relay operators. That's why it's extra important to keep > them involved at each step of this discussion. > > I think the right answer is probably a balance of reimbursing costs from > current exits and encouraging new exits to appear. Before we can get > more precise though, we need to get a handle on how many current fast > exits there are, and what their constraints are (whether their hosting > situation could give them more bandwidth, whether they're paying now or > getting a deal through a friend/employer, etc). > > Even then, there are interesting further questions like: > > - Should we prefer big collectives like torservers, noisetor, CCC, > dfri.se, and riseup (which can get great bulk rates on bandwidth and are > big enough to have relationships with
Re: [tor-relays] Electronic surveillance on major tor exits
This is in response to something from Roger's email on funding exit relays, but I didn't want to derail such an important conversation by responding directly. He mentioned: "At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays." This has probably been discussed before, but the first thing that came to my mind was, "how does this simplify surveillance of tor traffic flows?" I know we badly need the performance improvement to continue moving Tor into the mainstream, but when it comes at the cost of a huge amount of all tor requests are exiting through a small subset of nodes, are we baking in a serious vulnerability? Most Tor users probably don't read the manual and follow best practices. I'm sure we've all seen traffic where users are using google maps to find directions from their home, or logging into their true-name mail accounts. When you combine this "State of our Method" with a choke on the number For monied countries that practice aggressive electronic surveillance (China, Russia, and the larger western states), it becomes more and more tempting to set up (or subvert) expensive, fast exits (with tshark and an SSL-stripper on it) and be guaranteed significant amounts of traffic from people that they view as having something to hide. And if the same routing calculus applies to non-exit nodes, they can do the same thing on the non-exit layers, not only improving their correlation attacks, but creating a plausible chance of controlling some tunnels end-to-end. I don't think that's a good situation for anybody other than the monitors. I know that this is one of the reasons why "more nodes" is the largest everyday push (I went from 1 to 3 in the last month), and "we're working on it," and the node-funding push should help some of this, but I think it's important to review what direction relay diversity is heading in the long-term when the metrics start leaning in a certain way. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Call for discussion: turning funding into more exit relays
For a few years now, funders have been asking if they can pay Tor to run more relays. I kept telling them their money was better spent on code and design improvements: https://blog.torproject.org/blog/why-tor-is-slow https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Tor/Performance since a) network load would just grow to fill whatever new capacity we have, especially if we don't deal with the tiny fraction of users who do bulk downloads, and b) reducing diversity of relay operator control can harm anonymity. But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load: https://metrics.torproject.org/network.html?graph=bandwidth&start=2010-06-01&end=2012-07-21#bandwidth At the same time, much of our performance improvement comes from better load balancing -- that is, concentrating traffic on the relays that can handle it better. The result though is a direct tradeoff with relay diversity: on today's network, clients choose one of the fastest 5 exit relays around 25-30% of the time, and 80% of their choices come from a pool of 40-50 relays. https://trac.torproject.org/projects/tor/ticket/6443 Since extra capacity is clearly good for performance, and since we're not doing particularly well at diversity with the current approach, we're going to try an experiment: we'll connect funding to exit relay operators so they can run bigger and/or better exit relays. If we do it right (make more faster exit relays that aren't the current biggest ones, so there are more to choose from), we will improve the network's diversity as well as being able to handle more users. We've lined up our first funder (BBG, aka http://www.voanews.com/), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits. -- Open questions we need to decide about: 1) What exactly would we pay for? I think the right way to do it is to offer to reimburse bandwidth/hosting costs -- I don't want to get into the business of paying people to run relays, and I don't want people to be trying to figure out how to "profit". That leads to all sorts of horrible incentive structures. More broadly, we should keep in mind that the primary cost of running an exit relay is effort, not dollars: it takes dedication to find an ISP who will host it, and to hold that ISP's hand when an abuse complaint arrives. Or said another way, hosting costs are in many cases not the biggest barrier to running an exit relay. I think we should aim to constrain ourselves to talking about >=100mbit exits, assuming that turns out to give us enough choices. That said, we don't want to concentrate bandwidth too much in any given relay, so we should limit the amount we'll reimburse per relay. 2) Should we fund existing relays or new ones? The worst failure mode here would be that we screw up the current community of relay operators. That's why it's extra important to keep them involved at each step of this discussion. I think the right answer is probably a balance of reimbursing costs from current exits and encouraging new exits to appear. Before we can get more precise though, we need to get a handle on how many current fast exits there are, and what their constraints are (whether their hosting situation could give them more bandwidth, whether they're paying now or getting a deal through a friend/employer, etc). Even then, there are interesting further questions like: - Should we prefer big collectives like torservers, noisetor, CCC, dfri.se, and riseup (which can get great bulk rates on bandwidth and are big enough to have relationships with local lawyers and ISPs), or should we prefer individuals since they maximize our operator diversity? I think "explore both approaches" is a fine first plan. - For existing relays who pay for hosting, should we prefer that our money go to covering their existing costs (and then we encourage them to save their money for use, say, after this experiment finishes), or should we aim to add additional funding so the relay can use more bandwidth? I'd say it comes down to the preferences of the relay operator. That said, if we have plenty to choose from, we should pick the relays that will make the network grow -- but we should take extra care to avoid situations where operators in the first category say "well, fine" and shut down their relay. More generally, we need to consider sustainability. Our current exit relay funding is for a period of 12 months, and while there's reason to think we will find continued support, the Tor network must not end up addicted to external funding. So long as everybody is running an exit relay because they want to save the world, I think we should be fine. 4) What exactly do we mean by diversity? There's network diversity (AS / upstream network topology), organization and operator diversity, jurisdic
Re: [tor-relays] task-6329 / tor relays stats patch
Hi Michael, I'm cc'ing tor-relays for the discussion here, because I figured if you're okay with sharing the patch, you're probably also okay with a public discussion of it. :) On 7/21/12 4:19 PM, Michael Zeltner wrote: > Hi Karsten, > > On my way out, and I would otherwise forget but here you go, maybe you'd like > this. > > Best from Metalab/Vienna, > Michael Thanks for sending the patch! Most of it looks good, but I took out the --family-for-fp option which, I think, isn't entirely correct. This option looks for relays having the given fingerprint in their family line, but it doesn't cross-check if the given relay has those relays in its family line, too. The option also doesn't look at nicknames (of relays with the Named flag) in family lines, which means it might miss some family members. Oh, and it would be really cool to have a -F or --by-family option to aggregate by families. I wonder if we should do the whole family-calculating business inside Onionoo and add a family_number field which has the same number for relays in the same family. The script could then look up the family number of the given relay and display all relays with that family number. Would that make sense? Want to extend the script once Onionoo has such a field? Thanks! Karsten ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
