Re: [tor-relays] Exit node situation in Finland

[Juuso Lapinlampi]

I can pitch in for running the second largest exit in Finland
(wubthecaptain1). Actually, it was Juha's project that inspired me to
compete with other Finnish relays in terms of bandwidth. :)

I've operated wubthecaptain1 exit since 2016-02-02. Unfortunately the
home server supposed to host this relay died few days earlier, so it's
currently hosted on my workstation (ouch).

Before I started, the top 4 relays were all hosted on FlokiNET with very
little diversity. I was moving into a new apartment, and thanks to
Ficora pretty much every building built after 2014 or 2015 has fiber
access and 100-1000 Mbps connections (atypical).

CloudFlare CAPTCHAs kicked in about a month later, and initial symptoms
of blocked webpages appeared within a week of exit uptime. Once the
dynamic IPv4-address changes, CloudFlare CAPTCHAs are gone for a day or
two but quickly return.

I'd argue it's actually pretty difficult to get into Finnish colocation
with a good hosting provider unless you have good contacts to people
running that sort of stuff. I found it much easier to colocate in
Sweden, a bit cheaper too. Essentially I had given up on Finnish
colocation for few years due to lack of choices and contacts.

> - Running an exit node is absolutely legal

For the curious, the law is Tietoyhteiskuntakaari 7.11.2014/917, 182 §
Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa.

> - ISP may cut your connection because it is listed as malware host

This happened to me within 3 days of starting the exit relay from a home
connection. I had contacted my ISP's abuse department to let them know
well in advance and to mark my subscription to be a Tor exit [1],
however they had done so for the wrong subscriber and I was accidentally
suspended. :)

I called the customer service, quickly mentioned I operate a Tor exit
as discussed and had no questions asked. He forwarded my message to the
abuse department and I was unsuspended in about 30 minutes.

> - The National Cyber Security Center Finland (NCSC-FI) is able to
> "whitelist" your IP address so the ISP does not get those automated malware
> detections

AS1759 TeliaSonera Finland Oyj seems to receive a lot of autoreporter
logs about my Tor exit. They also reminded me about it.[2] I didn't ask
the IP-address to be whitelisted, but it doesn't seem to bother my ISP.

I did attempt to request autoreporter logs to my email address, but
never received a reply from CERT-FI (NCSC-FI).

> - Sebastian Mäki got police visit because his exit node

Source (in Finnish):
http://blogi.sebastianmaki.fi/2012/12/keskusrikospoliisi-me-tultiin-tekemaan.html

As for running a very large Tor exit from my home, I am aware of that
risk and legally prepared for it. It would not be my first time getting
the police do a home search and seizure (unrelated to Tor).

> - There has been warming up phase that maybe Finnish libraries start some
> Tor activity

Care to elaborate which libraries are interested in this? I've had a
discussion with Electronic Frontier Finland members about the idea too.

[1]: 
https://partyvan.eu/transparency/emails/2016-01-09-teliasonera-tor-exit.mbox
[2]: https://paste.debian.net/plainh/a969ce33
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Blocking Tor - A case for more accuracy

[Eran Sandler]

https://blog.perimeterx.com/blocking-tor-a-case-for-more-accuracy/

There are certainly other ways of handling Tor traffic and measuring the
real intention of a user.

Disclaimer: The guys at PerimeterX are friends of mine. I sent them the
CloudFlare post (as well as the post from the Tor blog) because I know
their methods are much better in detecting intention and not just blocking
Tor IPs.

Eran
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[Geoff Down]

On Tue, Apr 5, 2016, at 08:17 PM, SuperSluether wrote:
> Thanks, this will be very helpful!
> 
> I suppose now I have to figure out the AS numbers for the different VPS 
> providers. Any ideas on how to find those?
 If you have their IP range,
http://asn.cymru.com/
- they also do a DNS-based API for multiple lookups.
GD

-- 
http://www.fastmail.com - Choose from over 50 domains or use your own

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

[krishna e bera]

On 04/05/2016 02:38 PM, grarpamp wrote:
> http://www.npr.org/sections/alltechconsidered/2016/04/04/472992023/when-a-dark-web-volunteer-gets-raided-by-the-police
> 
> He/they gave passwords and let govt search (and perhaps even index,
> hash, and copy, knowingly or not [1]) his (possibly then unencrypted) data.

What was the exit node's fingerprint?
Is there a blacklist we or the Directory Authorities can add it to?




signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[ng0]

SuperSluether  writes:

> I want to host an exit relay, but at the same time I don't want to use
> a service that already hosts multiple Tor relays. Is there a website
> that lists relays by AS Names so I can find a service that isn't
> already populated with Tor?
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>From my perspective back with OpenNIC and now with tor,
mostly countries where access to DCs is not as cheap as in the
countries where racks in DCs are cheap to rent, where VMs and
Dedicated Servers aren't low priced.

With OpenNIC there was/is mainly a lack of Tier2 servers in
geographic south america, iceland, larger parts of geographic
asia, and some other countries and continents.

(reasonable) Hosting in Iceland is pretty expensive compared to
for example Germany, but the few companies and DCs are very open
and generally often welcoming towards civil rights projects.

-- 
ng0
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[grarpamp]

> https://bgp.he.net
> compass, globe, etc

I've said before there needs to be a community project to
determine where relays *are not* and then work its
way through them in attempts to place there.

Just as you can "get bridges", prospective operators
should be able to "get hoster/isp/vps/country" and then
go knocking on those doors.

And annotate it all in a db / wiki, revisit them, etc.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[Hermann Lienstromberg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

An easy way would be to search for the "Test IP" on e.g. https://bgp.he.net.

Greetz
Nurtic-Vibe

Am 5. April 2016 21:17:50 MESZ, schrieb SuperSluether :
>Thanks, this will be very helpful!
>
>I suppose now I have to figure out the AS numbers for the different VPS
>
>providers. Any ideas on how to find those?
>
>On 04/05/2016 02:06 PM, Felix Eckhofer wrote:
>> Hey.
>>
>> Am 05.04.2016 20:24, schrieb SuperSluether:
>>> I want to host an exit relay, but at the same time I don't want to
>use
>>> a service that already hosts multiple Tor relays. Is there a website
>>> that lists relays by AS Names so I can find a service that isn't
>>> already populated with Tor?
>>
>> https://compass.torproject.org/ supports searching by AS and grouping
>
>> relays by AS.
>>
>>
>> felix
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

- --
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
-BEGIN PGP SIGNATURE-
Version: APG v1.1.1

iQJPBAEBCgA5BQJXBBG3MhxIZXJtYW5uIExpZW5zdHJvbWJlcmcgPGgubGllbnN0
cm9tYmVyZ0BvbmxpbmUuZGU+AAoJEMrJuFjwusXxLYEQAL+mZzJvUgRpwn7zzOj7
4ucTAl/lIVytM6ReDztLqFXbfnxtPdSZb8biDUm1vxjxUhWLVHiQeInmXn801CLQ
aIbDPpPB9FGNivxy3b9sYaRHdspNEexdTXe4SuJAuOd5WQbhM307VU5bxO0tvhig
plXOQbtExYwOnfLPqKggG+KQIwGXcc4oTLlj1jRuRVWd1VoyJmHt/EANHhVqdeQn
MdGXeXp23lDg+NxhZm7psvy83my3Gjwuw/bkbbwXNdLym4zD8KwPlRmJR6VSMRXt
lkvQ/0MW9zRBsOFLErHE3GywXtFW8ie2rMJiv6oQK597qQuxo9aemIgTMwwdQmLy
BGiDOH+WBoFeQYzBd+A09ZjDRa7jngz3BPZTvuHOq0VQfDj+msgHf/QSyfeA461Y
+8rznzUcVagyo21BN9Zy5aBHGJ46zSgAGucuTxW4OQdkbCszkpW8wrxUzsAlwrRi
3E0ordhLTw7lkI/H4OIsQpnIexAQmkZNdSDOVTNIE1hU+GHY1uf/bInJnXx7TteJ
80oMHaHYEwYKpCGln440Orh79c49YHvkEylC3B538Pcc7+SXl4Njps0fxpzhn14t
Zw4CxF8tp24ynBJuSsxNZaOepp86MpVDw/eXgtdlSYm6McCUm2HMBe7vQwOXscyH
W1Q0MQHVgOOvNeh4J8X1TGo9
=2Rax
-END PGP SIGNATURE-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[Rejo Zenger]

Hi!

Have you seen ? Enter an AS and find all 
the relays in that network.


Kind regards,
Rejo Zenger



++ 05/04/16 13:24 -0500 - SuperSluether:
I want to host an exit relay, but at the same time I don't want to use 
a service that already hosts multiple Tor relays. Is there a website 
that lists relays by AS Names so I can find a service that isn't 
already populated with Tor?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



--
Rejo Zenger
E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl  
T @rejozenger | J r...@zenger.nl


OpenPGP   1FBF 7B37 6537 68B1 2532  A4CB 0994 0946 21DB EFD4
XMPP OTR  271A 9186 AFBC 8124 18CF  4BE2 E000 E708 F811 5ACF
Signal05 EB 38 5C 01 0B 55 6A 19 69 E1 EF C2 99 89 EC 9C
 E4 88 3C 6F E3 7D 58 61 9B 32 E8 DB 9F ED 1B 2A


signature.asc
Description: PGP signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[SuperSluether]

Thanks, this will be very helpful!

I suppose now I have to figure out the AS numbers for the different VPS 
providers. Any ideas on how to find those?


On 04/05/2016 02:06 PM, Felix Eckhofer wrote:

Hey.

Am 05.04.2016 20:24, schrieb SuperSluether:

I want to host an exit relay, but at the same time I don't want to use
a service that already hosts multiple Tor relays. Is there a website
that lists relays by AS Names so I can find a service that isn't
already populated with Tor?


https://compass.torproject.org/ supports searching by AS and grouping 
relays by AS.



felix
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[Felix Eckhofer]

Hey.

Am 05.04.2016 20:24, schrieb SuperSluether:

I want to host an exit relay, but at the same time I don't want to use
a service that already hosts multiple Tor relays. Is there a website
that lists relays by AS Names so I can find a service that isn't
already populated with Tor?


https://compass.torproject.org/ supports searching by AS and grouping 
relays by AS.



felix
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Relays by AS Names

[Schokomilch NOC]

Well, you can think of different countries / hosters you would like to 
run your exit at and then check on globe how populated that location is:


https://globe.torproject.org

It's not exactly what you want, but a start.

On 05.04.2016 08:24 PM, SuperSluether wrote:

I want to host an exit relay, but at the same time I don't want to use
a service that already hosts multiple Tor relays. Is there a website
that lists relays by AS Names so I can find a service that isn't
already populated with Tor?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] NPR story: When A Dark Web Volunteer Gets Raided By The Police

[grarpamp]

http://www.npr.org/sections/alltechconsidered/2016/04/04/472992023/when-a-dark-web-volunteer-gets-raided-by-the-police

He/they gave passwords and let govt search (and perhaps even index,
hash, and copy, knowingly or not [1]) his (possibly then unencrypted) data.
As opposed to having it confiscated pending potentially 2^128 time.
Where is the principled stand there? [2][4]

[1] This happened while he was detained outside / away from
control of his systems.

[2] He "may now have to get rid of his computers because he
can't be sure what the police did to them [3]". For which giving
passwords had no purpose but to nullify a potentially good test
case, trample rights and replace "innocent till guilty" with "violated,
chilled, innocent for now, while Cardinal Richelieu's database hums...
... If you give me six lines written by the hand of the most honest
of men, whether or not I find something in them which will hang him,
I will database them and own his soul forever."

[3] Already did:
https://twitter.com/SeattlePrivacy/status/716460499106340864

[4] Due credit, thugs with guns at your door does tend to
modify even the most well thought and prepared for principles.

What doesn't kill you makes you stronger for next time.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Relays by AS Names

[SuperSluether]

I want to host an exit relay, but at the same time I don't want to use a 
service that already hosts multiple Tor relays. Is there a website that 
lists relays by AS Names so I can find a service that isn't already 
populated with Tor?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Weather has been discontinued

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Eran,

On 04/04/16 17:31, Eran Sandler wrote:
> So, I was also thinking about basing a new system off of onionoo.

Sounds great.  I'm happy to help with this effort by implementing any
missing Onionoo features that are needed to build a Weather-like service.

> It should be fairly easy to handle that.
> 
> Basic flow would be the same:
> 
> - Register with fingerprint + email + select notifications (down,
> low bandwidth etc). - Get confirmation email - Confirm
> 
> We can discuss what notifications are needed (the same or others as
> before).

This is a fine question for people on this list who are likely your
main user base.  But to give you a rough idea how Tor Weather is
currently used, here are the subscription numbers by type:

 - 3808 node down subscriptions,
 - 3535 t-shirt subscriptions,
 - 3518 outdated version subscriptions, and
 - 2043 low bandwidth subscriptions.

> Regarding T-Shirts, I think automatically sending emails might be a
> bit too much. Perhaps it should collect that data and send an email
> to the people responsible sending out the t-shirts 1-2 a month.
> They can review some data (when the node first appeared, how stable
> it is, etc - or we can determine new parameters for getting a
> t-shirt) and authorize sending out an email.

I hope that Juris has feedback on this one.  I'm copying him on this
message.

> I would be interested to know what other notifications are worth
> while.
> 
> Regarding operational details, I have a few questions:
> 
> - How are emails being sent today? - Is there a main torproject.org
> email server that was used? Obviously we would all rather have
> these emails reach their destination and not fall into SPAM
> folders.

So, the current Weather sends two kinds of emails: welcome messages to
operators whose relays have first become stable, and notifications
based on subscriptions as outlined above.  I think the rewrite should
leave out welcome messages entirely, because those can easily be
considered as spam.  It was very controversial years ago whether
Weather should be sending these welcome messages, and I'm not
convinced that we'd make the same decision again.  I'd say it's better
to advertise the existence of your service on this list and in
documentation for prospective relay operators, including the Tor
website.  Note that it doesn't have to run on a .torproject.org
subdomain for that.

As for notification messages, I don't expect there to be too many of
those over the day.  Given the subscription numbers above, I'd say
there are no more than a hundred notifications per day.  But that's
just a guess, I don't have exact numbers.

I'm aware that this doesn't fully answer your questions.  But maybe it
helps you make better plans for picking a mail server for this purpose.

> - How open are every one to run the new Weather system on a PaaS
> like Google AppEngine? We can probably get free credits to run it
> and it will save us a server to run. We can use AppEngine's cron
> feature to do the scheduling and check if things are up and
> running. That should be much more efficient as this system won't
> really be taking 100% CPU from a server (and its one less server to
> maintain).

That's also a question for others on this list, but I'm not worried.
Onionoo data is public anyway, so the only thing you're giving to
Google (or to whichever provider you choose) is the mapping between
subscriber email address and relay fingerprint they're interested in.

I would start with whatever hosting place is most convenient, and if
this turns out to be a problem later, move the service elsewhere.
Unless there are major concerns on this list, of course.  Good
thinking to ask in advance though.

All the best,
Karsten
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJXA7bmAAoJEC3ESO/4X7XB1UQH/j/mHklJyCz4L16cMOYgfp+x
qkK6yLN4wfsF/vUePCMiZ+MmysUykmutG9INKPIBvFk9kA4W0PVMYWL/v/vP9shP
FKwRDoejG+Vu5Yyjj4OenosUmDu4mfp7/ykzCYKyXqu3msgmvoLVGIFoIZvgmFCr
A2+4TxjEApGONvMkO8wu/vU4/Gt2dyAXOsDxZrpKmJA2jDWIyyJX0jmDpjxxZFAO
/LTEoGzVKPOVP9CU6FHeHis3olIaYYt9UUWyUaP3CRi4xiPGuzI4o4be1sQgghZc
LLxaR4g5vDuf6FLPGB/d3APEZ09FOSHhyv0hkRb9ce0/YgUiFgoWpukVs7E462w=
=Jy9V
-END PGP SIGNATURE-
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays