Re: [tor-relays] Emerald Onion's new relays
‐‐‐ Original Message ‐‐‐ On Tuesday, April 2, 2019 4:50 AM, Roger Dingledine wrote: > On Tue, Apr 02, 2019 at 04:36:37AM +, Christopher Sheats wrote: > > it's the perfect time for some > of the other relay running nonprofits to step up and add some capacity > too. :) Would if I could (BrassHorn) :) UK fibre (and London co-location) is obscenely expensive :/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] IPv6 for the nifty?
Original Message On 26 Feb 2018, 19:52, nusenu wrote: > I was wondering if you have any plans to get IPv6 connectivity? As it happens AS28715 (BrassHornComms) is looking for any datacenters / ISPs that support IPv6 BGP peering from small (~1u / VPS) customers. I've got a /32 to allocate but the expensive part is transit capacity (at least here in the UK) so once I hit ~1.5Gbit/s I can't push any more. Vultr support BGP announcement from their VPS' but have adjusted their T's and you can't run Tor Exits even on your own IPs which is a shame. Gareth___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] companies and organizations running relays
Original Message On 5 Dec 2017, 19:03, Alison Macrina wrote: I'm wondering if folks on this list can help me by confirming the organizations that they know of running relays. Checking in on behalf of AS28715 / BrassHornCommunications.uk / https://atlas.torproject.org/#search/family:518FF8708698E1DA09C823C36D35DF89A2CAD956___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] SSH brute force attempts to connect to my Middle Relay IP address
Original Message On 4 Oct 2017, 07:02, Fr33d0m4all wrote: Hi, My Tor middle relay public IP address is victim of SSH brute force connections’ attempts Welcome to the Internet! Any Internet connected machine will be port scanned, vuln probed, brute forced, blindly hit with ancient "1 shot" exploits (think wordpress plugins) and trawled for include vulnerabilities (e.g. ?file=../../../etc/passwd ) on a daily basis. It's not normally something to worry about. Disable root login, enable certificate authentication and if you feel particularly strongly about the log noise firewall off TCP/22 or move sshd to a high numbered port.___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] torservers.net: some exits became guards? (deanonymization risk)
On Sat, Jun 10, 2017 at 10:39 AM, Moritz Bartlwrote: > > We had to temporarily disable some of our exits due to ongoing > negotiations with the provider. > > Will your provider allow BGP announcements of other IP space? Depending on how many exits we're talking about I (BrassHornCommunications / AS28715) will happily 'loan' you a /24 and a /48-/36 to route from which will remove the abuse complaints from your provider. (FWIW I'd rather not give up a /24 if you're happy using your providers v4 for general Tor routing and AS28715's IPv6 for exiting that'd be ideal). Alternatively I can sponsor your RIPE v6 PI application (subject to the new rules about having a 'contractual relationship yadda yadda) if you'd like to do that. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hackers
Whilst your complainant seems to have a bee in their bonnet I'm not sure you're doing anyone anyone any favours by CC'ing pseudo-private correspondence into a mailing list. As a fellow ISP owner running Tor Exits (AS28715) I also enjoy the "right" to treat abuse requests according to rules that only I write (UK legislation not withstanding) but IMHO we have a responsibility proportional to our "mere conduit" superpowers, both to the privacy of Tor users *and* crazy abuse@ emails from individuals. This could turn into another Mozilla / Oil and Gas thing ( https://arstechnica.co.uk/security/2017/03/firefox-gets-complaint-for-labeling-unencrypted-login-page-insecure/ ) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ISP, Abuses , Intrusion Prevention etc.
On 9 Oct 2016 11:36, "pa011"wrote: > > - what forces drive ISP's to behave like they do with abuses? > - maybe Exit volunteers and here especially the big ones could ask some questions to their ISP to get more light on this I set up my own ISP (AS28715) so I could run Tor exits etc without any trouble. > > I do refer to my old questions -still unanswered: > > -is it just the more work for rather poor money handling(forwarding) > those abuses ? Yes. Every abuse ticket is a person answering that abuse ticket instead of helping a customer who is potentially paying for support. It's also that some of the abuse emails can be quite threatening (e.g. blacklisting the entire /24 or reporting the "crime" to local Police etc) some of the smaller ISPs can get intimidated by those threats. > - to whom else do ISP's have to report what they are doing with received > abuses? In the UK; No one. > - must ISP's answer to the origin of the abuse? No. But is polite to do so. > - who is getting a copy of all that conversation(if at all)? Depends on the ISPs policies / any applicable laws. (In the UK and at least as far as my ISP is concerned; no-one) > - can an ISP loose its license (with too many or badly handled abuses)? AFAIK; No. In the UK I guess one could appeal to Court if an ISP wasn't preventing its network from being used to your detriment but I'm not sure how far you'd get. > - are there any regulatory burdens for them - if so which ones? Yes. Lots depending on the country. > - are ISP's treated different in different parts of the world? Very much so. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-relays-universities] Legal issues relevant to UK
On Sun, Sep 4, 2016 at 8:08 PM, Jens Kubiezielwrote: > X-Post from tor-relays-universities@ > > I ran some relays at Geman universities in the past. I guess my > experiences won't help here. Maybe someone on tor-relays has experience > with running a relay at an UK university, so I send this mail to > tor-relays@ too. > > * Duncan Guthrie schrieb am 2016-09-01 um 01:09 Uhr: > > I'm hoping to run a Tor relay here at a University in the UK. > > Is there anyone here who might have some experience with this in the > > past? I have been researching legal issues but information is > > extremely sparse (mostly relating to the DMCA). All I can really work > > out is that the issues relating to ISPs apply more generally, and more > > strictly to a Tor exit node operator. > > What protections, if any, exist here in the UK for a Tor exit node > > operator? > The Tor Exits / relays I operate in the UK are done so in my capacity as an ISP which as you mention has various protections. Are you planning on doing this officially as part of the university ( https://ins.jku.at/infrastructure/tor-exit-node ) or are you a student / faculty who wants to run a relay on spare hardware (and is therefore at the will of the University AUP etc)? I don't think you'll find any explicit protections in law and may even find yourself at the receiving end of being designated a "communications service provider" (especially so once the Investigatory Powers Bill comes into force!) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Weather has been discontinued
As it happens I started work on something too, will put what I've done on GitHub in a few days (it's still very rough and not very scalable). FWIW I registered OnionWatch.email for use with this. On 24 Jun 2016 21:21,wrote: > I actually provisioned a server for it, and started development on a > new weather service yesterday. I am not sure if someone else is > already working on it or not but If I can get it up and running, I'll > offer to host it myself. > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Filter Tor Exit Node for blatant attacks on servers
On 12 Jun 2016 5:49 p.m., "Jonathan Baker-Bates"wrote: > But along the way I asked some others about the legal implications of doing what the ISP had asked. The rough consensus was that in the UK at least, I would only be able to evesdrop on traffic once consent had been given by those being monitored. Otherwise I'd be illegally wiretapping and open to prosecution. But it was far from clear what would happen if somebody took me a court! > Indeed the Regulation of Investigatory Powers Act 2000 and the Investigatory Powers Bill contain offences relating to surveillance of traffic without a warrant / permission etc. (Caveats etc apply) > On 12 June 2016 at 16:12, Dr Gerard Bulger wrote: >> Once TOR >> exits attempts any filtering where would it stop? It is a slippery slope. FWIW one of the reasons we have the "pirate" blocks (in the UK) is that the High Court Judge (Hon. justice Arnold) in the case was informed that the ISPs in question had the ability to block sites (e.g. Cleanfeed) therefore it was possible for them to block more. Had this ISP level censorship technology not existed then we wouldn't be in *quite* the situation we are now. >> It is more than embarrassing to run an exit node and get abuse complaints >> about persistent and repeated attacks on an IP. The intent is clearly >> criminal. VPS providers in the UK are increasing intolerant in receiving >> such complaints. The whole VPS can be closed down by the ISP/VPS provider >> not forcing a closure of the TOR exit. Fewer ISPs will allow you to install >> an exit node at all. This is one of the reasons why I started a UK ISP (AS28715) - I now run UK exits and don't have issues with them getting shutdown because the ISP got cold feet / got bored of abuse emails / complaints from other customers (entire /24 blocked by anti-tor blacklists) etc etc. Good ISPs don't deploy web filtering, transparent proxies or IDS' that interfere with traffic. IMHO well behaved Tor Exits shouldn't either. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Legal status of operating Tor exit in UK?
On Tue, Sep 8, 2015 at 9:04 PM, Jonathan Baker-Bates < jonat...@bakerbates.com> wrote: > So does anyone know of any reliable source of information on running Tor > exits in the UK? > No but I run several UK based Tor exits and have had little issue other than the usual abuse reports, that said the relays in question are operated by a separate legal entity that is it's own ISP (RIR allocation / ASN etc). What would happen if my ISP pressed me to monitor my traffic, and I refused > on legal grounds? I'm not suggesting I actually do that, or that there are > even any legal grounds to refuse. > IANAL but to elaborate on something that Thomas said there is also a consideration of the Regulation of Investigatory Powers Act, the Data Retention and Investigatory Powers Act and Counter Terrorism and Security Act. Starting with RIPA s1. > It shall be an offence for a person intentionally and without lawful > authority to intercept, at any place in the United Kingdom, any > communication in the course of its transmission by means of— > > (a)a public postal service; or > > (b)a public telecommunication system. > RIPA s2. defines interception; > (2)For the purposes of this Act, but subject to the following provisions > of this section, a person intercepts a communication in the course of its > transmission by means of a telecommunication system if, and only if, he— > > (a)so modifies or interferes with the system, or its operation, > > (b)so monitors transmissions made by means of the system, or > > (c)so monitors transmissions made by wireless telegraphy to or from > apparatus comprised in the system, > > as to make some or all of the contents of the communication available, > while being transmitted, to a person other than the sender or intended > recipient of the communication. > Finally an act is unlawful if it falls foul of s1 (5); > (5) Conduct has lawful authority for the purposes of this section if, and > only if— > > (a) it is authorised by or under section 3 or 4; > > (b) it takes place in accordance with a warrant under section 5 (“an > interception warrant”); or > > (c) it is in exercise, in relation to any stored communication, of any > statutory power that is exercised (apart from this section) for the purpose > of obtaining information or of taking possession of any document or other > property; > So it would seem that RIPA (which is due to be replaced in the next couple of months by the Investigatory Powers Bill) says that you are not allowed to intercept data. Moving on to the Data Retention and Investigatory Powers Act (and by extension the Counter Terrorism and Security Act) there is s1. of DRIPA which says; The Secretary of State may by notice (a “retention notice”) require a > public telecommunications operator to retain relevant communications data > if the Secretary of State considers that the requirement is necessary and > proportionate for one or more of the purposes falling within paragraphs (a) > to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000 > (purposes for which communications data may be obtained s2. defines a telecommunications operator; “public telecommunications operator” means a person who— > (a) controls or provides a public telecommunication system, or > (b) provides a public telecommunications service; > > “public telecommunications service” and “public telecommunication system” > have the meanings given by section 2(1) of the Regulation of Investigatory > Powers Act 2000; > Section 2(1) of RIPA has many definitions but this one closest applies to Tor; “telecommunication system” means any system (including the apparatus > comprised in it) which exists (whether wholly or partly in the United > Kingdom or elsewhere) for the purpose of facilitating the transmission of > communications by any means involving the use of electrical or > electro-magnetic energy. > So, the Secretary of State or the Police can serve you a retention notice or an interception warrant *allowing* you to intercept data, past that point you can probably point to RIPA and say it'd be illegal. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Please enable IPv6 on your relay!
On Tue, May 12, 2015 at 11:09 PM, Moritz Bartl mor...@torservers.net wrote: especially if you run an exit! 1 exit, 2 bridges and 4 general relays are now explicitly IPv6 enabled Once https://trac.torproject.org/projects/tor/ticket/5788 is done I'll be able to bring several more online ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
On Fri, Nov 7, 2014 at 8:26 PM, grarpamp grarp...@gmail.com wrote: Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. I had an idea for this a little while ago; https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator. Never got round to actually doing anything with it though... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays