Re: [tor-relays] Few questions about relaying
Blaise Gagnon: and ... what is hibernating ? See AccountingMax and related options in tor manpage: AccountingMax N bytes|KBytes|MBytes|GBytes|KBits|MBits|GBits|TBytes Never send more than the specified number of bytes in a given accounting period, or receive more than that number in the period. For example, with AccountingMax set to 1 GByte, a server could send 900 MBytes and receive 800 MBytes and continue running. It will only hibernate once one of the two reaches 1 GByte. When the number of bytes gets low, Tor will stop accepting new connections and circuits. When the number of bytes is exhausted, Tor will hibernate until some time in the next accounting period. To prevent all servers from waking at the same time, Tor will also wait until a random point in each period before waking up. If you have bandwidth cost issues, enabling hibernation is preferable to setting a low bandwidth, since it provides users with a collection of fast servers that are up some of the time, which is more useful than a set of slow servers that are always available. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfs3 not recognised by tor 0.2.5.7-rc ?
Nick Sheppard: I'm running tor 0.2.5.7-rc and obfsproxy 0.2.6, and everything seems to work perfectly with these PT lines in torrc: ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy managed ExtORPort auto However, if I try to use obfs3 as well: ServerTransportPlugin obfs2, obfs3 exec /usr/bin/obfsproxy managed then on tor start I get: [warn] Strange ServerTransportPlugin type 'obfs3' [warn] Failed to parse/validate config: Invalid server transport line. I thought my versions would be recent enough to handle obfs3? Is this a bug, or am I missing something obvious? You put an extra space. It needs to be obfs2,obfs3. No spaces. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] TOR exit notice (not USA)
Christian Gagneraud: I've just installed the tor-exit-notice.html (from contrib/) on my exit node, and read it carefully. I think this is great to have such a text, but 2 paragraphs are USA specific, the one about ECPA and the following one about DMCA. I would like to know if anyone knows about equivalent text for the European Union, Germany, France and New Zealand (I'm French, I'm a New Zealand resident and I run a TOR exit node on a server located in Germany) You can see what we are using for Nos oignons at: http://marcuse-1.nos-oignons.net/ (If you are using the Tor Browser or HTTPS Everywhere, you will have to deactivate the rule for *.nos-oignons.net.) -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] German company Webtropia: Terminated contract without notice because of abuse
t...@t-3.net: You somewhat made a mistake here - you've got to have an exit policy that (minimally) rejects ports 25 and 465, or else your relay becomes a giant abuse tool for spammers, scammers, and phishers instead of what you intended it to be (which was a standard-functioning Tor relay). Please don't blame the victim. If this ISP acted differently than what they initially promised, then they are the problem. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exits behind a next-gen firewall? Opinions please
Jesse Victors: I've been running some exit nodes for some time now, and they're doing well. They've burned through many terabytes of bandwidth, and thanks to Tor's recommended reduced exit policy, complaints have been minimal. Clearly the vast majority of the Tor traffic is not malicious, but I have received some reports from other companies and from my ISP of hacking attempts: SQL Injection, XSS, botnet CC, basic things like that. My ISP now tells me that they could reduce the reports even further by routing the exits through a next-generation firewall which apparently can detect an obvious clearnet attack and drop that connection a few milliseconds after the attack occurs. You don't want that. For Tor to work properly, once a packet is delivered to your exit (and the destination is accepted) the packet must be delivered. Otherwise, you are breaking the network and the relay will be a BadExit. But you really don't want that because if you start looking at the traffic and selecting the traffic, then you become liable for what you transport (at least in Europe). -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Running tor in VPS - keep away snooping eyes
grarpamp: On Wed, Jul 2, 2014 at 7:46 AM, Kali Tor kalito...@yahoo.com wrote: I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful? The private keys for the node are sensitive, and even the .tor/state file for the guard nodes could be if the attacker does not already have that info, same for any non default node selection stuff in torrc. Tor presumably validates the disk consensus files against its static keys on startup so that's probably ok yet all easily under .tor anyway. Some says that it's better to leave the disk unencrypted because in case of seizure by the police, they can easily attest that the system was only running Tor and nothing else. Some disagrees and says that we should always encrypt to make tampering and (extra-)legal backdoor installation more difficult. I believe the best strategy has never been really determined so far. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How to handle an abuse report
Jeroen Massar: Now, I have to report to Hetzner, I will tell them that I'm running a TOR exit node in restricted mode, but how can I defend myself, I am not sure that my restricted node and given the nature of the TOR network arguments will convinced them the Hetzner dudes. You cannot defend yourself. There is no way for anybody to be able to claim that it was you, not you, or somebody else. That is the bad thing about an exit. You are responsible what happens from that IP. Sorry but the last statement is wrong in many jurisdictions: https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines#Legal For Germany, see TMG §8 and §15. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Malicious or crappily configured exit node
Thomas Themel: Excerpts from u's message of Wed May 14 13:16:21 +0200 2014: I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that? ExcludeNodes in torrc allows you to avoid this node, enjoy the docs at https://www.torproject.org/docs/tor-manual.html.en for details. This is not really the question here. Such relay should get a BadExit flag from the directory authorities so that every Tor clients avoid it without having any extra configuration. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay down, rejected, help
kbesig: Getting closer: I can run tor arm as root, but get this error as user: ~$ sudo -u debian-tor arm [sudo] password for user: Urg… please never do that. You should not run applications with the same privileges as Tor. What you want is to add your current user to the “debian-tor” group: sudo adduser $USER debian-tor Then arm should be able to connect to the system-wide Tor daemon unless you have changed the default Tor configuration. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Relay configuration for FreedomBox
James Valleroy: The reason that I'm asking is that FreedomBox is currently working within Debian testing but our target is Debian stable. Once our packaged configuration is frozen for the next stable release, it will be more difficult for us to push changes other than security fixes. (Debian hat on:) I try to keep Debian backports as up-to-date as possible. Are official backports out of your set of allowed packages as well? -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New obfsproxy release: obfsproxy-0.2.7 [bridge operators: please upgrade!]
Delton Barnes: George Kadianakis: You can use git master or pip to upgrade to 0.2.7. We have also notified the obfsproxy Debian maintainers and we should soon have obfsproxy-0.2.7 packages ready (we will send an email to this list when they are ready). Looks like obfsproxy-0.2.7-1 is now available in unstable. Will there be packages for another Debian repository or is unstable the one to use for now? I upload backported packages to deb.torproject.org after succesfull migration to Debian testing. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor plugin for Nagios
r...@goodvikings.com: I've recently started on developing a nagios plugin for tor, since a cursory google search didn't come up with anything I would describe as 'comprehensive.' Please have a look at check_tor.py: http://anonscm.debian.org/gitweb/?p=users/lunar/check_tor.git;a=blob;f=README;hb=HEAD It looks quite complementary with your probe. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] tor is not connecting
Rupesh Kumar: in my collage tor browser is blocked in proxy server what can i do how can i connect the tor browser help me Support questions should be addressed to the Tor help desk reachable at h...@rt.torproject.org. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] New obfsproxy transport: scramblesuit [bridge operators: please upgrade!]
George Kadianakis: I think currently the only way to get tor-0.2.5.1 is to use the git master. Feel free to ask any questions you have. You are forgetting the automated Debian package builds (thanks weasel!). Putting the following in /etc/apt/sources.list will do it: deb http://deb.torproject.org/torproject.org tor-nightly-master-wheezy main Replace “wheezy” by one of precise, quantal, raring, saucy, squeeze, jessie, sid depending on your distribution. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] reading the captchas
eliaz: Would it be possible for someone to change the captcha images at the URL for getting bridges, without of course lessening their effectiveness? The present ones are pretty much unreadable, to this human at least. - eliaz The issue is already tracked, see: https://trac.torproject.org/projects/tor/ticket/10809 -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor Relay Operators Meeting at 30c3 Chaos Communication Congress
Moritz Bartl: Torservers.net invites Tor exit relay operators and organizations to a meetup. If possible/relevant, for example if you're a member of one of the 'Torservers partner organizations', please prepare some slides on your activities. We will do quick presentations on recent and future activities around Torservers.net. Could every organizations who presented something send [1] a link to their slides? I remember also that NoiseTor gave an update without slides. Were there any other organizations who did the same? Thanks everyone who attended. It was super exciting to see all these projects commited to grow the Tor network who started this past year. :) [1] That can be done privately, I'll do a report it on tor-reports or on the next Tor Weekly News, but I need links, not attachements. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Proper bandwidth units [was: Exit nodes on Gandi]
Gordon Morehouse: Why not just accept KB/sec, KiB/sec, GB/mo, GiB/mo in the config file? That would be #9214 [1], implemented by CharlieB, shipped since tor 0.2.5.1-alpha. [1] https://bugs.torproject.org/9214 -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exit nodes on a Gandi VPS
Eric van der Vlist: I am a (happy) Gandi customer and I'd like to support the Tor project by setting up an exit node on one of their VPS (https://www.gandi.net/hosting/iaas). As mentioned on the list of Good/bad ISPs, (https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs Gandi does accept Tor exit nodes. I have contacted their technical support who said they did support the Tor project but wouldn't ne able to do specific ARIN declarations and that it would be my responsibility to be reactive to abuse complaints. Despite this perspective (and Julien Robin's bad experience) I am still willing to give it a try. Gandi have data centers in Paris (France), Luxembourg and Baltimore (US) that I can use with the same cost and efforts and I am wondering which of these locations would be more useful for the community. Gandi is currently sponsoring a 25 Mbit/s exit node [1] for Nos Oignons [2]. (There should be a formal announcement soon.) The offer came after a high burst of complaints from several Tor relay operators who became unable to continue hosting a relay given the new billing policy that started in June [3]. If you can afford to run a relay there, that's great, but it is likely to be quite costly. Let's hope Gandi will be able to sponsor more bandwidth in the future as the AS could probably support a little bit more of the Tor network [4]. [1] https://atlas.torproject.org/#details/7F2CD6BD548C5FFA09B20A0C5CB07893C9451653 [2] https://nos-oignons.net/ [3] https://lists.riseup.net/www/arc/tor-relays-fr/2013-05/msg5.html (in french) [4] https://compass.torproject.org/#?ases=AS29169top=-1 -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Checking a bridge
Martin Kepplinger: I will not send my fingerprint to globe over http. I want to keep it secret so I can't check my bridge. I hope it works. obfs-ports are forwarded and everything else are standard torrc-settings. But please make globe accessible over https. Unless you are subject to a MITM and the JavaScript code is changed before reaching your browser, Globe will *not* send the fingerprint of the bridge to Onionoo (over HTTPS), only the hashed version. But I understand extra catiousness. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Checking a bridge
Martin Kepplinger: When my bridge uses only the same few MBs each day, i guess it isn't used at all right? Is there a simple way to ensure it is in bridgeDB and functioning as it should? You can search for the bridge fingerprint in Globe: http://globe.rndm.de/ Globe will hash the fingerprint before sending it to Onionoo to prevent leaks. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Amazon abuse report
Gordon Morehouse: Yeah... you guys would know better than me about that, but speaking from the perspective of a small fish, the exit-as-default torrc is a serious WTF? and always has been, given potential legal trouble in privacy-hostile countries. I have phrased this differently but I basically agree and opened #10067: https://trac.torproject.org/projects/tor/ticket/10067 -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Amazon abuse report
Nelson: Please excuse my ignorance operating Tor relays, but if I run an exit node on Windows 7 and use something like Peerblock and correspoding block lists of P2P sites, wouldn't this be somewhat effective in stopping this sort of undesired traffic on Tor? No. If the relay says it will deliver a connection in its exit policy, it has to carry it. Otherwise, it will give erratic behaviour on the client side and this is bad. The relay should be flagged BadExit by the authority operators. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Thanks for the advice on handling DMCA complaints.
Christopher Jones: Does the Tor project run a database to track abuse complaints? Could be useful in terms of uncovering who the largest pains in the ass are (mine was from Irdeto on behalf on NBC Universal), as well as organizing targeted campaigns to put pressure on companies like Irdeto to at least perform some due diligence and not send out DMCA originating from exit relays. If not, maybe I’ll start working on a project to do so if there isn’t something else like it elsewhere. Not the Tor project itself, but have a loot at Chilling Effects: https://www.chillingeffects.org/. It was founded by Wendy Seltzer who is also on the board of directors of The Tor Project. Chilling Effects would probably welcome your help. :) -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] rm /var/lib/tor/keys/* before changing exit policy?
Martin Kepplinger: Really quick not too important question. When switching a relay to become an exit node or the other way round, does it make sense to delete /var/lib/tor/keys/* beforehand and start it over this way? Why would you want to do that? Updates to a relay's exit policy are spread to clients through the consensus and can be done at any moments. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bandwidth usage and relay anonymity
Raistlin Majere: Let me try another way of asking that first question .. how much bandwidth is required for the relay to be useful? See “Is it worth running a relay on a home broadband connection?” in https://lists.torproject.org/pipermail/tor-talk/2013-July/028996.html Roger Dingledine drew the cut [23]: “at this point if you‘re at least 800kbit (100KBytes/s) each way, it‘s useful to be a relay.” [23] https://lists.torproject.org/pipermail/tor-relays/2013-July/002255.html -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Anyone using obfsproxy on Ubuntu Lucid?
Hi! Ubuntu Lucid is getting old. Building an obfsproxy package for Lucid now requires some extra work. weasel stopped building tor master branch for Lucid already. Is there anyone providing obfsproxy bridges using Ubuntu Lucid? -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Admin panel compromised
Hi Yoriz, Yoriz: I am the operator of the privshield exit. I just got notice from my hoster (5gbps.com) that their backoffice admin panel was compromised. Indeed my firstname and password to the admin panel have been changed. Fortunately, I have SSH on my VPS configured to only accept public key-based logins, and see no signs of entry of the VPS. As the backoffice panel provides direct console access, there is a slight chance they logged in directly by a safe-mode boot, but my uptime is a month, and I see no dip in the tor bandwidth: https://atlas.torproject.org/#details/DA3F7BD5428F88C79C9C7006B791982DA0115411 However, as a precaution I have shut down my tor exit. I will request a clean Ubuntu image and reinstall my tor exit this weekend. I will generate new server keys just to be sure. My mail is hosted on the same system, I won't have access to this email address for a few days. Thanks for handling this breach in such a responsible manner. I hope your reinstallation will go smoothly. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
Roger Dingledine: On Tue, Sep 17, 2013 at 08:27:57PM +0200, Moritz Bartl wrote: The recipient share is calculated from the throughput per relay * country factor It might be worthwhile to make it clearer what throughput is here. I hope it's not consensus weight, since that's not really a measure of how much use the relay sees. It could be the bandwidth listed in the descriptor, though that could be gamed. The script is currently using the bandwidth reported in the descriptor. It skips unmeasured entries. I am not sure I fully understand to what extent it can be gamed. I'd be grateful for a summary. :) -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Patch
Niels Hesse: Please excuse my ignorance. I saw the mention of a patch in the recent tor blog post. https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-september-4th-2013 How does one apply that? If you don't know already, it's probably better to simply wait a little bit. Everyone is working hard at this very moment to ready some useful code to mitigate the issues we are seeing. Expect a release soon. Otherwise, it means using Git to retrieve the right branch, and manually build tor. But kittens might get hurt until the code is ironed out. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Hello List
Hi Kevin, Welcome and thanks for running a Tor relay! :) Feel free to subscribe to the Tor Weather service [1] if you have not done it already. It will warn you if it detect anything problematic with your relay. Kevin C. Krinke: I want to help more. What services (other than Tor) can I host? What else is needed in the general community? I think it's best to have your server fully dedicated to run a relay. But if you have other systems and enough bandwidth, hosting a Tor mirror [2] or a Tails mirror [3] is also a good way to help! :) [1] https://weather.torproject.org/ [2] https://www.torproject.org/docs/running-a-mirror.html [3] https://tails.boum.org/contribute/how/mirror/ -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Need help to get TorDNSEL compiled
BlueStar88: Got this error on precise: --- # ./Setup.lhs build Building TorDNSEL-0.1.1... Preprocessing executable 'tordnsel' for TorDNSEL-0.1.1... src/TorDNSEL/Statistics/Internals.hs:2:16: Warning: -fglasgow-exts is deprecated: Use individual extensions instead no location info: Failing due to -Werror. --- Any suggestions on this? Remove -Werror from the cabal file. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Sitevalley is no longer Tor-friendly
Gordon Morehouse: Yeah, I had to leave GANDI not because of admin pressure but because they instituted a 500GB data cap instead of unmetered. Just to let others know, Nos Oignons [1] reached to them about the new pricing scheme and they offered to sponsor a 25 Mbit/s exit relay. It should get live in the upcoming weeks. :) [1] https://nos-oignons.net/%C3%80_propos/index.en.html -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Need help to get TorDNSEL compiled
BlueStar88: I've DL'ed the code from the internet website mirror [2]. Try with the what is currently in the Git repository before doing anything else: https://gitweb.torproject.org/tordnsel.git -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Home broadband - worth running a relay?
Nick: I have a reasonable ADSL connection, and a little always-on server. The bandwidth is in the region of 2Mib/s down, something less up (maybe 256Kib/s). Is it useful for me to run a tor relay with this bandwidth? I'd like to run one which isn't an exit, at least for now. Unless I'm reading Compass wrong, a relay with 256 Kib/s is likely to be selected as a middle node 1 time out of 1 circuits, if not less… So I'd say it is not useful for the network to add relays with so little bandwidth at the present times. If not, am I correct in thinking that a bridge is an appropriate help? That's what I'm doing currently, but if a relay would be more useful I'd be very happy to do that. It would be a slow bridge, but at least the likelihood it'll be of use is far greater than configuring a relay. One other unrelated(ish) question: I'm in the UK, where the idea of censorship isn't resisted as strongly as it ought to be, and as a result my internet connection is subject to a smallish amount of censorship: whatever is on the secret IWF blacklist plus the pirate bay. Does this mean that running an exit node from a home connection here at some point in the future would not be helpful? Or only if all HTTP(S) was blocked (as the IWF blacklist is secret there's presumably no way to tell the tor network what is inaccessible from this node). Running exit nodes from home connection is usually a bad idea. In case of abuses, law enforcement agencies are likely to believe that whoever lives there is responsible for the abuses. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Final Warning Notice
Chris Sheats: Hey tor-relays, The past few months, since I upgraded my net connection to 1Gbps, I've hit the top 40 fastest relays and the top 20 fastest exit nodes, peaking to over 17 MB/s. I've always prided the fact that my ISP, CondoInternet in Seattle, has been very welcoming of my reduced exit node. In the past, the malicious activity hasn't been too much for my ISP--examples here: http://yawnbox.com/1461--but now they want me to shut it down. What are my options? Is their problem the amount of work they have to do because of the abuse and legal complaints? Then offer to handle them directly. The best way to do so is to become the contact address for the IP. With your Regional Internet Registry, the process is usually called SWIP [1]. The issue you might run into is that SWIP is only available for a minimum of 8 IPv4 addresses. So they might charge you more and you might have to switch to a new IP address. You probably should switch to a non-exit policy while negociating. If you and CondoInternet are not able to find a process where you could handle abuses directly, fast non-exit relays with good bandwidth are still a very useful contribution to the network! (and they would not get any legal complaints) [1] https://en.wikipedia.org/wiki/SWIP Hope you'll sort it out! -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bandwidth/Accounting considerations
Conrad Hoffmann: I believe to have read that using accounting/hibernation is preferrable over rate limiting with fast connections, but I can't seem to find the exact page at the moment. It is at least in the tor(1) manpage in the details of the AccountingMax option: If you have bandwidth cost issues, enabling hibernation is preferable to setting a low bandwidth, since it provides users with a collection of fast servers that are up some of the time, which is more useful than a set of slow servers that are always available. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] obfsproxy on freebsd
Peter Kasper: i'm trying to run obfsproxy on freebsd 9.1, i have installed packages obfsproxy-0.1.4,1 and tor-devel-0.2.4.12.a You should switch to the more recent Python implementation of Obfsproxy. See https://www.torproject.org/projects/obfsproxy-instructions.html.en for installation instructions. Hope that helps, -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] A call to arms for obfuscated bridges
Andreas Krey: On Fri, 19 Apr 2013 13:50:48 +, Lunar wrote: Drake Wilson: - bypass declared installation requirements, use 2.6.6, and blindly hope that it won't result in some awful subtle bug; obfsproxy works on Debian Squeeze which bears 2.6.6. I had to patch the Mind to provide any more details? The 'pip install obfsproxy' runs into all sorts of errors (first missing C compiler, then missing Python.h) on my fresh debian box. If you are on Squeeze, just use the packages available on deb.torproject.org instead of `pip`. The source is also on deb.torproject.org or available through Git: http://anonscm.debian.org/gitweb/?p=collab-maint/obfsproxy.git;a=tree;h=refs/heads/tpo-squeeze-backport;hb=tpo-squeeze-backport -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Tor node monitoring
Alex Beal: I was wondering what, if any, software you use for monitoring your relays. It would be nice if I could get an email when the Tor daemon crashes, and maybe another every night telling me about bandwidth used, average speed, etc. For external monitoring, I wrote a Nagios check using Stem. It is available at: http://anonscm.debian.org/gitweb/?p=users/lunar/check_tor.git -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] ask
syrus f: My tor can not connect to internet in these last week. I am in Iran. I've just answered privately. -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays