Want to follow up the discussion on encouraging people to run relays.
The powers that be where I live now heavily frowns upon VPN and Tor. And a
fair number in our community is sensing further tightening in the air.
Today we had a discussion, we had a lot of questions. I try to summarize below
and see if we can fact-check and learn more.
(1) Advocacy: Background - Someone raised the idea that we should each run a
Tor relay in each of our house. Someone said the powers that be cannot put all
of us in jail if we get enough people to host Tor. A parent among us said, "I
never before had an urge to run a VPN or Tor. But when running encryption and
sharing a VPN tunnel with a criminal on the next packet is required to ensure
your freedom to read BBC, you feel queasy and you worry what your underage kids
might stumble on, things they are too young to deal with on the dark web. But
loosing the freedom to read BBC makes me feel beyond queasy, beyond nauseated,
and bilious, and sick..." He used a few more adjectives that I cannot spell.
There were non technical users who expressed interest to run a non-exit relay,
but only if they will be able to run an installer and click the next button and
only use default options. And only if they can feel assured they understand
the risks.
(1.a) Their underage kids will not stumble on the dark web before they are
old enough to know they are doing. Underage kids should not be able to stumble
on the dark web on the computer the Tor relay is run (and what must be done to
assure that). And underage kids should not be able to stumble on the dark web
by being on the same WIFI network in the house.
(1.b) There are different degrees of fear of risks. Some are brave enough to
run a non-relay in the house where they live. We think they need to assume
they can be detected. Some were only willing to consider if the non-exit Tor
cannot be easily detected. The definition of not easily varies:
- as difficult to detect as the obfs4 bridge protocol (but someone said the
bridge protocol only works between a Tor client and a Tor relay, but not
between a Tor relay and another Tor relay; we have not been able to confirm
this by our own efforts)
- as difficult as the meek protocol (someone said the idea of meek is to
encrypt Tor packets and send it to a unblocked IP/domain, where the traffic is
decrypted and copied to a proper Tor network); someone said he is willing to
run a meek server to accept incoming connections, but only if the outgoing
connections are at least obfs4. Someone said if we have many thousands of
these tiny meek nodes hosted at our home address, we offload the official meek
proxies run on amazon and azure. And even if we contribute only 1kb/s each, it
is going to be more than sharing the cost - the idea is we want a high level of
household penetration so that the powers that be find it hard to clamp us down.
- as difficult to detect as protected by a VPN. Someone said he would pay
for a VPN package, run a relay on a machine which only talks to the world
through the VPN. But someone said that works for a Tor client, but not for a
relay because a relay would need to have its own IP and listen on certain ports
on that IP, and so because you VPN exit point will not let you listen on any
port numbers, even if he is willing to pay for a commercial VPN that exits in
another country, his tor relay cannot accepts incoming connections. Some
people would give up running a non-exit if this cannot be done. The only IP
they can access is where they sleep, and they want to be able to sleep well.
Not just them, but their wife and their children needs to sleep well too. Is
the ability to accept incoming connections a requirement to running a non-exit
relay?
(2) There is a sentiment that we should get "every household to run a Tor" so
that the powers that be will find it much harder to clamp down. Someone said
he would install a Tor relay on every single computer he controls, to support
journalism and news reporting, if what he contributes ONLY goes towards beating
censorship against the media. He said he feels it is a much easier sell if the
sole function of that node is to allow people living under censorship to read
newspaper. He said if there is a funding campaign to deploy the onion
enterprise toolkit for news media, he will want to direct his donation
specifically to those. Or if he can run an exit relay ONLY for for the BBC
news domain. He said, then running Tor is a much easier sell to his family and
friends. If the police brings him in, the back and forth will not be "we
observed spams and hacks and viruses and copyright infringements on your IP",
but the back and forth will just be "you are reading something you should not
read on the web" and we can have a much better chance of advocating for "Tor
relay in every home". We know in general Tor supports more network access than