Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[mick]

On Sat, 7 Apr 2018 09:54:46 -0400
"Grander Marizan"  allegedly wrote:

> How can I unsubscribe from this mailing list?
> 

Read the email. Scroll to the bottom and you will see a link to list
subscription instructions.

Viz: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Mick

-
 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net/about-trivia
-

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[jackoreamnos]

Want to follow up the discussion on encouraging people to run relays.

The powers that be where I live now heavily frowns upon VPN and Tor.  And a 
fair number in our community is sensing further tightening in the air.

Today we had a discussion, we had a lot of questions.  I try to summarize below 
and see if we can fact-check and learn more.

(1) Advocacy: Background - Someone raised the idea that we should each run a 
Tor relay in each of our house.  Someone said the powers that be cannot put all 
of us in jail if we get enough people to host Tor.  A parent among us said, "I 
never before had an urge to run a VPN or Tor.  But when running encryption and 
sharing a VPN tunnel with a criminal on the next packet is required to ensure 
your freedom to read BBC, you feel queasy and you worry what your underage kids 
might stumble on, things they are too young to deal with on the dark web.  But 
loosing the freedom to read BBC makes me feel beyond queasy, beyond nauseated, 
and bilious, and sick..."  He used a few more adjectives that I cannot spell.  
There were non technical users who expressed interest to run a non-exit relay, 
but only if they will be able to run an installer and click the next button and 
only use default options.  And only if they can feel assured they understand 
the risks.

  (1.a) Their underage kids will not stumble on the dark web before they are 
old enough to know they are doing.  Underage kids should not be able to stumble 
on the dark web on the computer the Tor relay is run (and what must be done to 
assure that).  And underage kids should not be able to stumble on the dark web 
by being on the same WIFI network in the house.

  (1.b) There are different degrees of fear of risks.  Some are brave enough to 
run a non-relay in the house where they live.  We think they need to assume 
they can be detected.  Some were only willing to consider if the non-exit Tor 
cannot be easily detected.  The definition of not easily varies:
  - as difficult to detect as the obfs4 bridge protocol (but someone said the 
bridge protocol only works between a Tor client and a Tor relay, but not 
between a Tor relay and another Tor relay; we have not been able to confirm 
this by our own efforts)
 - as difficult as the meek protocol (someone said the idea of meek is to 
encrypt Tor packets and send it to a unblocked IP/domain, where the traffic is 
decrypted and copied to a proper Tor network); someone said he is willing to 
run a meek server to accept incoming connections, but only if the outgoing 
connections are at least obfs4.  Someone said if we have many thousands of 
these tiny meek nodes hosted at our home address, we offload the official meek 
proxies run on amazon and azure.  And even if we contribute only 1kb/s each, it 
is going to be more than sharing the cost - the idea is we want a high level of 
household penetration so that the powers that be find it hard to clamp us down.
  - as difficult to detect as protected by a VPN.  Someone said he would pay 
for a VPN package, run a relay on a machine which only talks to the world 
through the VPN.  But someone said that works for a Tor client, but not for a 
relay because a relay would need to have its own IP and listen on certain ports 
on that IP, and so because you VPN exit point will not let you listen on any 
port numbers, even if he is willing to pay for a commercial VPN that exits in 
another country, his tor relay cannot accepts incoming connections.  Some 
people would give up running a non-exit if this cannot be done.  The only IP 
they can access is where they sleep, and they want to be able to sleep well.  
Not just them, but their wife and their children needs to sleep well too.  Is 
the ability to accept incoming connections a requirement to running a non-exit 
relay?  

(2) There is a sentiment that we should get "every household to run a Tor" so 
that the powers that be will find it much harder to clamp down.  Someone said 
he would install a Tor relay on every single computer he controls, to support 
journalism and news reporting, if what he contributes ONLY goes towards beating 
censorship against the media.  He said he feels it is a much easier sell if the 
sole function of that node is to allow people living under censorship to read 
newspaper.  He said if there is a funding campaign to deploy the onion 
enterprise toolkit for news media, he will want to direct his donation 
specifically to those.  Or if he can run an exit relay ONLY for for the BBC 
news domain.  He said, then running Tor is a much easier sell to his family and 
friends.  If the police brings him in, the back and forth will not be "we 
observed spams and hacks and viruses and copyright infringements on your IP", 
but the back and forth will just be "you are reading something you should not 
read on the web" and we can have a much better chance of advocating for "Tor 
relay in every home".  We know in general Tor supports more network access than 

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[grarpamp]

> https://www.torproject.org/docs/faq#RelayOrBridge

In context of the entire wider section beyond
the former quote, where 'normal' is implied to
be 'non-exit', I'd change one entry...

> a normal relay, since we need more exits.

to

'an exit relay, since...'
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[Roger Dingledine]

On Mon, Apr 02, 2018 at 03:32:00AM -0400, grarpamp wrote:
> > https://www.torproject.org/docs/faq#RelayOrBridge
> >
> > "If you have lots of bandwidth, you should definitely run a normal relay.
> > If you're willing to be an exit, you should definitely run a normal
> > relay, since we need more exits. If you can't be an exit and only have a
> > little bit of bandwidth, be a bridge. Thanks for volunteering!"
> 
> The 'normal's above are ambiguous and conflicting.
> Replace them with 'non-exit' and 'exit'.

Ah, actually no, replace them with "relay" and "relay".

In that text, "normal relay" is as opposed to "bridge relay".

The FAQ text sure needs some updating.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[grarpamp]

> https://www.torproject.org/docs/faq#RelayOrBridge
>
> "If you have lots of bandwidth, you should definitely run a normal relay.
> If you're willing to be an exit, you should definitely run a normal
> relay, since we need more exits. If you can't be an exit and only have a
> little bit of bandwidth, be a bridge. Thanks for volunteering!"

The 'normal's above are ambiguous and conflicting.
Replace them with 'non-exit' and 'exit'.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

[Roger Dingledine]

On Sun, Apr 01, 2018 at 07:18:29PM +0200, Olaf Grimm wrote:
> Should I set up a relay or bridge on www.bhost.net or cloudflexy.org?

I still like the answer I wrote for the FAQ here:
https://www.torproject.org/docs/faq#RelayOrBridge

"If you have lots of bandwidth, you should definitely run a normal relay.
If you're willing to be an exit, you should definitely run a normal
relay, since we need more exits. If you can't be an exit and only have a
little bit of bandwidth, be a bridge. Thanks for volunteering!"

In particular, if you're going to be a bridge these days, be sure to
set up obfs4 support too, since there are few to no places in the world
where bridges are needed yet vanilla bridges (that is, bridges without
a pluggable transport too) actually work.

Thanks!
--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays