Re: [tor-relays] Reimbursement of Exit Operators
On Wed, Sep 18, 2013 at 09:07:14PM +0300, J.C. wrote: Another amateur relay operator here, i run the node namelesshero and I sure hope however this cost reimbursing plan eventually pans out, it won't discourage small folk like us from running relays. I, too, believe the exact opposite is desirable instead. I'll admit i'm not quite sure if i understand the concept here but mixing monetary compensation with voluntary activity doesn't sound good to me at a first look. I'm the operator of the noisetor exits (tor.noisebridge.net). We're currently fairly comfortable on the money side, just based on individual supporters' donations (and a few large donations as well). I don't have a problem with the Reimbursement program, although Noisetor is not currently planning to participate due to a lack of need on our end. I certainly hear your concern, JC, about the potential for $$ to drive out volunteer operators. While it's not entirely clear, it seems from experience that large/fast exits are more beneficial to the network than small/slow exits. However, centralization is bad for the network, too. I think that the best thing we could do as a community is increase the number of fast-but-not-too-big exits, I'd like to see a lot more 100 Mbps Fast/Stable/Exit nodes run by individual operators. (I'd also like to see a few more 300 - 500 Mbps exits to compete at the top of the list with Torservers, Noisetor, DFRI, torland, et al.) These servers cost enough to run that it's probably good, overall, to provide a way for the costs to be borne by the larger organization. Hopefully the Reimbursement program will help, there. I'm pretty skeptical of the conspiracy theories around Tor. The Project is extremely open with their financial, organizational, and technical aspects. The most principled, anti-authoritarian, paranoid, willing-to-go-public-in-a-minute-if-necessary hackers I know work at Tor, and if there were even the slightest hint of collusion with the surveillance state I'm extremely confident that it would be exposed in moments. -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Friday 20/09/2013 at 6:37 am, Moritz Bartl wrote: I don't think exit relay operators are in a position to have anonymity in the first place. It is fine if you manage to pay for and run your relay anonymously, but I doubt it will survive more than a few LEA inquiries where they end up with a fake name instead of a real contact. I get the sense that there are some exit node operators who can't attempt it or deliberately aren't for reasons related to the direct ownership of abuse complaints. But there are some where there could be ambiguity. It is not always clear-cut who the end-user of each service is. Things like leased servers with multiple sub-users, roommate/shared internet, shared VPNs, shells given away to friends, etc, are a part of it. How is the method of transferring funds relevant to liability or risk in that respect? What method of transfer would change anything about that? It's not all about the method. Thoughts are: - One way to damage Tor would be to mess things up for exit node operators either personally or professionally. IMO the less 'they' know about exit operators, the less damage they can do with that kind of approach. That would include information obtained from getting to know someone on IRC in this context, as you don't really know who you are talking to or if you're being monitored. - If authorities can ever build a case where Tor can be accused of being a dirty little network which hosts criminal content and profits from it, it seems that it could be fucked. I already saw Tor identified by one media source as simply being an internet network that criminals use. We know that this isn't a fair description but I'm not sure that would make a difference if certain cards get played? - When you can be demonstrated to have received money, depending upon what that money was sent for, it can be used against you. If money was to be sent, it seems better if it were done as a consulting sort of agreement? It would be invoiced like any other internet consulting service you are willing to provide (and it wouldn't be the only service offered). It wouldn't involve personal-feeling chats on IRC, it would be a professional relationship. What do you think? I don't want to scare anyone away with this stuff. Just feel like we should be more careful than what I was reading. Doesn't feel right to encourage exit node operators to show up on IRC with their bank account #s ready to go. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On 09/21/2013 01:48 PM, t...@t-3.net wrote: - If authorities can ever build a case where Tor can be accused of being a dirty little network which hosts criminal content and profits from it, it seems that it could be fucked. That's exactly why we encourage exit operators to defend the right for anonymity in the clear, instead of hiding. I feel much better knowing who runs the high bandwidth relays. If the alternative is to not know who and why exactly does it, and if the financial flows are disguised, this would make me and others uncomfortable, right? I don't want to scare anyone away with this stuff. Just feel like we should be more careful than what I was reading. Doesn't feel right to encourage exit node operators to show up on IRC with their bank account #s ready to go. I believe you misunderstand the relationships we're having with the exit relay operators that are currently partners. All of them are public, non-profit, registered entities, and usually already list their bank account on their websites for donations. See https://www.torservers.net/partners.html for a list and links. All our partners speak up in the public, on events, on Cryptoparties, in the European parliament and whatnot. It's not like they can or want to hide themselves. When I talk of a personal relationship, I ask for more than simply popping up on IRC and giving me your bank account details. We don't hire consultants or exit relay operators. We reimburse part of the costs that occur when you operate a high bandwidth relay, mainly traffic costs. In an ideal world, more people would run exits and donate spare bandwidth. Unfortunately, the minority that abuses Tor mostly destroys this option. Many ISPs don't want to deal with the abuse, you should use dedicated hardware and IPs for exits, etc. 1 Gbit/s in USA and Germany is 500 Euro, 1 Gbit/s in Denmark is 1000 Euro, 1 Gbit/s in Hong Kong is 8000 Euro. I think it is fair to - give people and organizations that want to contribute the ability to do so with donations - help operators with some of the costs Yes, this could be even more professional. Some people see a business model here. From the start, we've been offering the we will run your relay model, where you can choose relay name, exit policy and customize the website that shows up on the relay IP. Since Tor relays can and will be used by all users and you don't exactly buy a personal service, it makes sense to do it as a non-profit rather than a for-profit (the literal translation from the German equivalent, and more fitting in my eyes, is beneficial to the public). Remember that you can still perfectly well pay people for their work as a non-profit if you want to. The most important thing to remember here is that we really don't want to change the economics of the current network. We want to add to it. -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On 09/19/2013 12:06 AM, Roger Dingledine wrote: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity I don't think exit relay operators are in a position to have anonymity in the first place. It is fine if you manage to pay for and run your relay anonymously, but I doubt it will survive more than a few LEA inquiries where they end up with a fake name instead of a real contact. How is the method of transferring funds relevant to liability or risk in that respect? What method of transfer would change anything about that? Think bigger -- for example, if you run a bunch of fast exits you can coordinate with your favorite non-profit charity (EFF, CCC, etc) for them to get a monthly wire transfer from Wau Holland because of (on behalf of) your relays. Moritz, does the current contract approach support (allow) this idea? Yes, certainly it does. We have brokered similar 'deals' for people in the past, mostly because they want the legal protection of an organization for their exit. That's how many of the CCC relays work also. -- Moritz Bartl https://www.torservers.net/ ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On 9/18/13 2:53 AM, Damian Johnson wrote: Unless maybe stem already does exactly this for us? Yup, stem parses the extrainfo descriptors... https://stem.torproject.org/api/descriptor/extrainfo_descriptor.html#stem.descriptor.extrainfo_descriptor.ExtraInfoDescriptor The only pesky bit is that you'll need to download a lot of descriptors from metrics (I assume you need the entries published over a long period of time?). Parsing extra-info descriptors is only step one. Time periods of contained byte histories can overlap quite substantially. You'll need a database or efficient file format to avoid over-counting. For example, assume you have an extra-info descriptor with these lines: extra-info torrelayfishsticks 9FD2E81F27FB2628B3FEABEB2E66854984E48ABB write-history 2013-09-03 01:35:10 (900 s) [...] 37888,37888,61440,786432 A simple but expensive solution would be to write lines like this to a file: 9FD2E81F27FB2628B3FEABEB2E66854984E48ABB,2013-09-03 01:35:10,w,786432 9FD2E81F27FB2628B3FEABEB2E66854984E48ABB,2013-09-03 01:20:10,w,61440 9FD2E81F27FB2628B3FEABEB2E66854984E48ABB,2013-09-03 01:05:10,w,37888 9FD2E81F27FB2628B3FEABEB2E66854984E48ABB,2013-09-03 00:50:10,w,37888 Once you have that, you sort that file, throw out duplicate lines, and sum up values by fingerprint, date, and read/write. This approach works fine if you need to evaluate byte histories once per month or so and if it's okay for the job to run a few hours. If you want to do this more often, you might want to use a database for this. See https://gitweb.torproject.org/metrics-tasks.git/tree/HEAD:/task-8462 for a related approach. The file based approach is much simpler though. All the best, Karsten ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
Roger Dingledine: On Tue, Sep 17, 2013 at 08:27:57PM +0200, Moritz Bartl wrote: The recipient share is calculated from the throughput per relay * country factor It might be worthwhile to make it clearer what throughput is here. I hope it's not consensus weight, since that's not really a measure of how much use the relay sees. It could be the bandwidth listed in the descriptor, though that could be gamed. The script is currently using the bandwidth reported in the descriptor. It skips unmeasured entries. I am not sure I fully understand to what extent it can be gamed. I'd be grateful for a summary. :) -- Lunar lu...@torproject.org signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Sep 18, 2013 7:11 AM, t...@t-3.net wrote: I wonder if I am the only one who finds this creepy, in light of all of the news that has come out lately about the banking systems having been hacked, etc. This kind of thing would draw a direct line of sorts to the bank account of the person/company involved with the exit node. This information could be used later by someone who doesn't have the person's best interest in mind. While that's true, there's no requirement to be reimbursed. And there is a path forward: create or work with a trusted organization who is willing to shoulder liability, risk, and expense of investigating the legality and tax consequences, and then actually executing, reimbursing people through anonymous means. It's not easy. May not even be possible. But there is a rigid but not inflexible framework of tax law that must be worked within. IMO, this is net gain. Excited to see it happen, and congrats to all whose hard work has brought it here. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On 18 September 2013 08:10, t...@t-3.net wrote: The OP I saw said: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity within our currently hacked banking system. It's not related to taxation or what organization may or may not be trusted. It's about what information is being gathered from the system by 3rd parties for possible use tomorrow. Sure, right now. But he said: On 17 September 2013 14:27, Moritz Bartl mor...@torservers.net wrote: The Wau Holland Foundation agreed to be one of the organizations willing to handle the money and pass it on to other entities, be it single operators or organizations. Both Torproject and Wau Holland Foundation checked with their lawyers to see if this turns into a problem about liability, and it looks like it does not. We're open for more organizations to join in to manage the reimbursement process, but this is what we've got for now. So from my perspective, if, say, the Bitcoin Foundation came forward and said Our lawyers are cool with reimbursing anonymous people via Bitcoin, and we're cool shouldering the accounting/taxation burden. - then it might happen. But ultimately there is accounting, taxation, and legal liability that must be shouldered by someone. So far only Wau Holland has stepped up. But it's not to say someone couldn't. -tom ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On 09/18/2013 07:31 AM, Tom Ritter wrote: On Sep 18, 2013 7:11 AM, t...@t-3.net mailto:t...@t-3.net wrote: I wonder if I am the only one who finds this creepy... Nope, I don't think so. Perhaps it's the timing. In this post-Snowden period most everything is a little bit creepy. There's plenty of FUD to go around. A position paper from Torproject on this and other recent issues would be handy about now. I'm an independent exit pushing about 2GB/day so I don't see a compensation opportunity. Anyway, I don't want to give up my amateur status. :) Still, for big guys who do have financial considerations and are probably better positioned to handle risk this could make sense. I'm sure Torproject would love to have a few thousand more folks like me, but that's a marketing issue that probably spins around getting Tor greater visibility in the mainstream net. Rick ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Wed, 18 Sep 2013 13:36:39 -0400 Rick reru...@gmail.com wrote: Nope, I don't think so. Perhaps it's the timing. In this post-Snowden period most everything is a little bit creepy. There's plenty of FUD to go around. A position paper from Torproject on this and other recent issues would be handy about now. Does this qualify as a position paper? https://blog.torproject.org/blog/turning-funding-more-exit-relays -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
It's a little old. Posted July 24, 2012 We knew a lot less on that date. On Wednesday 18/09/2013 at 3:08 pm, Andrew Lewman wrote: On Wed, 18 Sep 2013 13:36:39 -0400 Rick reru...@gmail.com wrote: Nope, I don't think so. Perhaps it's the timing. In this post-Snowden period most everything is a little bit creepy. There's plenty of FUD to go around. A position paper from Torproject on this and other recent issues would be handy about now. Does this qualify as a position paper? https://blog.torproject.org/blog/turning-funding-more-exit-relays -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Wed, Sep 18, 2013 at 08:10:25AM -0400, t...@t-3.net wrote: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity Think bigger -- for example, if you run a bunch of fast exits you can coordinate with your favorite non-profit charity (EFF, CCC, etc) for them to get a monthly wire transfer from Wau Holland because of (on behalf of) your relays. Moritz, does the current contract approach support (allow) this idea? To reiterate, this is not meant to be a money-making opportunity for relay operators. It's great that many people have found ways to run relays cheaply, and that is and needs to remain a big part of what the Tor community is about (and how the Tor network is as large, diverse, and sustainable as it is). But that said, the biggest cost in running very large exit relays is generally not the monetary cost for bandwidth and hosting, so if we can make that less of a burden for people who otherwise want to put in the rest of the effort, that sounds to me like a great thing to try. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
Think bigger, say what? Certain of the world's biggest and most well-funded intelligence agencies hate personal privacy on the internet so much that they've been going to extreme efforts to destroy it. They are packet sniffing the NAPs and fiber backbones to pull out everything they can, they hacked/broke HTTPS, they are backdoored into the big content providers, they hacked the banking system, they are apparently 'in' some hardware crypto chips - the list goes on - They infiltrated the tech groups which were designing software and hardware and sabotaged their work, making their crypto be weaker/breakable and their systems easier to hack into. They use the vulnerabilities they created to their own ends. As of today, Tor appears to provide privacy, at least as far as the .onion sites goes. Maybe it even works for it's entire function of providing anonymous internet browsing. 'They' would definitely want to be IN this thing, because they either want to compromise it, or if that doesn't work well enough, destroy it. 'They' are known to infiltrate and be influential in getting what they want. Literally, they are professionals at this. 'Getting to know' the exit relay operators and identifying their bank accounts would help facilitate things when it came time for them to make their move. In the context of September 2013, this whole thing is scary. It was perhaps not scary in September of 2012, when we didn't know anything. Also. It makes me wonder things when, for example, you say Think bigger while pointing to a couple of potential dollars in someone's pocket. Safeguarding the operators of the exit relays is a bigger deal than chump change. I'm not making an honest accusation but, to the people who are the most vocal in approving of this - you don't work for the NSA, right? :) On Wednesday 18/09/2013 at 6:08 pm, Roger Dingledine wrote: On Wed, Sep 18, 2013 at 08:10:25AM -0400, t...@t-3.net wrote: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity Think bigger -- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
While I believe you have a good point On Wed, 18 Sep 2013 19:29:26 -0400, t...@t-3.net wrote: Think bigger, say what? Certain of the world's biggest and most well-funded intelligence agencies hate personal privacy on the internet so much that they've been going to extreme efforts to destroy it. They are packet sniffing the NAPs and fiber backbones to pull out everything they can, they hacked/broke HTTPS, they are backdoored into the big content providers, they hacked the banking system, they are apparently 'in' some hardware crypto chips - the list goes on - They infiltrated the tech groups which were designing software and hardware and sabotaged their work, making their crypto be weaker/breakable and their systems easier to hack into. They use the vulnerabilities they created to their own ends. As of today, Tor appears to provide privacy, at least as far as the .onion sites goes. Maybe it even works for it's entire function of providing anonymous internet browsing. 'They' would definitely want to be IN this thing, because they either want to compromise it, or if that doesn't work well enough, destroy it. 'They' are known to infiltrate and be influential in getting what they want. Literally, they are professionals at this. 'Getting to know' the exit relay operators and identifying their bank accounts would help facilitate things when it came time for them to make their move. In the context of September 2013, this whole thing is scary. It was perhaps not scary in September of 2012, when we didn't know anything. Also. It makes me wonder things when, for example, you say Think bigger while pointing to a couple of potential dollars in someone's pocket. Safeguarding the operators of the exit relays is a bigger deal than chump change. I'm not making an honest accusation but, to the people who are the most vocal in approving of this - you don't work for the NSA, right? :) this is probably about making it easier for big exit operators to afford lawyers for when 'they' come around using the law as 'their' tool. :/ If your BW bill is paid, more $$$ to keep you out of jail. Best, -Gordon M. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Wed, 18 Sep 2013 08:10:25 -0400, t...@t-3.net wrote: The OP I saw said: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity within our currently hacked banking system. It's not related to taxation or what organization may or may not be trusted. It's about what information is being gathered from the system by 3rd parties for possible use tomorrow. I suspect the methods of value transfer can be added to in the future. There's another perspective to this as well. Speaking objectively and without knowledge of the organization involved, and nothing personal intended. It may be worth noting that certain presumably-Tor-hostile and well-funded agencies are known to infiltrate the tech organizations/efforts which they wish to weaken, and influence them from the inside. In this context, seeing Tor's exit node operators being offered cash via bank transfer is waist-deep into creepy. On Wednesday 18/09/2013 at 7:38 am, Tom Ritter wrote: create or work with a trusted organization who is willing to shoulder liability, risk, and expense of investigating the legality and tax consequences, and then actually executing, reimbursing people through anonymous means.It's not easy. May not even be possible. But there is a rigid but not inflexible framework of tax law that must be worked within. Bitcoins, until they're banned, from the entity receiving the bank transfer and delivering a middle finger to whoever's askin'. :P IMO, this is net gain. Excited to see it happen, and congrats to all whose hard work has brought it here. +1. Best, -Gordon M. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
On Wed, 18 Sep 2013 19:29:26 -0400 t...@t-3.net wrote: In the context of September 2013, this whole thing is scary. It was perhaps not scary in September of 2012, when we didn't know anything. Just a point that many in the tech community knew what was happening, at some level, for the past decade. It's now that we have more data to back it up. Three years ago, many in the Tor community were called pathologically paranoid for our talking about stalking with technology (some call this tracking, advertising, snooping, packet sniffing, etc) on a global scale. It doesn't seem so far fetched now. In fact, some countries have been honing these practices for a decade or so. Torservers, Noisebridge, and others have been taking money in exchange for running exit relays for a few years. For the vast majority of people (which includes organizations), it's far easier to transfer money to someone who can run an exit relay than it is to setup one themselves. I'm sure there will be sketchy orgs trying to turn currency into exit relays. It's a fact of growing an ecosystem. I suspect most of the cost of running a relay isn't the relay itself, but the people to keep it running. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
Unless maybe stem already does exactly this for us? Yup, stem parses the extrainfo descriptors... https://stem.torproject.org/api/descriptor/extrainfo_descriptor.html#stem.descriptor.extrainfo_descriptor.ExtraInfoDescriptor The only pesky bit is that you'll need to download a lot of descriptors from metrics (I assume you need the entries published over a long period of time?). ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Reimbursement of Exit Operators
Isn't it reimbursement for running a relay? How much Tor uses it is not directly due to the cost. If the relay is set to be used fully as Tor might use it and is not a particularly costly server isn't it of equal value? FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays