Hi, As gus pointed out, Hetzner, OVH, Online S.A.S (now owned by and called Scaleway), and DigitalOcean should be avoided at all costs, and yes, even for bridges.
Please try to find a host that hosts as few (publicly listed) tor relays as possible for your bridge or relay. - William On 02/04/2021, Keifer Bly <keifer....@gmail.com> wrote: > Would running a bridge on ovh be ok? Thanks. > --Keifer > > > On Thu, Apr 1, 2021 at 1:29 AM William Kane <ttall...@googlemail.com> > wrote: > >> Hi, >> >> no, OVH is the second most commonly used hosting provider, another >> relay hosted there would hurt the network more than it would help: >> >> https://metrics.torproject.org/bubbles.html#as >> >> We need to make the network as diverse as possible, in order to make >> it as hard as possible for law enforcement and other bad actors to >> de-anonymize tor circuits. >> >> If you really want to help us out, here's what I advise you to do: >> >> - Rent a dedicated machine, with a new-ish CPU (supporting VT-x and >> AES-NI, and good single thread performance since tor is mostly >> single-threaded). >> - Get your own subnet, it doesn't have to be huge, but make sure you >> are allowed to change the abuse-mailbox field to an e-mail you own, so >> your host doesn't get flooded with automated and mostly useless abuse >> reports and terminates your service in response. >> - Make use of QEMU/KVM and create one virtualized instance for each >> set of two relays (maximum amount of relays sharing the same public >> address is 2). >> - Make use of the CPU-pinning feature offered by libvirt, and the >> isolcpus kernel argument to isolate all but two cores from the >> kernel's scheduler, and pin two cores to each VM. >> - Disable all CPU mitigations (mitigations=off on the kernel command >> line) to increase performance, since you are only installing signed >> packages anyway, there is no untrusted code running on the system, >> which means there is no need for any mitigations to be active. >> - Make sure you have an unmetered traffic plan and at the very least >> 1, but best case 2 1Gbit/s uplinks. >> >> With a somewhat modern CPU supporting hardware AES acceleration, this >> should get you 150 to 200 Mbps per tor instance, at least that's my >> experience when I ran the setup described above around 4 years ago. >> >> On a last note, whatever you decide to do, please don't settle for >> some overused host just because it's easier or cheaper - you might as >> well not host a relay at all, then. >> >> Look for a host, get it's AS ID, then input it here: >> https://metrics.torproject.org/rs.html#search/as:<AS_NUMBER> >> >> Example: >> >> https://metrics.torproject.org/rs.html#search/as:AS197019 >> >> If this was a bit too much, I apologize - I will gladly answer any >> questions you have. >> >> - William >> >> On 30/03/2021, Keifer Bly <keifer....@gmail.com> wrote: >> > Hi, >> > >> > >> > >> > I am wondering if OVH is a safe VPS provider to run an exit relay on? >> Thank >> > you. >> > >> > >> > >> > --Keifer >> > >> > >> _______________________________________________ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
