[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Running a Tor exit node on an academic network?
On 1/27/06, Chris Palmer <chris@xxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Arrakistor wrote:
> > I am trying to do the same thing. I would be interested in any help along these lines as well!
> Yes, maybe it's a conversation best had on-list rather than off-.
The main reason I didn't want to send my justification document to the
list is that it might expose my strategy (and any deliberation about
it) to the networking people if they monitor this list. I suppose
that might be the plays-with-lawyers-well side of me.
I could send it if others think it would be helpful (and I guarantee
that I'll write up my struggle next week after they've passed
judgement on my proposal).
I guess I'll just paraphrase the issues and academic stuff:
* They want to make sure that my Tor server is not used to attack
services/computers on the campus network. Proposal: block all exit
traffic to campus IP addresses.
* The Library has electronic subscriptions to certain services that
are based on IP addresses only. Proposal: block exit connections to
those IP addresses given a list or build a list as needed. The
eventual list could be thousands of IP addresses long which would have
a undetermined impact on Tor's performance.
* They're not confident that Tor will obey its exit policies.
Proposal: include kernel-level software firewall and possibly a
hardware-based firewall device on the Tor box.
* They're concerned about bandwidth (although this one is not a
biggie). Proposal: limit to 5% of my departments bandwidth (5MBit/s)
and then explore burst settings and see how this impacts our
As for academic justification, in addition to Dean, Sysadmin. and
multiple Faculty supporters I've noted that:
* We have a postdoc that works on reputation systems in anonymous routing.
* Journalism and Law students need a way to be able to communicate
with clients/sources and do competitive analyses in a private, secure
* Faculty need to be able to do research on student and faculty
candidates without exposing their institutional affiliation.
* Students at our school have expressed interest in using our Tor node
to incorporate onion-routing concepts into client-side privacy
protection tools and research tools (like hidden surveys and such).
* Students in networking, privacy, security and cryptography classes
(such as myself) could tinker with our Tor node and get hands-on
experience with onion-routing, cryptography an anonymity tools.
 Neither of these require a Tor node (exit or middleman) on
campus... but I'd like to make a convincing case that we need to be
supporting the network if we're going to be using its services.
I would appreciate any comments on any of this... -Joe
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (Darwin)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
Joseph Lorenzo Hall
UC Berkeley, School of Information (SIMS)
This email is written in [markdown] - an easily-readable and parseable