[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Thoughts on new relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Thoughts on new relay
From: Niklas Femerstrand <nik@xxxxxxx>
Date: Wed, 11 Feb 2015 07:19:56 +0700
Authorized-sender: nik@xxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Feb 2015 10:00:10 -0500
In-reply-to: <54D9CAB5.6090005@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <54DA01B6.7020106@xxxxxxx> <54D9CAB5.6090005@xxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There is no golden rule on when to turn a relay into a bridge or 
> vice versa. Does the relay have a dynamic IP? Do you lose 
> connectivity regularly, for longer periods? From the graph it
> looks like a nice, stable relay that has just not been up long
> enough to attract enough usage, and the only thing it needs at the
> moment is patience. It can take a relay a couple of weeks to reach
> its full potential. You might like the "lifecycle of a Tor relay"
> blog post for some explanations [1].

Static IP is in place.

We do get periodic electricity outages, but the UPS I just installed
today will hopefully cover that efficiently. For now it is only
powering the server, so outages will still affect networking equipment.

I did see the lifecycle blog post, thank you. I have been trying to
sync maintenance tasks accordingly. Our setup is a little bit ghetto,
as you can see it is still far from a HA cluster ;-)
https://i.imgur.com/OdIWCp0.jpg

> If I were you, I would just wait a while longer. We cannot know
> for sure because there has been too little investigation into how 
> exactly geographical diversity influences diversity. We do know 
> that diversity is good for the anonymity properties of Tor, and 
> that geographical location plays quite a role, both legally and 
> technically. For more information, you might want to start with
> the excellent "Users get routed" paper. [2] It would make me very
> happy to see this relay around for longer, and not have it
> "disappear to become a random bridge" just yet.

ACK. It sure sounds like operating the machine as a relay is the
preferred option so we'll be keeping it that way. I'm happy to
contribute to the geo diversity experiment. I will read the paper,
thank you.

> Should you ever run into legal trouble in Cambodia because of this 
> (I have no feeling how they feel about anonymity, now or in the 
> years to come), remember that you can contact us for help. We can 
> try to arrange lawyers, pay bribes, etc, whatever helps. ;-)

Many of the problems here are not necessarily related to what laws say
or don't say but rather how they are selectively enforced. The men in
blue won't hesitate to play dirty if something bothers the right
(wrong) people. Freedom House recently rated it as one of the most
repressive countries in the world:
http://www.phnompenhpost.com/national/cambodia-not-free-report

We have already consulted local cybercrime advisors. Not only because
of our Tor network connectivity, but because the relay plays a part in
a bigger project. We also host a Jabber server (with an OTR
requirement) and have a HTTP proxy and Mumble still in configuration
stages to enable local users to bypass local censorship and
surveillance. Yes, we have Tor as well, but the more the merrier :-)

The idea is to get some proper infrastructure up and running as a
proof of concept and later mirror that for local media outlets and
NGOs in the true Kopimi spirit on which we build. With that said, the
ambition is that any local org which chooses to replicate our system
will also be running Tor relays - then hopefully that can give us a
nice little boost.

I apologize if this sounds like advertisement. I needed to portray the
full image to make the point that it is not only the Tor relay which
may end up gaining the "wrong" people's interest. To make it more
obvious that this is not self advertising I will not write the URL to
the project that I described above, just in case.

As for what the local regim-- government is interested in doing,
please see the following links:

https://www.cambodiadaily.com/news/police-inspected-telecom-firms-routers-records-73833/
https://www.cambodiadaily.com/news/govt-plans-to-install-surveillance-equipment-73911/
https://www.cambodiadaily.com/news/china-gives-3m-for-phnom-penh-surveillance-system-66349/

And, of course, the usual suspects:

http://www.phnompenhpost.com/columns/big-brother-watching-closely

> If you think it is theoretically possible to run exits there, and 
> you can find an ISP that is willing to do it, but don't want to 
> take the risks, we can also discuss if it would be possible for 
> Torservers.net to legally run it instead of you.

This is a very intriguing idea and I am very flattered that it would
even be a theoretical possibility. I definitely have a network of
contacts available for directing these sorts of questions to, but as
IANAL I would have to consult with our friends in the legal team.

Thank you for addressing the relay vs. bridge topic and clearing those
things out.

qnrq


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJU2qApAAoJEHxAR3sGx+rLHTwQAJSl232y/FOBvQVZisztlL6s
vfAhuHbseAxHFhwpwEofKKtWd5MyzounOB9mYUg3lV2SMyyvrp/QQFyW9Rr96UXt
vL/cBpPxPh0nZzIIPETxKgqWhFVciQgCj0s3oCq/d/l8iICH26IuwNQVDnHBOwOo
Sk5YQ4GmmTOb1jZ1j/LhfusJfwGM3KT8IHlylfU6lK9+8G7Eeor+sZvcKNadyp1p
ZxLh9AJK7gumPymqoHEtUjVq8V8q4Urm/sR3r0DFDhQtlKwjPNeSkmK1rcuiO9H8
VUlPMciymIkMJz58rtJTe8tICQalySUyYWPbPOMP5/19acPgwSaKTglRW/vQJgF0
YVV93Z6MZwdORZtQ/mGrxqoKbkNuEbE9WtZ0FdwQsTlHQpjgXJWNtr3MBr8kj3bw
tzitg5kFpAp0YYCKhF1Ld0MF8ule5fT7+hJ1He/WKRC+nokkQlHKytBqCoYSjtJf
q/BW6M9xlMiOPIe8l8S+MFGIzIx7bZ0gxMAtwMYfGwEttWhr6qT1eJi7BFyXRiqx
iVz314Qj27wf9bjf9Ea63qrFy0FrpNs4C8chJSi++CDG94z2Pa1e/9qfW3nRg1G1
VQsMAoqEYcDOyVZ/pF8zmfEobhRChKW/kX495YEgLtem4iVZxiLm/qlx7e16CPnT
JiNymyeVuAPYE1ogNpgz
=nDCY
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] Thoughts on new relay
  - From: Niklas Femerstrand
- Re: [tor-relays] Thoughts on new relay
  - From: Moritz Bartl

Prev by Author: [tor-relays] Thoughts on new relay
Next by Author: Re: [tor-relays] Same relay (identity key) on two IPs
Previous by thread: Re: [tor-relays] Thoughts on new relay
Next by thread: [tor-relays] Is Bridges supposed to get a gurard flag?.
Index(es):
- Author
- Thread