[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Re: Self hosting bridge at home - de-anonymization risk?
- To: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Subject: [tor-relays] Re: Self hosting bridge at home - de-anonymization risk?
- From: Zachary via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 29 Mar 2025 12:16:51 +0000
- Feedback-id: 27014493:user:proton
- In-reply-to: <174324960355.1168.5535452034290667274@lists-01.torproject.org>
- List-id: "support and questions about running Tor relays (exit, non-exit, bridge)" <tor-relays.lists.torproject.org>
- References: <174324960355.1168.5535452034290667274@lists-01.torproject.org>
- Reply-to: Zachary <secure-communications-zachary@xxxxxxxxxxxxx>
Hello, I just wanted to make a comment on hosting a relay at home.
> Many sites and services block access to all traffic coming from a Tor relay IP address
Having hosted a relay at my house for over a year and in an institutional setting prior to that, I have ran into very few instances of this personally. It does indeed happen and often it's extremely hard to troubleshoot because you don't realize what the problem is.
> If you host a relay on your home IP, you'll likely find that you are blocked from streaming services and other web sites
I personally don't use many streaming services, but people I live with use them as their main source of entertainment. They haven't been blocked from any streaming services, at least so far.
The only two things (that I remember/think are important) that I've been "banned" from for being a Tor Guard/Middle relay are:
1. Insurance company
2. My bank
I live in a small town and have a good working relationship with my bank, who I was able to get in touch with their hosting provider to whitelist my IP (and when it rarely changes due to a router switch-out etc. they have been very good and whitelisted my new IP no questions asked.) As for the insurance company, which is a large nationwide provider, there is no feasible way to get in contact with anyone who even knows what I am talking about. The only solution to access them unfortunately is to use my phone as a cellular hotspot to get a different WAN IP.
This doesn't always work because some routers don't announce themselves in a traceroute, but it can be very useful to run a traceroute to the website you are blocked on to see what router is actually blocking the traffic. That way when you contact the site operator you can point them in the right direction (if they are willing to help you.) If a website's upstream hosting provider is blocking the traffic, you would want to tell the website operator to tell their hosting provider that so they don't chase a red herring.
I'm not downplaying your concerns, they are 100% valid, just sharing that in my experience it has been a non-issue (except the insurance company lol.) Of course, if my bank wasn't a small local organization and they weren't willing to assist, then it would be a different story entirely and I would feel very different about it. Just for perspective, my Pihole has caused vastly more issues cutting off legitimate content than being blocked for being a relay.
Just wanted to share my thoughts. (:
Zachary
-----------
On Saturday, March 29th, 2025 at 7:00 AM, tor-relays-request@xxxxxxxxxxxxxxxxxxxx <tor-relays-request@xxxxxxxxxxxxxxxxxxxx> wrote:
> Send tor-relays mailing list submissions to
> tor-relays@xxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via email, send a message with subject or
> body 'help' to
> tor-relays-request@xxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
> tor-relays-owner@xxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-relays digest..."
>
> Today's Topics:
>
> 1. Re: Self hosting bridge at home - de-anonymization risk?
> (Ron Risley)
> 2. Re: Self hosting bridge at home - de-anonymization risk? (mpan)
> 3. Self hosting bridge at home - de-anonymization risk?
> (bjewrn2a@xxxxxxxxxxxx)
> 4. Re: Self hosting bridge at home - de-anonymization risk?
> (gerard@xxxxxxxxxxxx)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 27 Mar 2025 07:50:44 -1000
> From: Ron Risley ronqtorrelays@xxxxxxxxxx
>
> Subject: [tor-relays] Re: Self hosting bridge at home -
> de-anonymization risk?
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Message-ID: c1978073-7a34-4be4-ba69-feaada8028ac@xxxxxxxxxx
>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> On 3/26/25 11:56, bjewrn2a--- via tor-relays wrote:
>
> > That would incentivize users to also become
> > relays - why isn't it recommended more often?
>
>
> All Tor relays -- even non-exit relays -- are in a public list. Many
> sites and services block access to all traffic coming from a Tor relay
> IP address. Either they don't understand how Tor works or (more likely,
> in my experience) they're just hostile to Tor.
>
> If you host a relay on your home IP, you'll likely find that you are
> blocked from streaming services and other web sites (Cloudflare, for
> one, facilitates this and by some reports they control about 30% of web
> traffic).
>
> ------------------------------
>
> Message: 2
> Date: Thu, 27 Mar 2025 19:59:48 +0100
> From: mpan tor-1qnuaylp@xxxxxxx
>
> Subject: [tor-relays] Re: Self hosting bridge at home -
> de-anonymization risk?
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Message-ID: 3c48cbbf-1693-4f05-ab6d-9e8032989848@xxxxxxx
>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> > > > but what if you used tor normally, not through your own bridge, but through
> > > > "regular" randomly chosen 3-hop circuits and at the same time run a tor relay
> > > > (entry/middle)
> >
> > > This wouldn't require weakening the tor circuit model
> > > anymore. Yes, this is correct. The more Tor traffic goes through the machine
> > > that identifies you, the more confused an adversary is. It also makes
> > > naïve correlation attacks impossible,⁽¹⁾ and increases cost of more
> > > advanced ones.
> >
> > That is great news mpan, thank you. That would incentivize users to also become
> > relays - why isn't it recommended more often? This is the first time I ever hear
> > about it and it sounds like a powerful idea. Normally I only see tor relay
> > operators claim that they run tor relays purely altruistically:
> > https://www.reddit.com/r/TOR/comments/6znjkg/why_would_anyone_setup_a_tor_relay/
>
> To know why Tor Project itself doesn’t speak on this matter, you’d
> need to wait for a reply from somebody from the project.
>
> I may speculate, that the two topics are orthogonal: running a relay
> and using Tor. They don’t interfere with each other. In your original
> question they didn’t either. The problem was not running a relay and
> using Tor, but using Tor with the number of hops effectively reduced.
>
> It would also be a poor advice, if directed towards a person wishing
> to only connect to Tor. Running a relay from home isn’t without
> downsides. Both for the operator (bandwidth use, facing hostility) and
> the network itself (completely inexperienced person is an easier attack
> target).
>
> > Are you aware of any articles from torproject or research papers confirming that
> > hosting tor relay at your own IP does in fact help your own traffic blend in?
> > I've looked through all tor proposals (https://spec.torproject.org/proposals)
> > and many research papers (https://www.freehaven.net) and couldn't find any
> > mentions of this? Specifically for Tor? No. For exactly the same reason I can’t point
>
> you to any research that confirms, that downloading 500 kB/s and 200
> kB/s over Tor requires 700 kB/s. It’s a trivial consequence of basic
> knowledge for the given field. In this case probabilistics, flavored
> with practicality of correlation attacks and with signal processing
> basics (none of this in Tor specifically).
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 27 Mar 2025 22:08:31 +0000
> From: bjewrn2a@xxxxxxxxxxxx
> Subject: [tor-relays] Self hosting bridge at home - de-anonymization
> risk?
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Message-ID: d0d4ecac8b6e815e6a1768fb7cf32523@xxxxxxxxxxxx
>
> Content-Type: multipart/alternative; boundary=fOfmQjRb
>
> > My personal opinion is that hosting a bridge or middle at your home doesn't risk de-anonymizing
>
>
> Thank you, I am counting on that too. However, I haven't seen it recommended anywhere else before. Are you aware of any articles or studies backing this up? If that's a preferred setup I would have expected it to be more popular?
>
> > I would host a tor exit at home if I could get extra IPv4 addresses
>
>
> Interesting, I haven't thought about that.-------------- next part --------------
> A message part incompatible with plain text digests has been removed ...
> Name: not available
> Type: text/html
> Size: 528 bytes
> Desc: not available
>
> ------------------------------
>
> Message: 4
> Date: Fri, 28 Mar 2025 13:48:36 -0000
> From: gerard@xxxxxxxxxxxx
>
> Subject: [tor-relays] Re: Self hosting bridge at home -
> de-anonymization risk?
> To: "'Marco Predicatori'" marco@xxxxxxxxxxxxxx,
>
> tor-relays@xxxxxxxxxxxxxxxxxxxx
>
> Message-ID: 01f601db9fe8$1b1aeca0$5150c5e0$@bulger.co.uk
>
> Content-Type: text/plain; charset="us-ascii"
>
> I would worry about my IP address at home ending up on a blacklist, even
> with a bridge. Google and Microsoft have hidden blacklists with secret
> criteria to be listed there, and to get off them once listed is a
> long-winded pain. You only know there is an issue when emails won't
> arrive at gmail or Microsoft managed accounts and some web pages won't load.
>
> WebTunnel https bridges seems safe and so far and my three had not ended up
> on blacklists on my VPS servers. I think because they are still a minority
> sport and have not been found by the blacklisting pedants.
>
>
> Gerry
>
>
> -----Original Message-----
> From: Marco Predicatori via tor-relays tor-relays@xxxxxxxxxxxxxxxxxxxx
>
> Sent: 28 March 2025 08:02
> To: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Subject: [tor-relays] Re: Self hosting bridge at home - de-anonymization
> risk?
>
> bjewrn2a--- via tor-relays wrote on 3/26/25 22:48:
>
> > > I have a non-exit node at home, and (...) I use Torbrowser that connects
>
> with the usual 3 hops.
>
> > Thanks Marco, yes, that's what I'm hoping to setup now, as well,
> > however I haven't seen this setup recommended on the official
> > torproject websites. If you are aware of any published studies or
> > anything mentioned at conferences, please let me know. Tor network is
> > a complex subject and although it makes sense to me it doesn't mean that a
>
> professional would take the same approach.
> Sorry bjewrn2a,
>
> I'm not aware of any paper about my approach. It just makes sense to me, and
> apparently to other people in this thread. Hopefully somebody from the Tor
> Olympus will tackle the subject one day.
>
> Bye, Marco
> _______________________________________________
> tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx To unsubscribe
> send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx
>
>
> ------------------------------
>
> End of tor-relays Digest, Vol 170, Issue 25
> *******************************************
_______________________________________________
tor-relays mailing list -- tor-relays@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-relays-leave@xxxxxxxxxxxxxxxxxxxx