[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Fwd: Tor exits in .edu space



Paul is not on the list. Forwarding his reply at his request.
Archives: http://archives.seul.org/or/talk/
Thanks Paul!

Also, other than picking fqdn's off torstatus, I thought to
check the contact fields for edu addresses and/or check
ip space. Some might see that as spammy. Perhaps not
given the useful and informative responses so far. It would
be worthwhile if more insight is desired sometime.

---------- Forwarded message ----------
From: Paul Stauffer <paulds@xxxxxx>
Date: Thu, 27 Jan 2011 13:32:51 -0500
Subject: Re: Tor exits in .edu space
To: grarpamp <grarpamp@xxxxxxxxx>
Cc: or-talk@xxxxxxxxxxxxx, timothy.e.hayes@xxxxxxxxx, tor@xxxxxxxxx

On Thu, Jan 27, 2011 at 01:23:02AM -0500, grarpamp wrote:
> Just noticed a couple Tor exits in American .edu space.
> Wanted to see how that is working for you?
> Any issues you have running it?
> How do you handle 'abuse' issues?
> What your justifications and approaches were to start
> and ongoing?

On the whole it's been working fairly well for us.  We've been running a Tor
exit node for about 5 years now.  Officially it is a project sponsored by
one of the faculty in our department who does research on anonymity,
privacy, cryptography, etc, so that has allowed us a bit of leeway with the
university administration in the name of academic freedom, which we wouldn't
have if this was just someone's personal toy.  We did not seek official
approval before setting it up, but we did inform the central IT Incident
Response Team team of what we were doing, since we realized they'd probably
be receiving abuse complaints related to the machine.

On a technical level, we're running on old spare hardware; a dedicated
machine, but nothing fancy.  It's completely stand-alone, and doesn't have
any dependency or relationship to any other system of ours; this was
originally done out of paranoia, in case someone showed up at the door with
a warrant to sieze the machine.  It also logs *nothing*, which turned out to
be a lot more complicated than simply disabling syslog. :)  The system has a
full gigabit speed connection to the Internet and Internet2, but our Tor
traffic seems to stay pretty steady right around 30Mbps 24x7.  I've been
told by the networking people that this machine is the single largest
bandwidth user at BU, which again might be a problem if we didn't have
official faculty support.  Originally the machine was located on one of our
normal internal subnets, but at some point we were given a private subnet
that is located external to the campus firewall, so as far as the university
is concerned, our Tor server is treated as being outside the campus network.
In addition to the normal default exit policy, we have always blocked any
exit traffic destined for BU's own IP space; this was done primarily for
legal compliance reasons, since there are a number of licensed services
available to anyone with a BU IP address that we are contractually obligated
to not make available to outside users.

Initially the IRT simply forwarded all complaints to us, and we sent back an
appropriate form letter explaining what Tor was, etc.  Probably at least 95%
of the complaints were DMCA takedown requests for P2P traffic.  At the peak
we were getting at least one a day.  After about two years IRT decided that
they would no longer bother to forward these requests to us, and I believe
now they don't even bother responding to DMCA notices for the Tor server.

We have periodically had inquiries from law enforcement, at the state and
federal level, US military, other "interesting" govt agencies, and the
occasional foreign law enforcement organization.  These inquiries have
generally been handled in conjunction with BU's General Counsel office,
which required some initial education, but they have been quite helpful and
supportive in all our interactions.  In most cases, these inquiries went
something like this: "It's a Tor node.  Here's what that means..." "Oh ok,
thanks for the explanation, sorry to bother you."  We've had a few inquiries
that required more effort to make them go away, and we're currently dealing
with a more persistent person in the Mass Attorney General's office, but so
far nothing has ever escalated further than that.

> Anything we can do to support more nodes in other edu space?

Based on our experience, the main two bits of advice I would give other .edu
sites are:

- Find an appropriate faculty sponsor for the project.  If you can come up
  some some sort of interesting Tor-related research ideas, all the better.
  Leverage that academic freedom!

- Inform the IT people and the General Counsel of what you're doing before
  they start to get complaints.  Some education may be required.  Offer to
  sit down with them and explain in whatever detail they'd like what Tor is
  and how it works, and answer any questions they might have.  If they have
  specific technical requests regarding your exit policy, bandwidth levels,
  or whatever, do your best to accommodate them.  Whatever you can do to
  make their lives easier will be worth it in keeping their support.

> Nice having you guys around as nodes, thanks.

No problem.  It's nice having Tor around.  Sites like ours have hardware and
bandwidth to spare, and a lot more freedom to act than many other folks, so
it has always seemed like a good match to me.

cheers,
- Paul

-- 
Paul Stauffer <paulds@xxxxxx>
Manager of Systems Administration
Computer Science Department
Boston University
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/