[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Amazon Cloud server



Why are we encouraged to use the Amazon Cloud VPS's for bridges only?  Why not set up some as relays?
~~Rhon

--
Rhona Mahony
rmahony@xxxxxxxxxxxx
**Try https://duckduckgo.com, 
a search engine that keeps no 
record of your searches.
Tips at: http://donttrack.us/**

----- Original Message -----
From: tor-talk-request@xxxxxxxxxxxxxxxxxxxx
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sent: Tue, 15 Nov 2011 11:16:17 -0800 (PST)
Subject: tor-talk Digest, Vol 10, Issue 34

Send tor-talk mailing list submissions to
	tor-talk@xxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
or, via email, send a message with subject or body 'help' to
	tor-talk-request@xxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
	tor-talk-owner@xxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-talk digest..."


Today's Topics:

   1. Re: Run Tor as a bridge in the Amazon Cloud (Jan Weiher)
   2. Re: Run Tor as a bridge in the Amazon Cloud (Runa A. Sandvik)
   3. Re: Run Tor as a bridge in the Amazon Cloud (Roger Dingledine)
   4. Re: Run Tor as a bridge in the Amazon Cloud (Jan Weiher)
   5. Re: Run Tor as a bridge in the Amazon Cloud (Runa A. Sandvik)
   6. tor net questions (audd)
   7. Re: tor net questions (Roger Dingledine)
   8. Re: tor net questions (audd)


----------------------------------------------------------------------

Message: 1
Date: Tue, 15 Nov 2011 17:40:31 +0100
From: Jan Weiher <jan@xxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Run Tor as a bridge in the Amazon Cloud
Message-ID: <4EC295FF.3070708@xxxxxxxx>
Content-Type: text/plain; charset=windows-1252

Am 15.11.2011 07:52, schrieb Runa A. Sandvik:
> On Tue, Nov 15, 2011 at 1:28 AM, Mike Damm <mike@xxxxxxxx> wrote:
>> On Monday, November 14, 2011 9:30 PM, "Runa A. Sandvik"
>> <runa.sandvik@xxxxxxxxx> wrote:
>>> Hi everyone,
>>>
>>> The Tor Cloud project gives you a user-friendly way of deploying bridges
>>> to help users access an uncensored Internet. By setting up a bridge, you
>>> donate bandwidth to the Tor network and help improve the safety and
>>> speed at which users can access the Internet.
>>>
>>> Setting up a Tor bridge on Amazon EC2 is simple and will only take you a
>>> couple of minutes. The images have been configured with automatic
>>> package updates and port forwarding, so you do not have to worry about
>>> Tor not working or the server not getting security updates.
>>
>> https://www.torproject.org/docs/faq#MultipleRelays says:
>> "Great. If you want to run several relays to donate more to the network,
>> we're happy with that. But please don't run more than a few dozen on the
>> same network, since part of the goal of the Tor network is dispersal and
>> diversity."
>>
>> I'm curious to know if 'MyFamily' is properly set on these instances, or
>> if Tor plans to bucket all instances within EC2 as part of the same
>> family?
>>
>> Assuming this is a non-issue... looks very awesome!
> 
> A bridge should not specify the ?MyFamily? option. You won't run a
> middle relay or an exit relay in the cloud, so this shouldn't be an
> issue.
> 

As far as I understand, this is correct if you only run bridges (because
a circuit never uses two bridges), but what if someone (like me) runs a
bridge and a normal relay as well? IMHO you don't want to use a relay
which is operated by the same operator as your bridge? Please correct
me, if I'm wrong.

Jan


------------------------------

Message: 2
Date: Tue, 15 Nov 2011 17:29:12 +0000
From: "Runa A. Sandvik" <runa.sandvik@xxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Run Tor as a bridge in the Amazon Cloud
Message-ID:
	<CAMtFrUHVKzP5vKMkRtFatdV-b_9Gg+uz1iT9QJexDkC-RScf7Q@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=windows-1252

On Tue, Nov 15, 2011 at 4:40 PM, Jan Weiher <jan@xxxxxxxx> wrote:
> Am 15.11.2011 07:52, schrieb Runa A. Sandvik:
>> On Tue, Nov 15, 2011 at 1:28 AM, Mike Damm <mike@xxxxxxxx> wrote:
>>> On Monday, November 14, 2011 9:30 PM, "Runa A. Sandvik"
>>> <runa.sandvik@xxxxxxxxx> wrote:
>>>> Hi everyone,
>>>>
>>>> The Tor Cloud project gives you a user-friendly way of deploying bridges
>>>> to help users access an uncensored Internet. By setting up a bridge, you
>>>> donate bandwidth to the Tor network and help improve the safety and
>>>> speed at which users can access the Internet.
>>>>
>>>> Setting up a Tor bridge on Amazon EC2 is simple and will only take you a
>>>> couple of minutes. The images have been configured with automatic
>>>> package updates and port forwarding, so you do not have to worry about
>>>> Tor not working or the server not getting security updates.
>>>
>>> https://www.torproject.org/docs/faq#MultipleRelays says:
>>> "Great. If you want to run several relays to donate more to the network,
>>> we're happy with that. But please don't run more than a few dozen on the
>>> same network, since part of the goal of the Tor network is dispersal and
>>> diversity."
>>>
>>> I'm curious to know if 'MyFamily' is properly set on these instances, or
>>> if Tor plans to bucket all instances within EC2 as part of the same
>>> family?
>>>
>>> Assuming this is a non-issue... looks very awesome!
>>
>> A bridge should not specify the ?MyFamily? option. You won't run a
>> middle relay or an exit relay in the cloud, so this shouldn't be an
>> issue.
>>
>
> As far as I understand, this is correct if you only run bridges (because
> a circuit never uses two bridges), but what if someone (like me) runs a
> bridge and a normal relay as well? IMHO you don't want to use a relay
> which is operated by the same operator as your bridge? Please correct
> me, if I'm wrong.

Yes, you should set the MyFamily option in the Tor configuration file
if you run both a bridge and a relay.

-- 
Runa A. Sandvik


------------------------------

Message: 3
Date: Tue, 15 Nov 2011 12:33:36 -0500
From: Roger Dingledine <arma@xxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Run Tor as a bridge in the Amazon Cloud
Message-ID: <20111115173336.GX5287@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Tue, Nov 15, 2011 at 05:29:12PM +0000, Runa A. Sandvik wrote:
> >> A bridge should not specify the ?MyFamily? option. You won't run a
> >> middle relay or an exit relay in the cloud, so this shouldn't be an
> >> issue.
> >
> > As far as I understand, this is correct if you only run bridges (because
> > a circuit never uses two bridges), but what if someone (like me) runs a
> > bridge and a normal relay as well? IMHO you don't want to use a relay
> > which is operated by the same operator as your bridge? Please correct
> > me, if I'm wrong.
> 
> Yes, you should set the MyFamily option in the Tor configuration file
> if you run both a bridge and a relay.

No, this is dangerous: if you list your bridge as part of your family in
the relay descriptor, then everybody can learn your bridge fingerprint,
and they can look up your bridge's descriptor (and thus location) at
the bridge directory authority.

We currently don't have a good answer for putting bridges and relays
in the same family. Suggestions welcome. (Note that if the bridge and
the relay are in the same /16 network, Tor clients will automatically
know they're in the same family. So the unsolved case is where they're
in different networks but operated by the same human. My inclination is
to not worry about it that much.)

--Roger



------------------------------

Message: 4
Date: Tue, 15 Nov 2011 18:48:57 +0100
From: Jan Weiher <jan@xxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Run Tor as a bridge in the Amazon Cloud
Message-ID: <4EC2A609.8040903@xxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1



Am 15.11.2011 18:33, schrieb Roger Dingledine:
> On Tue, Nov 15, 2011 at 05:29:12PM +0000, Runa A. Sandvik wrote:
>>>> A bridge should not specify the ?MyFamily? option. You won't run a
>>>> middle relay or an exit relay in the cloud, so this shouldn't be an
>>>> issue.
>>>
>>> As far as I understand, this is correct if you only run bridges (because
>>> a circuit never uses two bridges), but what if someone (like me) runs a
>>> bridge and a normal relay as well? IMHO you don't want to use a relay
>>> which is operated by the same operator as your bridge? Please correct
>>> me, if I'm wrong.
>>
>> Yes, you should set the MyFamily option in the Tor configuration file
>> if you run both a bridge and a relay.
> 
> No, this is dangerous: if you list your bridge as part of your family in
> the relay descriptor, then everybody can learn your bridge fingerprint,
> and they can look up your bridge's descriptor (and thus location) at
> the bridge directory authority.

Okay, I already changed my torrc. Maybe this should be pointed out in
the manpage / tor faq?

regards,
Jan


------------------------------

Message: 5
Date: Tue, 15 Nov 2011 18:01:57 +0000
From: "Runa A. Sandvik" <runa.sandvik@xxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Run Tor as a bridge in the Amazon Cloud
Message-ID:
	<CAMtFrUHvn7rSSHVt+TD8Mo_qy1XqKgE+sf0LvnMDy2=+36n74w@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

On Tue, Nov 15, 2011 at 5:33 PM, Roger Dingledine <arma@xxxxxxx> wrote:
> On Tue, Nov 15, 2011 at 05:29:12PM +0000, Runa A. Sandvik wrote:
>> >> A bridge should not specify the ?MyFamily? option. You won't run a
>> >> middle relay or an exit relay in the cloud, so this shouldn't be an
>> >> issue.
>> >
>> > As far as I understand, this is correct if you only run bridges (because
>> > a circuit never uses two bridges), but what if someone (like me) runs a
>> > bridge and a normal relay as well? IMHO you don't want to use a relay
>> > which is operated by the same operator as your bridge? Please correct
>> > me, if I'm wrong.
>>
>> Yes, you should set the MyFamily option in the Tor configuration file
>> if you run both a bridge and a relay.
>
> No, this is dangerous: if you list your bridge as part of your family in
> the relay descriptor, then everybody can learn your bridge fingerprint,
> and they can look up your bridge's descriptor (and thus location) at
> the bridge directory authority.

Ah, thanks for correcting me. Maybe we should update the Tor manual to
point out that this option is for relays only, and not bridges?

-- 
Runa A. Sandvik


------------------------------

Message: 6
Date: Tue, 15 Nov 2011 19:16:19 +0100
From: audd <audd@xxxxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] tor net questions
Message-ID: <1RQNZI-0002Op-Sp@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

if TOr is p2p network, why all connection I see on the network-map comes
from in the middle of U.s.A?
the nodes I see are really geolocalised in that areas?


------------------------------

Message: 7
Date: Tue, 15 Nov 2011 13:22:00 -0500
From: Roger Dingledine <arma@xxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor net questions
Message-ID: <20111115182159.GY5287@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Tue, Nov 15, 2011 at 07:16:19PM +0100, audd wrote:
> if TOr is p2p network, why all connection I see on the network-map comes
> from in the middle of U.s.A?
> the nodes I see are really geolocalised in that areas?

Vidalia has one location for each country. So that's one dot for every
relay in the US.

(Vidalia used to do geolocation at the city level rather than the country
level, but we got rid of the feature because it was too much overhead.)

And lastly, the phrase "p2p network" means so many things these days
that at this point it means nothing at all.

--Roger



------------------------------

Message: 8
Date: Tue, 15 Nov 2011 20:15:25 +0100
From: audd <audd@xxxxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] tor net questions
Message-ID: <1RQOTx-0003Mz-H6@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

On 15/11/2011 19:22, Roger Dingledine wrote:
> On Tue, Nov 15, 2011 at 07:16:19PM +0100, audd wrote:
>> if TOr is p2p network, why all connection I see on the network-map comes
>> from in the middle of U.s.A?
>> the nodes I see are really geolocalised in that areas?
> Vidalia has one location for each country. So that's one dot for every
> relay in the US.
>
> (Vidalia used to do geolocation at the city level rather than the country
> level, but we got rid of the feature because it was too much overhead.)
>
> And lastly, the phrase "p2p network" means so many things these days
> that at this point it means nothing at all.
>
> --Roger
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
but if it's so why GFW chinese censorship can track and deny access to
tor bridge?
"p2p network means so many things..." where I can find something to
study about it?
yes... I'm a newbie...


------------------------------

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


End of tor-talk Digest, Vol 10, Issue 34
****************************************

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk