
Tor Challenge - middleclick
https://www.eff.org/torchallenge/
======
chatmasta
I'm working on research for monetizing Tor relays, providing an incentive to
relay operators. It's called TorCoin. We introduce an alternative
cryptocurrency, like Bitcoin, to reward relay operators for transferring
bandwidth. Rather than being CPU intensive, it's bandwidth intensive -- so one
TorCoin represents a certain amount of bandwidth transferred.

We will be presenting our research at the HotPETS privacy workshop in
Amsterdam in July [1]. Here's a link to the paper if you're interested (I'm
Miles). [2] Keep in mind it's an early draft.

[1]
[http://petsymposium.org/2014/hotpets.php](http://petsymposium.org/2014/hotpets.php)

[2]
[https://docs.google.com/file/d/0B7r4osQgWVqKTHdxTlowUVpsVmJR...](https://docs.google.com/file/d/0B7r4osQgWVqKTHdxTlowUVpsVmJRcjF3Y3dtcTVscFhEaW5F)

My email is in the paper, but it's miles.richardson@yale.edu

~~~
jlgaddis
Quite interesting but I immediately wondered about something. I intend to
fully read it later today but so far I have only skimmed over paper so I
apologize if my question is answered there. I imagine others here will wonder
the same thing, though.

With Bitcoin and others, we've seen malware created that turns compromised PCs
and devices (routers, DVRs, etc.) into "zombie miners". If this becomes
popular, I can certainly envision malware that instead turns these compromised
devices into "zombie relays" in an attempt to benefit $hacker. Have you
considered this (I'm sure you probably thought about it at some point) and/or
do you have any ideas of ways to discourage (or punish) that behavior?

I am all about having more Tor relays out there but, well, legitimate ones.

~~~
belorn
Vulnerable computer that can be turned in cash is always going to get broken
into. Once broken into, the device becomes a zombie miner, zombie spammer,
zombie advertiser, zombie scammer, zombie overseer, or some unique form of
zombieism.

How important is it to discourage a specific kind of zombie, rather than the
infection itself?

------
tribaal
Not a bad idea.

I would however add a little spice to the incentive by having some kind of
raffle on top of the t-shirt and sticker, just to get some more traction.

"Run a tor relay for a year, your chance to get a free _free_ laptop!"

I understand many people would enter the raffle just for the laptop, but if
they do run their TOR relay for a year to get it, what's the problem?

Of course, it might not be well perceived or even legal in some jurisdictions.

EDIT: This being the EFF, making the winning laptop a Gluglug would make so
much sense it hurts. Then you could say "free _free_ " laptop, too :)
[https://www.fsf.org/news/gluglug-x60-laptop-now-certified-
to...](https://www.fsf.org/news/gluglug-x60-laptop-now-certified-to-respect-
your-freedom)

EDIT2: Typoes. Duh!

~~~
ISL
Agreed. To many people, a chance at a substantial prize is worth more than a
T-shirt. Those who run exit nodes take tangible risk and provide real value;
compensating them is a good thing!

------
xwintermutex
I would like to run a Tor exit-relay, but I am too afraid to do this, as I
live in a what used to be liberal western country called "the Netherlands".
Where the police sometimes raid Tor exit-relays on purpose, to discourage
people from helping Tor [1].

[1]: [https://blog.torproject.org/blog/trip-report-tor-
trainings-d...](https://blog.torproject.org/blog/trip-report-tor-trainings-
dutch-and-belgian-police)

~~~
wcoenen
"Exit-relay" ? You must mean either "exit node" or "relay node". AFAIK the
risk of raids only exists for exit nodes, so you can still run a relay node.

~~~
ropiku
According to [https://www.eff.org/torchallenge/what-is-
tor.html](https://www.eff.org/torchallenge/what-is-tor.html) they call them
"middle relays, exit relays, and bridges".

------
perlgeek
Ok, here's the deal. I have a VPS where I don't pay for IPv6 traffic. If there
was a way to run a tor (non-exit) node that only relays IPv6 traffic, I'd do
it immediately.

Last time I looked at the tor documentation (maybe half a year ago?) there
seemed to be no way to run an IPv6-only tor node.

Has that changed? Is IPv6 support being worked on?

~~~
ChargingWookie
As far as I know IPv6 does work. Check out
[https://people.torproject.org/~linus/ipv6-relay-
howto.html](https://people.torproject.org/~linus/ipv6-relay-howto.html)

~~~
perlgeek
That says specifically

> There is currently no way of running an IPv6 only relay

which makes it unusable for my application.

------
cgag
I've run a non-exit node on my linode for a long time, it's easy and a good
way to use the massive amount of leftover bandwidth I have. Everyone with a
personal vps should do it.

~~~
s_
One of my linodes have just 1% bandwidth usage. Do you mind sharing your
config file.

~~~
Spittie
Your distro should ship with a sample config file, otherwise you can find one
here:
[https://gitweb.torproject.org/tor.git/blob/HEAD:/src/config/...](https://gitweb.torproject.org/tor.git/blob/HEAD:/src/config/torrc.sample.in)

Tor has some sane defaults, so you don't need to edit much. I've started
running a relay (no exit) node for the challenge, and this is what I'm using:

    
    
        ORPort 9001
        Nickname RelayName
        RelayBandwidthRate 6000 KB
        RelayBandwidthBurst 10000 KB
        AccountingMax 500 GB
        AccountingStart month 1 00:00
        ExitPolicy reject *:*
    

RelayBandWidthRate and Burst control how much bandwidth the tor daemon is
allowed to use (average and burst obviously), AccountingMax is how much
bandwidth the daemon is allowed to use over a given period, and
AccountingStart definite that period (in my config a period is a month, and it
start at midnight of the first day).

Also, once you start it, give it an hour or so to appear in the tor swarm. As
long as you have "Self-testing indicates your ORPort is reachable from the
outside. Excellent. Publishing server descriptor." in your logs, you should be
fine and only have to wait.

~~~
bruo
First, as a latin american activist, thank you for supporting Tor!!

Please consider the following... It's better for the Tor network to don't have
a limit on the bandwidth and let the relay just hibernate when it reachs the
500 GB. If you are able to do this, please give it a try.

Again, thank you!

~~~
Spittie
Sorry, I can't :( This isn't a box dedicated to tor, and also my vps provider
requires to limit the bandwidth in their ToS.

------
RankingMember
I think many more people would run these if they didn't think their nodes
would be used for child pornography and potentially get them into legal
trouble as a result.

~~~
mcone
That's only an issue with exit nodes. No one can see the traffic passing
through relays, so if you're concerned about this you could run a relay.

------
cottonseed
I hope they do a hidden services challenge after this. It would decrease
pressure on exit nodes and increase security for Tor uses, as watching exit
node traffic is one of the primary Tor attack vectors.

------
wahsd
I don't think it's quite well understood how important this is. In many
places, especially where they are most important, those relays and exit points
are not controlled by whom one would expect, let alone a diverse interest
group. When you control a certain number of nodes and exits, Tor becomes a
pretty open book.

------
na85
I'm reluctant to jump on this bandwagon as I don't feel that Tor is as secure
as they say. There have already been demonstrated attacks against node
anonymity and until Tor gets a public audit I'm not sure it's wise to
encourage people to use Tor.

As they say, flawed crypto is worse than no crypto at all.

~~~
jlgaddis
You're right that there have been demonstrated attacks as well as many
"theoretical" ones. Interestingly, many of the theoretical attacks become even
less theoretical when the number of exit nodes (and, in some cases, even
middle relays) goes up. An increased number of end users using the Tor network
also decreases the chances of many of them being successful.

Perhaps someone should start a fundraiser for an audit of Tor. I would
certainly toss a few dollars into the jar for that myself and I suspect
sufficient funds could be raised pretty easily.

------
basiliothecat
Nice idea, but doesn't registering your relay in a network made for anonymous
communication sound weird? Definitelely does to me.

~~~
cottonseed
Relays are already registered in the public Tor relay directory. There are two
sites to search the directory, Atlas [0] and GLOBE [1]. This is how people
know how to connect with them. Tor has unlisted relays, known as bridges,
primarily to make it harder to block entry into the Tor network.

The point is not that Tor relays are anonymous, but the traffic going through
the Tor network is anonymized by bouncing between relays.

[0] [https://atlas.torproject.org/](https://atlas.torproject.org/)

[1] [https://globe.torproject.org/](https://globe.torproject.org/)

------
Sir_Cmpwn
MediaCrush runs a relay (72302D1D0BB2C2667DC7DC5E4DA138B547D5C115) as of
today, and has run a hidden service for a long time:
[http://mediacrs5ujufxog.onion/](http://mediacrs5ujufxog.onion/)

------
Afforess
I would if I could, but my home IP would get banned from many of the forums I
frequent. I know a lot of forum websites now auto-ban tor exit node IPs.

~~~
scott_karana
Fortunately, this challenge is about _relays_ , not exit nodes. I'm sure that
the EFF is well aware of the liability issues running exit nodes. :)

~~~
dsl
Most people don't know the difference. I ran a relay from my home for a while
until I started getting blocked from video streaming sites and the websites of
things like the Olympics.

------
nicpottier
I'm actually mildly interested in doing this, keeping Tor healthy is a worthy
goal.

Anybody run the numbers (and are there legal repercussions?) on the cost of
running a relay at 1MB/s on AWS for a year?

~~~
droope
I reckon aws is quite expensive. I'd get a fixed price bandwidth VPS, but I am
not sure what hosting to recommend.

~~~
jlgaddis
Yeah, there are plenty of places cheaper than AWS. From looking into it
previously (and following the tor-relays list), it seems that many providers
are okay with customers running middle relays (as those don't generate abuse
complaints) but frown upon exit nodes (primarily due to the extra workload,
AFAICT).

------
dandare
Graphic designer here. I used to run SETI@Home and I would love to contribute
by running a Tor relay from my laptop but I have no idea how. The setup
process is all but "easy", the project documentation website lists at least 4
download options and if I get it right there is no GUI for OSx. I have
downloaded and installed the Browser Bundle but I have no idea where to go
from here. If you want more laypersons like me support this good cause you
need to make it easier.

~~~
zanny
The config files are _really_ simple - this right here by itself will run you
a relay just by running the tor binary:

Nickname whateveryouwant ORPort 9001 BandwidthRate 200 KB BandwidthBurst 500
KB ExitPolicy reject _:_

Just make sure port 9001 allows TCP traffic in, and is forwarded from whatever
world facing device you have.

You can also get the TOR software bundle for Mac:
[https://www.torproject.org/download/download-
easy.html.en#ma...](https://www.torproject.org/download/download-
easy.html.en#mac)

That includes vidalia, which is a configuration utility that lets you run a
relay. It supports UPnP, so you can avoid even needing to port forward with a
supported router.

------
BillFranklin
EFF at the top of Hacker News? You guys are awesome.

Are you taking part in ResetTheNet? Here's the original thread on the topic:
[https://news.ycombinator.com/item?id=7399298](https://news.ycombinator.com/item?id=7399298)

------
jmnicolas
Back in the days, I used to have a dedicated Freenet box running permanently.

AFAIK I couldn't do this with TOR, my ISP don't allow it.

~~~
jlgaddis
You can run a middle relay which won't generate abuse complaints like an exit
node would.

------
atmosx
Hm, this probably does not work if you have 'PublishServerDescriptor 0' in
your 'torrc' file.

------
ChrisAntaki
Brilliant. Great work EFF!

------
madaxe_again
This strikes me as insanely dangerous? Why would you submit ANY kind of
identifying information if you're running a tor relay?

Honeypot. Potentially inadvertent honeypot, but honeypot.

~~~
aendruk
I don't understand—why would you want to be secretive about running a relay?
Especially if you're running an exit relay, I'd expect that you'd be best off
doing it in the open so that others can correctly interpret the bizarre
traffic they might see.

The challenge FAQ [1] even has two points addressing this:

> _Is it a good idea to let others know that I 'm running an exit relay?_ Yes.
> Be as transparent as possible about the fact that you're running an exit
> relay...

> _Should I tell my ISP that I 'm running an exit relay?_ Yes. Make sure you
> have a Tor-friendly ISP that knows you're running an exit relay...

[1]:
[https://www.eff.org/torchallenge/faq.html](https://www.eff.org/torchallenge/faq.html)

~~~
madaxe_again
_why would you want to be secretive about running a relay?_

You're varying the "if you've got nothing to hide" argument. You would want to
be secretive because spy agencies quite definitely ARE interested in who's
running nodes, as if they know who runs the nodes, and where they are,
shutting the thing down becomes possible.

This is how they think. Strategic opportunity. Not what they can do with the
data today, but what they could use it for tomorrow. What opportunities they
might lose if they didn't have it.

This is therefore how you need to think too, and why I think that volunteering
this information is a bad idea.

~~~
roryokane
He’s not just varying “if you’ve got nothing to hide”. He’s giving an active
reason for sharing that you’re an exit relay, not just saying that you have no
reason not to share, so you might as well.

The reason for publicizing that you’re running a relay is that it reduces the
probability of being falsely accused of doing illegal things that someone else
was using your exit relay for, and it makes it easier for you to recover any
confiscated computers. If you publicize your running of a relay in advance,
then the prosecutor might see that fact and not bother prosecuting you,
knowing that you were not the origin of the illegal traffic.

