
Operating a Tor Relay - presiozo
https://birb007.github.io/blog/2020/06/06/operating-a-tor-relay.html
======
seven4
I often wonder what incentives drive people to run TOR exit nodes; the risk
even if remote of getting raided is enough to stop most I'd imagine. Got me
thinking on the legal implications and interestingly TOR doesn't recommend
running an exit node at home -

Found this FAQ quite interesting [https://2019.www.torproject.org/eff/tor-
legal-faq.html.en](https://2019.www.torproject.org/eff/tor-legal-faq.html.en)

Particularly

~ _Has anyone ever been sued or prosecuted for running Tor?_ No, we aren't
aware of anyone being sued or prosecuted in the United States just for running
a Tor relay. Further, we believe that running a Tor relay — including an exit
relay that allows people to anonymously send and receive traffic — is legal
under U.S. law.

~ _Should I run an exit relay from my home?_ No. If law enforcement becomes
interested in traffic from your exit relay, it's possible that officers will
seize your computer. For that reason, it's best not to run your exit relay in
your home or using your home Internet connection.

~~~
z3j4e
I think that is one of the reasons why in Germany a registered association
named "Zwiebelfreunde e.V." (can be translated to "Onion friends") was
founded.

By this it is a legal entity and legal trouble can be handled better than if
its against a person but the members of the board still gets trouble with the
law. Not long ago they were raided because they were treated as witnesses in a
case. (Yes, in Germany even as a witness you can be raided ...)

~~~
dx034
Not just in Germany. US providers can also be forced to hand over data to be
used in cases against others. It's just usually not done with a raid since
providers will turn over data when asked.

~~~
jand
Just for context: This is relativly new in Germany. In 2017 there was a change
which has as consequences

\- witnesses _have to_ appear in person if requested (by police or DA)

\- witnesses _have to_ make statements regarding the case at hand

This is quite a nice tool if you lack moral. You might request the suspect to
appear as a witness and try to leverage the new requirements to make the
suspect reveal damaging information.

Maybe this was the reason that Germany was mentioned before.

~~~
gruez
>This is quite a nice tool if you lack moral. You might request the suspect to
appear as a witness and try to leverage the new requirements to make the
suspect reveal damaging information.

Germany doesn't have protections against self-incrimination? Or does this rely
on the suspect being _too_ cooperative for his own good?

~~~
Certhas
Germany does have such protection. Parent was probably wildly speculating:

[https://de.m.wikipedia.org/wiki/Auskunftsverweigerungsrecht](https://de.m.wikipedia.org/wiki/Auskunftsverweigerungsrecht)

~~~
codethief
I think you meant to link to
[https://de.m.wikipedia.org/wiki/Aussageverweigerungsrecht](https://de.m.wikipedia.org/wiki/Aussageverweigerungsrecht)
. Auskunftsverweigerungsrecht, according to the article, is a right of
_witnesses_.

~~~
Certhas
We were talking about the rights of witnesses?

~~~
codethief
I was referring to this question by the grandparent which I read as being
about a suspect's (not a witness's) rights:

> Germany doesn't have protections against self-incrimination?

------
praptak
I have doubts about running a relay on a VPS, or on any other machine that I
don't physically control for that matter.

Tor security relies on multiple nodes being hard to seize synchronously. This
property goes away if the majority of people run their nodes as virtual
machines on infrastructure provided by a few cloud providers.

~~~
vbezhenar
There are thousands of VPS hosters, not a few.

~~~
phone8675309
How many of those VPS hosters rely on infrastructure from OVH, Hetzner,
ColoCrossing, Azure, AWS, or GCP?

~~~
ryanlol
> OVH, Hetzner, ColoCrossing

Maybe a third or so?

> Azure, AWS, or GCP?

0.1% at best

------
traspler
I have run a relay/entry node at home for a while, just to figure out how all
of this worked and with symmetrical gigabit I have bandwidth to spare.

The network never promoted my node to an entry but it operated as a relay.

One thing I noticed that my IP must have suddenly been in some lists. I can't
prove it but on multiple forums my IP was blacklisted an I had issues
accessing some services from telco providers. Never had these issues before
and never again after I stopped running the relay... maybe I'm just paranoid.

~~~
driverdan
Yes, this happens. Some companies blindly block any IP that's part of the Tor
network even if they're just relays. Apple Discussions used to do this, I
don't know if they still do.

I consider it a good filter for companies I don't want to do business with.

~~~
flatiron
my old company had some bad stuff come out of tor nodes, hired a company to do
some analysis, they found i ran a relay at home (employee vpns to work from
home from a tor node, is what they said) and thought it was suspicious. so i
was called to security and given the grief. sometimes its not worth running a
relay from home...

------
simonpure
Another interesting project I've learned about recently is Snowflake [0] using
WebRTC datachannels to use the browser as a proxy to help with additional
entry nodes. Technical details are at [1].

I have no experience using it for any extended period of time so use at your
own risk.

[0] [https://snowflake.torproject.org/](https://snowflake.torproject.org/) [1]
[https://trac.torproject.org/projects/tor/wiki/doc/Snowflake](https://trac.torproject.org/projects/tor/wiki/doc/Snowflake)

------
john4532452
The screen shot at the bottom of the post is an i3 window manager with title
bar hidden. Did not knew titlebar can be hidden in i3 window manager. Its 2
line configuration
[https://gist.github.com/lirenlin/9892945](https://gist.github.com/lirenlin/9892945).

~~~
MarcScott
I love HN for this. Read a blog post about Tor, come to the comments, and
learn something new about i3. Thank you for sharing.

------
walrus01
Why you need balls of steel to operate a tor exit node:
[https://lists.torproject.org/pipermail/tor-
talk/2009-Septemb...](https://lists.torproject.org/pipermail/tor-
talk/2009-September/019511.html)

Why you need balls of steel to operate a Tor exit node

By calumog

I became interested in Tor in the spring of 2007 after reading about the
situation in Burma and felt that I would like to do something, anything, to
help. As a geek and lover of the internet it seemed the best thing I could do
was to run Tor as an exit node to allow those under jurisdictions that censor
the internet free access to the information they need. I had a lot of unused
bandwidth and it seemed like a philanthropic use of it to donate that to Tor.

Tor is a system of anonymizing proxy servers which allows you to visit
resources on the web, not just web sites, without revealing your ip address.
This is extremely useful for those who are compromised in their access to the
internet because it means, rather than attempting to connect directly to the
resource in question, say Wikipedia, which might be filtered by their
government, they connect to a Tor relay which ultimately routes the request to
the resource in question via an exit node. Exit nodes are special kinds of
relays which proffer the request on behalf of the original client revealing
their ip address, not that of the original requestor, to the destination
resource. I sometimes imagine how exciting it must be for soemone in Burma,
say, or China, to load up Tor and browse to a web site they have never been
able to see before. And to know that there is nothing, nothing, that reveals
who it really is who is visiting.

I totally believe in Tor. I think it is a magnificent force for the
circumvention of internet censorship but there is a problem. I was visited by
the police in November 2008 because my ip address had turned up in the server
logs of a site offering, or perhaps trading in (I was not told the details of
the offence) indecent images of children. The date of the offence was about
one month after I started the server so it looks as though the site in
question had been under surveillance for more than a year. It was what is
known as a ‘dawn raid’ and, amazingly enough, my children were still asleep
when it occured. Thank God. I explained to the officers, who we had heard
threatening to break the door down before we let them in, about Tor but they
had never heard of it. My wife says she thinks they were about to arrest me
before that. I was not arrested. I was told not to touch the computer and it
was placed, considerately, in a black plastic bag and taken away for forensic
examination. I was OK at first. I knew that somebody had gone through my
server to access that material and that I was not guilty of any offence but as
the weeks wore on it started to get to me.

I was overwhelmed by horror to be implicated in such a thing. I was
desperately worried about my family. One of the officers had told my wife that
Social Services would be informed as a matter of course and there was a
possibility that my children would be taken into care. The low point came
about two weeks after the visit by the police when I totalled my car. I was
distracted, stressed and unable to accurately assess the road conditions. I
ploughed into a hedgerow at speed, destroying the car which we had just
bought, but, luckily, walked out of it with only bruised ribs. I didn’t have
the money to hire a lawyer so I just sat the thing out. From time to time the
police called with an estimate of when the investigation would be finished but
none of that meant very much because those dates came and passed with no
resolution.

Eventually, four months after the visit, I picked up a voice message from the
police inviting me to call back. When I called I was told that no evidence had
been retrieved and the machine would be returned to me. I think, in
retrospect, I was desperately naive to run a Tor exit server on a home
computer but I didn’t believe that an ip address in a server log would be
enough evidence to warrant seizing equipment. My wife, God bless her, was
absolutely marvellous throughout the whole thing and never doubted me. I have
read with interest about the need to make Tor faster and that that largely
depends on having more nodes but there is no way I can contemplate offering my
ip address as a service to internet anonymity any more. It was very
frightening for me to be implicated in a serious crime. As a parent of very
young children I have an extensive network of friends and contacts in my
neighbourhood who also have children. As we know the subject of paedophilia is
not one that can be debated with any rationality at all in the UK. It is
surrounded by hysteria. I was terrified that people would find out that my
computer had been taken because of that – ‘no smoke without fire’. I don’t
know what can be done about any of this. To my mind running an exit node is
extremely high risk. I think Tor is important but I don’t have any ideas about
how to support it at the moment.

~~~
snazz
I would have to assume that plenty of home computers, routers, and Android
devices are involved in botnets as well. Do unsuspecting people with malware
on their device get visited by the police if criminals are using their
computer as a relay?

~~~
Ancalagon
Actually, yes. I don't have the source on me right now (so you can take what I
say with a grain of salt), but I recall a story of someone whose router had
been caught in a botnet. This person was visited by the police in much the
same way, with their router being confiscated and eventually returned to them.

------
john4532452
I have a lot of bandwidth but don't want to spend money on hosting. Has anyone
successfully hosted on rasberry pi ?

~~~
flatiron
I used to run a relay at home until two things happened. 1) my bank blocked my
home internet as it was a listed tor relay node even though it wasn’t an exit
node. I just told my wife to use the app and disconnect from WiFi so that
wasn’t a big issue. 2) getting called to security at my company as they had
some abuse from tor nodes and saw I used a “tor node to vpn to work” and it
was pretty brutal. Nothing came of it (because I did nothing wrong) but I
obviously stopped running a relay. Just a warning.

~~~
john4532452
The probability of that minor inconvenience is very low and i am going to
order Pi's. Today i saw the following news and i don't want this to happen to
my country(or any other).

[https://news.ycombinator.com/item?id=23557475](https://news.ycombinator.com/item?id=23557475)
[https://yro.slashdot.org/story/20/06/17/142204/china-is-
coll...](https://yro.slashdot.org/story/20/06/17/142204/china-is-collecting-
dna-from-tens-of-millions-of-men-and-boys-using-us-equipment). I am morally
obligated

------
jrwr
I ran a exit relay outbound over a VPN Tunnel for its internet access, I was
mostly just interested in what kind of traffic people are doing. (Its one of
the downfalls of Tor, the Exit Nodes are prone to sniffing) and the sheer
amount of porn was amazing.

~~~
SamBam
I'd be interested to know statistics on Tor usage. I get that people espouse
it's intended legitimate privacy purposes, but I would expect that even the
most ardent supporters would acknowledge that it's probably 1% "legitimate"
use and 99% illegal or gray-area use (the latter being things like torrents,
or porn that's not illegal but embarrassing if people knew about).

I wonder at what point the supporters of Tor would continue to support it.
What if it were 0.0001% genuine needs for privacy, and 99.9999% illegal stuff?

Perhaps I'm totally wrong though. Do such statistics exist?

------
ed25519FUUU
Tor is a project I _want_ to like and support, but can’t. I feel (and I have
no evidence) that for every 1 person using it to protect their privacy, 20 are
using it for despicable purposes. I would love to be proved wrong on this.

I don’t want to shut it down, but at the same time I don’t feel I can
personally or technically support it.

~~~
dependenttypes
e-crimes are victimless crimes

~~~
blackboxlogic
Sometimes there are victims.
[https://nakedsecurity.sophos.com/2020/06/12/facebook-paid-
fo...](https://nakedsecurity.sophos.com/2020/06/12/facebook-paid-for-a-0-day-
to-help-fbi-unmask-child-predator/)

~~~
dependenttypes
I really can't consider that man a victim.

~~~
blackboxlogic
Maybe I want clear, if maybe you're joking. I was thinking of his victims.

~~~
dependenttypes
Ah fair enough then. Yes, I had not considered this case of blackmailing.

