Hacker News new | comments | ask | show | jobs | submit login

>You can also run Tor relays and help us improve the health of the network by working with Tor's new Relay Advocate

Since I've seen this come up before in many previous discussions of Tor I think it's worth emphasizing/clarifying up front: Tor relays are not the same as Tor exit nodes. Relays do not talk to the public internet, they serve only the full encrypted internal Tor virtual network. So they won't ever send out traffic from an IP under your control to some website or general Internet system (and in turn tie that IP in any way to spam/abuse/whatever, at least not for that reason). It's not necessarily hidden that it is acting as a relay, but the relay itself will have no knowledge of the traffic it's carrying.

Plenty of people have reasonable concerns about the risks/inconveniences that might come with acting as an exit node, but on both a legal and practical level there are many more jurisdictions where merely relaying encrypted traffic between other relays isn't a problem. And it's still quite helpful, both for network speed and because purely internal Tor Hidden Services do not need any exit nodes at all.

That said, plenty of providers use the list of tor relays (which is also public) to block traffic.

Sites such as https://www.dan.me.uk/dnsbl then help people do this.

That site in particular may "warn":

> This DNS blacklist contains ALL tor nodes (entry, transit and exit nodes) - think carefully before choosing to use this list for blocking purposes.

but anyone who doesn't understand tor simply won't understand the decision and choose ALL.

Running a relay on your own address isn't sensible because of this. Nevermind an exit node.

As someone who has run a relay on my home network for years now this has never come up. At least not that I've been able to discern.

I think it might be a problem if I also ran a mail server from home, but almost nobody does that anymore.

I do, and I've run a Tor relay at home as well (also exit for a while).

Yes, this is a common complaint from relay operators. Running relays at home, or on work networks, is risky.

One way to help that avoids this is to operate a bridge node. Bridge nodes are used as entry points into the Tor network for people in regions where Tor is blocked, so efforts are made to keep the addresses of bridges confidential. Which makes it less likely that people who don't know what they're doing will wrongfully put it on a block list.

One can also run pre-bridges for the snowflake transport by just having some JS code run in a browser's tab (requires WebRTC to be enabled): https://trac.torproject.org/projects/tor/wiki/doc/Snowflake

I had nothing but pain when trying to run an exit node. Every site behind cloudflair would captcha me on what seemed like every page. Cox shut off my internet every other week due to "computers on my network being infected with viruses", and I'd have to call their support and tell them I cant be infected I only run linux at home.

I could do some shenanigans on my modem and end up with a new dynamic IP from cox, but generally within hours that new IP would be on whatever list people use to track exit node IPs and the pain would start all over again.

Tor publishes a list of all exit nodes, anyone could have flagged your new IP as an exit immediately after your client reconnected to the network.

And plenty of people insist that Tor relays are totally safe to run. They are not. I NEVER ran an exit node from my home IP, only relays, and my IP was still blacklisted from various sites due to this behavior.

I still contribute to Tor via VPS rentals and such, but relays are not no-risk alternatives to exit nodes. Period.

This is also, sadly, why the individual V4 /24 netblock of cheap VPS providers have terrible IP space reputations in most aggregated abuse systems.

Do you have any idea why it's unsafe? In theory, public site should even be able to see your IP. How would they blacklist you?

Edit: nvm, found the answer by pricechild below.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact