[tor-relays] I would like to help.

brightsidedarkside brightsidedarkside at t-online.de
Wed Mar 30 05:22:45 UTC 2016 

Hey Genral G,

as far as I see, you plan to use your home connection for your contribution.
First of all: thanks for volunteering! [Although I'm not Mr Competence 
nor Mr InnerCircleofTrust.]

You should not at all run an exit if you can't, i.e. having a dedicated 
IP with lots of traffic and a provider being fine with Tor exits (which 
is absolutely not easy to find).
Under no circumstances run an exit on your home connection (and not with 
a PI).
Why? An exit always seems to be the origin of all activity running over it.
So, every abuse complaint concerns the exit in question. Your favourite 
law enforcement authority will visit you kindly (based on different values).
Another point is that IPs from exits are often blocked by webmasters, so 
even if you don't use Tor for yourself, you won't be able to access 
certain sites from your home connection any more.
An exit must be a dedicated server with enough power in terms of traffic.
I only have legacy PIs, but I can't imagine a recent PI would do the job 
- at least on my PIs, literally everything including the network is 
USB-bottlenecked, it won't even stream blue ray quality.
Exits are not so widespread which means they see literally all the 
traffic going through the network.

So, you have to decide whether you run a relay or a bridge.
A bridge helps people in censored and/or oppressive areas because a 
bridge's IP is not publicly available and therefore is not so likely 
associated with the Tor network.
Furthermore, you can setup pluggable transports that obfuscate traffic 
so a censor can't easily tell a user connects to the tor network.
All of this is favourable for users in legislations where the sheer use 
of Tor is sufficient for prosecution, be based on laws or by pure 
arbitrary will.
A bridge sees users, but not the huge gigs of traffic, so it suggest it 
to be the choice for a PI on a home connection.
It's not likely ordinary criminals from our own homes use bridges - for 
them, it's legal to use relays that provide the same amount of anonymity 
and, furthermore, are easier (automatically) to connect to.

I run a bridge and it's the time of political change that drives my 
users based on statistics.
A bridges IP is assigned to one of three pools and potential users can 
request up to three bridge IPs at a time.
This makes the overall amount of bridges unknown and prevents blocking 
all of them.

A relay provides the same amount of anonymity, but is aimed at users in 
legislations letting them legally want to seek anonymity.
The IPs are publicly available and therefore the avarage western user 
usually connects automatically, i.e. to a relay.
Relays see more traffic than bridges and a reason might be the often 
found better infrastructure in democratic countries including the 
according offers like high bandwidth streaming.
On a home connection, abuse complaints and prosecutors won't come for 
you running a middle relay.
But, as IPs are public, some webmasters even block all Tor IPs although 
this affects only the relays' operators as no Tor traffic exits a middle 
relay.
This means that you might be restricted from services even if you don't 
use Tor for yourself which could make your home connection partially 
useless for your purposes.

Also, I'm "not quite sure" a PI could stand the traffic and I have no 
experience in setting up a stable relay on a PI without unresponsiveness 
errors appering in the logs.
Search this mailing list for answers, the problem seems to be common.

The next question would be if you want to use Tor for yourself.
I strongly suggest parallel use of Tor Browser Bundle for your own 
purposes as your PI probably isn't your everyday dektop.

If run on a unixoid desktop, you would have the possibility to set up a 
virtual address space and iptables rules to route the whole traffic of a 
given user including DNS queries through Tor although there's a caveat 
in kernel package filter resulting in leaks under certain circumstances. 
Tor wiki addresses this topic.

The third possibility would be to route your whole network including 
smart tv und DVD players through tor.
Apart from increased network latency and a PI being slow, you're not 
anonymous if you send any personal identifiable information over the 
network.
In this scenario, this would affect your whole network.

My personal opinion is to forget about the concept of plug and forget 
and not to be surprised about the concept of ingnorance and surprise.

I would suggest you rely on the wiki.
First, it's very good and second, you can't yet judge information 
provided by people like me doing here.

I can't give you a quick introduction to linux administration.
I don't know if "noob" relates to Tor or to Linux in general.
As for Tor, you find an easy setup for a bridge or relay in the wiki, 
and for heavens sake, the most important option is "Exitpolicy reject 
*:*" in order to prevent obstacles you don't want to face at the 
beginning. Everything else just causes malfunction at worst.

So, the powepoint abyss ends here and the interesting stuff begins.
Note: you should be familiar with opening ports in your router/firewall 
and forwarding them to your PI.
First, do this:
https://www.torproject.org/docs/debian.html.en#ubuntu

Now this if you want a relay (not a bridge):
https://www.torproject.org/docs/tor-doc-relay.html.en
Notice: on linux, your config is in /etc, so look there for your torrc 
or a tor subfolder.

On the command line, "ls" lists a directory, "ls -al" shows even the 
hidden files and sizes and ownership.
"cd" changes directory. "cd /etc" would jump to /etc. "cd .." would jump 
to parent directory. Notice the blank space after cd.

Keep this in mind:
https://www.torproject.org/docs/tor-relay-debian.html.en#after
If you want overall automatic updates, I could deliver that later on, it 
would make this mail even longer.

If you want a bridge:
https://www.torproject.org/projects/obfsproxy-instructions.html.en#instructions 


I suggest also offering scramblesuit as not all puggable obfuscation 
always works for every user.
This would affect the following line:
ServerTransportPlugin obfs3,scramblesuit exec /usr/local/bin/obfsproxy 
managed
I use Ubuntu and for us privileged, the toproject repository already 
offers pluggable transport via normal install and then, scramblesuit is 
already available.
I'm not sure about debian, torproject debian repos lack that python 
pluggable transport library.

And of course, that would need another port forwarded in your firewall. 
The procedure is the same as in obsproxy instructions link.

As I don't know about your noobiness, I suggest you install nano first, 
a command line text editor suitable for beginners.
Believe me, vi is hell, but not in Sartre's terms, there are no others, 
just hell and you stuck in it.

sudo apt-get install nano

After that, you can type "sudo nano /etc/torrc" (always without 
quotation marks) to edit your tor config.
If it's not there, serach for a torrc.
Do "sudo updatedb" and wait.
then type "locate torrc" and remember the path.

In order not to have to sudo every time to gain administrative 
privileges, type "su" or "sudo -i".

I hope this helps a bit.
Have fun with Tor and hopefully linux.

Greetings

christian

Am 30.03.2016 um 03:53 schrieb Generalgrievous:
> I have a Banana Pi that I would like to use to help the TOR network.
> I have installed Debian-Jessie and started researching the process for 
> setting
> up relay, even an exit.  I am a total noob, but willing to learn.  If 
> someone is willing to help me step by step, I would be excited to 
> help. I've tested my internet speed,  Download average 60 mbps, Upload 
> avreage 6 mbps,
> If I would be more of a hindrance than a benefit, please say so, no 
> hard feelings.  Located Central CA.
>
>         General G.
>
> Sent from ProtonMail <https://protonmail.com>, encrypted email based 
> in Switzerland.
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160330/d372fa68/attachment.html>

More information about the tor-relays mailing list