[tor-relays] I would like to help.
brightsidedarkside
brightsidedarkside at t-online.de
Wed Mar 30 05:22:45 UTC 2016
Hey Genral G,
as far as I see, you plan to use your home connection for your contribution.
First of all: thanks for volunteering! [Although I'm not Mr Competence
nor Mr InnerCircleofTrust.]
You should not at all run an exit if you can't, i.e. having a dedicated
IP with lots of traffic and a provider being fine with Tor exits (which
is absolutely not easy to find).
Under no circumstances run an exit on your home connection (and not with
a PI).
Why? An exit always seems to be the origin of all activity running over it.
So, every abuse complaint concerns the exit in question. Your favourite
law enforcement authority will visit you kindly (based on different values).
Another point is that IPs from exits are often blocked by webmasters, so
even if you don't use Tor for yourself, you won't be able to access
certain sites from your home connection any more.
An exit must be a dedicated server with enough power in terms of traffic.
I only have legacy PIs, but I can't imagine a recent PI would do the job
- at least on my PIs, literally everything including the network is
USB-bottlenecked, it won't even stream blue ray quality.
Exits are not so widespread which means they see literally all the
traffic going through the network.
So, you have to decide whether you run a relay or a bridge.
A bridge helps people in censored and/or oppressive areas because a
bridge's IP is not publicly available and therefore is not so likely
associated with the Tor network.
Furthermore, you can setup pluggable transports that obfuscate traffic
so a censor can't easily tell a user connects to the tor network.
All of this is favourable for users in legislations where the sheer use
of Tor is sufficient for prosecution, be based on laws or by pure
arbitrary will.
A bridge sees users, but not the huge gigs of traffic, so it suggest it
to be the choice for a PI on a home connection.
It's not likely ordinary criminals from our own homes use bridges - for
them, it's legal to use relays that provide the same amount of anonymity
and, furthermore, are easier (automatically) to connect to.
I run a bridge and it's the time of political change that drives my
users based on statistics.
A bridges IP is assigned to one of three pools and potential users can
request up to three bridge IPs at a time.
This makes the overall amount of bridges unknown and prevents blocking
all of them.
A relay provides the same amount of anonymity, but is aimed at users in
legislations letting them legally want to seek anonymity.
The IPs are publicly available and therefore the avarage western user
usually connects automatically, i.e. to a relay.
Relays see more traffic than bridges and a reason might be the often
found better infrastructure in democratic countries including the
according offers like high bandwidth streaming.
On a home connection, abuse complaints and prosecutors won't come for
you running a middle relay.
But, as IPs are public, some webmasters even block all Tor IPs although
this affects only the relays' operators as no Tor traffic exits a middle
relay.
This means that you might be restricted from services even if you don't
use Tor for yourself which could make your home connection partially
useless for your purposes.
Also, I'm "not quite sure" a PI could stand the traffic and I have no
experience in setting up a stable relay on a PI without unresponsiveness
errors appering in the logs.
Search this mailing list for answers, the problem seems to be common.
The next question would be if you want to use Tor for yourself.
I strongly suggest parallel use of Tor Browser Bundle for your own
purposes as your PI probably isn't your everyday dektop.
If run on a unixoid desktop, you would have the possibility to set up a
virtual address space and iptables rules to route the whole traffic of a
given user including DNS queries through Tor although there's a caveat
in kernel package filter resulting in leaks under certain circumstances.
Tor wiki addresses this topic.
The third possibility would be to route your whole network including
smart tv und DVD players through tor.
Apart from increased network latency and a PI being slow, you're not
anonymous if you send any personal identifiable information over the
network.
In this scenario, this would affect your whole network.
My personal opinion is to forget about the concept of plug and forget
and not to be surprised about the concept of ingnorance and surprise.
I would suggest you rely on the wiki.
First, it's very good and second, you can't yet judge information
provided by people like me doing here.
I can't give you a quick introduction to linux administration.
I don't know if "noob" relates to Tor or to Linux in general.
As for Tor, you find an easy setup for a bridge or relay in the wiki,
and for heavens sake, the most important option is "Exitpolicy reject
*:*" in order to prevent obstacles you don't want to face at the
beginning. Everything else just causes malfunction at worst.
So, the powepoint abyss ends here and the interesting stuff begins.
Note: you should be familiar with opening ports in your router/firewall
and forwarding them to your PI.
First, do this:
https://www.torproject.org/docs/debian.html.en#ubuntu
Now this if you want a relay (not a bridge):
https://www.torproject.org/docs/tor-doc-relay.html.en
Notice: on linux, your config is in /etc, so look there for your torrc
or a tor subfolder.
On the command line, "ls" lists a directory, "ls -al" shows even the
hidden files and sizes and ownership.
"cd" changes directory. "cd /etc" would jump to /etc. "cd .." would jump
to parent directory. Notice the blank space after cd.
Keep this in mind:
https://www.torproject.org/docs/tor-relay-debian.html.en#after
If you want overall automatic updates, I could deliver that later on, it
would make this mail even longer.
If you want a bridge:
https://www.torproject.org/projects/obfsproxy-instructions.html.en#instructions
I suggest also offering scramblesuit as not all puggable obfuscation
always works for every user.
This would affect the following line:
ServerTransportPlugin obfs3,scramblesuit exec /usr/local/bin/obfsproxy
managed
I use Ubuntu and for us privileged, the toproject repository already
offers pluggable transport via normal install and then, scramblesuit is
already available.
I'm not sure about debian, torproject debian repos lack that python
pluggable transport library.
And of course, that would need another port forwarded in your firewall.
The procedure is the same as in obsproxy instructions link.
As I don't know about your noobiness, I suggest you install nano first,
a command line text editor suitable for beginners.
Believe me, vi is hell, but not in Sartre's terms, there are no others,
just hell and you stuck in it.
sudo apt-get install nano
After that, you can type "sudo nano /etc/torrc" (always without
quotation marks) to edit your tor config.
If it's not there, serach for a torrc.
Do "sudo updatedb" and wait.
then type "locate torrc" and remember the path.
In order not to have to sudo every time to gain administrative
privileges, type "su" or "sudo -i".
I hope this helps a bit.
Have fun with Tor and hopefully linux.
Greetings
christian
Am 30.03.2016 um 03:53 schrieb Generalgrievous:
> I have a Banana Pi that I would like to use to help the TOR network.
> I have installed Debian-Jessie and started researching the process for
> setting
> up relay, even an exit. I am a total noob, but willing to learn. If
> someone is willing to help me step by step, I would be excited to
> help. I've tested my internet speed, Download average 60 mbps, Upload
> avreage 6 mbps,
> If I would be more of a hindrance than a benefit, please say so, no
> hard feelings. Located Central CA.
>
> General G.
>
> Sent from ProtonMail <https://protonmail.com>, encrypted email based
> in Switzerland.
>
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160330/d372fa68/attachment.html>
More information about the tor-relays
mailing list