Hi Eugen, On Tue, 30 Nov 2010, Eugen Leitl wrote:
On Tue, Nov 30, 2010 at 08:57:31PM +0000, John Case wrote:
Look, if running a Tor node anonymously was difficult, this conversation would be interesting.
But unning a Tor node anonymously is trivial, so the cost/benefit analysis is pretty parabolic. No cost, all benefit.
This is interesting to me personally. How would you run a Tor node anonymously, without breaking the bank?
Apart from offshore incorporation or finding a host that takes cash or anonymous prepaid cards it appears not obvious.
There's a few ways to approach this. First, there are a LOT of co-location/vps/webhost resellers operating in the US, and almost no regulation of them as "ISPs". The big famous ones that do shell hosting and irc and all of that will not work - they are very vigilant about customer validation because they get so much CC fraud. But if you can find a joe-blow VPS reseller or datacenter reseller and call them up like any other vendor, they will bend over backwards to take your money. They're not going to ask for your drivers license or a credit check or anything like that. You can just mail them a postal money order or two and be done with it. Most give you a discount for paying a year in advance, so that's convenient. The other way to approach it is much more convenient, but potentially more risky, and that is to use an assumed name with your own credit card. You will find that most CC auths are done based on the numbers, and not on your actual name. Try it - you can set up a working amazon account with your own CC and a totally bogus name. Since most (all ?) merchants are required by their banks to dispose of the CC information, or never hold it in the first place after authorization, after your transaction they are left with your bogus information (but correct address) and either a hash or the last four of your CC. This is worth considering, since we aren't guarding against "being raided right now", but rather against future data mining ... and if future data mining traces an IP back to an account that had (possibly) the same address as you ... it gets a bit hazy there. The hunt is for a name, and that name is not there. So that's some food for thought - I have it on good authority that all of the above works very well ... and we haven't even gotten to prepaid visa cards, which aren't exactly rocket science to procure and use...