On Wed, 22 Dec 2010, Eugen Leitl wrote:

----- Forwarded message from xlon@Safe-mail.net -----

Hello List,

<SNIP>

I would like to request that those of you who so generously donate their time and bandwidth running a Tor node to consider also running an instance of that old and venerable ancestor of Tor, mixmaster. With its long and fabled history and stellar record in protecting the anonymity of users, it is a perfect high-latency compliment to Tor's low-latency focus. <SNIP>

Before I start, let me make plain that I strongly approve of the idea of Mix*, and used to run a node on a high bandwidth (100m) circuit. Despite my travails with Mix*, I would do it again if the stars were to line up correctly. That said, anyone considering running a mix* needs to know what they are getting themselves into, at least in the USA. (1) Get used to the idea of angry mails from people you don't know, and who seem incapable of groking the concept of an anonymizer: they are *CERTAIN* that it was *you*, the host of a Mix* instance, that sent <whatever>, nad by god they are going to "have your head" or something similar. You'll get a lot of these, although you *can* safely ignore them (nevertheless, I try to educate them 1 time before doing so); (2) You *may* get visits from the Government (and they are NOT here to help!). I had two visits as a direct result of a Mix* instance: one from the FBI and one from the Secret Service. These folk seem to educable, so if you keep our head and explain the lay of the land, they'll go away. That does *not* mean you won't continue to be watched though, *especially* under the new "See Something, Report It" program established by our friend in "freedom" and "transparency", Obama; (3) You *will* be the target of various sized DDoS attacks. This is what finally forced me to take down my Mix* instance (racheal.mfn.org). If you are running Mix* on a consumer circuit, you can be certain you will not last long after the DDoS begins, if you are on commercial circuits, your size *will* matter: large customers will [obviously] be tolerated longer. I was finally "asked", very nicely I might add, to take mine down after about a year of semi-continuous DDoS (fortunately, most of these were small enough to just take down the Mix* box, but there were several times when the entire mutli-homed domain was down, along with our smaller (<100m) circuits. Ideally, you should have out of band monitoring if you set up a Mix* instance (we used a cell-phone connected modem to our router), so that you can receive real-time notification of attacks; (4) None of the above is true if you are not running an exit node. With this in mind, I would encourage *everybody* to run a non-exit Mix* instance! It's safe, easy, and won't get you in trouble at any speed! (5) Expect to spend a few hours week looking after your Mix* instance. While I know that my experience is considered unique, I had an ongoing issue of resource starvation that required a reboot once a week - minimum. It's been a *long* time since I was running Mix*, so YMMV, and probably *will* vary. Still, a Mix* node is a mid-to-high value target, and should be closely watched; (6) Consider running an NNTP gateway. These are in short supply and are greatly needed. Running an NNTP daemon is non-trivial, requiring a lot of work and some form of ongoing maintenance (variable by the complexity and "connectedness" of your instance, but it's worth it: you'll learn a *lot*! (6a) If you run *any* NNTP tasks, be careful about what groups you process! Running anything with "lolita", "asparagus", "young" or "teen" in the group name is just *begging* for trouble - and it *will* come looking for you! If your NNTP instance has somehow spooled any "kiddie porn", and the fedz come knocking, you are *screwed*: there is virtually no defence to such a charge in the USA (under the Adam Walsh Act, an abominable piece of draconian legislation which is widely seen as "not going far enough" here in the ultra right wing repressive United States of Police). This is true even if you are NOT running an exit node!!! All the best, //Alif -- "Never belong to any party, always oppose privileged classes and public plunderers, never lack sympathy with the poor, always remain devoted to the public welfare, never be satisfied with merely printing news, always be drastically independent, never be afraid to attack wrong, whether by predatory plutocracy or predatory poverty." Joseph Pulitzer, 1907 Speech