What to expect from running a mix* in the US (was OT: Mixmaster)

J.A. Terranson measl at mfn.org
Wed Dec 22 05:51:23 PST 2010 

On Wed, 22 Dec 2010, Eugen Leitl wrote:

> ----- Forwarded message from xlon at Safe-mail.net -----
> 
> Hello List,
> 
<SNIP>
> I would like to request that those of you who so generously donate their 
> time and bandwidth running a Tor node to consider also running an 
> instance of that old and venerable ancestor of Tor, mixmaster.  With its 
> long and fabled history and stellar record in protecting the anonymity 
> of users, it is a perfect high-latency compliment to Tor's low-latency 
> focus.
<SNIP>

Before I start, let me make plain that I strongly approve of the idea of 
Mix*, and used to run a node on a high bandwidth (100m) circuit.  Despite 
my travails with Mix*, I would do it again if the stars were to line up 
correctly.

That said, anyone considering running a mix* needs to know what they are 
getting themselves into, at least in the USA.

(1) Get used to the idea of angry mails from people you don't know, and 
who seem incapable of groking the concept of an anonymizer: they are 
*CERTAIN* that it was *you*, the host of a Mix* instance, that sent 
<whatever>, nad by god they are going to "have your head" or something 
similar.  You'll get a lot of these, although you *can* safely ignore them 
(nevertheless, I try to educate them 1 time before doing so);

(2) You *may* get visits from the Government (and they are NOT here to 
help!).  I had two visits as a direct result of a Mix* instance: one from 
the FBI and one from the Secret Service.  These folk seem to educable, so 
if you keep our head and explain the lay of the land, they'll go away.  
That does *not* mean you won't continue to be watched though, *especially* 
under the new "See Something, Report It" program established by our friend 
in "freedom" and "transparency", Obama;

(3) You *will* be the target of various sized DDoS attacks.  This is what 
finally forced me to take down my Mix* instance (racheal.mfn.org).  If you 
are running Mix* on a consumer circuit, you can be certain you will not 
last long after the DDoS begins, if you are on commercial circuits, your 
size *will* matter: large customers will [obviously] be tolerated longer.  
I was finally "asked", very nicely I might add, to take mine down after 
about a year of semi-continuous DDoS (fortunately, most of these were 
small enough to just take down the Mix* box, but there were several times 
when the entire mutli-homed domain was down, along with our smaller 
(<100m) circuits.  Ideally, you should have out of band monitoring if you 
set up a Mix* instance (we used a cell-phone connected modem to our 
router), so that you can receive real-time notification of attacks;

(4) None of the above is true if you are not running an exit node.  With 
this in mind, I would encourage *everybody* to run a non-exit Mix* 
instance!  It's safe, easy, and won't get you in trouble at any speed!

(5) Expect to spend a few hours week looking after your Mix* instance.  
While I know that my experience is considered unique, I had an ongoing 
issue of resource starvation that required a reboot once a week - minimum.  
It's been a *long* time since I was running Mix*, so YMMV, and probably 
*will* vary.  Still, a Mix* node is a mid-to-high value target, and should 
be closely watched;

(6) Consider running an NNTP gateway.  These are in short supply and are 
greatly needed. Running an NNTP daemon is non-trivial, requiring a lot of 
work and some form of ongoing maintenance (variable by the complexity and 
"connectedness" of your instance, but it's worth it: you'll learn a *lot*!

(6a) If you run *any* NNTP tasks, be careful about what groups you 
process!  Running anything with "lolita", "asparagus", "young" or "teen" 
in the group name is just *begging* for trouble - and it *will* come 
looking for you!  If your NNTP instance has somehow spooled any "kiddie 
porn", and the fedz come knocking, you are *screwed*: there is virtually 
no defence to such a charge in the USA (under the Adam Walsh Act, an 
abominable piece of draconian legislation which is widely seen as "not 
going far enough" here in the ultra right wing repressive United States of 
Police).  This is true even if you are NOT running an exit node!!!

All the best,

//Alif

-- 
"Never belong to any party, always oppose privileged classes and public
plunderers, never lack sympathy with the poor, always remain devoted to
the public welfare, never be satisfied with merely printing news, always
be drastically independent, never be afraid to attack wrong, whether by
predatory plutocracy or predatory poverty."

Joseph Pulitzer, 1907 Speech

More information about the cypherpunks-legacy mailing list