Fwd: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?

grarpamp grarpamp at gmail.com
Tue Apr 3 02:17:00 PDT 2018 

---------- Forwarded message ----------
From:  <jackoreamnos at tutanota.com>
Date: Tue, Apr 3, 2018 at 4:38 AM
Subject: Re: [tor-relays] Estimation of bridge traffic / Bridge or relay needed?
To: tor-relays at lists.torproject.org
Cc: tor-relays at lists.torproject.org


Want to follow up the discussion on encouraging people to run relays.

The powers that be where I live now heavily frowns upon VPN and Tor.
And a fair number in our community is sensing further tightening in
the air.

Today we had a discussion, we had a lot of questions.  I try to
summarize below and see if we can fact-check and learn more.

(1) Advocacy: Background - Someone raised the idea that we should each
run a Tor relay in each of our house.  Someone said the powers that be
cannot put all of us in jail if we get enough people to host Tor.  A
parent among us said, "I never before had an urge to run a VPN or Tor.
But when running encryption and sharing a VPN tunnel with a criminal
on the next packet is required to ensure your freedom to read BBC, you
feel queasy and you worry what your underage kids might stumble on,
things they are too young to deal with on the dark web.  But loosing
the freedom to read BBC makes me feel beyond queasy, beyond nauseated,
and bilious, and sick..."  He used a few more adjectives that I cannot
spell.  There were non technical users who expressed interest to run a
non-exit relay, but only if they will be able to run an installer and
click the next button and only use default options.  And only if they
can feel assured they understand the risks.

  (1.a) Their underage kids will not stumble on the dark web before
they are old enough to know they are doing.  Underage kids should not
be able to stumble on the dark web on the computer the Tor relay is
run (and what must be done to assure that).  And underage kids should
not be able to stumble on the dark web by being on the same WIFI
network in the house.

  (1.b) There are different degrees of fear of risks.  Some are brave
enough to run a non-relay in the house where they live.  We think they
need to assume they can be detected.  Some were only willing to
consider if the non-exit Tor cannot be easily detected.  The
definition of not easily varies:
  - as difficult to detect as the obfs4 bridge protocol (but someone
said the bridge protocol only works between a Tor client and a Tor
relay, but not between a Tor relay and another Tor relay; we have not
been able to confirm this by our own efforts)
 - as difficult as the meek protocol (someone said the idea of meek is
to encrypt Tor packets and send it to a unblocked IP/domain, where the
traffic is decrypted and copied to a proper Tor network); someone said
he is willing to run a meek server to accept incoming connections, but
only if the outgoing connections are at least obfs4.  Someone said if
we have many thousands of these tiny meek nodes hosted at our home
address, we offload the official meek proxies run on amazon and azure.
And even if we contribute only 1kb/s each, it is going to be more than
sharing the cost - the idea is we want a high level of household
penetration so that the powers that be find it hard to clamp us down.
  - as difficult to detect as protected by a VPN.  Someone said he
would pay for a VPN package, run a relay on a machine which only talks
to the world through the VPN.  But someone said that works for a Tor
client, but not for a relay because a relay would need to have its own
IP and listen on certain ports on that IP, and so because you VPN exit
point will not let you listen on any port numbers, even if he is
willing to pay for a commercial VPN that exits in another country, his
tor relay cannot accepts incoming connections.  Some people would give
up running a non-exit if this cannot be done.  The only IP they can
access is where they sleep, and they want to be able to sleep well.
Not just them, but their wife and their children needs to sleep well
too.  Is the ability to accept incoming connections a requirement to
running a non-exit relay?

(2) There is a sentiment that we should get "every household to run a
Tor" so that the powers that be will find it much harder to clamp
down.  Someone said he would install a Tor relay on every single
computer he controls, to support journalism and news reporting, if
what he contributes ONLY goes towards beating censorship against the
media.  He said he feels it is a much easier sell if the sole function
of that node is to allow people living under censorship to read
newspaper.  He said if there is a funding campaign to deploy the onion
enterprise toolkit for news media, he will want to direct his donation
specifically to those.  Or if he can run an exit relay ONLY for for
the BBC news domain.  He said, then running Tor is a much easier sell
to his family and friends.  If the police brings him in, the back and
forth will not be "we observed spams and hacks and viruses and
copyright infringements on your IP", but the back and forth will just
be "you are reading something you should not read on the web" and we
can have a much better chance of advocating for "Tor relay in every
home".  We know in general Tor supports more network access than
reading the news.  But compared to countries where the freedom to run
Tor exits are protected by law, living where we live we want to make
it a much easier sell, and eventually to get a higher penetration so
that the penetration itself becomes a barrier for the powers that be
to clamp us down.

And as we are not experts, and as we run real risks, and as we want
our family to sleep well, we have framed our "requirements" or
"prerequisites" to run Tor relays almost beyond the reasonable.  You
might want to call us paranoid.  If there is a way for us paranoid
people to run relays and to advocate, please help us.

Jack

2. Apr 2018 07:36 by arma at mit.edu:

    On Mon, Apr 02, 2018 at 03:32:00AM -0400, grarpamp wrote:

        > https://www.torproject.org/docs/faq#RelayOrBridge
        >
        > "If you have lots of bandwidth, you should definitely run a
normal relay.
        > If you're willing to be an exit, you should definitely run a normal
        > relay, since we need more exits. If you can't be an exit and
only have a
        > little bit of bandwidth, be a bridge. Thanks for volunteering!"

        The 'normal's above are ambiguous and conflicting.
        Replace them with 'non-exit' and 'exit'.


    Ah, actually no, replace them with "relay" and "relay".

    In that text, "normal relay" is as opposed to "bridge relay".

    The FAQ text sure needs some updating.

    --Roger

    _______________________________________________
    tor-relays mailing list
    tor-relays at lists.torproject.org
    https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the cypherpunks mailing list