Box for simple Tor node.

Zenaan Harkness zen at freedbms.net
Fri Oct 11 16:54:07 PDT 2019 

On Fri, Oct 11, 2019 at 09:53:10PM +0000, jim bell wrote:
>  On Friday, October 11, 2019, 02:26:27 PM PDT, John Newman <jnn at synfin.org> wrote:
>  
>  
>  On Fri, Oct 11, 2019 at 09:05:00PM +0000, jim bell wrote:
> > Somebody asked me a question, but because I am far from being an expert, I couldn't answer.   Suppose a person wanted to implement a TOR node, simply by buying some box, and plugging it into his modem, and power.  And NOT needing to become an expert on TOR, or even on computers in general.  And NOT having to follow pages and pages of instructions.   I did a few minutes of searching, and even the 'simple' explanations seemed 'clear as mud'. 
> > Don't bother with long explanations challenging the usefulness, or trustworthiness of TOR.   Yes, we've discussed them to death.  That's a different subject.                    Jim Bell
> 
> >On FreeBSD, it's as simple as running the following commands as root
> 
> ># install tor
>  pkg install tor
> 
> ># set appropriate variables, there aren't too many to get going and
> # you can find them all well documented 
>  vi /usr/local/etc/tor/torrc
> 
> ># update your rc.conf so the service will start at boot, then start it
>  sysrc tor_enable=YES
>  service tor start
> 
> >For an idea of what the torrc file should look like, here is mine with a
> few bits XXX'd out. My node is specifically configured not to allow exit
> traffic because it was generating a lot of complaints upstream about my
> host trying to hack peoples shit, etc :)  
> 
> ># cat /usr/local/etc/tor/torrc | egrep -v "^$|^#"
> SocksPort 9050
> SocksPolicy accept 127.0.0.1
> SocksPolicy reject *
> Log notice file /var/log/tor/notices.log
> RunAsDaemon 1
> DataDirectory /var/db/tor
> ControlPort 9051
> HashedControlPassword XXXXXXXXXXXXXX
> ORPort 9023
> Exitpolicy reject *:*  # too many complaints :)
> Nickname twentysevendollars
> Address wintermute.synfin.org
> OutboundBindAddress 198.154.106.54
> RelayBandwidthRate 3265 KBytes  # playing with this
> RelayBandwidthBurst 4355 KBytes # ditto
> ContactInfo 0CA8B961 John Torman <tor @ synfin dot org>
> DirPort 9030 # what port to advertise for directory connections
> MyFamily XXXXXXXXXXXXX
> 
> 
> >If you were doing this on Linux, it would be much the same. Replace the
> "pkg install" with "apt-get install" or "yum install" or whatever, you
> might have to add a tor repo or something. The config file probably
> won't live under /usr/local/etc/tor, but just /etc/tor, and you'll use
> systemctl rather than just updating the rc.conf with sysrc.
> 
> >I would not recommend you run an exit node from your home ;)
> 
> 
> Yes, even years ago I was aware that a person shouldn't try to run
> an Exit node on a home setup.  Although, I wonder if it has been
> tried?

That's the only way I run Tor, and here's why:

One fundamental premise of Tor "as it stands today" is the principle
"plausible deniability".

By not running an exit node, you reduce your plausible deniability.

"Depending on what you use Tor for", perhaps researching for a book
you're writing, you might not particularly want to maximise the
possible deniability when using Tor in any way.

But then, you might.

Your signal (for GPA sniffing your activity) to noise (chaff of exit
node talk amongst other things) ratio, goes up when not running exit
node.

This may or may not be relevant to your use case.


> Sounds like a good beginning for a Wired article?   After
> writing that, I found: 
>  https://blog.torproject.org/tips-running-exit-node       No way!!!
> 
> But you didn't answer my question.  I said a simple box, and that
> is precisely what I meant.   Power, Ethernet.  Plug into existing
> Modem.   Okay, I would understand it if the operator had to link it
> to the network by accessing a web page and informing them of the
> new IP address, but that's the level of complexity I was thinking
> about.  (Except for a box that already "knows" how to link up and
> start running.)

If you expect to buy a box where someone else installs Tor for you,
and you have any need to actually run Tor, you are being either
naieve or foolish (or both).


> Could one of the problems with the TOR network be that only
> "experts" are likely to participate?

Indeed.

If you have no one able to help you install a Tor node (configuring
the torrc file and firewall), the only possible and possibly
reasonable (for certain limited use cases) modality of Tor usage, is
to install and run Tor Browser.


> Also note:  I am referring to a situation where a person does not
> need, and does not want, the benefit of TOR for himself;  Just
> wants to add his "brick in the wall" to the nodes.  Has a spare
> $100 or so for the box, and has unlimited-usage gigabit/second
> Internet service.  (I see that Centurylink provides them for
> $65/month, probably subject to tax, as well.)

Definitely a worthy brick in the wall.

But do not fail to configure your Tor node by yourself or by someone
you implicitly trust - anything else is unfair to your users and to
other users of the network generally.

It's not "difficult", as JN highlights above, but yes, if editing a
text file and reading the man page is "Expert", yes it requires such
expertise.

Good luck,

More information about the cypherpunks mailing list