Intro to Tor exit relay deployment and operation

This post is under construction.

Also read: Tips for Running an Exit Node with Minimal Harassment

Running an Exit takes a special kind of person. One who understands its value while also realizing that <2% of Tor traffic can be malicious in nature. Sometimes you and/or your service provider will be required to respond to complaints. There are generally two kinds of exit relays. One is the kind that accepts and routes any and all ports (1-65k). The other uses a reduced exit policy that limits accepted traffic to specific ports (22, 443, etc).

I have always used a reduced exit policy or a modified version of it. Running a reduced exit policy is common for people who want to minimize abuse complaints. For instance, I’ve received the most amount of complaints when adding and allowing port 80 (clear-text web traffic) because people use Tor to perform cross-site scripting attacks on websites, and secondly port 22 (SSH) traffic which people use to attempt to brute force other people’s web servers. This should not discourage you.

There are specific rules in place in the Tor specification which gives relays specific “flags” that help identify your relay’s capabilities. While you could only permit port 443 traffic out of your “exit”, you would not be given an exit flag. I’m not sure where that documentation is right now, but I know that the official reduced exit policy gives a relay an exit flag. You’ll get a “stable” flag after the relay has been online for several days without interruption, and there’s a “fast” flag if you donate enough bandwidth. People tend not to see much use of their relays until after they’re given a stable flag.

Relay configuration (be it an exit, bridge, or regular relay) is done via the TORRC file — on Debian systems in /etc/tor/torrc. Debian systems are relatively easy to harden to prevent passive attacks.

Most people run reduced exit policies — you should notice that it does not permit port 80.

You do not need to deploy a relay on dedicated hardware, unless:

1. you’re going to tune a relay to push as many bits as possible from one or many Tor instances.

2. you want to minimize the impact of a law enforcement seizure, in the rare event that LE/IC think that a Tor relay would be valuable to them.

I’ve ran a 1 Gbps reduced exit policy relay from my personal residence for over two years with minimal issues, although my ISP was very understanding and accommodating. The risk of a seizure if very low, especially in the United States. Since then I moved to a VPS in the Netherlands because an unmetered 1 Gbps VPS is only ~$40 /mo there.

The value of Tor increases as more people use it, and as there are more relays–particularly exits–setup in more geographically diverse locations. The Tor Project website has a community-generated list of hosting providers that are either good or bad about Tor hosting. It would be good to read through to understand some of the problems that people face with them. If you already have rackspace and unused bandwidth in a datacenter, that’s the best place to put it.

Please email the tor-relays mailing list with questions, or me directly if you have feedback.

Operational security training for Seattle activists and journalists

UPDATE! The date *may* change! An announcement to our first activist training will be posted on SeattlePrivacy.org within the first week of January 2015.

Starting on MLK day, to cover January 19th TA3M, I will be hosting a 3 to 5 hour event specific to digital security for on-the-ground activism. In February, I am going to host a related event specifically for journalists. This style of training is going to happen every month with activist and journalist training happening on alternating¬†months. This program will happen in addition to TA3M, I’m just going to jump start off of TA3M in January.

Curriculum is going to be facilitated by the SaferJourno guide (https://saferjourno.internews.org/ — “digital safety and online security”). Technical material can be adopted from many sources, but I will be asking for specialists to facilitate¬†various trainings. A new website will be created that will be breaking this content down in wiki format. The content will be duplicated and modified for activists. The goals include enhancing and contributing back to the SaferJourno project.

The distinction between activists and journalists is critical. Risk analysis and legalities are totally different for the two groups, even though they sometimes share the same threats. In addition, SaferJourno has many hands-on training and conversation-oriented coursework. Sharing similar experiences with one another is important, and also making the attendees feel as comfortable and secure as possible is important. The registration process will be constructed to be as anonymous as possible, and participation will remain as private as possible. Registration is interesting because there are pre-surveys that have to be filled out for the trainers.

As for journalists, I will be working with various volunteers to create curriculum specific to SecureDrop; part for its use, and part for its technical implementation. Also concerning journalists, I plan to make available tailored training for Seattle news organizations who wish to incorporate their working environments into the training.

Meeting space is TBD. Sadly, the Seattle Public Library closes too early.

A name for this new program has not been created. At this time, I have people interested in starting the same program in other cities, but will probably not happen as soon as MLK day.

Aside from me, I plan on keeping the identities of volunteers related to this new program private unless they wish to provide public support. My preferred methods of communication are TextSecure, PGP email, XMPP/OTR, and Ricochet — most details kept up to date on my website, https://yawnbox.com/.

I expect that trainers will write reports based on their experiences as educators and contribute (anonymously, if desirable) to the program in the form of SaferJourno (or SaferActivist) wiki edits. I’ll try to get trainers repeatable structure for said reports. Those not familiar with SaferJourno should know that it’s CC-BY-NC-SA. We can freely copy, remix, and redistribute the content with reference to the original, plus maintaining the same license or more-open, like CC-BY-SA or CC0.

What I currently need:

Does anyone know the activists who organized the WTO protests? I’d like to get them involved.

I need assistance breaking down the various needs of activist topics to cover. This will help copy the SaferJourno guide and modify it for activists. For January, time should not exceed 5 hours total, including breaks. Following January, events will likely be on weekends that could span an entire weekend.

I need technical specialists for iPhone and Android security. I could instruct Android, but there are many people who know more than I do. If we can’t rely on one person, we can break down various aspects of phone security to accommodate training. I also need someone to manage the topic of social media and video distribution.

Please be critical in thought and response. I look forward to pushing this forward in light of increased worldwide surveillance with as much help as I can get. I prefer to simply be an organizer, but I will facilitate/educate when/where needed. Please be aware than any involvement with this program will likely garner increased surveillance of yourself and connections, if TA3M wasn’t enough.