Intro to Tor exit relay deployment and operation

This post is under construction.

Also read: Tips for Running an Exit Node with Minimal Harassment

Running an Exit takes a special kind of person. One who understands its value while also realizing that <2% of Tor traffic can be malicious in nature. Sometimes you and/or your service provider will be required to respond to complaints. There are generally two kinds of exit relays. One is the kind that accepts and routes any and all ports (1-65k). The other uses a reduced exit policy that limits accepted traffic to specific ports (22, 443, etc).

I have always used a reduced exit policy or a modified version of it. Running a reduced exit policy is common for people who want to minimize abuse complaints. For instance, I’ve received the most amount of complaints when adding and allowing port 80 (clear-text web traffic) because people use Tor to perform cross-site scripting attacks on websites, and secondly port 22 (SSH) traffic which people use to attempt to brute force other people’s web servers. This should not discourage you.

There are specific rules in place in the Tor specification which gives relays specific “flags” that help identify your relay’s capabilities. While you could only permit port 443 traffic out of your “exit”, you would not be given an exit flag. I’m not sure where that documentation is right now, but I know that the official reduced exit policy gives a relay an exit flag. You’ll get a “stable” flag after the relay has been online for several days without interruption, and there’s a “fast” flag if you donate enough bandwidth. People tend not to see much use of their relays until after they’re given a stable flag.

Relay configuration (be it an exit, bridge, or regular relay) is done via the TORRC file — on Debian systems in /etc/tor/torrc. Debian systems are relatively easy to harden to prevent passive attacks.

Most people run reduced exit policies — you should notice that it does not permit port 80.

You do not need to deploy a relay on dedicated hardware, unless:

1. you’re going to tune a relay to push as many bits as possible from one or many Tor instances.

2. you want to minimize the impact of a law enforcement seizure, in the rare event that LE/IC think that a Tor relay would be valuable to them.

I’ve ran a 1 Gbps reduced exit policy relay from my personal residence for over two years with minimal issues, although my ISP was very understanding and accommodating. The risk of a seizure if very low, especially in the United States. Since then I moved to a VPS in the Netherlands because an unmetered 1 Gbps VPS is only ~$40 /mo there.

The value of Tor increases as more people use it, and as there are more relays–particularly exits–setup in more geographically diverse locations. The Tor Project website has a community-generated list of hosting providers that are either good or bad about Tor hosting. It would be good to read through to understand some of the problems that people face with them. If you already have rackspace and unused bandwidth in a datacenter, that’s the best place to put it.

Please email the tor-relays mailing list with questions, or me directly if you have feedback.