Slashdot Mirror
Tor Project Experiments With Funding Fast Exit Nodes
mask.of.sanity writes "The Tor Project is considering paying exit relay hosts to make the network faster and more secure. The project has called for discussion on the idea, notably from relay hosts. Its founder has suggested $100 a month would attract fast and diverse nodes. Exit nodes are the last hopping point on the Tor network and are critical to its performance and safety."
The problem: "But lately the Tor network has become noticeably faster, and I think it has a lot to do with the growing amount of excess relay capacity relative to network load ... on today's network, clients choose one of the fastest 5 exit
relays around 25-30% of the time, and 80% of their choices come from a
pool of 40-50 relays. ... Since we're
not doing particularly well at diversity with the current approach,
we're going to try an experiment: we'll connect funding to exit relay
operators so they can run bigger and/or better exit relays." As to funding: "We've lined up our first funder (BBG, ...), and they're excited to have us start as soon as we can. They want to sponsor 125+ fast exits."
I always want to be able to make a fast exit from whereever I am.
I mean, even if you are paid much more than $100 a month, being legally and financially responsible for the shit that goes on through your server (since you are the EXIT node) could get you sent to jail for life and cost you huge amounts of money. Sounds completely insane for anyone to willingly run such a thing.
$100 is not worth spending time in jail because your IP address has been recorded going to pirate or porn sites with highly illegal content.
Nobody uses exit nodes for illegal stuff anymore.
It's a public service, helping to preserve people's ability to practice their right to free speech. Plenty of us believe extremely strongly in that, and I'd consider it at least as worthy as many other philanthropic causes. If I had a decent amount of money (i.e. enough to consult a lawyer beforehand, take reasonable legal precautions, and kick up a stink rather than just disappearing if I ever were taken to court) I'd do it like a shot.
From wiki:
"The Broadcasting Board of Governors (BBG), a bipartisan panel of eight private citizens appointed by the President of the United States and confirmed by the U.S. Senate (the U.S. Secretary of State is an ex officio member of the Board), is the oversight body for official U.S. international broadcasts by both federal agencies and government-funded corporations. In addition to VOA, these include the Office of Cuba Broadcasting (OCB, which includes Radio and TV Marti) and grantee corporations: the Middle East Broadcasting Network (MBN, which includes Radio Sawa and Al Hurra television in Arabic); Radio Farda (in Persian) for Iran; Radio Free Europe / Radio Liberty and Radio Free Asia, which are aimed at the ex-communist states and countries under oppressive regimes in Asia. In recent years, VOA has expanded its television coverage to many areas of the world. This governing body was established in 1993 to replace the Board for International Broadcasters, which was created in 1973 to manage broadcasting companies previously funded by the CIA."
More from Cryptome: http://cryptome.org/2012/07/tor-exits-usg-funds.htm
I am sure the NSA would love to run an exit node or two since they will be facing some looming funding cuts soon. In this soft economy, a gals gotta make a buck...
This new version also features 2-3 times more harassment from the government.
What political party do you join when you don't like Bible-thumpers *or* hippies?
It would be nice to think that everyone would all do it, making it basically impossible to harass individual exit nodes. That's certainly the theory behind Tor. And it's a noble idea.
But then again, let's face it, most people are leechers. And unless you could find a way to encourage mass adoption of Tor, combined with a default (perhaps even mandatory) setting of "allow exit node", it's probably not going to work.
Maybe they could bundle it in with some really popular apps or games. Offer "This game $10 for the regular version/free with Tor" specials.
What political party do you join when you don't like Bible-thumpers *or* hippies?
It's great for FBI,CIA,MI5 etc. It concentrates a lot of questionable traffic to very few nodes and make anyone connecting to these nodes immediately suspicious. Running a node for money would make it a more serious offense in court which is great for the DA: winning more years in prison means a better career for the DA.
Sounds completely insane for anyone to willingly run such a thing.
Some people are brave enough to run servers that will help political dissidents in China, Africa, and elsewhere.
Palm trees and 8
Yeah, I would probably only run such a thing if I had a solid institutional arrangement that would back me up on it and divert any liability to the institution rather than me personally. A university may be able to get away with running an exit node, for example. But it's not clear this level of funding would incentivize those kinds of operators. Is a university's decision to run or not run an exit node going to turn on whether they get $100/mo funding?
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
It would be nice to think that everyone would all do it, making it basically impossible to harass individual exit nodes
Like how it is impossible to harass individual pot smokers? Even if there were millions of exit nodes, the police would be harassing exit node operators, just to keep everyone afraid.
Palm trees and 8
This new version also features 2-3 times more harassment from the government.
Or maybe the government will be providing the exit nodes (via proxy companies). I am sure that the ability to add delays at exit would aid traffic identification
Do not pass go. Collect $100.
Couldn't they take that $100 and use it to host exit nodes at various cloud hosting facilities around the world? That would take out some of the liability since only the Tor Project or their sponsors would be on the hook (and they already are for paying the $100)
That's not brave unless you yourself live in those areas.
True, except you can't know what will pass through your node. People can use it to access/buy illegal stuff in the country you're in, and that can get you into trouble. AFAIK no exit node operator was ever imprisoned over it, but many were threatened (some fight back, others give up).
It is brave if you live in a country where the police will harass you over your exit node:
https://www.eff.org/deeplinks/2011/08/why-ip-addresses-alone-dont-identify-criminals
Palm trees and 8
$100 won't get you a lot of bandwidth. What they need to do is buy fios for a whole lot of people and pay for it with the $100 - sort of like FoN. That'll make the number of exit nodes large enough that it'll be hard to monitor all the nodes.
40-50 preferred exit nodes means that someone sneaky can look at around 2% of the TOR traffic at any given time. As the intercepts in the past have shown, you can get a lot of interesting stuff from that 2%. They need to grow that pool tremendously...and paying for people's connection & bandwidth is the easiest way.
Is there a TOR dd-wrt port? They could provide that (or a pogoplug, etc) with the connection, and monitor the node so if the node goes offline the payments stop.
If you end up having 30% of your exit nodes shifting to FIOS, couldn't it be argued that Verizon could reconstruct a good amount of the packets one their way out of the Tor exit nodes (which still on Verizon's network)?
But then again, let's face it, most people are leechers.
I have a reasonably fast business ADSL connection which is genuinely unmetered with no "fair-usage", no throttling, no DPI. It is literally a packet-shifting Internet connection through my ISP which is fairly rare in the UK these days!
I'd love to open it up to the benefit of society, but I just can't accept the risks of running something like a Tor node. Even running a secondary channel with open wifi makes me nervous.
I suppose this makes me cowardly.... and means they are winning.
Tor has been out for ten years. Could you post some links to articles where people were held legally and/or financially responsible for what passed through their exit node?
Luckily not all countries have a judicial system as fucked up beyond all recognition like the US has.
Don't worry, most of the fast exit nodes are for sure owned by the intelligence services.
(at least, they know what's being discussed, even if they don't have the origin)
As for fast exit nodes, one can get some boxes for cheap from OVH all around the world (they are opening in Canada soon) for example : http://www.ovh.co.uk/dedicated_servers/
(low end dedicated boxes in France start at about 40 USD for 100Mb/s)
Reading your link I see it's mostly talking about sending personally identifying information unencrypted through the network that just gets sniffed when it leaves the exit node. Torrenting through tor is really dumb since many torrenting programs send your ip address to the tracker unencrypted, so duh, the exit node sniffers get that and if you send other traffic through the same node, then, yes, that other traffic can easily be linked to you. The other issue is in your link is pretty much the same thing. If you log in to your email or whatever through tor and those credentials aren't going through https then, again, yes you will have those credentials stolen. It's the same problem with doing that sitting in Starbucks and using the wi-fi. Of course, tor has been warning people over and over and over not to use bittorrent through tor as it is an insecure protocol by design. The bittorrent creators will tell you that. It is just incidental that people use torrents to trade infringing media. To sum it up, Newsflash: don't torrent through tor as your ip address will show up to the exit node. Newsflash #2: don't send your login credentials through the onion because if an attacker can link those to your real identity, they can link other things going through the same exit node to your real identity which depending on what you're using tor for can be a real problem.
The soylentnews experiment has been a dismal failure.
they can aid dissidents in China, Syria, Iran, Cuba, etc.
and they can keep an eye on kiddie porn assholes
sound like an exotic weird idea? Tor was started by the government, specifically the US Naval Research Laboratory
heck, i can see the Chinese government running their own exit nodes for keeping an eye on political dissidents
all your Tor is belong to government
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Most connections from exit nodes are perfectly legal. For example a Chinese guy wants to access Slashdot. The traffic in the US is legal and it's just his traffic which is encrypted and going to a different node which is where he has a problem if it's discovered.
Let's be clear. The mere fact that you aren't doing anything doesn't make you immune from the police. There are so many laws and regulations set up for corporate interests that it's likely that you are breaking something; merely not running an exit node will not protect you. Filtering the traffic on exit nodes can very much reduce anti-social (potentially illegal) traffic. As long as you are only accepting a partial contribution and your costs are more than $100 you can treat this as an expense payment rather than a profit. This is likely to be seen very differently in court than profiting from an activity. Furthermore, the explicit involvement with the Tor project could help make it clear you did things for political reasons rather than in order to facilitate illegal activities. Overall, bearing in mind INAL, INAL in your country and, ICNYL (certainly not your lawyer), I don't see that this much increases the risk of a person running an exit node.
There's plenty of reasonable FUD to spread about tor; it could be very risky to use tor from China since the traffic isn't that well hidden; you have to be very careful about your end point security; in less-democratic / less free countries you may be arrested for running an exit node even if you had no intention of supporting illegal activities. There's no need to make up extra FUD
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I've always assumed the ones running fast exit nodes were the NSA/CIA and their counterparts for various countries.
I use tor to use stuff like facebook and slashdot while at work. Slashdot passwords are not encrypted for nonsubscribers, but I don't really care if the people running exit nodes figure out my Slashdot password.
Here's one idea why this may be: Perhaps some governments are operating faster TOR nodes, knowing that they will attract a larger percentage of TOR users, hoping they can catch more of their own citizens that they want to arrest.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
I mean, even if you are paid much more than $100 a month, being legally and financially responsible for the shit that goes on through your server (since you are the EXIT node) could get you sent to jail for life and cost you huge amounts of money. Sounds completely insane for anyone to willingly run such a thing.
Even if you aren't held legally responsible some vigilante types will hold you morally responsible. Once again it's a bad idea to run a Tor exit node. So who exactly is running them and how do they keep themselves safe?
If you run an exit node and several intelligence agencies find out you're the guy behind the node what exactly can you do? I would say you're life would be ruined. So is there a way to run exit nodes completely anonymously?
Is there a way to make it impossible to determine who is running the node? Such as someone drops the node in a park and walks away?
As things are right now, anyone caught running an exit node in any country could face harassment by hostile intelligence agencies. As a result no one really wants to run them. What can you do if you run a node and you get a knock on your door from the Secret Service or FBI? You'll be forced to cooperate.
Why would they care about who is connecting those nodes? They would just target the node operators and watch them to determine who connects and what goes on.
Once again I don't see how being a node operator for Tor can possibly be good in this environment. If there is another scandal and something goes forwarded through your node anyone from Putin to Obama could want to make you comply.
Most connections from exit nodes are perfectly legal. For example a Chinese guy wants to access Slashdot. The traffic in the US is legal and it's just his traffic which is encrypted and going to a different node which is where he has a problem if it's discovered.
Let's be clear. The mere fact that you aren't doing anything doesn't make you immune from the police. There are so many laws and regulations set up for corporate interests that it's likely that you are breaking something; merely not running an exit node will not protect you. Filtering the traffic on exit nodes can very much reduce anti-social (potentially illegal) traffic. As long as you are only accepting a partial contribution and your costs are more than $100 you can treat this as an expense payment rather than a profit. This is likely to be seen very differently in court than profiting from an activity. Furthermore, the explicit involvement with the Tor project could help make it clear you did things for political reasons rather than in order to facilitate illegal activities. Overall, bearing in mind INAL, INAL in your country and, ICNYL (certainly not your lawyer), I don't see that this much increases the risk of a person running an exit node.
There's plenty of reasonable FUD to spread about tor; it could be very risky to use tor from China since the traffic isn't that well hidden; you have to be very careful about your end point security; in less-democratic / less free countries you may be arrested for running an exit node even if you had no intention of supporting illegal activities. There's no need to make up extra FUD
But it would still make you a target of China. Do you want to deal with that? If it's illegal in China then the Chinese government will eventually figure out who is running the exit node.
Sounds completely insane for anyone to willingly run such a thing.
Some people are brave enough to run servers that will help political dissidents in China, Africa, and elsewhere.
It's not a matter of being brave enough. How can it be done in a safe and effective way? If you want more people to do it then figure out how to make some best practices so it's safer. As things are right now Tor is the wild west and anything can happen to anyone "brave" enough to run an exit node. If running an exit node produces bad luck for whoever runs it, no one will want to run exit nodes. So how can we disconnect the individual ownership from the exit node? Libraries? Universities? What?
Sill, they need to do a lot more. With the tor network you don't need to control any nodes if you have control of a few routers along the way (Governments). Look up: Wei Yu. Replay Attack still make it easy to know who sent information to who. If it is not End-to-End tor, they know what you send too.
The way Nodes are picked tries to prevent that. IP address that are to close to each other (without looking it up I would say 2 octects), or IP address that are from the same area can't be used together.
[anecdote]
I had legal troubles* as someone used my exit node for downloading child pornography. after nearly 2 years the prosecutor closed the proceedings as he found nothing punishable.
*) including some officers searching my flat at 7 am and all my hardware was confiscated
Hi, I help run an exit node. Specifically NoiseTor - http://noisetor.net/ Yes, we do get police/FBI/etc calls regularly. Most of the time it takes a few min of explaining what tor is, we have no logs, and there's nothing we can do to help track down where the traffic came from.
It's invaluable to run exit nodes, and the risks are fairly minor.
And if you're not brave enough to run it yourself, you can donate to exit nodes like NoiseTor - http://noisetor.net/ or to Tor itself.
Ryan Pries, Wei Yu, Xinwen Fu, and Wei Zhao, “A New Replay Attack against Tor Anonymous Communication Network", in Proc. of IEEE International Conference on Communications (ICC) (Best Paper Award of Information and Network Security Symposium), May 2008.
Tor: now featuring exit nodes that wrap advertising around your browsing.
Would 100 a month cover fees to:
1) incorporate
2) rent the cheapest local colo I could find in a shared cabinet
(years ago I used to know one for 35 a month, but that was a sweetheart deal)
3) Properly have an accountant file the paperwork/taxes
4) Pay myself $1 / month?
I'll donate a computer and hardware and maintain it. Might not be high end, but it'll have a gigE nic and whatever the colo will give me bandwidth wise.
System will be running a locked down, patched BSD jail with a firewall banning outbound access to SMTP/submission and probably nothing else.
I don't have much experience with the incorporation -- but as long as I could separate that node from my personnage and home, I'd be more than happy to do it.
The real thing is--I don't particularly want to be woken up at 0500 with people in baklavas and select-fire M4s teargassing my home... I don't want to deal with the fact that a court order might force me to decrypt my local linux system's hard drive.
It's the sad truth. I want to support this. I don't mind some reasonable and expected issues with ISPs... or the colo. Or the sysadmin/patching/maint side that comes with the territory, and isn't as easy as it should be.
But getting raided, thrown in the floor, having my dog shot, the kids panic, and all personal posessions confiscated while the FBI colludes to drive me out of business when they take six months to a year to search without returning my business materials...ever...
That's the problem.
What they really need to make is an 'exit node package'. Paperwork to incorporate, a list of friendly providers and ISPs, and a lawyer's phone number for use when something eventually hits the fan--be it feds, or you get lawyered by some asshole looking for someone to sue because a 4channer rickrolled their website.
For extra bonus, the EFF should get support of JAG or whatever naval lawyers are called onboard in advance -- US intel originally helped support the development. I'd like *them* on my side with the EFF running a node. The spooks can't have their untraceable spycomm system unless they have an onion to hide in.
CAPTCHA: fright.
So true
the purpose of a DR (Disaster Recovery) site is to defeat the Geographical issue.
If a country/Gov. wants to shut you up and reign with dictatorial powers, all you can do is rely on other users outside THAT area... it doesn't matter how many users in Africa run it, if the gov. takes all their provider down.
How is it that they let you get away with just saying that? Then what stops me from distributing terrorist child porn warez from my home PC and then saying it was a Tor exit node when they call? In fact, they probably would never call me. They would contact my ISP, which would cut me off and tell them my home address and all information about me and then the police would come straight to my house without any warning. Why are they so kind to you?
I don't know that there is a method to do it completely anonymously, but the fact we're even treating the mere operation of an exit node as a crime, and something to be hidden at all costs, is a rather depressing indictment of the current state of our legal systems. Ideally one should be able to proudly and publicly make a stand for anonymity - that's where my comment about a decent amount of money comes in. A higher profile name who sets up a (charitable?) organisation with limited liability (not a perfect protection, but something) and loudly announces to the world how they're standing up for the First Amendment rights of all Americans (or some local equivalent) makes for, at worst, a protracted and public case in which the government can easily come out looking like the bully.
It's imperfect, certainly, but plenty of people have made the world a better place in the process of being fucked over making a stand against their governments. Many others have won. Some have disappeared into the legal system for all eternity. Sometimes the sacrifice is in vain, sometimes it isn't, but it almost always packs a better punch if you have the money and publicity to manage it well.
Is it "legal" until you take/make money to provide the service?
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
What you are basically saying, is that you live in a state ruled by tyranny instead of democracy. I mean, where else would a law-abiding citizen say that doing something legal could have him put in jail and/or his life ruined if 'they' might 'find out'.
"Trump!!", the new Godwin.
For the last few years, I've run one of the faster exit nodes in the UK. I think I've had two, maybe three, complaint emails forwarded by my ISP in that time. I just send them to my standard boilerplate, CC the ISP, and never hear back.
Bottom line: anyone wanting to do something really nasty won't use Tor - they'll use something much more suitable for their task, like a botnet for one thing.
"And the meaning of words; when they cease to function; when will it start worrying you?"
What's wrong with people and modpoints lately? This is garbage!
I've been running an exit node FROM MY HOME for the last 3 years with ZERO problems from both police AND my isp.
You sir are talking SHIT.
Fairly minor? Not if you live in the Netherlands where they bring you a visit taking with them all your hardware and never returning it.
www.vanheusden.com - home of Multitail, HTTPing, CoffeeSaint, EntropyBroker, rsstail, bsod, listener, nagcon, nagi
Would it be technically possible to have a system where people pay to get faster speeds on the Tor network? I would do that.
By that line of argument you don't even need Tor, since as long as there are millions of dissidents in China there is nothing the government can do to get rid of all of them.
The problem is that for any individual the concern isn't whether the government will ruin the lives of all the exit node operators, but whether their own life will be ruined.
I note that your exit node configuration is based on whitelisting specific ports and is not simply open. That probably is greatly reducing the kinds of run-ins you're going to get with the usual suspects - I doubt many people have their bittorrent clients and such set to run on port 80.
There is a tool that does this. I hope you like it:
http://sourceforge.net/projects/blackbeltpriv/
Because clearly, you are everyone on the planet.
To give a hypothetical example to explain it, if everybody used Tor, and everybody also acted as an exit node, and thus if all traffic on Internet where routed through other computers, then it would be well understood that nobody was responsible for traffic leaving their nodes, and no judge would be willing to allow the police to harass somebody based on traffic that left their node.
People who use Bittorrent over Tor deserve all the punishment they get.
I run 5 tor nodes in the low Mbps speed range, but I'm not brave enough to allow exit on any of them. I can't afford the legal cost associated with fighting for my rights if a problem comes up.
The ones that a huge fraction of all the traffic is going through? Those are the ones most likely to be sniffing traffic and doing MITMs.
"When information is power, privacy is freedom" - Jah-Wren Ryel
What punishment would that be? The only people likely to be punished are the exit node operators (assuming it is being used to transfer content that is not legal to distribute), unless the person running bittorrent has no idea what they're doing. While most bittorrent clients leak information, they can only leak information they have, and only to hosts they can connect to.
um no you ar prtected by safe harbor laws the same reason your isp and the back bone are not liable for your copyright infringement, a tor node is simply a dumb pipe system with a shit ton of encryption and obfuscation.
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
> *) including some officers searching my flat at 7 am and all my hardware was confiscated
and this is how it works.
Now you're afraid to run a node, because this can happen again. And a lot of others reading your message are afraid and do not even start.
We need so many nodes, that its infeasable to search every flat of a node-owner. Something like tor included into the default-config of a popular adsl-modem or something like this.
Now you're afraid to run a node, because this can happen again.
yes. I knew something like this could happen (and was in a way prepared - the police visit was surprising but not completely unexpected), but lawyer and new computers were expensive...
Sure, it is cowardly - blame me as I blame myself :)
blame the system.
We need an official Tor discussion forum.
I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion
** Onion Forum 2.0
http://www.tinyurl.com/onionforum2
Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/
Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/
The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.
flying cars good for go holyday in Thailand..haha..this is fantastic car i think...good idea! thank you! Thailand
I think that's an overly optimistic appraisal of the situation. Laws are selectively enforced all the time. Mostly they'll leave people alone, but when election time rolls around I think judges and DAs all over the place will be more than happy to bust a few random exit node operators for trafficking in child pornography. Bonus: if you lead protests, or run for office against the incumbent DA, or start a business that competes with a business owned by a local judge's son, all they have to do is watch your exit node traffic until some unmentionables slip by and they've got you.