Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Project Pilots Exit Nodes In Libraries

Posted by Soulskill on from the so-happy-and-private-together dept.

An anonymous reader writes: The Tor Project has announced a new initiative to open exit relays in public libraries. "This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet." They point out that this is both an excellent way to educate people on the value of private internet browsing while also being a practical way to expand the Tor network. A test for this initiative is underway at the Kilton Library in Lebanon, New Hampshire, which already has a computing environment full of GNU/Linux machines.

4 of 37 comments (clear)

  1. Newsflash: Libraries get blacklisted by Anonymous Coward · · Score: 4, Interesting

    Most admins block TOR exit nodes at the router and many other places because they are the source of many attacks. All this means is that libraries wind up on IP blacklists.

  2. Librarians by manu0601 · · Score: 4, Interesting

    It is astonishing how mindset about computing can vary among librarians. On one hand we have the one that set up TOR exit nodes to save our privacy, and on the other hand we have the one that purchase strongly vendor-locked and opaque proprietary library softwares.

  3. Balance TOR's costs against the benefits. by dweller_below · · Score: 5, Interesting
    When we set up TOR infrastructure at USU, we looked at the costs and benefits.

    There are definite costs to running TOR infrastructure. You have to be aware of them. Some of the costs can be mitigated, but some can't. At the end, you have to be able to show that the benefits outweigh the costs.

    First we examined the benefit. We made a clear statement of the benefit. It is:

    USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.

    Then we discussed the various costs and methods of mitigating the costs. Afterwards, we decided that the costs could be made acceptable, if we were careful.

    • Our cost mitigation strategy had several parts:
    • 1) We arranged for the TOR infrastructure to have an academic sponsor. The USU CS department agreed to sponsor the TOR project. This gave us an existing structure for providing IT support. And, frankly, TOR is easier to support than some of the other academic projects.
    • 2) Most of the direct costs of creating and administering the TOR infrastructure are born by the USU CS department. It really helps that their admin is a diligent and responsible admin. It has been a joy to work with him.
    • 3) We have tried to put all the TOR infrastructure on a small CIDR. If people need to block TOR, we try to make it easy for them to block it without effecting other things. That said, if I had to do it again, I think I would continue to have the TOR entry nodes and intermediate relays on a small USU CIDR. I think I would ask USU's ISP (UEN) for a small /28 and hook it up external to USU's normal security perimeter. Then I would put the TOR exit nodes on that external CIDR. This makes it easier to set routing and firewall policy. It also enables entering the TOR switching network internal to USU.
    • 4) We examined the TOR traffic and tried to minimize the abusive bits. In our case, we found that most of the TOR web browsing looked non-abusive. However, the majority of the SSH and RDP traffic looked abusive. So, we asked the TOR admin to limit those protocols.
    • 5) We clearly documented our TOR setup and use. The TOR nodes have meaningful hostnames. The systems have are well defined roles and responsibilities. We have strongly discouraged the TOR admin from using those systems for anything else.
    • 6) We created processes for dealing with the abuse reports.

    Here is our standard response to an abuse report against USU's TOR infrastructure:

    =BEGIN ABUSE RESPONSE=
    The activity that you have reported is being emitted by a TOR exit node:

    ------------
    $ host 129.123.7.6 6.7.123.129.in-addr.arpa domain name pointer tor-exit-node.cs.usu.edu.

    $ host 129.123.7.7
    7.7.123.129.in-addr.arpa domain name pointer tor-exit-node-2.cs.usu.edu.
    ------------

    This TOR node is a project of USU's CS department. USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.

    Almost all TOR traffic is generated by innocent people who are attempting to escape the shadow of a totalitarian government. But, unfortunately, sometimes criminals attempt to use TOR to attack others.

    We are in discussion with our TOR admins to try to find ways to limit the attack activity. Of course, this rapidly becomes a sticky issue. If we start inspecting and censoring some of the TOR activity, then we have less of a defense when we get pressure to inspect and block the rest. And, even starting down this path may make us legally liable for ALL the TOR traffic. Our best action may be to keep our hands off and observe strict network neutrality.

    We are still pondering our options.

    Please accept our apologies in the mean time.

    USU IT Security
    =END ABUSE RESPONSE=

  4. Why would they want to deal with that? by Anonymous Coward · · Score: 0, Interesting

    TOR exit nodes are nothing but trouble.

    I knew someone who maintained one from 2003 to 2008. It was neat at first, but watching him get worn down by the relentless pestering from his ISP and the police (later the FBI as well) was not cool. Then they raided his house one night (which I'll never forget, mostly because everyone landed up crashing at my place for two days) and took nearly every single piece of technology that plugged into a wall, ripping apart mostly everything else in the process while presumably looking for hidden data storage devices.

    He had another exit node working within a week, much to the dismay of nearly everybody who knew him. That was when the feds showed up. I'm told they were extremely polite about the whole thing and only stayed for a couple of hours, but beyond that I have no idea what they said to him. A day later he dragged the exit node out into his backyard and took a sledgehammer to it. That same year he took his family on a once in a lifetime vacation over Christmas, and hasn't spoken about TOR since. The few times I've tried to jostle a few details out of him have only been met with "You know I can't talk about that".

    There were rumours that the company he founded was looking to eject him after the raid, and I think at one point someone else was trying to threaten him with criminal charges (though I can't imagine they would have stuck). I can only assume that it got to the point where that idiot exit node was literally threatening his livelihood, and his wife finally convinced him that enough was enough and that was it.

    In any case, I have upmost respect for the exit node operators who can deal with that kind of abuse, but damn. It really says something about both the society we live in (and how privacy is slowly being eroded away), but also the general state of the TOR network. I suppose you can't have anonymity without the usual whack jobs running around, but it just seems like the amount of illegal shit flying around TOR severely outweighs any legitimate use the network offers.

    So for that reason, I'm not sure why you'd want to run an exit node these days, unless you're looking for trouble and the challenge of dealing with that.