Tor Project Pilots Exit Nodes In Libraries

← Back to Stories (view on slashdot.org)

Tor Project Pilots Exit Nodes In Libraries

Posted by Soulskill on Friday July 31, 2015 @10:56AM from the so-happy-and-private-together dept.

An anonymous reader writes: The Tor Project has announced a new initiative to open exit relays in public libraries. "This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet." They point out that this is both an excellent way to educate people on the value of private internet browsing while also being a practical way to expand the Tor network. A test for this initiative is underway at the Kilton Library in Lebanon, New Hampshire, which already has a computing environment full of GNU/Linux machines.

22 of 37 comments (clear)

Min score:

Reason:

Sort:

Library Filters by EmperorArthur · 2015-07-31 11:12 · Score: 2

Here in the US any library that deals with children must have mandatory filtering software installed. Given the typical puritanical attitude, quite a few public libraries also have filters.
https://en.wikipedia.org/wiki/...

--
So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
1. Re:Library Filters by roninmagus · 2015-07-31 12:53 · Score: 1
  
  Wow, that's news to me. When I worked IT for a local government which managed the public libraries, we were barred from filtering anything. We had to install polarizing screen covers and put computers in weird places for all the pervs. Granted, this was 13 years ago.
2. Re:Library Filters by Bing+Tsher+E · 2015-07-31 14:37 · Score: 1
  
  I found I couldn't download a component of the Android SDK in our local public library on their wifi. Not on a library machine, it was my laptop. The URL linked from within Eclipse raised a flag with something in the filter at the library. It was rather shocking.
Newsflash: Libraries get blacklisted by Anonymous Coward · 2015-07-31 11:20 · Score: 4, Interesting

Most admins block TOR exit nodes at the router and many other places because they are the source of many attacks. All this means is that libraries wind up on IP blacklists.
most libraries are run by local government by ozduo · 2015-07-31 11:26 · Score: 1

how many are willing to risk their benefactor's wrath (federal government) by supplying an anti government spying device?

--
I got to the chocolate box before you, that's why the hard ones have teeth marks.
Librarians by manu0601 · 2015-07-31 11:32 · Score: 4, Interesting

It is astonishing how mindset about computing can vary among librarians. On one hand we have the one that set up TOR exit nodes to save our privacy, and on the other hand we have the one that purchase strongly vendor-locked and opaque proprietary library softwares.
1. Re:Librarians by Anonymous Coward · 2015-07-31 13:52 · Score: 1
  
  Free/libre software != privacy. There are very different forces driving these two movements: there just happens to be a lot of overlap since most intelligent and educated people support both, and a lot of the privacy tools are opensource (they kinda need to be).
No-oooo! by Demonoid-Penguin · 2015-07-31 12:42 · Score: 1

Don't be giving the government yet another reason to cut funding to public libraries.
Re:Newsflash: Libraries get blacklisted by Anonymous Coward · 2015-07-31 13:28 · Score: 1

I think that is why the requirements seem to imply that the exit node needs to have its own IP address.
Balance TOR's costs against the benefits. by dweller_below · 2015-07-31 14:17 · Score: 5, Interesting
When we set up TOR infrastructure at USU, we looked at the costs and benefits.
There are definite costs to running TOR infrastructure. You have to be aware of them. Some of the costs can be mitigated, but some can't. At the end, you have to be able to show that the benefits outweigh the costs.
First we examined the benefit. We made a clear statement of the benefit. It is:
USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.
Then we discussed the various costs and methods of mitigating the costs. Afterwards, we decided that the costs could be made acceptable, if we were careful.
- Our cost mitigation strategy had several parts:
- 1) We arranged for the TOR infrastructure to have an academic sponsor. The USU CS department agreed to sponsor the TOR project. This gave us an existing structure for providing IT support. And, frankly, TOR is easier to support than some of the other academic projects.
- 2) Most of the direct costs of creating and administering the TOR infrastructure are born by the USU CS department. It really helps that their admin is a diligent and responsible admin. It has been a joy to work with him.
- 3) We have tried to put all the TOR infrastructure on a small CIDR. If people need to block TOR, we try to make it easy for them to block it without effecting other things. That said, if I had to do it again, I think I would continue to have the TOR entry nodes and intermediate relays on a small USU CIDR. I think I would ask USU's ISP (UEN) for a small /28 and hook it up external to USU's normal security perimeter. Then I would put the TOR exit nodes on that external CIDR. This makes it easier to set routing and firewall policy. It also enables entering the TOR switching network internal to USU.
- 4) We examined the TOR traffic and tried to minimize the abusive bits. In our case, we found that most of the TOR web browsing looked non-abusive. However, the majority of the SSH and RDP traffic looked abusive. So, we asked the TOR admin to limit those protocols.
- 5) We clearly documented our TOR setup and use. The TOR nodes have meaningful hostnames. The systems have are well defined roles and responsibilities. We have strongly discouraged the TOR admin from using those systems for anything else.
- 6) We created processes for dealing with the abuse reports.
Here is our standard response to an abuse report against USU's TOR infrastructure:
=BEGIN ABUSE RESPONSE=
The activity that you have reported is being emitted by a TOR exit node:
------------
$ host 129.123.7.6 6.7.123.129.in-addr.arpa domain name pointer tor-exit-node.cs.usu.edu.

$ host 129.123.7.7
7.7.123.129.in-addr.arpa domain name pointer tor-exit-node-2.cs.usu.edu.
------------

This TOR node is a project of USU's CS department. USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.
Almost all TOR traffic is generated by innocent people who are attempting to escape the shadow of a totalitarian government. But, unfortunately, sometimes criminals attempt to use TOR to attack others.
We are in discussion with our TOR admins to try to find ways to limit the attack activity. Of course, this rapidly becomes a sticky issue. If we start inspecting and censoring some of the TOR activity, then we have less of a defense when we get pressure to inspect and block the rest. And, even starting down this path may make us legally liable for ALL the TOR traffic. Our best action may be to keep our hands off and observe strict network neutrality.
We are still pondering our options.
Please accept our apologies in the mean time.
USU IT Security
=END ABUSE RESPONSE=
1. Re:Balance TOR's costs against the benefits. by circletimessquare · 2015-07-31 14:25 · Score: 1
  
  this is an interesting, informative, and comprehensive post
  mod +6
  
  --
  intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
2. Re:Balance TOR's costs against the benefits. by westlake · 2015-07-31 17:35 · Score: 1
  
  Our cost mitigation strategy had several parts
  I would replace the work "cost" with "risk."
  As in exposure to a hostile legal, political and social environment.
  I don't see many public libraries having the resources to implement your plan.
  
  =BEGIN ABUSE RESPONSE=
  We are still pondering our options.
  Please accept our apologies in the mean time.
  =END ABUSE RESPONSE=
  
  When the shit hits the fan, "thinking it over" and "hoping for the best" is no longer an option. In the end, you have to make a decision or one will be made for you.
3. Re:Balance TOR's costs against the benefits. by Anonymous Coward · 2015-07-31 22:11 · Score: 1
  
  Did you consult with a lawyer? That does not seem like a good abuse response and could make you liable. The EFF has a better one you could use at eff.org .
4. Re:Balance TOR's costs against the benefits. by DamonHD · 2015-07-31 23:51 · Score: 1
  
  4) We examined the TOR traffic and tried to minimize the abusive bits. In our case, we found that most of the TOR web browsing looked non-abusive. However, the majority of the SSH and RDP traffic looked abusive. So, we asked the TOR admin to limit those protocols.
  I am interested to understand what level of inspection you could and did perform to decide "abusiveness". Especially for the secure traffic.
  Rgds
  Damon
  
  --
  http://m.earth.org.uk/
5. Re:Balance TOR's costs against the benefits. by dweller_below · 2015-08-01 05:17 · Score: 1
  Thanks Westlake,
  
  I would replace the work "cost" with "risk."
  As in exposure to a hostile legal, political and social environment.
  We had risk in there earlier. But we later changed it to cost. USU is weird. I suspect all universities are weird. USU is a top tier research university. USU is not run by accountants and MBAs. It is run by researchers and teachers. We are shielded from most legal issues. We are constrained by funding. If we can fund it, we can invest in long term experiments. This is one of them.
  
  I don't see many public libraries having the resources to implement your plan.
  This is an extremely significant point. In order to understand the TOR issues and implement TOR properly, an institution has to have a significant investment in IT. Not a problem for universities, and large metropolitan libraries. But, most smaller libraries will not have the expertise to even understand the issues and how to mitigate them.
  
  When the shit hits the fan, "thinking it over" and "hoping for the best" is no longer an option. In the end, you have to make a decision or one will be made for you.
  True. We may need to clarify that abuse response message to make the following points more clear:
  
  We have made our decision.
  
  Here is our rationale.
  
  When things change, we may change.
  
  I expect we will change our decision to implement TOR sometime in the next 5 years for one of the following reasons:
  
  TOR is replaced by something better. (Quite likely.)
  
  TOR is infiltrated by the NSA and discredited. (Somewhat likely.)
  
  The majority (greater than 80%) of TOR browsing traffic becomes abusive. (Somewhat likely.)
  
  USU decides to get serious about privacy and implements an interior solution that uses NAT and non-logging proxies to obscure to external inspection, who is doing what. (Somewhat likely.)
6. Re:Balance TOR's costs against the benefits. by dweller_below · 2015-08-01 05:33 · Score: 2
  Thanks DamonHD,
  
  I am interested to understand what level of inspection you could and did perform to decide "abusiveness". Especially for the secure traffic.
  Rgds
  Damon
  We did traffic analysis using net flow information of a few days of traffic on a preliminary TOR exit node. In this situation, traffic analysis is very powerful. We did not try to determine who was talking. But, we have spent years deciphering the nature of connections using flow analysis. We are very successful in determining the nature of the various connections. Encryption does not change the underlying size, flow and pace of the connection. The TOR structure does little to obscure the ultimate timing of request and response. It does nothing to conceal the size of the requests and responses leaving the exit node. We can easily distinguish:
  
  * Password guessing.
  
  * Port scanning.
  
  * Automated vulnerability assessment tools.
  
  * Automated attack tools.
  
  * Human driven web browsing.
  
  When we tallied all the traffic for browsing, almost all of it was human driven. When we tallied all the traffic destined to a SSH or RDP port, over 90% of it was abusive.
7. Re:Balance TOR's costs against the benefits. by DamonHD · 2015-08-01 05:44 · Score: 1
  
  Thanks, very interesting. I imagined that it might be a little like that. Certainly I can see how scanning for vulnerabilities can stand out!
  Rgds
  Damon
  
  --
  http://m.earth.org.uk/
Re:Newsflash: Libraries get blacklisted by ron_ivi · 2015-07-31 16:15 · Score: 4, Insightful

Most admins
That's not true.
A few Admins, perhaps.
Not most.
Re:Newsflash: Libraries get blacklisted by Anonymous Coward · 2015-07-31 16:33 · Score: 1

Akamai optionally (optional to the Akamai customer) blocks Tor exit nodes AND relay nodes that have no exits whatsoever. I made it through several levels of support (up to executive support) to nothing but deaf ears.
I'm not even sure how they figure out relays without port-scanning clients (like open HTTP proxy scans from IRC servers of yore) but it essentially shut down my high-bandwidth Tor relay. I'd run an IPv6-only Tor relay because, well, if you have IPv6 you have plenty of addresses to burn, but Tor doesn't support that yet.
Re:Newsflash: Libraries get blacklisted by Anonymous Coward · 2015-07-31 22:32 · Score: 1

I'm not even sure how they figure out relays without port-scanning clients
A full list of relays is available from any directory authority (except bridges -- which are not the same as non-exit nodes*)
From torrc:

Bridge relays (or "bridges") are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even an
ISP that filters connections to all the known Tor relays probably
won't be able to block all the bridges. Also, websites won't treat you
differently because they won't know you're running Tor. If you can
be a real relay, please do; but if not, be a bridge!
Re:Why would they want to deal with that? by dweller_below · 2015-08-01 10:47 · Score: 2

TOR exit nodes are nothing but trouble.
I think this is an issue where some are more equal than others.
If an individual runs a TOR exit node, they can be easily intimidated and hassled. There is very little cost to law enforcement for engaging in the intimidation.
At the other end of the spectrum, a large public institution is not susceptible to this kind of intimidation. And, there is a very large cost if law enforcement attempts the intimidation. For example, at the institution I support, if the local cops or low level FBI attempted this kind of intimidation, they would be met by the institution's police force, the institution's lawyers and the institution's journalists. Everything would be recorded in multiple ways. Heck, we even have a state assistant DA permanently assigned to USU. He participated in the process that created the policy and procedures approving the TOR infrastructure.
At this point, if a major university's CS group is not investigating TOR, they should probably give back the funding and become a trade tech. The issues surrounding TOR are critical to our society. A university should not turn it's back to these issues.
Given all that, a law enforcement attempt at intimidation would be ineffective. And, it would likely result in the kind of bad publicity that can cause law enforcement to lose budget.
However you have a good point, libraries are widely distributed in the gap between your unfortunate friend and USU. The smaller ones would be easily intimidated. The larger ones, not so much.
Re:Why would libraries allow it? by sjames · 2015-08-01 11:27 · Score: 1

Because primarily, libraries and librarians are about free access to information for the public.
Besides, it's not hard to set it up so the exit node only gets to use otherwise unused bandwidth.