I don’t want to shut it down, but at the same time I don’t feel I can personally or technically support it.
Some sites break, but I have observed less and less sites breaking compared to a few years ago. Also browsing is fast enough as to not be distracting, it is like being on a mobile internet connection all the time. It is still lousy to come across sites which don't serve even static content to Tor users. I can understand going into a read-only mode, but throwing an HTTP 403?
This comment, posted from Tor :)
The stats for tor relays [0] are different:
United States 418568 (20.37 %)
Russia 335382 (16.32 %)
Germany 172251 (8.38 %)
France 92643 (4.51 %)
Netherlands 76496 (3.72 %)
United Kingdom 68674 (3.34 %)
Indonesia 61917 (3.01 %)
Ukraine 50331 (2.45 %)
Canada 48246 (2.35 %)
India 43953 (2.14 %)
[0]: https://metrics.torproject.org/userstats-relay-table.html
for every right, there are situations where someone stands to gain something from denying it. Therefore financial gain, stopping the bad guys are not in themselves sufficient excuse to deny innocent people their rights.
This admittedly causes an asymmetry making the abolition of rights much costlier than their recognition.
but I'd argue that's a good thing, as it reduces ladder pulling where people only recognize rights in the periods where it suits them. And in the long run results in people having more recognized rights.
not least; probing those others who want to protect their privacy
Why? Well, the most obvious "usable for despicable purposes" feature is .onion services. Today, .onion service traffic makes up about 2% of Tor traffic[1] and the largest .onion service by far is Facebook[2] (served at https://facebookcorewwwi.onion/). So even if we assume that all traffic other than to Facebook is for nefarious purposes (which is not correct given that we know there are other very popular and legal services operating as .onion services), you're looking at much less than 2% of all Tor traffic at best being nefarious. I doubt that the same statistic for clearnet traffic is significantly better.
Now, you might argue that most of the clearnet browsing over Tor is nefarious and that focusing on Onion services is a distraction. But that doesn't really match up with reality either. CloudFlare has claimed in the past that 94% of (clearnet) Tor traffic they see is malicious (meaning "DDoS or spam" not "illegal or immoral content")[3] but they provided no justification for this figure, and at the same time Akamai published a study[4] which found that there is no statistically significant difference when it comes to e-commerce behaviour when comparing Tor users and the regular internet. The Tor Project postulated[5] that this claim by CloudFlare was based on them marking exit nodes as being malicious rather than individual connections from exit nodes and CloudFlare hasn't really responded to that in the past 4 years.
My point is that the 95% figure you posited doesn't pass the sniff test. That means that 1.9 million of the daily users of Tor are all using it for nefarious purposes. If you just count a handful of countries with well-known internet censorship (Brazil, Venezuela, Iran, Egypt, and China) you already have passed the 5% mark of daily Tor users.
[1]: If you compare the onion service and total daily Tor traffic (https://metrics.torproject.org/), you find that it's about 4 Gbit/s out of a total 200 Gbit/s -- so around 2% at time of writing.
[2]: https://www.facebook.com/notes/facebook-over-tor/1-million-p...
[3]: https://blog.cloudflare.com/the-trouble-with-tor/
[4]: https://www.stateoftheinternet.com/downloads/pdfs/state-of-t...
Found this FAQ quite interesting https://2019.www.torproject.org/eff/tor-legal-faq.html.en
Particularly
~Has anyone ever been sued or prosecuted for running Tor? No, we aren't aware of anyone being sued or prosecuted in the United States just for running a Tor relay. Further, we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is legal under U.S. law.
~Should I run an exit relay from my home? No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection.
For me, my middle relay is sufficient entertainment. It’s like a digital pet that doesn’t need much attention except an update/upgrade about once or twice a month.
BTW, they didn't even ban my account, just froze the external IP address of the node and ask to rent new VPS instance because they needed to answer to the legal letter.
That drops the reputation of the node (the longer node is staying online, the more it is trusted by network), but it's okay.
Stay free!
By this it is a legal entity and legal trouble can be handled better than if its against a person but the members of the board still gets trouble with the law. Not long ago they were raided because they were treated as witnesses in a case. (Yes, in Germany even as a witness you can be raided ...)
https://nos-oignons.net/ (french) https://nos-oignons.net/%C3%80_propos/index.en.html
They host their nodes on not-for-profit ISP and friendly commercial ISP:
https://nos-oignons.net/Services/index.en.html
(0.57% exit probability)
They open or close (never happened yet) nodes based on donations:
https://nos-oignons.net/Donnez/index.en.html
Disclaimer: I'm a volunteer in one of the not-for-profit ISP hosting a nos-oignons node.
My server is running a middle node for almost two years (~0.3-0.4% chance you'll go through it) without a slightest inconvenience. I've put a daily cap on the bandwidth so that I can use the server for other purposes without increasing my server bill. As a result, I'm basically donating bandwidth that'd otherwise be wasted.
Its one of the more regrettable decisions I've ever made. There is no computer advice I'd give anyone that I'd more desperately implore they follow than to never ever fucking look into that abyss.
I guess the packet headers are still plaintext though, so there is that.
Tor security relies on multiple nodes being hard to seize synchronously. This property goes away if the majority of people run their nodes as virtual machines on infrastructure provided by a few cloud providers.
The tor project recommends against using OVH and Hetzner because they have such a large AS presence in the tor network [1]. The tor project also maintains a list of ISPs and they're "friendliness" [2] - some of which are totally anonymous. Every relay operator should familiarise themselves with the ISP page when deploying a relay. Another diversity problem extends to the OSs themselves, Debian has an overwhelming presence [3].
[1] https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#... [2] https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISP... [3] https://nusenu.github.io/OrNetStats/#os-distribution-relays
The network never promoted my node to an entry but it operated as a relay.
One thing I noticed that my IP must have suddenly been in some lists. I can't prove it but on multiple forums my IP was blacklisted an I had issues accessing some services from telco providers. Never had these issues before and never again after I stopped running the relay... maybe I'm just paranoid.
I consider it a good filter for companies I don't want to do business with.
Said friend worked at said TV company and pulled some strings inside to get it investigated. Turns out, by default, a number of IPS systems deny traffic from relays for no good reason. He was unsuccessful in getting the security people to turn that bogus rule off.
Why you need balls of steel to operate a Tor exit node
By calumog
I became interested in Tor in the spring of 2007 after reading about the situation in Burma and felt that I would like to do something, anything, to help. As a geek and lover of the internet it seemed the best thing I could do was to run Tor as an exit node to allow those under jurisdictions that censor the internet free access to the information they need. I had a lot of unused bandwidth and it seemed like a philanthropic use of it to donate that to Tor.
Tor is a system of anonymizing proxy servers which allows you to visit resources on the web, not just web sites, without revealing your ip address. This is extremely useful for those who are compromised in their access to the internet because it means, rather than attempting to connect directly to the resource in question, say Wikipedia, which might be filtered by their government, they connect to a Tor relay which ultimately routes the request to the resource in question via an exit node. Exit nodes are special kinds of relays which proffer the request on behalf of the original client revealing their ip address, not that of the original requestor, to the destination resource. I sometimes imagine how exciting it must be for soemone in Burma, say, or China, to load up Tor and browse to a web site they have never been able to see before. And to know that there is nothing, nothing, that reveals who it really is who is visiting.
I totally believe in Tor. I think it is a magnificent force for the circumvention of internet censorship but there is a problem. I was visited by the police in November 2008 because my ip address had turned up in the server logs of a site offering, or perhaps trading in (I was not told the details of the offence) indecent images of children. The date of the offence was about one month after I started the server so it looks as though the site in question had been under surveillance for more than a year. It was what is known as a ‘dawn raid’ and, amazingly enough, my children were still asleep when it occured. Thank God. I explained to the officers, who we had heard threatening to break the door down before we let them in, about Tor but they had never heard of it. My wife says she thinks they were about to arrest me before that. I was not arrested. I was told not to touch the computer and it was placed, considerately, in a black plastic bag and taken away for forensic examination. I was OK at first. I knew that somebody had gone through my server to access that material and that I was not guilty of any offence but as the weeks wore on it started to get to me.
I was overwhelmed by horror to be implicated in such a thing. I was desperately worried about my family. One of the officers had told my wife that Social Services would be informed as a matter of course and there was a possibility that my children would be taken into care. The low point came about two weeks after the visit by the police when I totalled my car. I was distracted, stressed and unable to accurately assess the road conditions. I ploughed into a hedgerow at speed, destroying the car which we had just bought, but, luckily, walked out of it with only bruised ribs. I didn’t have the money to hire a lawyer so I just sat the thing out. From time to time the police called with an estimate of when the investigation would be finished but none of that meant very much because those dates came and passed with no resolution.
Eventually, four months after the visit, I picked up a voice message from the police inviting me to call back. When I called I was told that no evidence had been retrieved and the machine would be returned to me. I think, in retrospect, I was desperately naive to run a Tor exit server on a home computer but I didn’t believe that an ip address in a server log would be enough evidence to warrant seizing equipment. My wife, God bless her, was absolutely marvellous throughout the whole thing and never doubted me. I have read with interest about the need to make Tor faster and that that largely depends on having more nodes but there is no way I can contemplate offering my ip address as a service to internet anonymity any more. It was very frightening for me to be implicated in a serious crime. As a parent of very young children I have an extensive network of friends and contacts in my neighbourhood who also have children. As we know the subject of paedophilia is not one that can be debated with any rationality at all in the UK. It is surrounded by hysteria. I was terrified that people would find out that my computer had been taken because of that – ‘no smoke without fire’. I don’t know what can be done about any of this. To my mind running an exit node is extremely high risk. I think Tor is important but I don’t have any ideas about how to support it at the moment.
https://news.ycombinator.com/item?id=23557475 https://yro.slashdot.org/story/20/06/17/142204/china-is-coll.... I am morally obligated
# window borders
for_window [class="^.*"] border pixel 1
default_border pixel 1
I wonder at what point the supporters of Tor would continue to support it. What if it were 0.0001% genuine needs for privacy, and 99.9999% illegal stuff?
Perhaps I'm totally wrong though. Do such statistics exist?
I have no experience using it for any extended period of time so use at your own risk.
[0] https://snowflake.torproject.org/ [1] https://trac.torproject.org/projects/tor/wiki/doc/Snowflake