Delivery-Date: Fri, 06 Jun 2014 00:58:40 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by moria.seul.org (Postfix) with ESMTPS id 5C90B1E0A25
	for <archiver@seul.org>; Fri,  6 Jun 2014 00:58:38 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D16E52F95C;
	Fri,  6 Jun 2014 04:58:35 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 898192F8A0
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 04:49:47 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xazbFvt2xvyR for <tor-talk@lists.torproject.org>;
 Fri,  6 Jun 2014 04:49:47 +0000 (UTC)
Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com
 [IPv6:2a00:1450:400c:c05::22f])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 471FA2F7FF
 for <tor-talk@lists.torproject.org>; Fri,  6 Jun 2014 04:49:47 +0000 (UTC)
Received: by mail-wi0-f175.google.com with SMTP id f8so255681wiw.8
 for <tor-talk@lists.torproject.org>; Thu, 05 Jun 2014 21:49:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:date:to:subject:message-id:references:mime-version
 :content-type:content-disposition:in-reply-to:user-agent;
 bh=+v1c64v+CauKdyN53qt8uwv9+H5RhpbSH5xg3mlw9lg=;
 b=VGwTrE1pDyElspiHDp4/rPphF13CadZldh1/bT33yazX5lviLrcUBKPJxXpjWj5es2
 37jmPu5uZiIMuYv02NYqcQiEeuJ4ifkd1dsq8Jvi93Wsxn+IO9rKZrxJWWUPu/1brpYa
 IGZ1lgVXZ22b/MuOpPCIYD1c1pdk/1zWpczuixuTKqBd4bpJbIeAtUOaqXDAw+bMAXz1
 glcifLaBG1aVMqLdzNGnpNQa11R+qtdW0Tibme3qxZEvw7Fbcn871mbisSCSdAPPQB3u
 XsrtclMHgZhE+gw3OuxLuL4oNsfn7dSbzVRpRLp36ua11yneLs0BOcbRwY4qy2IYlzWC
 FzvQ==
X-Received: by 10.14.99.67 with SMTP id w43mr383135eef.11.1402030184317;
 Thu, 05 Jun 2014 21:49:44 -0700 (PDT)
Received: from localhost (chomsky.torservers.net. [77.247.181.162])
 by mx.google.com with ESMTPSA id v45sm19928691eeg.29.2014.06.05.21.49.42
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 05 Jun 2014 21:49:43 -0700 (PDT)
From: Matthew Finkel <matthew.finkel@gmail.com>
X-Google-Original-From: Matthew Finkel <Matthew.Finkel@gmail.com>
Date: Fri, 6 Jun 2014 04:49:40 +0000
To: tor-talk@lists.torproject.org
Message-ID: <20140606044933.GX4755@localhost>
References: <ff3e43bd5fc83768249ff735637fe35d.squirrel@fulvetta.riseup.net>
 <EFEEE9D7A51.0000012Abeatthebastards@inbox.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <EFEEE9D7A51.0000012Abeatthebastards@inbox.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [tor-talk] Security concerns with running an exit relay
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Thu, Jun 05, 2014 at 05:58:46PM -0800, I wrote:
> S7R,
> 
> That is a start.
> But where is the full and exemplary answer for someone like me who really wants to get it right but doesn't know how to set the DirFrontPage up or the NTP syncing?
> 
> Roger says to try the tor-relay list but that has almost no chance of satisfying the need. Responses to my questions have been condescending and smartarse or illinformed from people speaking beyond their ability which is worse.
> 
> There ought to be a detailed guide for Tor being set-up on hired servers well intending people answering the call for more Tor nodes and specifically exits.
> The EFF Challenge does the encouraging but points to the Tor site for what, I find, is inadequate help.
> 
> The presumption must be that the person does not know Linux well nor network security.
> 
> Robert

tl;dr Thank you for wanting to run a relay. If you think the
documentation is lacking specific information, or if it is confusing,
please say so. It usually doesn't change unless someone says something.


Hi Robert,

There are two unfortunate situations for which we need to account. 1)
It's actually very difficult for the current developers to know what
qualifies as a "full and exemplary answer". The documentation can be
written, and maybe this should be, but the reality is that Tor doesn't
have the resources to explain in detail how someone should configure
their server. At this point tor runs on many different systems, but the
only truely supported, plug-n-play OS is Debian GNU/Linux. Roger already
mentioned it, but [0] does describe some basic configuration changes and
does have some good post-installation suggestions. Admittedly, it's
not perfect and is probably lacking some vital information, so if you
can provide some suggestions then that will help everyone.

The OperationalSecurity wiki page that Roger mentioned and that is
linked from [0] is more of an ideal situation. Some of it is absolutely
a good idea to follow (please!), but the most important parts are
generally basic tasks, such as keep your OS up-to-date. If you are using
a VPS, or a similar shared hosting environment, then some of the
information will not be applicable, i.e. "Physical Security" and
"Reliability". But that page will probably be confusing to those users
with little experience, it isn't written in a way that helps someone
learn how to secure their system, which is sad. (Luckily it's on a Wiki,
so anyone can correct this ;) )

With regard to insufficient documentation about setting DirPortFrontPage
and maintaining a synchronized system clock, it may be a good idea to
add these to the "Step Four: Once it is working" section on [0].

Overall, a mix of [1] and [2] is a good combination, unfortunately it
may not be obvious which parts you want to follow from [1] and which you
want to follow on [2] (such as if you are using Debian rather than
Ubuntu). This is a great discussion to have on tor-relays. I'm sorry
that you had bad experiences in the past.

2) Expanding the Tor network is vitally important, but the network
itself and many Tor users have powerful adversaries. There must be a
way to balance adding an amazing number of insufficiently secure nodes
and growing the network at a slower rate. Maybe having a pre-configured,
installable, OS would make this easier, but the network also needs
diversity which this would hurt and creating and maintaining something
like this is not currently feasible. If someone within the community
has the time and ability to write detailed, step-by-step
documentation on the Wiki, then it sounds like this will be a great
step in the right direction, but until this happens, sites like [3] are
good places to start. Also note that if you aren't comfortable
administering a server then there are other ways you can help Tor and
the Tor network [4] (and the other "Help another way" options).

But, most importantly, if you think the documentation is lacking
specific information, or if it is confusing, please say so. It usually
doesn't change unless someone says something.


Really, though, despite everything else, thank you for wanting to run
a relay.

Thanks,
Matt

[0] https://www.torproject.org/docs/tor-relay-debian.html.en
[1] https://www.torservers.net/wiki/setup/server
[2] https://www.torproject.org/docs/debian.html.en#ubuntu
[3]
https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
[4] https://www.torproject.org/donate/donate-service.html.en
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

