Tor Friends and Relay Operators Meetup @ OnionSpace Berlin

Notes

Operators run relays in Germany on residential connections and on Raspberry Pi 2 with a standard (not tweaked/tuned) Raspbian distribution with a network speed in satisfactory levels (for a residential connection).

The biggest part of the meetup was dedicated into the situation (see related blog post: https://blog.torservers.net/20180704/coordinated-raids-of-zwiebelfreunde-at-various-locations-in-germany.html) of Torservers (Zwiebelfreunde e.v) and what we can do to possibly avoid such incidents in the future.

A large-scale operator (with more than 20 exit relays) was wondering about the effects of the newer tor versions and the MyFamily configuration option.

• After setting up the MyFamily saw a 50% drop on the number connections and the usage of the relay bandwidth;
• This person would like to push more bandwidth and would like to find out how to better achieve this scenario;
• The person also asked if it's possible to run FreeBSD/OpenBSD in a embedded SoC (like Raspberry, or BeagleBone) - yes! it is possible, and some people do it :)
  • https://wiki.freebsd.org/FreeBSD/arm
  • https://wiki.netbsd.org/ports/evbarm
  • https://www.openbsd.org/armv7.html

Shared info about the list of providers to run any BSD-powered VPS, and setup

• TDP's Wiki
• TDP's Blog Post
• Updated List of Providers? Here.

Recommendations from what we also discussed in Rome @ Prenestino: do not use disk encryption (from tor-relay@)

• More from Rome? Here.

The abuse emails do not bother relays operation in Germany

• Some providers/ISP just ignore the abuse emails - not forwarding it to the relay operator;

  • the abuse contact might be present only in the WHOIS database from the relay's CIDR;
  • no contact available to reach the operator? - this changed! operators need to add contact info.

• Even if you respond to the emails there was no feedback;

• We do not need to shutdown the machines.

A follow up meetup will happen around mid August (in Berlin). Stay tuned!

A poll to find a suitable date for the next meetup (allowing anonymous submission) is hosted here: https://www.systemli.org/poll/#/poll/ZBd5UDeTv6/participation?encryptionKey=CfN4AV4buBqwxL4mmEXlwMtzgbMINEXUA7P7Phbj

Open Questions

• Who run the relays with the family fingerprint B740BCECC4A9569232CDD45C0E1330BA0D030D33 ?

  • The exit probability of this family is ~10.5%
  • Has anyone met this person/entity?
  • The relays are, at the same time, marked as Guard and Exit

• The current feature for DDoS protection is really optional, or does it need to be manually enabled? (regarding the traffic drop on the relays mentioned before)