Re: [tor-relays] What's a "useful" relay?

[Rana]

@Ivan
 
>Some best practices definitely would be awesome to have about running on 
>common (embedded) hardware. Clear notification like "your Commodore 64 is to 
>slow to be a good relay" would also be useful.
 
I agree about the need for guidelines but I disagree about the content of the 
guidelines that are needed. The data I see so far, including your report of a 
Pi with 7000 connections, is a clear indication that minimal hardware 
capabilities  are NOT the guidelines that are needed (unless a relay with 7000 
connections is still considered "harmful" or "useless").
 
My own Pi-based relay 
https://atlas.torproject.org/#details/707A9A3358E0D8653089AF32A097570A96400CC6  
has just reached 1300 connections; CPU utilization: practically zero; memory 
utilization: 14.5%. The increase from 500 to 1300 connections required memory 
utilization increase of just 2%, from 12.5% to 14.5%. Clearly, hardware of the 
$35 Pi has absolutely nothing to do with residential relays being useful or 
not, save the (recently reported here) anomaly of an operator who has symmetric 
BW of 160 mbps to the home. 
 
So guidelines on hardware are evidently not needed for "normal" residential ISP 
bandwidth: it has been amply demonstrated that even a dirt cheap Pi is not the 
bottleneck, no need to spend further effort on this until the REAL bottleneck 
is resolved: the network.
 
To continue the story, the above relay of mine with 1300 connections has 
consensus BW rating of 38 (thirty eight). Why? Who knows. I get zero feedback 
on the reason for this.
 
To further continue the story, my 2nd relay 
https://atlas.torproject.org/#details/31B8C4C4F1C78F923BD906769297B15A428C4A04 
that currently has about the same Atlas-measured BW as the first relay (132 vs 
153 KB/s) and is based on exactly the same hardware and software, is clinically 
dead with almost no connections and BW rating of 13. Why?  Who knows.
 
What is needed is a standardized feedback on WHY the relay has such a low 
rating. This could cause at least part of the operators to take care of the 
bottleneck (eg moving the relay to another location, or abandoning the home 
relay and replacing it with a hosted one). And if the home relay is indeed as 
harmful as some people here think, the recommendation should be issued to shut 
it down, instead of leaving it hanging there doing nothing or even harming Tor. 
Such feedback could significantly improve the quality and effectiveness of Tor. 
 
Based on the discussion here, the people who run Dirauths and bwauths know very 
well (or at least can easily find out) the reasons for relays getting low 
rating - why not automate the  communication of the reasons to relay operators 
in clear, unequivocal and actionable terms? I get the feeling that people are 
trying to be "politically correct" here and it's a pity (although they DO 
respond fully and frankly when asked a direct question).
 
Rana
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] All I want for Chrismas is a bloody t-shirt

[I]

I have finally got a bloody tshirt.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-r@elays] What's a "useful" relay?

[Ivan Markin]

Rana:
> Those opinions were backed by technical arguments, here are a few:
> 
> -  the numerous small relays that change their IP addresses burden
> the network unnecessarily with frequent re-publishing of their
> descriptors -  small relays that carry a small number of circuits
> actually DESTROY anonymity since the small number of circuits going
> through them makes it easier to de-anonymize traffic; -  anonymity is
> much better served by a few large relays since they carry a lot of
> circuits simultaneously, and for this reason DirAuths try to saturate
> them before they direct traffic to small relays -  the connections
> through small relays are quickly saturated, making using the internet
> a horribly slow and unpleasant experience - Isis, the bridge db and
> bridge authority operator, has asked Tor people who make decisions
> NOT to recommend that people run bridges on their small residential
> connections, because the need to re-distribute information about
> changed IP addresses is a major hurdle towards bridge adoption
> 
> Or as one DirAuth operator summarized it: "On balance, the very small
> relays do not contribute enough resources compared to the associated
> costs to be worthwhile."
> 
> All of which is exactly the opposite of what you are saying and what
> was also my intuitive opinion.

Yes, I agree here that bad relays are actually bad.
If relays change their address frequently they tear down all the
circuits. Bad. Relays that are too slow and unable to catch up with most
of the network flow (have small number of circuits) are bad. Poor
connectivity is also bad.
All these concerns are truly legit. Thanks for summarizing them!

This hugely depends on your definition of "small". If one is running a
relay from their refrigerator or dishwasher that connects to the
Internet over GPRS - there is no good. One shouldn't do that.
By the way this definition is moving target; what is called "small"
today isn't what was called "small" 2 years ago.
If you feel that your setup is intrinsically bad then it's better to
make something else cool from it.

> Or as one DirAuth operator summarized it: "On balance, the very
> small relays do not contribute enough resources compared to the
> associated costs to be worthwhile."

This is true for "very small" relays, yes.

> All of which is exactly the opposite of what you are saying and what
> was also my intuitive opinion.

It isn't totally opposite. I ran a relay quite a while ago on RPi
(Pi1B+, FreeBSD) and it was pretty good at it. Not so fast as
"full-blown" ones but still (something around 1.2MBps). After reasonable
period of time it had ~7000 open connections.

> So I am interested to know if there are solid, TECHNICALLY SOUND
> opinions in favor of use of small relays. If running a small relay is
> just for feeling good and displaying political support for privacy
> rights, then I am outta here. I feel good already and I have other
> means of expressing my political support.

I do agree with you, one should know if their relay is actually useful
and won't harm the network. Sorry if I sound not so technically.

If you have modern ARM then you have NEON so ChaCha20 should be better
that AES. That said slow relays may become a bit faster.
Location diversity as self-hosting is another argument (recall tons of
OVH VPS relays).

Some best practices definitely would be awesome to have about running on
common (embedded) hardware. Clear notification like "your Commodore 64
is to slow to be a good relay" would also be useful.

--
Ivan Markin
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] [tor-r@elays] What's a "useful" relay?

[Rana]

@Ivan
 
>If you think that your relay is underrated or has poor performance try to 
>adjust your hardware/settings. Anyway almost every relay operator has this 
>kind of "operator anxiety". Don't worry. ;)
 
It is not about anxiety. The last thing that would cause anxiety for me is the 
possibility to find another cool project for my Pi :)
 
>If there were only blazing fast relays it would decrease anonymity because 
>these relays would be placed in some datacenters and operated by small amount 
>of people (entities).
>Tor network needs all kinds of relays to be strong. Diversity is about 
>platform, location, connectivity, etc, etc.
 
While I hold the same opinion as you (intuitively) I am interested not in 
intuition but in in a sober technical analysis, and  not in words of 
encouragement, or in the customary "thank you thank you thank you for running a 
relay"
 
I hear opinions here that small relays are not really useful, and about small 
bridges I heard here that they are actually causing DAMAGE. 
 
Those opinions were backed by technical arguments, here are a few:
 
-  the numerous small relays that change their IP addresses burden the network 
unnecessarily with frequent re-publishing of their descriptors
-  small relays that carry a small number of circuits actually DESTROY 
anonymity since the small number of circuits going through them makes it easier 
to de-anonymize traffic;
-  anonymity is much better served by a few large relays since they carry a lot 
of circuits simultaneously, and for this reason DirAuths try to saturate them 
before they direct traffic to small relays
-  the connections through small relays are quickly saturated, making using the 
internet a horribly slow and unpleasant experience
- Isis, the bridge db and bridge authority operator, has asked Tor people who 
make decisions  NOT to recommend that people run bridges on their small 
residential connections, because the need to re-distribute information about 
changed IP addresses is a major hurdle towards bridge adoption
 
Or as one DirAuth operator summarized it: "On balance, the very small relays do 
not contribute enough resources compared to the associated costs to be 
worthwhile."
 
All of which is exactly the opposite of what you are saying and what was also 
my intuitive opinion. 
 
So I am interested to know if there are solid, TECHNICALLY SOUND opinions in 
favor of use of small relays. If running a small relay is just for feeling good 
and displaying political support for privacy rights, then I am outta here. I 
feel good already and I have other means of expressing my political support.
 
Rana
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor Relay on ARM server Marvell Armada 370/XP

[pa011]

Am 20.12.2016 um 14:40 schrieb Volker Mink:
> Is it OK with their TOS to run a TOR Relay7Exit?
> If so, i really consider getting a VPS there!


Volker - apart from not putting all eggs in the same basket (France as country 
and Online.net as ISP), but if you really wanna go there scaleway opened some 
cloud VPS in Amsterdam recently - same price far better performance, and yes as 
Markus wrote, they are very relaxed on Exits!
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] What's a "useful" relay?

[Ivan Markin]

Rana:
> So - what's the metric for calling a middle relay "useful"? Is it the total
> number of bytes that it relays daily? 
> https://atlas.torproject.org/#details/707A9A3358E0D8653089AF32A097570A96400C
> C6 is sending about 0.85 GB every 24 hours. Is it a "useful" relay?

Sure it is! If there were only blazing fast relays it would decrease
anonymity because these relays would be placed in some datacenters and
operated by small amount of people (entities).

Tor network needs all kinds of relays to be strong. Diversity is about
platform, location, connectivity, etc, etc.

If you think that your relay is underrated or has poor performance try
to adjust your hardware/settings. Anyway almost every relay operator has
this kind of "operator anxiety". Don't worry. ;)
--
Ivan Markin
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] What's a "useful" relay?

[Rana]

So - what's the metric for calling a middle relay "useful"? Is it the total
number of bytes that it relays daily? 
https://atlas.torproject.org/#details/707A9A3358E0D8653089AF32A097570A96400C
C6 is sending about 0.85 GB every 24 hours. Is it a "useful" relay?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] All I want for Chrismas is a bloody t-shirt

[Dakota Hourie]

Apologies for digging up this thread, but I just wanted to report that I
got my tshirt in the mail today along with some other tor swag just in time
for Christmas.

Thanks Jon and Teor!

Merry Christmas!
-
Dakota

On Sun, Dec 11, 2016 at 6:36 PM, I  wrote:

> All,
>
> >
> We learnt a lot from doing it last year, and we have plans to make it
> more efficient this year. (And get more people on it.)
>
> We have already gone from having 0 paid people on it, to having 1
> paid person on it (and they do many other tasks as well). I think we
> are getting more to help over the next few months.
>
> This should hopefully help relay operators get t-shirts as well.<<
>
> One thing which seemed a silly time consumer was that when I put in a
> claim to the tshirt address forwarding the message that told to me I could
> claim a tshirt, my legitimacy was doubted because they didn't accept the
> reply was from the relay operator despite their initiating it!
>
> What about simplifying that to one automated congratulation message with
> the request for the size and address in the answer?
>
> Robert
>
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

[grarpamp]

On Fri, Dec 23, 2016 at 12:06 PM, Rana  wrote:
> If the small relays are largely unused (eg if 10% of the relays carry 90% of 
> the Tor traffic - does anyone have an exact statistics on this?) and if, in 
> addition,  there is no increased anonymity benefit in having a lot of small 
> relays, then why bother?

There's the obvious that if you have a lot of unused relays,
and essentially only your traffic happens to traverse three of them,
then you're much more easily subject to active observation
by the relays themselves, and passive observation by GPA's.

Therein one might expect dirauths to restrict node count
to network saturation levels only, instead of the 7000 we have
today.

But even if using three fully saturated relays, you can still be
deanoned by as little as one guard and one exit / destination.
That works essentially the same for hidden services too.

There are often threads on tor-talk about filling anonymous
overlay networks with dynamic fill traffic / traffic buckets /
packet switching, udp, etc to prevent ease of that happening,
in particular since client nodes would be participating too,
but it goes nowhere.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

[Rana]

Thank you @Gamby for echoing my sentiment. 

While there can be a good tech reason for considering small relays useless, the 
small relay operators MUST be properly and openly advised about how useful or 
useless their relays are. I even have read about someone's suggestion of 
gamification of such feedback - which I think is a damn good idea , eg give 
people badges based on how USEFUL their relays are.

I heard here an idea that it's good that a lot of people run relays because 
their joining the party increases the size of the crowd that supports privacy. 
Well, a global crowd of 7000 is a pathetically small one considering the 
target, and people should run relays not because this makes them feel good 
about themselves but because they are convinced that their relays are being 
USED for a good purpose. If the small relays are largely unused (eg if 10% of 
the relays carry 90% of the Tor traffic - does anyone have an exact statistics 
on this?) and if, in addition,  there is no increased anonymity benefit in 
having a lot of small relays, then why bother? 


-Original Message-
From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of 
Gumby
Sent: Friday, December 23, 2016 6:06 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

I have followed this for some time with interest, because I've run 2 relays 
from "home" connections for over 2 years - at on point three, all on unused 
older laptops. I have an Archer C7 which can handle 31k connections 
(theoretically) and have never had issues. My IP address changes maybe 3 times 
a year.
I am set at 1 mb up/down - largely unused compared to its capacity, but I 
really don't care as long as it runs. I have had as many as 3700 connections 
but usually 150 or so. I still do not care - I have felt that this still 
provides for someone, somewhere.
I will continue, without getting upset over unused "horsepower". 
With that said however - if the authority feels I am pathetically useless 
(reminds me of the testosterone ego of high school jocks) then what would 
happen if all the small relays - like me - say piss on it? At what point does 
this entire Tor freedom concept become the field of rich, unlimited bandwidth 
mavens?

And incidentally, those jocks would never had graduated if not for the "nerds" 
that tutored them - the little guys provide a hell of a lot more than people 
realize.

Gumby

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

[Gumby]

I have followed this for some time with interest, because I've run 2 
relays from "home" connections for over 2 years - at on point three, all 
on unused older laptops. I have an Archer C7 which can handle 31k 
connections (theoretically) and have never had issues. My IP address 
changes maybe 3 times a year.
   I am set at 1 mb up/down - largely unused compared to its capacity, 
but I really don't care as long as it runs. I have had as many as 3700 
connections but usually 150 or so. I still do not care - I have felt 
that this still provides for someone, somewhere.
   I will continue, without getting upset over unused "horsepower". 
With that said however - if the authority feels I am pathetically 
useless (reminds me of the testosterone ego of high school jocks) then 
what would happen if all the small relays - like me - say piss on it? At 
what point does this entire Tor freedom concept become the field of 
rich, unlimited bandwidth mavens?


And incidentally, those jocks would never had graduated if not for the 
"nerds" that tutored them - the little guys provide a hell of a lot more 
than people realize.


Gumby

On 12/22/2016 12:47 PM, Rana wrote:



-Original Message-
From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf
Of David Serrano
Sent: Thursday, December 22, 2016 7:36 PM
To: tor-relays@lists.torproject.org
Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic
IP

On 2016-12-22 19:24:25 (+0200), Rana wrote:


2. "Residential lines in particular ... hardware caves when too many
connections are open in parallel" - this appears to be plain
incorrect. [...] ith 1300 simultaneous connections.



His statement is right. 1300 connections are not a lot. I used to have a

symmetric 20 megabytes/second line and the router provided by my ISP would
reboot when reaching around 3600 >connections. Happily, they provided FTTH
so I was able to put a linux box instead of said router and reach 13k conns.

You are a part of a minuscule group of people who have a 160 mpbs symmetric
connection to the home, and the first one I run into in my life. I therefore
doubt that your example is relevant to the discussion - almost everybody
else on the planet does not have this kind of bandwidth to the home, and
cannot saturate a $35 Raspberry Pi with his Tor traffic because their
bottleneck is ISP bandwidth, not hardware. Which was my point.


--
 David Serrano
 PGP: 1BCC1A1F280A01F9

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] zwieb...@online.de relays: MyFamily updated

[nusenu]

thanks for fixing it!

+--+-+
| nickname | eMyFamileyCount |
+--+-+
| alsaceonion  | 30. |
| alsaceonionb | 30. |
| bsdonion | 30. |
| budapestonion| 30. |
| budweisonion | 30. |
| budweisonion4| 30. |
| budweisonion5| 30. |
| budweisonion5b   | 30. |
| budweisonionb| 30. |
| budweisonionb4   | 30. |
| chisinau2onion   | 30. |
| chisinau2onion2  | 30. |
| goethe   | 30. |
| goetheb  | 30. |
| heine| 30. |
| heineb   | 30. |
| humboldt | 30. |
| milanoonion  | 30. |
| milanoonionb | 30. |
| montrealonion| 30. |
| montrealonionb   | 30. |
| quebeconion  | 30. |
| quebeconionb | 30. |
| rigaonion| 30. |
| schiller | 30. |
| schillerb| 30. |
| strasbourgonion  | 30. |
| strasbourgonionb | 30. |
| thueronion   | 30. |
| thueronionb  | 30. |
+--+-+
30 rows



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP

[Rana]

@grarpamp

>Please see and contribute to the following...
>https://trac.torproject.org/projects/tor/wiki/doc/HardwarePerformanceCompendium

The Pi info there is indeed totally out of date. I opened an account on the 
wiki. However, after 10 (!)  tries to pass the totally unnecessary captcha 
which blocked my access AFTER I logged in, I have given up on trying to upload 
my data there. 

>If the source code and network technically permits any given node, it is valid 
>for discussion.

Not only the network and code permit Pi-based relays from residential premises 
with ANY kind of Internet connection bandwidth, the texts on Tor page encourage 
people to run relays without telling them that their relays may be unwanted or 
useless if their connection is not fast enough. I have no firm data on this but 
my gut feeling is that the use of small residential relays can be optimized and 
made useful; and if it can't as some knowledgeable people on this forum seem to 
opine, then this info should be openly available for all and not just for the 
initiated or for people like me who spend the time to dig into the discussion 
on this forum for 3 weeks in order to find this out.  

>I've often suggested that all node selection and testing / ranking / node 
>trust pki metrics / geoip / etc all be left as subscription style services 
>and/or configurable parametrics for clients to >choose from or configure 
>themselves. With some default "Tor Project" set shipped as fine for most 
>users, in which Tor Project acts as one such supplier of such params.
>That leave only malacting nodes and 'net useful' nodes up to dirauths 
>themselves. With 'useful' being no excuse to not make efforts to scale 
>networks to the next level.

I could not agree more.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays