[tor-relays] (EVENT) Tor Relay Operator Meetup - June 24, 2023 @ 18.00 UTC

Hello,

The next Tor Relay Operator Meetup will happen on June 24, 2023, at
18.00 UTC.

We're working on the agenda here:
https://pad.riseup.net/p/tor-relay-op-meetup-june-keep
onionsite: http://kfahv6wfkbezjyg4r6mlhpmieydbebr5vkok5r34ya464gqz6c44bnyd.onion/p/tor-relay-op-meetup-june-keep
Feel free to add other topics to the agenda.

WHERE
Room link: Tor Relay Operator Meetup

Registration

No need for a registration or anything else, just use the room-link
above. We will open the room 10 minutes before so you can test your mic
setup.

Please share with your friends, social media and other mailing lists!

cheers,
Gus

ยทยทยท

--
The Tor Project
Community Team Lead

1 Like

https://pad.riseup.net/ is down :frowning:
As an alternative, the 'German riseup' systemli could be taken. systemli.org
is hosted on its own servers at Community-IX.

https://pad.systemli.org/p/tor-relay-op-meetup-june-keep

ยทยทยท

On Dienstag, 20. Juni 2023 23:01:23 CEST gus wrote:

Just a friendly reminder that the Relay Operator meetup will happen this
Saturday, June 24 at 18 UTC.

## Agenda

1. Announcements
- Tor Relay Operators meetup @ CCCamp 2023!
- More unrestricted snowflake proxies are needed
- Relays EOL (0.4.5.x) removal
- IPv4 limit proposal

2. Presentation about Webtunnel bridges with Tor Anti-censorship Team

3. Tor Network Health proposals discussion
- Meta proposal discussion
- contactinfo proposal discussion

4. Q&A

Riseup Pad

--
โ•ฐ_โ•ฏ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

I think gus copied the pad. Thanks. Hidden service link is:
http://mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion/p/tor-relay-op-meetup-june-keep

ยทยทยท

On Samstag, 24. Juni 2023 18:03:47 CEST lists@for-privacy.net wrote:

On Dienstag, 20. Juni 2023 23:01:23 CEST gus wrote:
> Just a friendly reminder that the Relay Operator meetup will happen this
> Saturday, June 24 at 18 UTC.
>
> ## Agenda
>
> 1. Announcements
>
> - Tor Relay Operators meetup @ CCCamp 2023!
> - More unrestricted snowflake proxies are needed
> - Relays EOL (0.4.5.x) removal
> - IPv4 limit proposal
>
> 2. Presentation about Webtunnel bridges with Tor Anti-censorship Team
>
> 3. Tor Network Health proposals discussion
>
> - Meta proposal discussion
> - contactinfo proposal discussion
>
> 4. Q&A
>
> Riseup Pad

https://pad.riseup.net/ is down :frowning:
As an alternative, the 'German riseup' systemli could be taken. systemli.org
is hosted on its own servers at Community-IX.

systemli pad

--
โ•ฐ_โ•ฏ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Hi,

Thanks all for joining the Tor Relay Operator Meetup!
You can find the meetup notes below.

The next Tor Relay Operator online meetup is July 29, 2023 @ 18 UTC.

cheers,
Gus

## Tor Relay Operator Meetup - 2023-06-24

### Before we start

Tor operators are recommended to read the Tor Code of Conduct and
Expectations of Tor Operators.

Tor Code of Conduct:

Expectations for Relay Operators:

### 1. Announcements

1.1. In-person activities

  - Tor Relay Operators meetup @ Bornhack
    (BornHack 2023) in August (Denmark). Ping Alex
(ahf) for more information.
  - Tor Relay Operators meetup @ CCCamp 2023. CCCamp
    (Chaos Communication Camp 2023) is taking place near
Berlin, Germany, in August. Ping gus or other tor people if you want to
help.

1.2. More unrestricted snowflake proxies are needed

  - Context: Snowflake is very popular in Iran and China. See the Tor
    metrics graphs:
      - Users โ€“ Tor Metrics
      - Users โ€“ Tor Metrics
  - But there is an issue: many snowflake proxies (volunteers) are
    behind "restricted connections," including NAT and packet filtering.
    'Unrestricted' snowflake proxies will work with all snowflake clients,
    even those with the most restrictive symmetric NATs and filtering
    behaviour.
  - Current stats:
      snowflake-ips-nat-restricted 72006
      snowflake-ips-nat-unrestricted 2447 <- We need your help to increase this pool!
      snowflake-ips-nat-unknown 47623
  - To understand Snowflake NAT matching behavior, please check out this
    documentation:
NAT matching ยท Wiki ยท The Tor Project / Anti-censorship / Pluggable Transports / Snowflake ยท GitLab
  - Maybe there should be a guide on how to go from being restricted to
    unrestricted for standalone snowflake proxy from home and/or from a
    server with a firewall (i.e. limit the range used by snowflake, and
    "find how to open a range of port on your router").
  - Recommendation: Do not run snowflake proxy on the same IP as a
    relay/bridge. It's a good call to run it on a machine with public
    dynamic IP address.
  
1.3. Relays EOL (0.4.5.x) removal

  - Only public relays running 0.4.5.x are affected; bridges are
    unaffected.
  - If your relay was blocked because was running tor 0.4.5.x version,
    please reach out to bad-relays at lists.torproject.org and ask them
    to unblock your relay.
  - Issue:
    Deal with EOL 0.4.5.x relays and bridges (#291) ยท Issues ยท The Tor Project / Network Health / Team ยท GitLab

1.4. IPv4 limit proposal (bumped limit from 2 to 4, and soon 4 to 8!)

  - Proposal: Increase the amount of allowed relays per IP address to 8 (#40744) ยท Issues ยท The Tor Project / Core / Tor ยท GitLab
  - Currently we're allowing 4 relays per IPv4 address. This new max
    allowed relays per IP address was analyzed here:
Analyze the results of bumping the max allowed relays per IP address to 4 (#51) ยท Issues ยท The Tor Project / Network Health / Analysis ยท GitLab
  - We're considering to bump the limit to 8 relays per IPv4 address.

1.5. Tor Forum is now self-hosted by Tor Project

  - The Tor Forum migration was completed last week:
    https://forum.torproject.org/
  - tor-talk will be deactivated next week. The mailing list archive
    will be publicly available. Other mailing lists aren't affected.
  - The Tor Forum Privacy policy will be updated.

### 2. Presentation about Webtunnel bridges with Tor Anti-censorship
Team

Tor Anti-censorship Team is soft-releasing Webtunnel, a new pluggable
transport based on HTTP Upgrade (HTTPT). It is designed to hide behind
HTTPS servers to resist against active probing attacks and to
effectively blend in with Internet traffic.
Bridge operators can deploy this new pluggable transport on the same
IP/machine if they are already running obsf4.
Please don't expect a lot of users at the moment, bceause webtunnel is
only available on Tor Browser Alpha.

Slides: https://nc.torproject.net/s/PP98BXDMk8nwtrn

Webtunnel requirements for operators:
- A self-hosted HTTPS website
- Handle traffic with configurable reverse proxy
- Environment to run Tor bridge
- (Optional) Container runtime like Docker

You can find instructions on how to deploy webtunnel here:

A Dockerfile is available for use with a Debian container and a package
for FreeBSD has been created.

Q: What is the distribution mechanism?
(https://bridges.torproject.org).

Q: Are the regular traffic patterns of webtunnel-transported traffic
similar to tor traffic? Are they usually bi-directional
No, the traffic looks like HTTPS.

### 3. Tor Network Health proposals discussion

  - Meta proposal discussion:
    Write a meta proposal for community proposals: 001-community-relay-operator-process.md (#2) ยท Issues ยท The Tor Project / Community / Policies ยท GitLab

  - contactinfo proposal discussion:
    Write proposal to restrict contact information field to email address (and make it mandatory) (#71) ยท Issues ยท The Tor Project / Community / Relays ยท GitLab

The contactinfo proposal: we don't need to rush as this is a proposal
for Arti relays, which won't happen any time soon (probably is not
happening for the next 2 years), but we should start scoping which
fields the community want.

### 4. Next Tor Relay Operator Meetup

- Date: July 29, 2023 at 18:00 UTC.

### 5. Q&A

Q: I am conducting a survey to understand the attitudes of relay
operators towards current relay updates and a new automatic update
design. How should I approach contacting relay operators? I apologize
for any potential lack of knowledge in this area, as I am new to this
field and seeking guidance on the best practices for engaging with relay
operators.
request.

Q: Will the obfs fork affect the future development of obfs/its fork?
is probably not going to happen much in any near future. Bridge
operators don't need to migrate to lyrebird yet, is great if they do,
but we haven't packaged it to debian or any distro, neither use it yet
in our docker images. For now the changes in our fork only affect meek.
tl;dr: bridge operators don't need to do anything yet, just keep an eye
for it.

Q: Any plans, ETA, or budget estimation for running relays using Arti?
relays and this process will take time (it's not part of 2023/2024
roadmap). Relay Operators will be involved when the time comes.
    
Q: Are unrestricted snowflake proxies currently more needed than obfs4
bridges?
Bridges/Relays are best for static IPs, snowflake for dynamic addresses.
E.g. Snowflake is used more than obfs4 in China, obfs4 more than
Snowflake in Russia.

Q: When should someone run a snowflake proxy instead of a bridge or
relay?
Snowflakes work with dynamic IPs eg at home.

Q: ipv4 limit relaxation - is that due to carrier-grade NAT being used
more and more?
IPv4 addresses more expensive. Thus, the cost for relay operators
running more relays got higher while resources got wasted, which is
hurting good operators. We try to accommodate that with allowing more
relays per IP address while keeping the network monitored so that sybil
attacks are not a danger and get dealt with quickly.

Q: What is the status regarding ddos?
issue with their DNS resolver.

Q: How meaningful is it at all to run an obfs4 bridge on the network of
a big hoster like Hetzner (regarding situations like in Turkmenistan, as
mentioned in one of the last meetings - possibly those countries block
whole IP ranges from such hosters)?
collateral damage. You shouldn't really need to find an obscure hoster.
For Turkmenistan, bridges running on obfs4 port 80, 443 or 8080 and
residential connections seems to work!

Q: Is there a plan to have IPv6 only Relay (way cheaper)?
network.

Q: What does it mean if no Bandwidth Ratio is displayed on
bridges.torproject.org scanner (while obfs4 reachability is displayed)?
(For one of my bridges, there is no "Bandwidth ratio" entry, but a
"obfs4: functional" and a "Last tested" entry)
to the rest of bridges. it means that the bandwidth is not being tested
yet by onbasca, it could be that onbasca has failed to test it or just
need a bit longer, but we don't distribute bridges with low ratio.

ยทยทยท

A: At the moment webtunnel is being distributed only via "HTTPS"
A: Please contact gus and geko by email, so they can evaluate your
A: We plan to continue the development of obfs4 in lyrebird, but there
A: No, not yet. We don't have any funded project to develop Arti
A: Depends on the type/location of user you are wanting to help most.
A: Snowflake proxies tend to use less bandwidth than a relay/bridge.
A: Not really. It's more that servers got more powerful over time and
A: The main ddos seems to be stopped, but some exit operators are having
A: It's very meaningful to use big hosters as blocks can cause a lot of
A: Not really because relays must be reachable by the rest of the Tor
A: The bandwidth ratio is the ratio of how fast is this bridge compared

On Sat, Jun 24, 2023 at 06:46:08PM +0200, lists@for-privacy.net wrote:

On Samstag, 24. Juni 2023 18:03:47 CEST lists@for-privacy.net wrote:
> On Dienstag, 20. Juni 2023 23:01:23 CEST gus wrote:
> > Just a friendly reminder that the Relay Operator meetup will happen this
> > Saturday, June 24 at 18 UTC.
> >
> > ## Agenda
> >
> > 1. Announcements
> >
> > - Tor Relay Operators meetup @ CCCamp 2023!
> > - More unrestricted snowflake proxies are needed
> > - Relays EOL (0.4.5.x) removal
> > - IPv4 limit proposal
> >
> > 2. Presentation about Webtunnel bridges with Tor Anti-censorship Team
> >
> > 3. Tor Network Health proposals discussion
> >
> > - Meta proposal discussion
> > - contactinfo proposal discussion
> >
> > 4. Q&A
> >
> > Riseup Pad
>
> https://pad.riseup.net/ is down :frowning:
> As an alternative, the 'German riseup' systemli could be taken. systemli.org
> is hosted on its own servers at Community-IX.
>
> systemli pad

I think gus copied the pad. Thanks. Hidden service link is:
http://mjrkrqnlf26etelsi7zpkqc3dzlrzyurvmd3jksmndarzzbugz5xctid.onion/p/tor-relay-op-meetup-june-keep

--
โ•ฐ_โ•ฏ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

--
The Tor Project
Community Team Lead

1 Like

I setup 6 snowflakes as VPS with a fixed IP.
After which time those IPs should be changed ?

ยทยทยท

On 6/26/23 23:44, gus wrote:

  - Recommendation: Do not run snowflake proxy on the same IP as a
     relay/bridge. It's a good call to run it on a machine with public
     dynamic IP address.

--
Toralf

Quoting Toralf Fรถrster (2023-06-27 10:27:18)

ยทยทยท

On 6/26/23 23:44, gus wrote:
> - Recommendation: Do not run snowflake proxy on the same IP as a
> relay/bridge. It's a good call to run it on a machine with public
> dynamic IP address.

I setup 6 snowflakes as VPS with a fixed IP.
After which time those IPs should be changed ?

Rotating the IP often will not affect the functionality of snowflake. But AFAIK
censors are not blocking snowflake proxies (yet) by they IP address. So you
don't need to bother to rotate it often, and I expect your proxy to keep being
useful even if you don't rotate it. But if you have the possibility to do it
once every few months might be handy if censors start catching up with stable
proxies.

--
meskio | https://meskio.net/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
My contact info: https://meskio.net/crypto.txt
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Nos vamos a Croatan.
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page

Hi,

ยทยทยท

On 26.06.23 23:44, gus wrote:

   - Tor Relay Operators meetup @ CCCamp 2023. CCCamp
     (Chaos Communication Camp 2023) is taking place near
Berlin, Germany, in August. Ping gus or other tor people if you want to
help.

unfortunately, I couldn't find any information about the planned meetup in the Fahrplan [*]. Is there already more detailed information about where and when?

Kind regards
telekobold

[*] Conference Chaos Communication Camp 2023
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
tor-relays Info Page