Savage Internet is proud to announce that we’re now running a 1 MB/s Tor exit relay. How much is this costing us? $10/month, thanks to Linode’s excellent data transfer caps. In this post, we’ll explain how we set that up.
If you’re not sure what Tor is, read this article.
Setting up a Tor Relay on Linode
Step 1: Set up your Linode instance
Go to linode.com, sign up, and add a Linode 1GB instance to your account. You can follow Linode’s Getting Started instructions. We’re using Ubuntu as the distro, mainly because we’re familiar with it and we wanted to get this up and running as quickly as possible!
Step 2: Install Tor
There are some good instructions here, but they boil down to:
1 2 3 4
Once Tor is installed, you need to configure it.
Step 3: Basic Tor Configuration
We’ll get to exit policies in a bit, but:
ORPort(or just uncomment it);
- give yourself a
Nickname, and set
RelayBandwidthBurst(in our case, 1 MB/s).
Step 4: Exit Policy Configuration
The Tor Project recommends this exit policy, which allows roughly 65 ports.
Step 5: Block BitTorrent using iptables
We went one step further and blocked common markers of BitTorrent traffic, using this set of iptables rules.
Step 6: Run!
What is Tor?
EFF’s Tor Challenge site explains that far better than we could:
Tor is a service that helps you to protect your anonymity while using the Internet.
We compared several virtual private server providers. Linode offers relatively high bandwidth caps: their $10/month plan, for instance, gives you 2TB/month outgoing with unlimited incoming, which is enough to sustain 700 KB/s 24/7. Amazon EC2 doesn’t even compare: bandwidth charges alone for that much traffic would be about $200/month.
Noisebridge runs four Tor exit relays using QuadraNet dedicated servers. Dedicated servers are more attractive once you ramp up capacity. With QuadraNet, for instance, $700/month gets you 1Gbps unmetered, or 125 MB/s - Linode 64GB instances are comparable in cost, but those only get you 20TB/month, or 7MB/s. Since our goals are a relatively modest 1 MB/s, this would be overkill; for the same reason, we didn’t look into colocation either.
Why block BitTorrent? I thought this was about freedom!
From Linode’s Terms of Service:
Linode does not prohibit the use of distributed, peer to peer network services such as Tor, nor does Linode routinely monitor the network communications of customer Linodes as a normal business practice. However, customers are responsible for the contents of network traffic exiting their Linode. Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.
In practical terms: if you run an exit relay, Linode will receive DMCA takedown notices for your IP address. They will pass those on to you, making them your responsibility.
To mitigate this risk, we block BitTorrent. Otherwise we’ll eventually have to
- take down the node; or
ExitPolicy reject *:*; or
- move elsewhere.
An offline node is of use to no one. A middle relay is less useful, since overall Tor network performance relies upon having exit nodes. Moving elsewhere is doable, but it would definitely be less cost-effective (at least at our current scale - see below).
Another option is to donate to other relay operators. Donations are more cost-effective in increasing Tor network bandwidth, but this comes at the expense of network diversity. (If you don’t see why this is a problem, consider what happens when a malicious actor - NSA/GCHQ/etc., for instance - operates some proportion of Tor relays.)
Even if Linode handled DMCA complaints differently, a relay that’s swamped with high-bandwidth, high-connection-count traffic from BitTorrent is of use to far fewer people than one that isn’t. We’d rather support people who need Tor than some dude who just can’t find that awesome movie on Netflix.
If that’s not enough for you, the Tor Project itself notes that BitTorrent over Tor isn’t a good idea, as it leaks identifying information and generally hurts network performance.
So: we have nothing against BitTorrent, and we do wish the DMCA would burn and die, but we will make every effort possible to prevent BitTorrent traffic from running through our relay.
This is easy to do and relatively inexpensive, and if you run a 1 MB/s relay you might get a T-shirt from the EFF.