Tor Project Pilots Exit Nodes In Libraries

An anonymous reader writes: The Tor Project has announced a new initiative to open exit relays in public libraries. "This is an idea whose time has come; libraries are our most democratic public spaces, protecting our intellectual freedom, privacy, and unfettered access to information, and Tor Project creates software that allows all people to have these rights on the internet." They point out that this is both an excellent way to educate people on the value of private internet browsing while also being a practical way to expand the Tor network. A test for this initiative is underway at the Kilton Library in Lebanon, New Hampshire, which already has a computing environment full of GNU/Linux machines.

Library Filters

[EmperorArthur]

Here in the US any library that deals with children must have mandatory filtering software installed. Given the typical puritanical attitude, quite a few public libraries also have filters.

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[roninmagus]

Wow, that's news to me. When I worked IT for a local government which managed the public libraries, we were barred from filtering anything. We had to install polarizing screen covers and put computers in weird places for all the pervs. Granted, this was 13 years ago.

Re:

[Bing Tsher E]

I found I couldn't download a component of the Android SDK in our local public library on their wifi. Not on a library machine, it was my laptop. The URL linked from within Eclipse raised a flag with something in the filter at the library. It was rather shocking.

Newsflash: Libraries get blacklisted

[Anonymous Coward]

Most admins block TOR exit nodes at the router and many other places because they are the source of many attacks. All this means is that libraries wind up on IP blacklists.

Re:

[Anonymous Coward]

I think that is why the requirements seem to imply that the exit node needs to have its own IP address.

Re:Newsflash: Libraries get blacklisted

[ron_ivi]

Most admins

That's not true.

A few Admins, perhaps.

Not most.

Re:

[Anonymous Coward]

Akamai optionally (optional to the Akamai customer) blocks Tor exit nodes AND relay nodes that have no exits whatsoever. I made it through several levels of support (up to executive support) to nothing but deaf ears.

I'm not even sure how they figure out relays without port-scanning clients (like open HTTP proxy scans from IRC servers of yore) but it essentially shut down my high-bandwidth Tor relay. I'd run an IPv6-only Tor relay because, well, if you have IPv6 you have plenty of addresses to burn, but Tor

Re:

[Anonymous Coward]

I'm not even sure how they figure out relays without port-scanning clients

A full list of relays is available from any directory authority (except bridges -- which are not the same as non-exit nodes*)

From torrc:

Bridge relays (or "bridges") are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even an
ISP that filters connections to all the known Tor relays probably
won't be able to block all the bridges. Also, websites won't treat you
differently because they won't know you're running Tor. If you can
be a real relay, please do; but if not, be a bridge!

most libraries are run by local government

[ozduo]

how many are willing to risk their benefactor's wrath (federal government) by supplying an anti government spying device?

Librarians

[manu0601]

It is astonishing how mindset about computing can vary among librarians. On one hand we have the one that set up TOR exit nodes to save our privacy, and on the other hand we have the one that purchase strongly vendor-locked and opaque proprietary library softwares.

Re:

[Anonymous Coward]

Free/libre software != privacy. There are very different forces driving these two movements: there just happens to be a lot of overlap since most intelligent and educated people support both, and a lot of the privacy tools are opensource (they kinda need to be).

Re:

[sjames]

Because primarily, libraries and librarians are about free access to information for the public.

Besides, it's not hard to set it up so the exit node only gets to use otherwise unused bandwidth.

No-oooo!

[Demonoid-Penguin]

Don't be giving the government yet another reason to cut funding to public libraries.

Balance TOR's costs against the benefits.

[dweller_below]

When we set up TOR infrastructure at USU, we looked at the costs and benefits.

There are definite costs to running TOR infrastructure. You have to be aware of them. Some of the costs can be mitigated, but some can't. At the end, you have to be able to show that the benefits outweigh the costs.

First we examined the benefit. We made a clear statement of the benefit. It is:

USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.

Then we discussed the various costs and methods of mitigating the costs. Afterwards, we decided that the costs could be made acceptable, if we were careful.

• Our cost mitigation strategy had several parts:
• 1) We arranged for the TOR infrastructure to have an academic sponsor. The USU CS department agreed to sponsor the TOR project. This gave us an existing structure for providing IT support. And, frankly, TOR is easier to support than some of the other academic projects.
• 2) Most of the direct costs of creating and administering the TOR infrastructure are born by the USU CS department. It really helps that their admin is a diligent and responsible admin. It has been a joy to work with him.
• 3) We have tried to put all the TOR infrastructure on a small CIDR. If people need to block TOR, we try to make it easy for them to block it without effecting other things. That said, if I had to do it again, I think I would continue to have the TOR entry nodes and intermediate relays on a small USU CIDR. I think I would ask USU's ISP (UEN) for a small /28 and hook it up external to USU's normal security perimeter. Then I would put the TOR exit nodes on that external CIDR. This makes it easier to set routing and firewall policy. It also enables entering the TOR switching network internal to USU.
• 4) We examined the TOR traffic and tried to minimize the abusive bits. In our case, we found that most of the TOR web browsing looked non-abusive. However, the majority of the SSH and RDP traffic looked abusive. So, we asked the TOR admin to limit those protocols.
• 5) We clearly documented our TOR setup and use. The TOR nodes have meaningful hostnames. The systems have are well defined roles and responsibilities. We have strongly discouraged the TOR admin from using those systems for anything else.
• 6) We created processes for dealing with the abuse reports.

Here is our standard response to an abuse report against USU's TOR infrastructure:

=BEGIN ABUSE RESPONSE=
The activity that you have reported is being emitted by a TOR exit node:

------------
$ host 129.123.7.6 6.7.123.129.in-addr.arpa domain name pointer tor-exit-node.cs.usu.edu.

$ host 129.123.7.7
7.7.123.129.in-addr.arpa domain name pointer tor-exit-node-2.cs.usu.edu.
------------

This TOR node is a project of USU's CS department. USU has many researchers and students who deal in sensitive subjects such as Climate Change, Reproductive Issues, Political Systems, Animal Research, etc.. These students and researchers frequently need privacy and security to advance the goals of USU.

Almost all TOR traffic is generated by innocent people who are attempting to escape the shadow of a totalitarian government. But, unfortunately, sometimes criminals attempt to use TOR to attack others.

We are in discussion with our TOR admins to try to find ways to limit the attack activity. Of course, this rapidly becomes a sticky issue. If we start inspecting and censoring some of the TOR activity, then we have less of a defense when we get pressure to inspect and block the rest. And, even starting down this path may make us legally liable for ALL the TOR traffic. Our best action may be to keep our hands off and observe strict network neutrality.

We are still pondering our options.

Please accept our apologies in the mean time.

USU IT Security
=END ABUSE RESPONSE=

Re:

[circletimessquare]

this is an interesting, informative, and comprehensive post

mod +6

Re:

[westlake]

Our cost mitigation strategy had several parts

I would replace the work "cost" with "risk."

As in exposure to a hostile legal, political and social environment.

I don't see many public libraries having the resources to implement your plan.

=BEGIN ABUSE RESPONSE=
We are still pondering our options.
Please accept our apologies in the mean time.
=END ABUSE RESPONSE=

When the shit hits the fan, "thinking it over" and "hoping for the best" is no longer an option. In the end, you have to make a decision or one will be made for you.

Re:

[dweller_below]

Thanks Westlake,

I would replace the work "cost" with "risk."

As in exposure to a hostile legal, political and social environment.

We had risk in there earlier. But we later changed it to cost. USU is weird. I suspect all universities are weird. USU is a top tier research university. USU is not run by accountants and MBAs. It is run by researchers and teachers. We are shielded from most legal issues. We are constrained by funding. If we can fund it, we can invest in long term experiments. This is one of them.

I don't see many public libraries having the resources to implement your plan.

This is an extremely significant point. In order to understand the TOR issues and implement TOR properly, an ins

Re:

[Anonymous Coward]

Did you consult with a lawyer? That does not seem like a good abuse response and could make you liable. The EFF has a better one you could use at eff.org .

Re:

[DamonHD]

4) We examined the TOR traffic and tried to minimize the abusive bits. In our case, we found that most of the TOR web browsing looked non-abusive. However, the majority of the SSH and RDP traffic looked abusive. So, we asked the TOR admin to limit those protocols.

I am interested to understand what level of inspection you could and did perform to decide "abusiveness". Especially for the secure traffic.

Rgds

Damon

Re:

[dweller_below]

Thanks DamonHD,

I am interested to understand what level of inspection you could and did perform to decide "abusiveness". Especially for the secure traffic.

Rgds

Damon

We did traffic analysis using net flow information of a few days of traffic on a preliminary TOR exit node. In this situation, traffic analysis is very powerful. We did not try to determine who was talking. But, we have spent years deciphering the nature of connections using flow analysis. We are very successful in determining the nature of the various connections. Encryption does not change the underlying size, flow and pace of the connection. The TOR structure does little to obscure the ult

Re:

[DamonHD]

Thanks, very interesting. I imagined that it might be a little like that. Certainly I can see how scanning for vulnerabilities can stand out!

Rgds

Damon

Re:

[dweller_below]

TOR exit nodes are nothing but trouble.

I think this is an issue where some are more equal than others.

If an individual runs a TOR exit node, they can be easily intimidated and hassled. There is very little cost to law enforcement for engaging in the intimidation.

At the other end of the spectrum, a large public institution is not susceptible to this kind of intimidation. And, there is a very large cost if law enforcement attempts the intimidation. For example, at the institution I support, if the local cops or low level FBI attempted this kin