-
-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2020 Summer Internship Project: Additional Tor Exit Nodes, Support Tor #5
Comments
I am volunteering for this project. Proposed Milestones
Tasks
Developments
Questions
Future
|
@fakhrulKhir This looks great, but really should be divided up into at least 3 key milestones, with rough dates, and any dependencies on others. |
Note that I gave @TheBlueMatt 3 swamp Cs /24s, called "swamp" as these /24s are routable individually. The first of which is used for our first Tor exit node. He agreed to return the other two when we needed them. So I don't think we'll need a new /23. I'm unclear if we need a new ASN or if we can give my old ASN to Blockchain Commons. Rules have changed since I last did this. -- Christopher Allen |
Depends on how you want to do it - if you are running it on PCH's infrastructure, probably you can just use their IPs if they're OK with it (I presume that would turn into many nodes, not just one, since they have many PoPs, and it would seem a waste to route a whole /24 to just one of their PoPs for just one node). If you are looking at Colo, I'd suggest doing your research, since many Colo sites aren't going to be cheap ($500-1k/mo) which may be a larger expense than makes sense long-term, and non-colo providers may not be ideal given a) they almost universally don't support using your own IPs, which means they are going to be unhappy with the abuse mails), and b) may not be ideal in the privacy-preserving domain that you'd ideally like to be running exit nodes. |
Also, if you're looking at hosting this in Malaysia, you should definitely look at the current legal status of Tor exit nodes in Malaysia before you set anything up. |
Thank you, @TheBlueMatt for your comments.
Yes, if we can get IP addresses for a Tor Exit from @Packet-Clearing-House via Bill Woodcock @mwoodcock that would be great. I'm not sure their level of commitment, so instead we may only be able to leverage their peering capabilities to make sure that the Tor Exit less expensively routes out.
Yes, definitely. We are not just seeking multiple Tor exit nodes, but I want to establish some independent services, such as a .onion Esplora instance so we are not dependent on Blockstream, ideally (eventually) with its own Blockstream Satellite download capability. This requires some cooperation with a colo facility. Fortunately, @fakhrulKhir has some experience with multiple Asian cola centers. Even before Esplora, Blockchain Commons want to be able to offer a public bitcoin price data feed, with independent software some signed checkpoints of price history that could optionally be installed a future version of Bitcoin Standup (see details in issue #6). We need this soon so that FullyNoded 2 can completely turn off of any non-.onion network features. Ideally we have this is US and two international locations. In any case, the requires for the above are different than the requirements for a Tor Exit node, so they don't have to be locked together unless it is useful.
Yes, definitely a major issue. It was suggested that at least one colo in Malaysia was suitable for more wild west services, but who knows? This is one of our biggest weaknesses, not really knowing the Tor legal situations, but also wanting to support the common infrastructure of Tor, just as we hope that someday others will support Blockchain Commons as we become a more indispensable part of open infrastructure for Bitcoin. @TheBlueMatt Seperately, if you have other ideas on how we might better serve other bitcoin network infrastructure needs, let us know! -- Christopher Allen |
I may be wrong, but I don't believe PCH is one global network, but instead hundreds of islands. Sure, hosting it at PCH in Amsterdam (or Frankfurt, but legal issues around Tor exits in .de probably prevent that) may have pretty good coverage from peering routes, but AMS-IX isn't perfect by itself. Still, they may get transit donated, so they may not care.
Depends on how YOLO you want to get with it, but may also make sense to investigate how well Tor can anycast (onionbalance used to be able to do it, but not sure what the state of things is with onion v3) and just try to set up a bunch for redundancy at cheaper sites instead of paying big bucks for a fancy place.
Of course unless you're doing this...if you're really serious about users of this, suddenly you care about not just any datacenter - most datacenters actually have really lax security, and those that are a bit more careful tend to cost more, not to mention that you'd want a cage, which is 10x the price. Of course maybe it doesn't make sense to care about all that stuff on day one, just things to think about.
"suitable for wild west" is probably not actually what you want - sure, maybe the datacenter/network provider doesn't care if you host some phishing or even malware C&C crap, but if INTERPOL comes knocking cause someone is using Tor for something Really Bad, you'd rather have robust legal protection than a network operator who doesn't care as long as it's not their problem. |
@TheBlueMatt — Wow, that tip was very helpful. And it does look onion balance has added v3 support: https://onionbalance.readthedocs.io/en/latest/v3/tutorial-v3.html#tutorial-v3
You are correct, I've conflating the requirements of the two (or more) projects. Especially given your onion balance suggestion, we can try to have greater security in one place, and be less rigorous in the others. But in the long run I really want our users not to even depend on us for these services, instead give them a choice of many. We are definitely need to do significantly more puzzling through the current price API risk models. Anything we do will be likely be better than the current state of the art where mobile wallets use a single source of current price information, typically the wallet vendor or a single exchange's API. Not only is this model vulnerable to DOS attacks, I suspect there are other tricks an attacker can do if they can make your remote wallet think the price has changed when it has not. Offering this services via Tor v3 also means we add a new attack surface that is less well known. I don't necessarily want to replicate what Blockstream is doing with their current price data, but more desire to enable those who want to source it themselves for their own full node / remote wallet combos, that they can install an app alongside their full node that sources its own current data from APIs that user chooses. If they want to point their remote app to us, another reputable clone of our service, or directly to the API of their favorite exchange, or even test against multiple exchanges, it is up to them. Our key requirement for this service is as much self-sovereignty for the full-node / remote wallet user as possible. The historical data is also useful, but finding some way to distribute it safely is a different risk model than that for current price data. Thank you for your comments! -- Christopher Allen |
I'm not sure of the final status of this project, but I'm closing it out as a Summer 2020 project. |
Last year Blockchain Commons helped Matt Corallo (@TheBlueMatt) to establish a new, long-term Tor exit node at NYC Mesh.
The was announced last August https://twitter.com/BlockchainComns/status/1161310976030867456:
We'd like to establish two more Tor exit nodes, one internet topologically near Asia, and then one as topologically far from both as possible (South Africa?). The Tor team may have advice on a better way to choose. Also relevant is access to Blockstream Satellite, mesh networks, etc.
There are multiple parts of this project (needs to be broken apart):
There will be interaction of this project with other projects this summer, including that Blockchain Commons hopes help document and support Tor better, hopes to host some other services via hidden .onion services, etc.
All of the above is open — this first message in this issue is to start the discussion.
cc/ @cprkrn @fakhrulKhir
-- Christopher Allen
The text was updated successfully, but these errors were encountered: