Comment by bragr

Comment by bragr 10 months ago

75 replies

View on Hacker News

>This could cost less than $5000 for a month

I ran a bunch of nodes for a couple years and that's optimistic by perhaps an order of magnitude. No $5 a month VPS provides enough bandwidth to sustain the monthly traffic of a Tor node, and nodes need to be continuously online and serving traffic for about 2-3 months[1] before they will be promoted to guard relays. Throttling traffic to stay in your bandwidth allocation will just get you marked as a slow node and limit the number of connections you get. Sustaining just 1 Mbps will blow your monthly transfer allocation on the cheap tiers of both Digital Ocean or Linode.

[1] https://blog.torproject.org/lifecycle-of-a-new-relay/

belorn 10 months ago

Now to add additional problems. 1000 tor nodes on a single platform would be very noticeable and geographically limited. Platforms also have different weight attached to them in the consensus, which adds further time requirements before a node is promoted. The developers do not want a single platform provider to be able to observe a large portion of all the traffic, so there are counter measures.

The attacker could try to create a handful of accounts on hundreds of platforms in as many countries as possible, assuming one verify that the platforms accepts tor and do not share underlying providers and data centers. The cost would then be the average price of said providers, which is going to be a fair bit more than the cheapest providers out there. Managing and spreading them out is also going to cost a lot of man hours. Also the secops need to be fairly on the point and need to be maintained quite strictly across all the providers.

Reply View 8 replies
  • ranger_danger 10 months ago

    Considering multiple world governments have already shown in leaked documents that this is exactly what they do, I personally wouldn't trust my secrets with tor.

    Reply View 2 replies
    • halJordan 10 months ago

      But and God forbid you read TFA, those leaked techniques were all done before the latest mitigations that the Tor Project is writing the blog about.

      Reply View 1 reply
      • ranger_danger 10 months ago

        There's not much technique involved in running tons of nodes.

        Reply View 0 replies
  • qb1 10 months ago

    Pagers and the next day handheld radios exploded on their users! This can be done.

    Reply View 3 replies
    • aesh2Xa1 10 months ago

      I think the news about that particular counter example is too recent to be easily understood.

      https://www.schneier.com/blog/archives/2024/09/remotely-expl...

      Still, I think your point is excellent. The sort of group interested in tracking someone(s) over Tor certainly might have the capability to do so despite the difficulty.

      Reply View 1 reply
      • maicro 10 months ago

        Yeah, too recent to understand (though I've also been out of the loop a bit) - so thank you, that's...a good one.

        Reply View 0 replies
    • hiatus 10 months ago

      > Let's say I as a private individual fund 1000 tor nodes

      Was the operation against Hezbollah funded by a private individual? Otherwise I'm not sure the relevance of your statement to the comment that started this thread.

      Reply View 0 replies
  • [removed] 10 months ago
    [deleted]
    Reply View 0 replies
teaearlgraycold 10 months ago

Still easily within the budget of the US, Russia, China, Israel, etc. I wouldn't be surprised if a majority of nodes are ran by intelligence agencies.

Reply View 21 replies
  • andai 10 months ago

    They say the internet is just someone else's computer. With Tor it's the computer of a person who wants you to think it's not their computer, and also that they aren't paying attention to (or somehow can't see) what you're doing on it.

    Reply View 0 replies
  • giantg2 10 months ago

    The interesting thing is, the more agencies that run relays, the more they interfere with each other. So having something like US, Russia, and China a each running 25% of the network reduces the chances of any one getting all three relays.

    Reply View 11 replies
  • bawolff 10 months ago

    I think the threat model is that the majority are not run by cooperating malicious parties.

    Russia, china and usa all dont like each other much so are probably not sharing notes (in theory).

    Reply View 5 replies
    • aftbit 10 months ago

      Or perhaps they _are_ sharing notes about tor users with each other, as part of a global club of intelligence agencies (a sort of new world order) who would rather not be overthrown. How are we to know?

      Reply View 4 replies
      • anticorporate 10 months ago

        Because if they each only have incomplete information, they each wouldn't know whether the information they have is relevant to preventing overthrow of their collective order, or intelligence that is only going to help their geopolitical adversary.

        Basically, a variation of the prisoner's dilemma.

        Also, those nukes we have pointed at each other are a pretty healthy hint.

        Reply View 1 reply
      • jrochkind1 10 months ago

        Or perhaps someone with secret quantum computing can break all our encryption and has full transparency on all communications on the internet. Perhaps extraterrestrials are eavesdropping on everything I say in my living room, and sharing it with the KGB. How are we to know?

        Reply View 0 replies
      • rrrix1 10 months ago

        Occam's Razor definitely applies here.

        "The simplest explanation is usually the best one."

        Conspiracy theories are a logical reasoning black hole.

        I personally feel it's generally best to avoid the mental Spaghettification.

        Reply View 0 replies
  • chr_1 10 months ago

    Before 2020 when /r/privacy stimulated conversation that was worthy of good discussion you learned Tor the software made less available nodes accessible with newer deployments, that’s why it got faster. Regardless of how many nodes existed. The routing shifted. Now it’s way faster and there's specifically designated guard nodes seemingly pinged repeatedly out to the same allied nations.

    Reply View 0 replies
  • darby_nine 10 months ago

    In fact, you should assume they are. This doesn't imply the network doesn't have utility for a given actor.

    Reply View 0 replies
voldacar 10 months ago

I started a tor relay on a spare vps about a month ago and it got guard status around 2-3 weeks in, so that info seems to be out of date.

Reply View 25 replies
  • arktos_ 10 months ago

    Pardon my ignorance, but I thought it fruitful to ask: Are there any issues that can arise by doing this on a VPS?

    I ask because I know of stories of law enforcement sending inquiries to owners of, say, exit nodes requiring certain information about given traffic. I don't know if this happens for middle-nodes (or whatever they're called).

    Moreover, are there any issues with associating a node to, you know, your name and billing information?

    I don't know much about this, and although I could look it up, I think that my questions - and your respective answers or those of others - might do some public service of information sharing here.

    Reply View 24 replies
    • GTP 10 months ago

      I never operated a TOR node, but as far as I know and heard from other sources, TOR realays don't get much attention from law enforcement, it any attention at all. Which makes sense: all they're doing is getting encrypted traffic in and giving encrypted traffic out. It would hard for them to link a relay node to a specific connection, and even if they do, you can't help them in any way: even you as the node operator are only able to see encrypted traffic.

      Edit: there's a youtuber called "Mental Outlaw" that published a while ago some videos about setting up and operating TOR nodes. He sometimes gives inaccurate information regarding more theoretical topics, so I don't follow him much. But I think he can be trusted for this practical topics.

      Reply View 9 replies
      • WHA8m 10 months ago

        Just a quick note on the Youtube channel you mention: I follow his videos for a while and it seems to me, that he's half a shill. My impression is, that he re-models popular HN threads into Youtube videos. Just watch the latest video on the MrBeast topic and you'll basically get the same info as all the popular 'root' comments (was on HN front page last week). Not the first time I noticed a suspicious connection.

        Reply View 7 replies
      • asmor 10 months ago

        Mental Outlaw definitely doesn't know how to threat model anything. Keeps assuming you'll be targeted specifically, but then tries to evade that with i2p and Tor. Most people aren't going to be specifically targeted though, especially if they keep a low profile (i.e. don't be one of ~50k i2p users, that's sure to be a selector) and especially not for torrenting content illegally (as opposed to illegal content).

        If your threat model is actually three letter agencies coming after you specifically... that's an entirely different problem not (just) solved by software.

        Reply View 0 replies
    • INTPenis 10 months ago

      I ran tor exit nodes on Linode and Digitalocean for years. No real issues, but you will get regular abuse complaints.

      The support teams always understood once I explained it was a tor exit node. I co-operated with the Cloud provider and added any IP-address that requested it to my list of exempt addresses.

      Reply View 4 replies
      • ranger_danger 10 months ago

        > The support teams always understood

        But they don't have to. It could also be against their ToS, and many other providers would not have been ok with it. Accounts and domains have been taken away for much less.

        Reply View 3 replies
    • dunghill 10 months ago

      There was a recent HN topic where person running exit nodes run into quite a lot of issues because of it.

      Reply View 0 replies
    • immibis 10 months ago

      Non-exit nodes are generally considered safe to run. it's only exit nodes that system enforcement keeps trying to shut down.

      Reply View 0 replies
    • voldacar 10 months ago

      I'm not an exit node.

      You can buy a vps with xmr if you're worried about privacy from law enforcement.

      Reply View 6 replies
      • Imustaskforhelp 10 months ago

        most vps don't support xmr though. any suggestions to whom I can trust (I basically only trust hetzner in vps space)

        Reply View 5 replies
alfiedotwtf 10 months ago

If it’s that expensive to run Tor nodes, who is actually paying for them? I’ve heard individuals getting doors kicked in for participating in the network, so it’s not individuals. Corporates too wouldn’t want this type of burden… so is it really just spy-vs-spy

Reply View 10 replies
  • p4bl0 10 months ago

    Many individuals contribute to running relays. And there are non-profit organizations collecting donations to operates Tor exit nodes:

    - https://www.torservers.net/

    - https://nos-oignons.net/

    Reply View 1 reply
    • idiotsecant 10 months ago

      This is probably strictly true but it smacks to me of 'many people say'. I wonder what % of TOR nodes are run by people with an ideological allegiance for the network vs how many are run by nation-state actors.

      Reply View 0 replies
  • immibis 10 months ago

    I run a non-exit node any time I have the spare resources. I2P too. This means they're on the same popular providers that have too many other nodes, though.

    Sometimes I set it up as a bridge (hidden entry node) instead.

    Reply View 0 replies
  • akimbostrawman 10 months ago

    only exit nodes get there door kicked in and they are the minority and not needed for the tor network to function

    Reply View 3 replies
    • zerd 10 months ago

      They are pretty essential, without them you can only access onion services.

      Reply View 2 replies
      • akimbostrawman 10 months ago

        exit nodes aren't used for the onion services. only when interacting with the clearnet.

        Reply View 1 reply
        • tylervigen 10 months ago

          You are both saying the same thing, you just differ on the degree to which you see that as a problem.

          Reply View 0 replies
  • 0points 10 months ago

    > I’ve heard individuals getting doors kicked in for participating in the network, so it’s not individuals.

    It's individuals

    Reply View 2 replies
    • autoexec 10 months ago

      Unless something has changed, one of the issues with Tor is that it tries to send traffic through servers that have the most bandwidth which are pretty much certain to be servers owned by the state a lot of the time because a random person's residential cable modem is going to be a lot less capable.

      Reply View 1 reply
      • input_sh 10 months ago

        Run by individuals doesn't necessarily mean run on potato hardware. I ran a highly reputable (non-exit) node on a beefy but underutilised dedicated server for at least half a decade.

        Reply View 0 replies
chatmasta 10 months ago

You don’t technically need separate nodes, just separate IP addresses. Although Tor has some marginal protections against circuits sharing relays with similar IP, so you couldn’t just get a /24 and hope they all get the same circuit.

Reply View 2 replies
  • tga_d 10 months ago

    Not only would you need the node to expose IPs with a wide enough distribution to allow the right path selection, you'd also need to have enough bandwidth available to look like distinct hosts, and ensure any losses in connectivity aren't correlated enough to draw attention (people monitor metrics.torproject.org pretty diligently, and would notice if there was a chunk of bandwidth coming and going in lockstep). At that point, the difference in cost to just actually running legitimately separate hosts is negligible. All empirical evidence points towards the status quo that has existed for most all of Tor's existence: if you want to identify Tor users, there are cheaper ways to do it than dominating the network (and those ways are expensive enough to be outside most people's threat models).

    That said, any bandwidth anyone wants to contribute to mitigate such attacks is always appreciated, even if it's more useful for performance reasons in practice. ;)

    Reply View 0 replies
[removed] 10 months ago
[deleted]
Reply View 0 replies
[removed] 10 months ago
[deleted]
Reply View 0 replies
zorrn 10 months ago

We also recently saw the xz backdoor wich was worked on for many years so I think it could be possible if you really have on target.

Reply View 0 replies
ForHackernews 10 months ago

These costs explain why most of the nodes are probably run by the FBI.

Reply View 0 replies