Promote free speech via Tor, earn a slapdown

in eff, privacy
August 17th, 2018

[I wrote this a few years ago, but it is still relevant, perhaps even more so now -PD]

Ive been a privacy advocate for a long time; back in the mid-90s Id wear my PGP munition T-shirt while walking around the Boston common, both to support Phil Zimmermans defense fund and to enact my own small protest against government restrictions on free speech.

Im also a big fan of Cory Doctorows writing, and a few months read both Little Brother and Homeland, his vision of not-too-distant future of a dystopian United States in which Homeland Security mounts an all-out offensive against freedom in the name of safety. The books are frightening in that its easy to see a path between where we are right now and the world he depicts. I stocked up on tin foil after finishing the books.

I resolved to do my part to help secure the basic human right of freedom of speech, even if in just a small way, by setting up a Tor relay on one of my servers. I run a small business and have ample bandwidth and compute cycles, and I felt that helping the Tor network grow was a great way to participate in the free-speech movement.

The Tor network architecture uses a three-hop graph. A user connects to the network via a bridge; the next hop is to a relay, and the final hop to an exit node which makes the final hop to the service the user wants to use. Bridges and relay nodes are equivalent in terms of how they are set up, and a bridge can be either public or hidden, the latter being used to help obscure the initial connection tor the Tor network in regimes where network traffic is heavily scrutinized or suppressed. You can read full details of the architecture at the Tor Project home page.

Exit nodes carry potential legal issues and so I decided to run a relay. It takes only a few minutes to set this up on a Linux distributiona download and a few configuration file tweaks and you are up and running. I gave the node 1 MB/s of bandwidth so that it would have a good chance of being promoted to being a published entry point.

I set the node up on a Monday. The first sign of trouble was on Wednesday, when my wife asked why she couldnt watch a show on Hulu. I took a look and saw an ominous message: Based on your IP-address, we noticed that you are trying to access Hulu through an anonymous proxy tool…” The streaming ABC site displayed a similar message. The new Tor relay was an obvious source of the message, but Id also recently been using a VPN to watch World Cup games that were blocked in the USA, and that couldve been a trigger, too.

The next day I logged on to one of my banking sites. I was blocked. A second banking site had also blocked me. I needed to renew a domain at Network Solutions. Denied: Theres something wrong with your credit card…”

What had happened?

A fundamental weakness of Tor is that in order to connect to the first node, you need to know the IP address of the first node. Tor handles this in two ways; a small set of bridge nodes are kept secret and distributed only by emailthese are used by dissidents in China, for example, where Tor traffic is heavily censored. The large majority of bridges, though, are available in public lists, and many companies scrape these lists and blacklist any IP found on them. Id been blacklisted for supporting free speech.

Some of the blocks were easy to fix. I called Hulu and the support technician manually removed my IP from their blacklist. Others (my banks, for example) cleared themselves automatically a few days after I disabled my Tor relay.

Some were not so easy to fix. Network Solutions is still blocking me, and just yesterday I tried to do an online transaction on my state governments web site: There is something wrong with your credit card…”

My solution to this nagging problem is the same one that I used to watch the blocked World Cup gamesa VPN to a server somewhere else in the world. Since my IP is blacklisted, I just come in with a different IP.

My advice to anyone who wants to support free speech by running a Tor relay on their home or small business network is simple: 

Dont do it.

The Tor Project downplays or ignores the risk of running a Tor relay, focusing instead on exit nodes. Their goal is to grow the network, so I cant fault them. However, its clear that many organizations are throwing a wide net around Tor traffic and putting all of it in the evil-doer basket. Even if you are just trying to do your part as a citizen of the world to promote free speech, you will be slapped down. My IP presumably is now on watch lists that I dont know about, both private and governmental. Is my traffic being collected? What tripwires did this trigger? What other ramifications are there? These are questions that I dont know the answer to right now.

I still support Tor and what it stands for. The Tor Project is making a big push right now to encourage individuals to create Tor nodes in the Amazon cloud, and Im all for that as long as you keep in mind that Amazon is a third party and subject to subpoena and to national security orders. It might well be that the AWS Tor nodes are currently under heavy scrutinywe just dont know. If you dont physically own the entry node, theres no guarantee that your traffic is not being de-anonymized. The Tor Browser Bundle can be useful in providing a layer of anonymity to your web browsing, but you should approach it with a dose of skepticism.

If your goal is anonymous network access, one approach would be to set up a private Tor entry point, one that you physically control, and obfuscate the traffic coming out of it. This would prevent your IP from being scraped off the list of public relays, and presumably would help prevent traffic analysis at your ISP from identifying your IP as being part of the Tor network. This approach doesnt help the Tor project, really, but it will help anonymize your traffic. The Tor Project maintains a list of hidden entry nodes, but its trivial to build a list of them (they are distributed by email) and so you should assume that they have been compromised and just use your private bridge.

I still want to promote free speech. My focus is shifted away from Tor and Im instead promoting the encrypt everything movement. The idea is that if more people use encryption for everyday communication such as email and IM messages, the encrypted traffic becomes the norm rather than sticking out like a big flag. Unfortunately, 20 years after Zimmerman posted his PGP code, its still not easy for the average user to implement strong encryption. Thats where Ill spend my effortin making things simpler.


Post Your Comment