I want to support the TOR network by running an exit node.
I previously tried to run one on linode but they shut me down.
Anyone else got recommendations for a good ISP that won't shut down an exit node?
The whole concept of centralized exit nodes is flawed. These days, you're only allowed to run one of you're working with law enforcement.
Anonymity networks aren't meant to bridge to clearweb. It defeats the purpose, funneling all your traffic through captured servers.
Use hidden services only. Use VPN or anonymous proxy for clearweb browsing.
reply
Do Bitcoin and LN nodes running over tor both use tor hidden services only? I'm not sure about the specifics on the comms protocol layer, I just figured they used exit nodes.
reply
In Tor, urls ending in .onion are hidden services, no exit nodes are used when sending/receiving packets with .onions
LN nodes can advertise a .onion Tor V3 address for peers to connect.
reply
Follow-up question: which types of TOR nodes are involved in the end-to-end .onion traffic between, say, Tor browser and a server hosting the .onion service?
reply
The browser runs a local proxy. The proxy sends a request through 3 hops (relays) before reaching the server running a .onion hidden service. The server's response goes backwards through those same 3 relays back to your browser.
Look into I2P, it's currently the #2 anonymity network and growing fast thanks to Tor reliability issues. In I2P, you must operate a relay/router in order to access the network. So it's more robust against DDoS since thousands of users aren't sharing a single relay.
You configure any browser to use your I2P router as a proxy (I2P daemon hosted on a separate computer ideally, or could run locally).
Requests are routed through 3 other routers before reaching the server hosting the .I2P site (eepSite). Then the server's response is sent back using 3 DIFFERENT routers. So, theoretically it's twice as secure as Tor since double the routing nodes would need to be compromised to de-anonymize a session. In practice, I2P probably isn't as anonymous because it has far fewer users and thus a smaller anonymity set. But this is starting to change. I2P also doesn't even support exit nodes, everything is a hidden service by default. There are ways to browse clearweb over I2P but it's more complex to set up yourself.
reply
Thanks!
reply
If you want to run an exit node you should seriously consider doing it through a company (you own or are employed at) or create a club/association/foundation.
Doing it as a natural person is miserable.
reply
I would recommend a VPS signed up with a nym and paid in bitcoin rather than using an ISP that is tied to your identity. Preferably one that is ok with running exit nodes
reply
I ran a middle relay in the US with Comcast and never had any issues, but never tried running an exit.
reply
Middle relays should work anywhere
reply
This would be nice to know but I seriously doubt there are any.
reply
I think you're right. The sense I got was that it's not up to the hosting provider. Linode were actually totally cool with me running one (I reached out to them ahead of time), however they got served a notice by some automated intrustion report system and just forwarded it to me. It was all very above board, but it still sucks that they made me shut it down since ISP data collection is at an all time high.
I did most of the things here https://blog.torproject.org/tips-running-exit-node/ Maybe I'll try again and do 100% of those things instead of 80% to see if that makes a difference.
reply
Interesting
reply
p.s. Looking at the metrics here I'd say that Exit nodes are most needed from a network stability perspective. http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/relayflags.html
reply