Possible Civic Hacking projects?

Hackerspace Civic Hacking
#1

Hey, it’s been a while since I’ve made it to one of the civic hacking meetings but I was thinking about it the other day and wondered if anyone had proposed or discussed either of these ideas as potential projects:

  1. Setting up a TOR exit node.

  2. Setting up a bitcoin full node (not a miner, though I do still have some 10 GH/s hardware I’d donate if anyone wants to work on a solar-powered bitcoin mining project). A bitcoin node is just a server run by volunteers that helps make the bitcoin network go.

-Steve

#2

Bitcoin mining no longer requires even a whole computer:

http://www.amazon.com/ASICMiner-Block-Erupter-USB-Sapphire/dp/B00CUJT7TO

You can basically run a ron of these on a powered USB hub for much less money (and power) than even a bunch of Raspberry Pis.

#3

Ha, yeah, the days of doing bitcoin mining on a computer are long gone. If you don’t do it with dedicated hardware, you’ll never break even. :slight_smile: But you’ll need a lot more than 330MH/s to make money, that’s why I retired the 10GH/s miner, it was just too slow. You can pick up an Antminer S1 (about 200GH/s) for under a $100 these days. But, anyway, more interested in setting up a node than a miner with respect to a potential civic hacking project.

1 Like
#4

A full node helps the network but it’s just a cost to whoever hosts it no?

1 Like
#5

I’m just gonna go ahead and say I’d strongly prefer #1 not happen at DMS. I know we’d be protected under the Safe Harbors provision, but that doesn’t stop lawyers from being assholes and costing us money.

4 Likes
#6

I’d like to see the TOR project completed, but only for use as a data
mining node. So yeah, don’t do that. And as stated, lawyers bad.

Sincerely,
Tim Nielsen

#7

Do we have any members who are in the legal profession that might find defending us educational? :innocent:

#8

That’s correct, pretty much like all civic hacking projects. :slight_smile:

#9

Wow, some hackers we are. :slight_smile: If we’re not up to the task of running a TOR exit node ourselves, perhaps we could assist some other local organization. There’s currently an initiative to set up TOR exit nodes at public libraries. The theory is that libraries are used to fighting censorship, standing up for privacy rights, etc already, so are ideal locations. The DHS harassed the first library a bit but nothing serious (no legal costs at all). I understand a second library is coming on line shortly. None in Texas yet though. Maybe the Dallas Library could be the first one in our state, with a little help from us.

1 Like
#10

I am not a greatly knowledgeable on TOR, but what little I know makes me wonder what would our organization by liable for just for passing along information???

Do the ISPs and cable/fiber companies get in trouble for what their users/subscribers download/upload using their networks?

Seems to me the only thing to worry about is the bandwidth taken up by passing the data along, but I am sure there are settings to limit maximum bandwidth etc.

Then the next question might be if OUR Internet provider would take notice or frown upon us relaying data as a TOR exit node.

#11

All excellent questions.

This may help…

The FBI seems to understand what an exit node is…

We would not know what passes through the node, where it originated, or where it is destined.

Were I on a jury considering such a situation I would most certainly not consider the node operator liable. Especially given this…

No. https://www.google.com/search?q=dmca+safe+harbor

If ISP’s are given safe harbor then Tor operators should also have safe harbor (and may legally have it).

I suspect that would violate both our agreement and federal law.

It also raises the very serious question of how the provider would know it was a Tor node. If they can tell there is a Tor node in play they are very likely probing the makerspace data in a way that is at least unethical and at most illegal.

#12

On the topic of ISP’s frowning on TOR exit nodes, they normally have a set model of what an average user looks like (i.e. typical facebooker and general web surfer) and if thier traffic seems to spike namely around known ports and protocols for proxies, p2p, or other “hacker” related traffic then they would interject that subscriber’s traffic over to a monitored subnetwork where they would then do deep packet inspection to quantify they type of data, not the data itself, that is being sent across their network.

Typically this all happens transparently and only dhcp subscribers would notice their IP address change and a slight speed reduction. While the ISP would not take much effort on their part to prevent one’s useage of thier network for Tor, proxies, or p2p networks. They would have the evidence to state which subscriber it came from. Legally this is them covering their own arse from liability and if they receive any dmca they can forward it directly to the subscriber.

The other legal end is that we (Dallas Makerspace, DMS) are a non-profit operating with an open wifi network and there for have little control over what our guests use on the network we are providing. Thus leaving DMS under the same DMCA safe harbor.

I can’t speak for the Infrastructure committee and ask that a member of said committee clarify on this one, however I do believe that DMS does have a business class subscription with our ISP and therefor do not have much to worry in relation on to what is hosted as residential subscribers are the ones usually scrutinized the most while business subscribers are typically expected to utilize things like proxies, vpns, and other services that the average web surfing user does not even understand.

TL:DR: DMS is fine hosting their own tor node (I’ve seen several spaces all over the states do it and even Z1N had several) so long as its members are not using it for nefarious means.

Also, I’ll be glad to take ownership over the managing node and set that up the next time I’m at the space for the FreeCodeCamp meetup. I’ll also be glad to connect it into the MuniWifi project I’ve been working on.

2 Likes
#13

A few questions come to mind about hosting the node:

  • Where would it be stored?
  • How would it be connected to the network?
  • How would we handle issue? (on this one I suspect creating a github project page and issue tracker would work)
  • Would there be any commitees needing to be involved?
  • What would be done to secure the physical device from wondering off to start a new life as a 3d printer?

The node itself would be ran on a raspberry pi so that would need to be taken into consideration. But I would love to hear your guys thoughts?

#14

The main issue with running a Tor exit node is the fact that you’ll get hit with abuse complaints, a lot. I don’t have an issue running a non-exit or bridge node though, as they contribute to the network with a much lower risk profile.

2 Likes
#15

I don’t like the idea of running a Tor Node at all.

DMS is not in the business of Civil Liberty and or Child Porn.

1 Like
#16

Please don’t do this. See the bit about home TOR exit relay hosting. While we are not “home” we face the same issues as someone hosting a TOR exit relay at home.

https://www.torproject.org/eff/tor-legal-faq.html.en

Should I run an exit relay from my home?
No. If law enforcement becomes interested in traffic from your exit relay, it’s possible that officers will seize your computer. For that reason, it’s best not to run your exit relay in your home or using your home Internet connection.

They recommend hosting TOR exit relays at co-location centers known to be TOR friendly.

2 Likes
#17

Is DMS still using Verizon FIOS? The ISP rating list on the TOR site rates Verizon as a bad ISP that’s TOR-unfriendly. Apparently Verizon bans any server-type use of their FIOS service including even IRC. So a bridge/middleman node, as Andrew suggested, may be the path of least resistance. It still benefits the community while not risking our ISP service. I’ll check around and see if any of our local libraries are up to hosting an exit node.

Here’s the quote:

Verizon FiOS officially does not allow any incoming traffic, they reserve the right to disconnect you at any time for violation of this policy. Users have run middleman nodes without any incidents from VZ. Exit nodes with abuse problems have resulted in legal threats and disconnection threats, but no disconnection as of yet.

https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

1 Like
#18

FWIW, I would GUESS that breakdown actually refers to personal vs business FIOS etc.

1 Like
#19

Who is going to maintain this node, and how much would it cost us in power, network resources (bandwidth), etc?

#20

Overview

To be clear, I’m not one for copyright infringement, CP, or any of the other darker parts of the “darknet”. The main usage I use tor for is as a private networking proxy and not having to leave my server, cots routers or others open to the internet or network at that since on can bind services to loopback and only have those on the tor network.

I’m only willing to promote TOR and resulting TOR nodes for what it is, a routing protocol and tunnelling for legitimate usage in the same context as ngrok or localtunnel.me would be used.

A EULA will be present in the configuration and presented to users whom connect that indemnifies dallas makerspace (“dms”) from the operations of the device and would borrow from SDF.org’s EULA which has been in operations since 83 with the same EULA:

“Illegal activities which include, but are not limited to, e-mail spamming,
port flooding, unauthorized port scanning, denial of service, unauthorized
encryption cracking, unauthorized storing and distribution of
copyrighted data and unauthorized connections to remote hosts
are not allowed.”

Operations:

maintainer: Dwight A. Spencer (denzuko)

Power usage: 43.95 kWh per year

Expected Traffic: need to crunch numbers on actual usage. However on my ovh server I’m averaging around 5-6kpbs up and down with a few minor peaks into 14kps that last for seconds.

Monitoring:

Monitoring will be preformed by tools provided by Dwight A. Spencer

Governance proposal

Noc and operations will be handled by Dwight A. Spencer. Any issues arised from operations shall be forward to a provided issue tracker hosted by github and/or emailed to [email protected]. From which will be addressed by priority.

| Priority| Scenario |point of contact |
|=====|=======|===========|
| 1 | Server Outage | email to be sent with the subject “outage” and sent to:[email protected] |
| 1 | ISP issue | issue tracker, immediate investigation and RCA preformed by dwight a. spencer followed up with traffic analysis and direct reporting to ISP’s noc and appropriate authorities |
| 2 | Theft of device | in the instance of the raspberry pi growing legs, a report will be filed by Dwight A. Spencer to [email protected] and device replacement will take between 30 to 90 days. |
| 3 | Connection errors | issue tracker with support ran by community forums and direct response by Dwight A. spencer |
| 3 | other | issue tracker with direct response by Dwight A. Spencer |

Commitee
No new committees will be formed in managing of the tor node or related hardware (raspberry pi provided on loan by dwight a spencer). However a proper usage course will be available to all members and non-members on a monthly basis with the schedule to be determin. Members are also free to contact Dwight A. Spencer at any time to he is available at the space or over PM via Talk to arrange a “crash course” class.

Class Outline
10min: Online “Netiquette” overview
10min: Internet IP overview (ie don’t copy that floppy and why its bad)
15min: Acceptable Usage Coverage and EULA signing

Services
Traffic allowed across the node will be configured to only allow tcp ports 22, 80, 443, and a few of the ports only need by tor itself to operate. Thus blocking bittorrent or other networking hogging services. A socks proxy service will not be accessible at any time and only tor relay traffic will be allowed connectivity two and from the device while 22/tcp will be bound to loopback and a hidden service ran on the device for administrative usage only.

Notice
Any planned service notices or maintenance shall be posted up on Talk and via social media (@denzuko on twitter) 24 to 48 hours prior to the scheduled event.

Appendium
I might have missed a few things so this is considered a draft proposal at this time. I will be at the space for FreeCodeCamp so anyone wishing to talk to me in person may do so after or before that meeting.

I have also created a thread(TOR Node hosted at DMS) to continue the talk about the tor node and keep this thread on topic.

1 Like