In condintiuation of the conversation at http://talk.dallasmakerspace.org/t/possible-civic-hacking-projects
I am proposing the following for a TOR Node to be hosted at the DMS and maintained by @denzuko
Overview
The main usage use the tor node for is as a private networking proxy and exit node. While not having to open up a server, cots routers or other devices the internet or network for any inbound service. This is achieved by binding services to loopback and only have those on the tor network while blocking all inbound traffic and allowing only traffic outbound.
I’m only willing to promote and educate users about TOR and resulting TOR nodes for what it is, a routing protocol and tunnelling for legitimate usage in the same context as ngrok or localtunnel.me would be used.
A EULA will be present in the configuration and presented to users whom connect that indemnifies dallas makerspace (“dms”) from the operations of the device and would borrow from SDF.org’s EULA( which has been in operations since 83 with the same EULA):
“Illegal activities which include, but are not limited to, e-mail spamming,
port flooding, unauthorized port scanning, denial of service, unauthorized
encryption cracking, unauthorized storing and distribution of
copyrighted data and unauthorized connections to remote hosts
are not allowed.”
The end EULA will be writing and presented to members prior to access to the node.
Operations:
maintainer: Dwight A. Spencer (@denzuko) [email protected]
Power usage: 43.95 kWh per year
Expected Traffic: need to crunch numbers on actual usage. However on my ovh server I’m averaging around 5-6kpbs up and down with a few minor peaks into 14kps that last for a few seconds.
Monitoring:
Monitoring will be performed by tools provided by @denzuko
Governance proposal
Noc and operations will be handled by Dwight A. Spencer. Any issues arised from operations shall be forward to a provided issue tracker hosted by github and/or emailed to [email protected]. From which will be addressed by priority.
| Priority| Scenario |point of contact |
|=====|=======|===========|
| 1 | Server Outage | email to be sent with the subject “outage” and sent to:[email protected] |
| 1 | ISP issue | issue tracker, immediate investigation and RCA preformed by dwight a. spencer followed up with traffic analysis and direct reporting to ISP’s noc and appropriate authorities |
| 2 | Theft of device | in the instance of the raspberry pi growing legs, a report will be filed by Dwight A. Spencer to [email protected] and device replacement will take between 30 to 90 days. |
| 3 | Connection errors | issue tracker with support ran by community forums and direct response by Dwight A. spencer |
| 3 | other | issue tracker with direct response by Dwight A. Spencer |
Commitee
No new committees will be formed in managing of the tor node or related hardware (raspberry pi provided on loan by dwight a spencer). However a proper usage course will be available to all members and non-members on a monthly basis with the schedule to be determin. Members are also free to contact Dwight A. Spencer at any time to he is available at the space or over PM via Talk to arrange a “crash course” class.
Class Outline
10min: Online “Netiquette” overview
10min: Internet IP overview (ie don’t copy that floppy and why its bad)
15min: Acceptable Usage Coverage and EULA signing
Services
Traffic allowed across the node will be configured to only allow tcp ports 22, 80, 443, and a few of the ports only need by tor itself to operate. Thus blocking bittorrent or other networking hogging services. A socks proxy service will not be accessible at any time and only tor relay traffic will be allowed connectivity two and from the device while 22/tcp will be bound to loopback and a hidden service ran on the device for administrative usage only.
Notice
Any planned service notices or maintenance shall be posted up on Talk and via social media (@denzuko on twitter) 24 to 48 hours prior to the scheduled event.
Appendium
I might have missed a few things so this is considered a draft proposal at this time.
I will be at the space to host FreeCodeCamp (up on the calendar); so anyone wishing to talk to me in person may do so after or before that meeting otherwise I can be reached here on talk(thread/pm) or by social media(@denzuko).