TOR Node hosted at DMS

In condintiuation of the conversation at http://talk.dallasmakerspace.org/t/possible-civic-hacking-projects

I am proposing the following for a TOR Node to be hosted at the DMS and maintained by @denzuko

Overview
The main usage use the tor node for is as a private networking proxy and exit node. While not having to open up a server, cots routers or other devices the internet or network for any inbound service. This is achieved by binding services to loopback and only have those on the tor network while blocking all inbound traffic and allowing only traffic outbound.

I’m only willing to promote and educate users about TOR and resulting TOR nodes for what it is, a routing protocol and tunnelling for legitimate usage in the same context as ngrok or localtunnel.me would be used.

A EULA will be present in the configuration and presented to users whom connect that indemnifies dallas makerspace (“dms”) from the operations of the device and would borrow from SDF.org’s EULA( which has been in operations since 83 with the same EULA):

“Illegal activities which include, but are not limited to, e-mail spamming,
port flooding, unauthorized port scanning, denial of service, unauthorized
encryption cracking, unauthorized storing and distribution of
copyrighted data and unauthorized connections to remote hosts
are not allowed.”

The end EULA will be writing and presented to members prior to access to the node.

Operations:

maintainer: Dwight A. Spencer (@denzuko) [email protected]

Power usage: 43.95 kWh per year

Expected Traffic: need to crunch numbers on actual usage. However on my ovh server I’m averaging around 5-6kpbs up and down with a few minor peaks into 14kps that last for a few seconds.

Monitoring:

Monitoring will be performed by tools provided by @denzuko

Governance proposal

Noc and operations will be handled by Dwight A. Spencer. Any issues arised from operations shall be forward to a provided issue tracker hosted by github and/or emailed to [email protected]. From which will be addressed by priority.

| Priority| Scenario |point of contact |
|=====|=======|===========|
| 1 | Server Outage | email to be sent with the subject “outage” and sent to:[email protected] |
| 1 | ISP issue | issue tracker, immediate investigation and RCA preformed by dwight a. spencer followed up with traffic analysis and direct reporting to ISP’s noc and appropriate authorities |
| 2 | Theft of device | in the instance of the raspberry pi growing legs, a report will be filed by Dwight A. Spencer to [email protected] and device replacement will take between 30 to 90 days. |
| 3 | Connection errors | issue tracker with support ran by community forums and direct response by Dwight A. spencer |
| 3 | other | issue tracker with direct response by Dwight A. Spencer |

Commitee
No new committees will be formed in managing of the tor node or related hardware (raspberry pi provided on loan by dwight a spencer). However a proper usage course will be available to all members and non-members on a monthly basis with the schedule to be determin. Members are also free to contact Dwight A. Spencer at any time to he is available at the space or over PM via Talk to arrange a “crash course” class.

Class Outline
10min: Online “Netiquette” overview
10min: Internet IP overview (ie don’t copy that floppy and why its bad)
15min: Acceptable Usage Coverage and EULA signing

Services
Traffic allowed across the node will be configured to only allow tcp ports 22, 80, 443, and a few of the ports only need by tor itself to operate. Thus blocking bittorrent or other networking hogging services. A socks proxy service will not be accessible at any time and only tor relay traffic will be allowed connectivity two and from the device while 22/tcp will be bound to loopback and a hidden service ran on the device for administrative usage only.

Notice
Any planned service notices or maintenance shall be posted up on Talk and via social media (@denzuko on twitter) 24 to 48 hours prior to the scheduled event.

Appendium
I might have missed a few things so this is considered a draft proposal at this time.

I will be at the space to host FreeCodeCamp (up on the calendar); so anyone wishing to talk to me in person may do so after or before that meeting otherwise I can be reached here on talk(thread/pm) or by social media(@denzuko).

Infrastructure only allows rack-mountable equipment in the Server Room (with the exception being the file server, which we are working on funding to move it to a racked enclosure), so this cannot be hosted in the Server Room.

How about a rack-mounted Raspberry Pi?

I do find it hilarious that this whole panel only holds one pi…

http://store.earthlcd.com/pi-RAQ

good to know, I might be able to provide a 1u rack to mount the raspberry pi in.

My thoughts exactly.

but I’m thinking of customizing one to hold four to six boards in one go. and the resulting powered usb hub too.

What’s the benefit of running it from the space if it doesn’t use any bandwidth?

My limited knowledge of the says if we are a node we can’t say no to stuff because its anonymously sent. So basically the risk is all on us if someone decides to do bad things on the internet.

I have to say “no” to this on behalf of Infrastructure.
If you disagree, please add an agenda item to a membership meeting or board meeting.

One benefit I can see is partnering with the infrastructure team to provide hidden services for member tools.

For example:

• 3d printer web tool for left1 has a hidden service of dms3dlabslefty1.tor
• Main wiki has a hidden service of dmshiddenwiki.tor

Since Tor is just a distributed version of ngrok so whatever we could provide could be put on the onion net as a sort of “vpn” for members while not having to invest into a vpn infrastructure.

Another benefit is the course that will be provided which covers a basic view of internet Intellectual Property law, #netneutrality, and proper Netiquette. Which a lot of of online users do know understand to the point of causing issues online or being taken advantage of. I could also cover a few things about spam or other topics along these lines but the topics in the course are a little dry as it is for most people interested in using TOR or the net.

On the legal end of things, one can limit the type of traffic being sent across when correctly configured (ie only ports 80/tcp and 443/tcp). Thus eliminating a lot of the abuse on any node I’ve ran in the past. But there is also the part of DMS being a DMCA safe harbor since we cannot verify the source or destination of the traffic any more so than a open wifi hotspot or ISP could.

Now, If we’re providing a entry point (ie socks proxy) then that becomes an issue if openly available and the proposal clearly outlines that service will not be allowed from the tor node.Nor would there be an exit relay from the node(s) provided thus eliminating any further liability on DMS’s part

Just to be clear; no to the rack mount node or to the node as a whole?

Also, under what grounds?

Recycle! Find an old/donor shelf rack mount router/switch. Gut it and put your build in it.

There was tons of angled steel in the Metelshop that I was thinking of processing down into something that’s useable and safe.

I’m saying “no” to the node as a whole - I see absolutely no benefit to the space.
We already have a way for members to access the network from home (JUMP server). Accessing some services via hidden node isn’t a compelling use-case (especially, again, since they can remote into the JUMP server).

There’s no reason you need a live Tor node to teach a class on IP law, net neutrality, nor netiquette. I’m 100% in favor of having these classes, but a Tor node is completely irrelevant to them.

We can further discuss details and whatnot in the Infrastructure meeting on Monday.

Good reasons!

I myself would love to see the same class offered but do not see what benefit would draw in attendees. Usage of the tor node would of been one in my option.

Been meaning to meet up with the infrastructure commit anyways so I’ll be there monday.

Can someone explain what useful things I could potentially do with a TOR node? I’m up for taking the class but I’m not following much of what you’re saying.

Let me Google that for you…

I would like to hear some good reasons at this point too.