Menu
Mozilla puts old hardware to new use, runs Tor relays

Mozilla puts old hardware to new use, runs Tor relays

The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more

Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.

The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.

One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.

The organization also said at the time that it will host its own "high-capacity Tor middle relays to make Tor's network more responsive and allow Tor to serve more users."

On Wednesday, Mozilla announced that its prototype Tor relays are up and running on three HP ProLiant SL170z G6 servers connected to a pair of Juniper EX4200 switches that benefit from two 10Gbps uplinks through one of the organization's transit providers.

"The current design is fully redundant," Mozilla network engineer Arzhel Younsi said in a blog post that contains more details about the project. "This allows us to complete maintenance or have node failure without impacting 100% of traffic. The worst case scenario is a 50% loss of capacity."

The relays currently run outside of Mozilla's production infrastructure, but the organization's security team helped lock them down with strict firewall filtering, operating system hardening, automatic updates, network device management and more.

"We've also implemented a periodic security check to be run on these systems," Younsi said. "All of them are scanned from inside for security updates and outside for opened ports."

The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.

Middle relays are responsible for passing data within the Tor network. Over time, middle relays can automatically become entry guard nodes as they build trust according to a network consensus algorithm -- in fact one of Mozilla's middle relays has already become an entry guard. Entry guards serve as the first links between users and the Tor network.

At the other end are exit relays, which act as the last hops in the network and whose purpose is to send the traffic back on the Internet. A site that receives a request from a Tor user will see the request originating from the Internet Protocol (IP) address of a Tor exit relay, not the real IP address of the user.

Exit relays are very valuable for the Tor network, but they're also small in number because people running them expose themselves to abuse complaints and legal risks. It's their IP address that shows up in other people's logs in case of malicious activity routed through Tor.

Tor is a great privacy tool and is very useful to users in countries that censor the Internet or where political and human rights activism can land people in jail. However, it's also used by criminals to hide their location and evade law enforcement.

U.S. Assistant Attorney General Leslie Caldwell reportedly said at a conference this week that 80 percent of Tor traffic is related to child pornography, citing a University of Portsmouth study. That estimation is wrong, Wired reported, because the study was about traffic to Tor hidden services, websites that are only accessible within the Tor network, not all traffic routed through Tor.

Most people use Tor to hide their IP address when visiting regular Internet sites, not to access Tor hidden services. According to the Tor Project, the traffic to Tor hidden services accounts for around 1.5 percent of the overall traffic that goes through Tor.

Like Caldwell, many law enforcement leaders complain that widespread adoption of encryption technologies by Internet companies and device manufacturers makes it much harder for their agencies to do their jobs. They call this the Going Dark problem.

But, there's no denying that some Tor traffic is malicious. There are documented botnets and ransomware programs that use Tor to hide the real location of their command-and-control servers.

By running middle and not exit relays, Mozilla is avoiding potential illegal activities by Tor users tracing back to its IP addresses and the legal issues that might arise from that. But the Tor network most likely needs additional exit nodes more than middle ones.

Mozilla did not immediately respond to a request for comment.

Increasing middle capacity will improve the traffic flow inside the Tor network -- including to those illegal sites that operate as Tor hidden services -- but also has other benefits. By having trusted, high-capacity middle relays the network can better defend itself against traffic confirmation and other types of attacks aimed at deanonymizing users.

"Depending on the results of the POC [proof-of-concept], we may move the nodes to a managed part of our infrastructure," Younsi said. "As long as their private keys stay the same, their reputation will follow them wherever they go, no more ramp up period."


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags online safetysecurityTOR Projectencryptionprivacymozilla

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments