Menu
Mozilla puts old hardware to new use, runs Tor relays

Mozilla puts old hardware to new use, runs Tor relays

The organization opted for running middle relays, although exit relays would have probably helped the anonymity network more

Mozilla has dusted off some decommissioned servers and networking gear and used them to set up high-speed relays on the Tor anonymity network.

The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.

One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.

The organization also said at the time that it will host its own "high-capacity Tor middle relays to make Tor's network more responsive and allow Tor to serve more users."

On Wednesday, Mozilla announced that its prototype Tor relays are up and running on three HP ProLiant SL170z G6 servers connected to a pair of Juniper EX4200 switches that benefit from two 10Gbps uplinks through one of the organization's transit providers.

"The current design is fully redundant," Mozilla network engineer Arzhel Younsi said in a blog post that contains more details about the project. "This allows us to complete maintenance or have node failure without impacting 100% of traffic. The worst case scenario is a 50% loss of capacity."

The relays currently run outside of Mozilla's production infrastructure, but the organization's security team helped lock them down with strict firewall filtering, operating system hardening, automatic updates, network device management and more.

"We've also implemented a periodic security check to be run on these systems," Younsi said. "All of them are scanned from inside for security updates and outside for opened ports."

The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.

Middle relays are responsible for passing data within the Tor network. Over time, middle relays can automatically become entry guard nodes as they build trust according to a network consensus algorithm -- in fact one of Mozilla's middle relays has already become an entry guard. Entry guards serve as the first links between users and the Tor network.

At the other end are exit relays, which act as the last hops in the network and whose purpose is to send the traffic back on the Internet. A site that receives a request from a Tor user will see the request originating from the Internet Protocol (IP) address of a Tor exit relay, not the real IP address of the user.

Exit relays are very valuable for the Tor network, but they're also small in number because people running them expose themselves to abuse complaints and legal risks. It's their IP address that shows up in other people's logs in case of malicious activity routed through Tor.

Tor is a great privacy tool and is very useful to users in countries that censor the Internet or where political and human rights activism can land people in jail. However, it's also used by criminals to hide their location and evade law enforcement.

U.S. Assistant Attorney General Leslie Caldwell reportedly said at a conference this week that 80 percent of Tor traffic is related to child pornography, citing a University of Portsmouth study. That estimation is wrong, Wired reported, because the study was about traffic to Tor hidden services, websites that are only accessible within the Tor network, not all traffic routed through Tor.

Most people use Tor to hide their IP address when visiting regular Internet sites, not to access Tor hidden services. According to the Tor Project, the traffic to Tor hidden services accounts for around 1.5 percent of the overall traffic that goes through Tor.

Like Caldwell, many law enforcement leaders complain that widespread adoption of encryption technologies by Internet companies and device manufacturers makes it much harder for their agencies to do their jobs. They call this the Going Dark problem.

But, there's no denying that some Tor traffic is malicious. There are documented botnets and ransomware programs that use Tor to hide the real location of their command-and-control servers.

By running middle and not exit relays, Mozilla is avoiding potential illegal activities by Tor users tracing back to its IP addresses and the legal issues that might arise from that. But the Tor network most likely needs additional exit nodes more than middle ones.

Mozilla did not immediately respond to a request for comment.

Increasing middle capacity will improve the traffic flow inside the Tor network -- including to those illegal sites that operate as Tor hidden services -- but also has other benefits. By having trusted, high-capacity middle relays the network can better defend itself against traffic confirmation and other types of attacks aimed at deanonymizing users.

"Depending on the results of the POC [proof-of-concept], we may move the nodes to a managed part of our infrastructure," Younsi said. "As long as their private keys stay the same, their reputation will follow them wherever they go, no more ramp up period."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacymozillaonline safetyTOR Project

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments