Support the Tor Network: Donate to Exit Node Providers

by mikeperry | October 10, 2011

The Tor network is run by volunteers, and for the most part is entirely independent of the software development effort led by The Tor Project, Inc. While The Tor Project, Inc is a 501(c)3 non-profit that is happy to take donations to create more and better software, up until recently there was no way for you to fund deployment of more relays to improve network capacity and performance, aside from running those relays yourself.

We're happy to announce that both Noisebridge and TorServers.net are now able to take donations directly for the purpose of running high capacity Tor exit nodes.

Noisebridge is a US 501(c)3 non-profit, which means that for US citizens, donations are tax deductible. Torservers.net is a German non-profit organization whose donations are tax deductible for German citizens (and also potentially for citizens of other EU member states).

What are the pluses and minuses of donating as opposed to running your own relay? Glad you asked!

While it is relatively easy and risk-free to run a middle relay or a bridge, running an exit can be tough. You have to seek out a friendly ISP, explain Tor to them, and then navigate a laundry list of Internet bureaucracies to ensure that when abuse happens, the burden of answering complaints falls upon you and not your ISP.

These barriers are all made easier the larger your budget is. On top of this, like most things, bandwidth is cheaper in bulk. But not just Costco cheaper: exponential-growth cheaper, all the way up into the gigabit range (and perhaps beyond, but no one has run a Tor node on anything faster).

At these scales, large exit nodes can pay as little as $1/mo per dedicated megabit/second. Sometimes less. This means that adding $30/mo to the hosting budget of a large exit node can buy almost 40 times more full-duplex dedicated bandwidth than a similarly priced business upgrade to your home ADSL line would buy, and about 50 times more bandwidth than Amazon EC2 instances at the entry-level price of $0.08 per half-duplex gigabyte, not counting CPU costs. (Bridge economics in terms of IP address space availability might still favor Amazon EC2, but that is a different discussion).

The downside to donation is that network centralization can lead to a more fragile and a more observable network. If these nodes fail, the network will definitely feel the performance loss. In terms of observability, fewer nodes also means that fewer points of surveillance are required to deanonymize users (though some argue that more users will make such surveillance less reliable, no one has yet rigorously quantified that result against actual attacks).

Therefore, if you are able to run a high capacity relay or exit yourself (or have access to cheap/free/unused bandwidth at your work/school), running your own relay is definitely preferred. If you are part of the Tor community and want to accept donations, we'd love to add you to our recommended donor list. Please join us on the tor-relays mailing list to discuss node configuration and setup.

However, if configuring and maintaining a high capacity relay is not for you, donating a portion of the monthly hosting budgets of either of these organizations is an excellent way to support anonymity, privacy, and censorship circumvention for very large numbers of people.

Comments

Please note that the comment area below has been archived.

October 10, 2011

Permalink

oops.geolocation ability is a real danger for privacy.please inform us if you can tell more detailed

October 10, 2011

Permalink

The need for this is symptomatic of a flawed policy towards Relays. The Tor Project evidently views all types of communications as equal, i.e., instant messaging = internet relay chat = web sites. The fact is different types of communications yield different types of content. The intellectual level of instant messaging is not much higher than a 10th grader in high school. In light of this reality, does instant messaging deserve the same priority as web sites? The point is by pushing Relays to offer all services the Tor Project is causing Relays to pull back and play it safe by offering only the dubious service of being a Non-Exit Relay.

October 11, 2011

Permalink

How about a central fund for exit node operators where all the related donations are collected?

After a period an exit node operator may claim his share which is a percentage of the fund calculated by the observed uptime and bandwidth of his exit node.
Unclaimed shares are going back into the fund after some time to be paid out in the following period to the exit node operators who claim their share.

This fund would be an incentive for everyone to operate an exit node, to provide more bandwidth and to upgrade the hardware.

There should be a public log of which nodes have never claimed an outpayment so that these can assert their non-commercial status.

October 11, 2011

Permalink

I see that Noisebridge is running a 0.2.3.x version of Tor. In their Twitter feed they explain that this it to help Iranians who cannot get Internet access. What's wrong with v0.2.2.33, the current stable version?

Is it really smart to run a development version of Tor on multiple high-speed relays?

October 11, 2011

Permalink

What does the Tor network need most at this point to improve anonymity and performance, more nodes or more bandwidth?

I understand that both are desirable, but which would be the most beneficial? Would one be better off creating a number of lower bandwidth nodes or a single high-bandwidth node?

We don't have a proper metric for comparing the anonymity of one Tor network topology to another, which we need in order to properly answer your question. Creating such a metric is actually an open research problem: https://blog.torproject.org/blog/research-problem-measuring-safety-tor-…

The best we can say right now is that it depends on the expenses and the node location distribution. When we're talking about the ability to provide 100X or even just 10X more bandwidth for the same cost, I think creating a single high-bandwidth node wins. The more people use Tor, the better everything will get: from larger anonymity sets to companies and websites taking our userbase seriously instead of just blocking us.

It also doesn't make a whole lot of sense to fire up a bunch of smaller nodes if they are all at the same ISP anyway. For them to really provide more anonymity than a single node, you want them to be at different points on the Internet topology.

October 11, 2011

Permalink

> The Tor Project evidently views all types of communications as equal...

I see your point, but there's no good answer to your point about relative "value" of data. Yeah, most IM is stupid. It is equally true that a huge number of IM or e-mail messages can be transferred for the "cost" of a single hi-res graphic. Does that suggest a punitive view of graphics traffic?

The only thing I feel confident about re Tor data traffic is that bittorrent is too much of a hog to let it dominate the network. If Tor latencies were much better I'd worry about streaming video even more.

October 11, 2011

Permalink

Hello. I downloaded Tor, or thought I did. I found it listed in DuckDuckGo. I can't get it to start. It wants an executable. I'm not a programmer. I'm just someone tired of google and facebook trash tracking me.

Is there a way to get help?

October 11, 2011

Permalink

On the surface this seems like a positive development, but like other posters, I'm quite skeptical of major (I think it's fair to so characterize this) changes in either Tor Project philosophical direction or Tor network environment. Just to play Devil's Advocate, is it not possible (or even likely) that a very high concentratioh of Tor exit nodes and/or traffic within a single net block (or contiguously-owned blocks) will attract a disproportionate amount of adversarial attention? Frankly, if I had to make a choice between a highly-anonymous service that could only deliver text and limited graphics at a reasonable speed, and a less-anonymous service that could let me view and upload/download streaming, high-fidelity media, I would choose the former service without hesitation. Peering variants still work for media access.

October 13, 2011

Permalink

How about setting a goal of convincing 25% or 50% of the current non-exit Relays to offer an exit for web sites only? At very low risk to the Relays and at no cost to the Tor Project, the speed of access for Tor users should increase considerably.

Ports 80 and 443 are unfortunately not 'very low risk'. People do all sorts of crazy stuff on the web, and other people are used to complaining about it.

October 16, 2011

In reply to arma

Permalink

Terabytes of data have gone through my Exit Relay and I have received one bland e-mail from my ISP. I suppose what constitutes "very low risk" is in the eye of the beholder. Believe it or not, flying is safer than driving.

October 19, 2011

Permalink

I am setting up a web site soon, with fully-featured forum, blog, etc. Is there an option from the groups above to support an exit-enclave for my soon-to-be-web site? Is that even possible and/or a smart thing to do?

I am still looking for a web site host, off-shore to the US is important, as is ease of setup. I was thinking about setting up a web site on the same ISP used by one of those non-profit exit node groups listed above. Would that make it possible from them to run an exit enclave?

I would also prefer to offer hidden service access to my web site, even though the web site is on the 'normal' Internet. Would the be an option from the groups above? Would that even be a smart or useful thing to do?

And of course, my web site and all content is legal and non-boutique in all but the most draconian 3rd world countries (and China ;)).

Thanks.

At a guess: This is probably not a good idea. The hidden service case doesn't help you very much beyond what the exit enclave provides, because it is possible to intersect your uptime with the public relay list (which takes several months, but does work eventually).

You might gain a lot of traffic analysis resistance due to traffic volumes for the exit enclave case, but in both cases, it seems too easy for either party to incur extra risk of equipment seizure. In my opinion, this factor alone makes it not worth explicitly associating the two entities.

However, the ISPs in use by high-capacity exit nodes are definitely great places to host. They obviously respect Internet freedom and are not likely to scare easy in the face of baseless legal threats.

Note that pairing with a high capacity middle relay for your enclave should not change either party's risk profile, as far as I know. So that remains as another option.