[tor] [CHP] FBI/SS internet traffic checklist from NB

Andy Isaacson adi at hexapodia.org
Sat Mar 16 20:36:14 UTC 2013 

On Sat, Mar 16, 2013 at 03:58:27PM -0400, judas wrote:
> On 03/16/2013 03:49 PM, Craig wrote:
> >Who are the technical contacts?  As in, what qualifications does
> >one need to fit this role?
> 
> I have no real idea. I think they are NoiseTOR peeps, which as best
> I understand it requires a three step process. First there is the
> secret sub-basement training facility at MIT where initiates must
> spend 1 year without light and aren't allowed out until they can
> come up with a new discovery in prime number theory. Next they are
> taken to a monastery in Tibet and meditate in the snow, covered only
> in a wet sheet until they can actually see packets flowing through
> the air and route them with nothing but the power of their mind. And
> finally they have to spend a week solid drinking from opening till
> closing at the Sycamore bar without losing their ability to type
> code at 80+ wpm.

Yeah, that's all pretty accurate.  Who violated the sanctity of our
secret initiation processes?!

> But I could be wrong. However, Andy Issacson, who is one of the

Isaacson, pls.  One s, two a, one c, one son.

> technical contacts in question and I believe was involved in writing
> the original document is cc'ed on this and might actually be able to
> clear up any minor discrepancies in my description.

Yes I wrote most of the Noisebridge_Tor/FBI wiki page, based on reading
the torproject.org and EFF legal guides and talking to other Tor node
operators.

Our technical contacts are a few volunteers who know enough of the
technical details and have social skills sufficient to explain the
technology to an interested outsider such as an investigating officer.
We all contributed to setting up the colo server that is currently
noisetor's one exit node.

Basically being a technical contact means you should have successfully
done some significant subset of the following:

 - registered a domain and configured your own DNS for it
 - configured Apache or similar with vhosts
 - debugged an IP routing problem including figuring out proper netmasks
 - given an IP of a server, figured out what ISP it's hosted with and in
   what city, using traceroute and whois or similar.
 - described Tor to a layman with another expert Tor user present and
   not had the expert cry "foul" on your description.
 - run a non-exit Tor node with at least 1Mbps bandwidth for at least 6
   months, reliably.

If that all sounds like greek, you're probably not qualified to act as
technical contact.  You don't have to get 100% of the above, but it's
the general area of interest.

Someone on your team needs to have experience securing network-facing
Linux machines; and someone needs to have experience tuning
high-performance network applications.  Preferably there should be at
least two people with each skill so there's no SPOF.

You'll want to be up-front with your ISP about your plans, and make sure
they can SWIP the IP range to your organization, or similar, to ensure
the inevitable automated abuse complaints don't flood their helpdesk as
much.  It may be helpful to find an ISP that has executive buy-in to the
idea of helping Internet freedom; if your first contact is emailing
their sales@ asking for quotes for a Tor exit node you're more likely to
get incomprehension and/or denied.

It's also helpful to clearly delimit the Tor node organization from the
hackerspace organization so your secretary@<hackerspace>.org address
doesn't get spammed with automated complaints.  That's why we operate in
noisetor.net rather than tor.noisebridge.net.

We get a few mails a quarter (perhaps one a month) from actual humans
whose accounts were illicitly accessed over Tor.  We try to respond to
those in a more compassionate way than we respond to the robots
complaining that our computer is accessing their webserver.

Your new exit node will likely require a fair bit of kernel tuning to
maximise throughput.  We use munin to watch the health of our server.
One early high-throughput Tor node I helped configure was set up with an
RTL GigE card which turned out to suck (system CPU% through the roof at
just 150 Mbps); Intel and Broadcom NICs seem to work better.

Hope that helps, and feel free to join our tor@ mailing list and ask
further questions.  Also the tor-relays at lists.torproject.org list is a
great place to hang out.

-andy

> >On Sat, Mar 16, 2013 at 3:44 PM, judas <rangerjudas at gmail.com
> ><mailto:rangerjudas at gmail.com>> wrote:
> >    A couple of people said they would be interested in having a copy
> >    of the checklist that NB keeps by the door in case the SS/FBI
> >    drops around annoyed about our internet traffic.
> >
> >    It's pretty rudimentary, but due to the nature of our space we
> >    have a lot of people who might be near the door in our space who
> >    aren't really clueful and it isn't uncommon for there to be no
> >    members/individuals with time in the community in the space at any
> >    given time.
> >
> >    https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI
> >
> >    j

More information about the tor mailing list