Mastodawn

# Evolving Our Tor Relay Security Architecture

https://blog.emeraldonion.org/evolving-our-tor-relay-security-architecture

A new blog post where @alexhaydock goes into some detail showcasing our minimalistic @alpinelinux Tor relays architecture, a threat model, and including a link to our now-public open source "Emerald Relays" orchestration framework.

The past 6 months have proven its success, and now we look forward to phase 2 (read the post!), which we need your help in funding. Emerald Onion is a U.S. 501(c)(3) tax-deductible nonprofit, so please consider donating before 31 December! https://emeraldonion.org/donate/

#Tor #TorOps #Privacy #AntiCensorship #Anonymity #Ansible #Proxmox #Terraform #AMD #Epyc #SEVSNP #NonProfit #GivingTuesday

Evolving Our Tor Relay Security Architecture

Fundraiser Emerald Onion needs your help! We are a U.S. tax-deductible 501\(c\)(3), and we are fundraising for new server hardware that s...

Emerald Onion

AS 396507 Oct 12

our disobey.net WebTunnel bridge has been updated to tor v0.4.8.19

and our obfs4 bridge has been updated to tor v0.4.8.19

#tor #webtunnel #anticensorship #privacy #anonymity #torops

Show thread

AS 396507 Aug 18

Our lead relay engineer @alexhaydock has increased our stateless #Tor exit relay deployment to 96! (+1 because of the new #RISCV bare-metal node, +1 other we redeployed due to a silly spelling error). We're stress testing our three AMD Epyc 7402P servers that use #Proxmox.

Each one of the 96 Tor exit nodes are diskless Unified Kernel Images, 56MB in total size, using @alpinelinux's alpine-make-rootfs with an absolutely bare minimum number of packages. We'll be publishing more about our new architecture and configuration soon.

#AlpineLinux #privacy #anonymity #AntiCensorship #AccessToInformation #TorOps #TorOperators

Show thread

AS 396507 Jun 23, 2025

8 days in and already up to 2.14 Gbps advertised bandwidth!

https://metrics.torproject.org/rs.html#search/as:396507

#tor #privacy #anonymity #torops #toroperators

Show thread

Spoon Jun 16, 2025

This question was not addressed on the AMA, in the end.

I'd still like to know the operators' answer, if they'd like to respond on here. #TorOps

Tor Relay Operator AMA Jun 14, 2025

Thanks to everyone who joined our Tor Operator AMA on Reddit and Mastodon! Your questions helped highlight the challenges and rewards of running Tor relays, but also highlighted the importance of Tor relays for online privacy.

The Tor network thrives on its community of operators. If you're thinking of running a relay, join the operators channel on Matrix/IRC, mailing list, or forums. We're there to help you get started!

#Tor #TorOps #TorRelays #Anonymity #Privacy #Censorship #AskMeAnything

Spoon Jun 13, 2025

Can you say more about any steps you take to secure your colocated hardware, including prevention, detection, and remediation? Do you use cameras, special server chassis, etc.? (No details of course: learning what you think is necessary, based on your experience as operators, is useful).

Relatedly, how much do you worry about supply chain attacks and related issues? Would you use Supermicro servers? Juniper switches? Do you worry about disabling ME, etc.?

#TorOps

Nothing to hide Jun 13, 2025

@tok33 @tor_ama

About data center level surveillance:

Yes very much! We assume most big cloud providers and networks log and share their netflow data. Also it's trivial for a VPS or container provider to listen in on or manipulate the traffic, memory, processes, encryption keys and pretty much anything else.

So we tend to be pretty selective as to which datacenters we use. And we only use our own hardware.

#TorOps

Nothing to hide Jun 13, 2025

@tok33 @tor_ama

About KAX17:

We think it's okay to ban adversaries from the Tor network, if there is enough evidence to support such a claim. In this case (with some great documentation by @nusenu !) it was established KAX17 was a malicious operator on the network.

But to be honest, I wasn't impressed by KAX17's OPSEC. They made many mistakes leading to them being caught. Imo anyone properly educated/motivated/funded could get away with similar practices, while being undetected.

#TorOpS

Nothing to hide Jun 13, 2025

@tok33 @tor_ama

About fan mail:

What is often? We get fan mail by government agencies and judicial authorities about once per week on average. And sometimes we get called or invited for a videoconference by a government agency. But the latter is rare.

Generally most government agencies are fairly understanding, both in the technical and non-technical sense.

Judicial authorities often don't understand anything about anything and can be a pain in the ass.

#TorOps