Projeto Tor | Tor Relay Universities

Para manter seu nó de saída rodando por um longo período, você precisará do apoio das pessoas ao seu redor. Nesse sentido, o Tor fornece um impulso para ajudá-lo a mudar as políticas de sua organização. Se a administração considera uma comunidade da Internet que ajuda outras pessoas um conceito estranho, ou se eles estão acostumados a tratar novas situações como riscos à segurança e dizer a todos para desistir disso, um nó do Tor pode lhe dar uma maneira de focar a discussão e encontrar aliados que queiram ajudar a mudar essa política. Resumindo, a execução de um nó de saída Tor pode exigir que você se torne um defensor do anonimato e da privacidade no mundo.

A melhor estratégia depende da sua situação, mas aqui estão algumas dicas para você começar. (Nós nos concentramos no cenário universitário, mas esperamos que você possa adaptá-lo à sua situação.)

First, learn about your university's AUP -- acceptable use policy. O mais provável é que tenha uma formulação ambígua, para permitir que eles permitam ou neguem coisas com base na situação. Mas pode ser extremamente restritivo ("nenhum tipo de serviço") e, nesse caso, você terá um caminho difícil pela frente.
Em segundo lugar, aprenda sobre as leis locais em relação à responsabilidade do tráfego que sai de seu relay Tor. In the US, these appear to be mainly the DMCA and CDA, and the good news is that many lawyers believe that Tor exit node operators are in the same boat as the ISPs themselves. Become familiar with the EFF's template letter regarding DMCA notices for Tor, which is quite clear about not putting liability on service providers. The CDA is less clear, because it was written before the modern Internet emerged, but EFF and ACLU are optimistic. Of course, you need to understand that without actual clear precedent (and even then), it's still possible that a given judge will not interpret things the way the lawyers expect. In any case, the key here is to become familiar with the laws and their implications and uncertainties.
Third, learn about Tor's design. Read the design overview, the design paper, and the FAQ. Hang out on IRC (irc.oftc.net - #tor-relays) for a while and learn more. Se possível, assista a uma palestra de um dos desenvolvedores do Tor. Aprenda sobre os tipos de pessoas e organizações que precisam de comunicações seguras na Internet. Practice explaining Tor and its benefits and consequences to friends and neighbors -- the abuse FAQ may provide some helpful starting points.
Quarto, aprenda um pouco sobre autenticação na Internet. Many library-related services use source IP address to decide whether a subscriber is allowed to see their content. Se todos os endereços IP da universidade são "confiáveis" para acessar esses recursos da biblioteca, a universidade é forçada a manter um controle rígido sobre todos os seus endereços. Universities like Harvard do the smart thing: their students and faculty have actual methods to authenticate -- say, certificates, or usernames and passwords -- to a central Harvard server and access the library resources from there. So Harvard doesn't need to be as worried about what other services are running on their network, and it also takes care of off-campus students and faculty. On the other hand, universities like Berkeley simply add a "no proxies" line to their network policies, and are stuck in a battle to patrol every address on their network. We should encourage all these networks to move to an end-to-end authentication model rather than conflating network location with who's on the other end.
Fifth, start finding allies. Find some professors (or deans!) who like the idea of supporting and/or researching anonymity on the Internet. If your school has a botnet research group or studies Internet attacks (like at Georgia Tech and UCSD), meet them and learn more about all the scary things already out there on the Internet. If you have a law school nearby, meet the professors that teach the Internet law classes, and chat with them about Tor and its implications. Ask for advice from everybody you meet who likes the idea, and try to work your way up the chain to get as many good allies as you can in as many areas as you can.
- Sexto, ensine os advogados da sua universidade sobre o Tor. Isso pode parecer arriscado, mas é muito melhor para eles ouvirem sobre o Tor de você, em um ambiente tranquilo, do que de um estranho pelo telefone. Remember that lawyers don't like being told how to interpret laws by a non-lawyer, but they are often pleased to hear that other lawyers have done a lot of the research and leg-work (this is where the EFF's legal FAQ comes in, along with your law school contacts if you found any). Make sure to keep these discussions informal and small -- invite one of the general counsel out to coffee to discuss "something neat that may come up later on." Feel free to bring along one of the allies you found above, if it makes you more comfortable. Evite reuniões reais ou longas discussões por e-mail e deixe claro que você ainda não precisa da opinião legal oficial deles. Remember that lawyers are paid to say no unless they have a reason to say yes, so when the time finally comes to ask their opinion on running a Tor exit node, make sure the question is not "are there any liability issues?", but rather "we'd like to do this, can you help us avoid the biggest issues?" Try to predict what they will say, and try to gain allies among the lawyers who like your cause and want to help. If they have concerns, or raise questions that you don't know how to answer, work with them to figure out the answers and make them happy. Becoming friends with the lawyers early in the process will avoid situations where they need to learn about everything and make a decision in one day.
Seventh, teach your network security people about Tor. You aren't going to keep your Tor exit node a secret from them for long anyway, and like with the lawyers, hearing it from you is way better than hearing it from a stranger on the phone. Avoid putting them on the spot or formally asking permission: most network security people will like the idea of Tor in theory, but they won't be in a position to "authorize" your Tor relay. Leve eles para um café para explicar o Tor e diga a eles que você está planejando rodar um servidor Tor. Make it clear that you're willing to work with them to make sure it isn't too much hassle on their part; for example, they can pass complaints directly on to you if they like. These people are already overworked, and anything you can do to keep work off their plate will make everybody happier. You might let them know that there are ways you can dial down the potential for abuse complaints, for example by rate limiting or partially restricting your exit policy -- but don't be too eager to offer or take these steps, since once you give up ground here it's very hard to get it back.

You'll also want to learn if there are bandwidth limitations at your organization. (Tor can handle a variety of rate limiting approaches, so this isn't the end of the world).

In some cases, you should talk to the network security people before you talk to the lawyers; in some cases, there will be yet other groups that will be critical to educate and bring into the discussion. You'll have to make it up as you go.

Se as autoridades contactarem sua universidade para obter os logs, seja agradável e prestativo. Tor's default log level doesn't provide much that's useful, so if they want copies of your logs, that's fine. Be helpful and take the opportunity to explain to them about Tor and why it's useful to the world. (If they contact you directly for logs, you should send them to your university's lawyers -- acting on it yourself is almost always a poor idea).

If there are too many complaints coming in, there are several approaches you can take to reduce them. First, you should follow the tips in the Tor relay documentation, such as picking a descriptive hostname or getting your own IP address. If that doesn't work, you can scale back the advertised speed of your relay, by using the MaxAdvertisedBandwidth to attract less traffic from the Tor network. Lastly, you can scale back your exit policy.

Algumas pessoas descobriram que sua universidade só aceita seu relay do Tor se elas estiverem envolvidas em um projeto de pesquisa sobre anonimato. So if you're interested, you might want to get that started early in the process -- see our Research Portal. This approach has the added benefit that you can draw in other faculty and students in the process. The downside is that your Tor relay's existence is more fragile, since the terms of its demise are already negotiated. Note that in many cases you don't even need to be researching the exit node itself -- doing research on the Tor network requires that there be a Tor network, after all, and keeping it going is a community effort.

Lista de e-mail

Subscribe to Tor Relays Universities mailing list (and other education institutions too).

Voltar para a página anterior: Recursos de comunidade e legal - Editar esta página

Privacy is a human right

Your donation will be matched by Friends of Tor, up to $150,000.

Community Resources

Tor Relay Universities

Lista de e-mail