112 comments

[ 3.1 ms ] story [ 109 ms ] thread
I highly recommend anyone who has the capacity to do so: it’s not particularly difficult and goes a long way in building the very foundations of a free web.
My practical concern is many people are uplink choked. Technically, on 200 Mbps down, I was supposed to get over 10 Mbps up on Comcast Xfinity but practically it was closer to 5 or 6 Mbps. This is already problematic if you have more than two video conference calls going on at the same time.

I am moving soon to a Spectrum / road runner area and we are supposed to get 400 down and 20 up. Let's see if it helps.

I don't think I have the capacity to run a node if I understand this clearly (please correct me if I am wrong).

I imagine the way a relay works is you download something from a source node and upload it to the destination node where source and destination are somewhat randomized?

Genuine question, what sort of risks are associated with running this on a typical residential connection?
Not much at all (unless you’re in the DPRK, I guess).

Running an exit node is likely to give you issues, though.

Best Answered at: <https://forum.torproject.net>
Where there? There seem to be hundreds of posts, and searching for "risks" and "bridge risks" didn't seem to bring anything up.
I think they meant that it's a good place to ask.
I ran a bridge once. First thing that happened is I could no longer use my banks website or app. Got a message that I was using tor. I was not an exit node I guess they blocked all exit nodes and bridges.

Second thing that happened is I worked at the power company and the union went on strike. While on strike some dummy put in a lot of power outage reports and used tor. So IT wanted to see if anyone else was using tor and my IP when I worked from home came up as Tor so I had to go through a whole thing at work that I just run a bridge and I had nothing to do with the tickets. They requested I stop running the bridge and I did.

No more tor bridges for me!

> So IT wanted to see if anyone else was using tor and my IP when I worked from home came up as Tor

That sounds like it has nothing to do with you running a bridge but about you connecting to work through tor. And/Or you weren’t running a bridge but a public relay. In either case the company’s IT sound like dummys.

I was not connected to work via tor. My ip was listed on the tor network as a bridge. IT simply got all the tor IPs and cross checked it against IPs connected to their VPN and I came up. On another note a coworker downloaded a bollywood movie on BitTorrent and forgot to stop sharing and connected to the work VPN and IT got a dmca notice. They then went on a huge investigation about BitTorrent. Some people got nasty emails their IP was listed on public trackers. Their kids were using BitTorrent and they were getting nasty emails about it. That was a bit big brother for me even though I didn’t get sucked up into that thankfully.
> My ip was listed on the tor network as a bridge

Seems like you're mixing up the terminology (which is understandable, I've done it myself a couple of times in the past).

https://support.torproject.org/censorship/censorship-7/

  Bridge relays are Tor relays that are not listed in the public Tor directory.
There are still ways to get and detect bridge addresses but I'd be surprised if the kind of IT department that would give you trouble for running one would also go through the effort of doing so?

> On another note a coworker downloaded a bollywood movie on BitTorrent and forgot to stop sharing and connected to the work VPN and IT got a dmca notice. They then went on a huge investigation about BitTorrent. Some people got nasty emails their IP was listed on public trackers.

If they were listed as seeds illegally sharing copyright-protected content (and the kids weren't just downloading Debian ISOs), that's par for course.

Yep yer right I was a relay.
No more freedom anymore. It gives us something to think about. We are following a path that will lead us into very obscure times...
You're free to run tor nodes. You just have to accept the consequences of others not liking that. That's not impacting on your freedom, and it's also part of their freedom to not like you for running a node.
You’re free to do X, but your life as you know it is over if you do.

Does that feel like freedom to you?

It's shocking how few understand the times we are living through.
(comment deleted)
There are consequences to everything and different consequences to the same actions in different places, to talk about “accept the consequences” without addressing that is not helpful nor insightful in any way. The real points to focus on are:

- whether the consequences are appropriate

- whether they are natural, a side effect of intervention, or direct consequence of intervention

For example, if you criticise the king of Thailand while in Thailand or as a Thai person you will have committed the crime of lese-majesty and can get you 15 years per instance. If we apply your principle of that being an example of freedom for which "you just have to accept the consequences" then we have learnt nothing and provided nothing of worth. If, however we ask whether that is appropriate and whether it can change (it is a direct intervention so it can) then we can assess it.

That clearly does impact freedom, as does the bank deciding not to serve a customer that is running a Tor node. How is it their business anyway? What impact does running a bridge have on them? Regardless, let's say it was an exit node and the OP was accessing bank services via their own exit node - do they not authenticate the customers accessing their accounts?

This is such a silly thing to say. Freedom usually means the ability to do something without negative consequence.

Its sort of like how you were free to do anything you wanted in the soviet union, you just had to accept the consequences that if you do something the state doesn't like you will end up in the gulag.

By your own definition no one is really free then. I can camp on BLM land, but i can’t live on it. I can drive on roads, but there are still laws. I can go shopping, but i can’t just take things. I can go to the movies, but i can’t bring a camera to record them. People always abuse freedom to be absolute and that never works.

Everything in life has consequences. You have to weigh them.

If your point is that nobody can be truly 100% free in this world, and it is all shades of grey - then, yes, i would agree.
By this logic, I don't have freedom of speech because I'll be thrown out of your house if I go there and start insulting you. The interesting part about freedom is where it intersects with someone else's freedom. Grandparent is pointing out that this is one of those cases, and the response is that it's not "real" freedom then?
Yes, that's correct - you don't have absolute freedom of speech in my house.

You do have some relative, qualified freedoms from government interference.

However, its entirely possible to still be quite restricted in your speech as a practical matter under american style "freedom of speech". For example, rightly or wrongly, parlor had trouble obtaining services. The government didn't interfere, but as a practical matter they probably had more trouble getting their "mesage" out than opposition groups in countries without freedom of speech that could more easily rely on international resources.

And that's not neccesarily a bad thing. America has identified freedom of speech as a sort of fundamental good - so instead of being truthful about it being a qualified right, seem to instead try to redefine the term so that anything not covered by by first amendment isn't "true" freedom of speech.

After all the saying goes: "I disapprove of what you say, but I will defend to the death your right to say it" not "I disapprove of what you say, but I will defend to the death your right to be free from government interference in saying it". There is much more to freedom of speech than just what the first amendment covers.

I wished they'd only filter by exit nodes but they grab everything including the relay nodes. That's annoying, otherwise I'd run a relay node at home.
Bridge relays aren't. The person you're replying to was running a public relay, not a bridge.

https://support.torproject.org/censorship/censorship-7/

I know, and I wish I could have run a public relay, as they're also important to the network. Sadly it was too penalizing to be automatically blocked from accessing some services.
This sounds like you where runnig a relay and not a bridge. Bridges are not public so your bank had to actively harvest them to block you which seems unlikely.
You are correct. I was running a relay.
It's sad to see incompetent IT block random bridges and relays. I would be stubborn and switch banks, to be honest.

Your power company story is even worse, because the people who supposedly know how computers work couldn't be bothered to find out how running a bridge does has nothing to do with requests coming in.

I wonder if these companies are so aggressive against things like cheap VPNs and Apple's private relays as they are against TOR.

Many automated tools consider tor a fraud signal - so be careful.

Users sometimes believe lies online (ie bridge internet extension is OK or not noticeable) and create a lot of trouble for themselves.

Profile sync can bring that extension onto your work computer as an example I’m familiar with. If you are bridging tor at work not great

It's unfortunate that some (many?) tools treat the list of Tor nodes equally, despite only exit nodes being of actual concern in most usecases.

Running a bridge with the Snowflake extension/webpage does not put your IP on the public list of Tor nodes: https://tb-manual.torproject.org/bridges/

Being careful not to sync personal settings/extensions to a work machine is certainly good advice.

But in a surprising number of situations the fact that you are bridging tor activity is leaky info. You don't just have to be on a public IP list.
This is a very vague response and to me comes across as FUD.
I gave the example of syncing plugins.

If you run any game with anti-cheat (which is many) most will have process monitoring. Endpoint tools can also monitor. In the past (I'm not current) you could look at connections using self signed SSL certificates on network, so network monitoring tools could be used to pick up folks pushing tor traffic over your network. You could also watch for folks connecting to tor exit nodes (this used to be public info).

It's not "surprising" that things running on your computer can see what else is running, or that network monitoring can ... monitor a network. I fail to see what either has to do with being flagged as a fraud risk.

Bridges don't connect to exit nodes.

Besides from risk, often it's not a good idea due to the latency introduced by it.

EDIT: this is the official recommendation from Tor. Spare the downvotes for one minute.

Can you elaborate? How would running a bridge impact latency?
The advice (from years ago) was that the Tor network is bandwidth-aware but not very latency aware.

It requires bridges, relays and exit nodes to build a circuit and communicate.

The client does not know what latency exists between the chosen nodes when builds a circuit.

If the nodes are located in large datacenters in good locations you'll have acceptable latency relatively often. If they are on residential ISPs it might not be the case.

Perhaps things have improved in the meantime. https://community.torproject.org/relay/relays-requirements/ does not mention latency.

(comment deleted)
(comment deleted)
(comment deleted)
(comment deleted)
With this one simple trick, you too can turn your local network into a cesspit of cybercrime!
Cool! --- I won't do it till I read all the docs.
In Russia even obfs4 not work properly. Today is working tomorrow you request a new bridges and it is not working too. After 30 attempt it work or loads very slow. You must be really persistent and a little tech-savvy to make something work. I was almost desperate but I got lucky. Its not just install a proxy extension.
Have you tried snowflake instead?
Please remember that doing so might get you in trouble https://yanmaani.github.io/does-council-regulation-eu-2022/3...
Since it's also illegal to help a criminal in their act, there are already a hundred laws that could be explained in the same way.

This relay only accepts and sends encrypted traffic and you (as entry node) will not know what is being transmitted. It's encrypted with a key you simply do not have, you're just forwarding it for people that could otherwise not reach the entry nodes. From my point of view this is the safest thing you can do for the Tor network.

As I wrote here when it came up, with that interpretation suddenly anyone facilitating communication (including ISPs not fully blocking access to anyone who does) is in trouble. You’d basically need to ensure full compliance from anyone you’re peering with or forwarding communication from. So E2EE without TPM-enforced client-side scanning or relaying clear-text messages without the same or server-side filtering would be trouble.

Good luck squaring that with being GDPR-compliant for any real-world business use-case...

As formulated that would hopefully not hold up in court.

https://news.ycombinator.com/item?id=30537464

Now I'm not a lawyer but very familiar with EU legal texts.

Firstly, the part s/he quotes at the beginning is from the preamble/recitals, essentially intention statements, explanations and background. This is not in any way legally binding, but a court would use it to interpret the articles. The articles are what matters

And then we get in the messy things: article 12.

> It shall be prohibited to participate, knowingly and intentionally, in activities the object or effect of which is to circumvent prohibitions in this Regulation including by acting as a substitute for natural or legal persons, entities or bodies referred to in Article 2e(3) or Article 2f, 5, 5a, 5b, 5e, 5f or 5h, or by acting to their benefit by using the exceptions in Article 2e(4), 5(6), 5a(2), 5a(5), 5b(2), 5b(3), 5e(2) or 5f(2).’;

Eu law tends to be intepreted conservatively. Its not like US law which is largely case law - in EU law, except for judgements by the ECJ, the measuring stick is the legal text and intention, not a wide interpretation that extends the actual text as you might do in the US.

So e.g. if users can upload text or video on your service and do so to spread/share RT propaganda, you would certainly not need to fear anything directly unless you notice/are told its there and then don't take action (different rules for large platforms though).

Similarly, a VPN or tor node has many functions. Unless you actively and intentionally host such content or explicitly advertise or distribute it (think e.g. a Popcorntime for RT) you would not expect sanctions.

Problem beyond this is that the EU is 27 legal systems. The intention of this regulation is to empower national media regulators to take action against the propaganda anf lies spread by these state media. So while the regulation applies directly, each national law might have slightly different ways of implemeting this. E.g. Poland might take a much stricter view than Portugal, in line with national media regulations.

I don't run a node but I have the Snowflake plugin installed in Firefox.

It seems to be an uptick in Tor activity, as yesterday alone it served over 30 different clients. While last year it would hardly get any.

Upgraded to better ISP since, in case that makes a difference how proxies are chosen.

For those like me who are not familiar: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-...

> Snowflake involves a large network of highly ephemeral volunteer proxies, with the goal of outpacing the censor’s ability to block proxy IP addresses [...]. Snowflake addresses NAT traversal by [WebRTC’s ICE negotiation], among a number of new advantages.

> CDNs serve not only their own web services, but also services that users may host on their platforms, such as App Engine. Snowflake currently hosts the [ICE negotiation] on App Engine, but will also do so on other services.

This page has a nice diagram: https://snowflake.torproject.org

Install in Firefox: https://addons.mozilla.org/en-US/firefox/addon/torproject-sn...

Install in the big bro(ws|th)er: https://chrome.google.com/webstore/detail/snowflake/mafpmfcc...

Without installing anything, you can also just leave this tab open: https://snowflake.torproject.org/embed.html

And get myself on a watch list? No thanks.

More importantly, Tor has a significant amount of use by child abusers: https://www.wired.com/2014/12/80-percent-dark-web-visits-rel...

So there's not really a moral case for this either. You'd just be enabling paedophiles to cover their tracks.

Child pornography users in most cases use the internet too. A lot of them have cars and drive on the road. We should boycott public infrastructure altogether since it can be used for bad actions.
The linked study revealed that around 80% of hidden service visits were to paedophile websites.

Is 80% of internet traffic child pornography imagery? Are 80% of cars driven by paedophiles? If not, your comparison makes no sense really.

Also, Tor isn't public infrastructure. It's a largely anonymous group of people who have collaborated to form an anonymising network. Everyone involved who is aware of the above is knowingly enabling the sexual abuse of children, by allowing the perpetrators to hide behind their network.

And from the same article

> Tor executive director Roger Dingledine followed up in a statement to WIRED pointing out that Tor hidden services represent only 2 percent of total traffic over Tor's anonymizing network.

So that's a 80% of 2% of the entire Tor traffic based on 2014 stats. Hardly comparable with stating a question like "Is 80% of internet traffic child pornography imagery?"

This could be true in a way. I work at at an advertisement firm and know what everybody knows: videos and photos are waaaay more bigger than text, even if are Word files, so it consumes a way more traffic. 80% get's easily short. Edit: I'm assuming that people in the black won't traffic only text between them, my bad.
> So there's not really a moral case for this either. You'd just be enabling paedophiles to cover their tracks.

Let's ban knives makers because they allow people to get mugged. By making knives, they're enabling muggers to commit crimes.

Are the vast majority of knives being used to stab people?

The study I linked had the proportion of hidden service visits to paedophile sites at around 80% of the total.

It's such an alarming figure, it really should be in the Tor documentation as a warning of what you'll actually be enabling by running a node.

> Are the vast majority of knives being used to stab people?

This is a good point, but more on that below.

> It's such an alarming figure, it really should be in the Tor documentation as a warning of what you'll actually be enabling by running a node.

No, because even according to the article they are not even confident in their results. From DDoS attacks to law enforcement visiting those websites, it is impossible to assess.

> "We do not know the cause of the high hit count [to child abuse sites] and cannot say with any certainty that it corresponds with humans," Owen admitted in a response to the Tor Project shared with WIRED, adding that "caution is advised" when drawing conclusions about the study's results.

Human rights activists around the globe are relying on such infrastructure to have a safer way to communicate with the outside world and denounce actions of their governments. They are by far not the people who would click on the most hidden services, so they will be under-represented on such studies.

Sure encryption is used for unlawful behavior, but if you ban encryption and/or Tor, you will just hurt the people that need it the most while criminals will just find an alternative.

I think you asking the question wrong. It's "are the vast majority of people who are stabbed done so with a knife?".
> And get myself on a watch list? No thanks.

It's interesting to see people this scared of not being a role model citizen. Gives me a china vibe.

And then they got angry when you call a soft police state the place where they lives. No drama here, I was probably wrong.
Pretty much all countries do this stuff to some degree: In the US, be popular and possibly rich, and you can be more likely to get out of criminal charges. The credit system doesn't always really tell how responsible you are: live within your means and simply save money for things and drive used cars, and you'll have to pay more for a house loan. It doesn't matter if you've held a lease for the last 12 years if your landlord doesn't report the credit, same for utilities. Get a loan or else.

I'm not saying everywhere has the same level of surveillance and punishment for deviance, simply that everywhere has them in some form or another. Of course a few are going to remind you of other places. I suppose it is the totality and how they impact day to day life that makes the difference.

A lot of child abusers also use the Internet, so you should stop using it. They also use storage devices, SSDs HDDs, we should stop using those as well. And they use electricity, a lot...
Those are all things with extremely broad purposes, used by nearly everyone. Whereas Tor is incredibly niche, being a system explicitly designed to obfuscate network activity to make it difficult to impossible to track back to the originator.

Most people have absolutely no need to use Tor, but it's clearly very useful for child abusers looking to not get caught. That study reported 80% of hidden service visits were to paedophile websites. This really is not comparable in scale to how electricity, the internet, storage devices, and so on, are used.

> it's clearly very useful for child abusers looking to not get caught

And clearly very useful for activists and journalists to not get imprisoned and tortured because they revealed things they shouldn't have.

Well, that's what the Tor Project claims. It's good marketing, but they're essentially lying by omission here.
> It's good marketing, but they're essentially lying by omission here.

But so is the "clear Internet", really. Sure there is a high proportion of innocent traffic, but if you think in terms of criminal activities, I am sure it is non-negligible. From copyright infringement to child pornography to revenge porn to harassment to unlawful handling of data. I have no numbers to back it up, but I'm quite sure a lot of crimes are committed on the "clear net".

And yet, it would be very unreasonable to shut the Internet down over this. Punish the person and their actions, not their tools.

This is what I think. But no way to find it's true or not.
I used Tor in college to connect to the Silk Road to do a report on its use of Bitcoin (I didn't buy any drugs.)
Eliminating privacy to fix the pedo problem (that they exist) is throwing the baby out with the bathwater. Protecting kids starts with protecting your actual kids, not recording your neighbors porn habits, purchase history, and political forum posts. Well intentioned or not, when you advocate for reducing the convenience of private comms, you harm more good people than bad. As long as the bad incentive exists, people will do the bad thing, whether it's a little hard or very.
The fact that a brand new account account is feverishly trying to frame Tor as enabling abusers gives me confidence in the fact that Tor is actually really useful for circumventing censorship right now.
You'd also be enabling the journalists who expose real world pedophiles and m/billionaire criminals, who ruin thousands of lives; and helping anyone who needs to fight against overwhelming power and has need for an internet, which is so many people in so many ways. It only takes 1% of traffic of this kind, to overshadow the horrible effects of even 80% (which is already a dubious number as pointed out), in terms of positive impact on the world.
The easiest bit is right at the bottom:

If you're not technical enough to run a bridge, but want to help censored users, there are other ways you can help:

Run a Snowflake proxy. You do not need a dedicated server and can run a proxy by simply installing an extension in your browser. The extension is available for Firefox and Chrome. There is no need to worry about which websites people are accessing through your proxy. Their visible browsing IP address will match their Tor exit node, not yours.

Link to the extensions from: https://snowflake.torproject.org/

One can also host snowflake on servers: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-...

Or, integrate in a website: https://gitlab.torproject.org/tpo/anti-censorship/pluggable-...

Or, embed in iframes:

    <iframe src="https://snowflake.torproject.org/embed.html" width="320" height="240" frameborder="0" scrolling="no"></iframe>
This criticism makes it seem that Snowflake is a great arrest honeypot: https://www.hackerfactor.com/blog/index.php?/archives/944-To...
Not an expert, but snowflake is a bridge to the Tor network. One may detect its use, but I doubt it breaks Tor's anonymity guarantees, as it is really a bridge.

Of course, if using Tor is deemed a crime, then using snowflake bridges might not be the wisest thing to do. Cloaked protocols like Shadowsocks might come in handy.

What would be an easy and economic way to run a Tor Bridge/s on AWS?

I have few hundred bucks left in credit that will expire in a few months and no plans to use it

I would suggest looking at Lightsail, if your credits stretch that far. The included 1TB+ of bandwidth is the reason for that. Bridges would typically see much more bursty traffic compared to relays or (especially) exit nodes; this does mean that the burst CPU credits on Lightsail (or the t-series EC2 instances) would pair up nicely.

I'd also suggest running in as many AWS regions as you're able, so that there isn't a lovely block of bridges all in one region.

Thank you! I haven't used Lightsail yet, so in addition to doing something meaningful with the credit, it could also be a good learning experience.
Hetzner has very cheap cloud servers with generous traffic allowance.

See https://www.hetzner.com/cloud

Last time I asked they were officially OK with users running bridge and exit nodes.

Consider doing that if you'd rather not expose your home IP to scrutiny.

The Tor Project currently recommends not using Hetzner, among others, since there are many nodes there already. [1] I haven’t read the complete reasoning, but remember this one being around for sometime.

[1]: https://community.torproject.org/relay/community-resources/g...

When someone controls a signification amount of nodes they can start to de-anonymise users by using correlation of entry and exit node. I ran a relay for 6 months now (as one of less than 5 people on my AS) and haven't run into any of the problems others have seen, those problems seem mostly related to running an exit node.
I did this during their last recruitment drive. My bridge sat there unused for 3 weeks. Then I stopped cause I didn't see the point.
It would be easier for the TOR project if there did scripts and distro's for different devices. What surprises me the most, is this would seem ideal for the raspberrypi and other SBC because one could be setup and then just left to run.
Doesnt work, cant log in with the password CHANGE-IT but my computer did manage to mess up afterwards and its been bleeping in an almost inaudible tone ever since.
Is there any actual data on the types of people that use Tor?

I know by the very nature of it, that’s not a practical ask.

I can’t help but think that despite Tor’s good intentions it’s just not being used for legitimate use.

Every story I’ve read really relies on anecdotal stories. If feel better having a clearer sense of the real userbase.

My impression is that a large portion of the traffic on Tor is malicious in some way, but originating from a very small portion of the users. It's a noisy minority. Just like the vast majority of sent e-mail is from criminal activity[0] and the comment section on news sites doesn't represent the readership fairly.

An easy thing we can all do to help improve that is to use Tor for legitimate every-day use, even when you have nothing to hide.

[0]: https://en.wikipedia.org/wiki/Email_spam#Statistics_and_esti...

If I were to run a bridge is there absolutely no way I’d get into trouble if someone using Tor was looking at child porn or hacking someone?
Only if the entire tor network was criminalized. Generally bridges don't see what traffic goes over them (its encrypted) and the exit node is not able to link which bridge the request came from. So specific activity should not be linkable to your bridge.

That said IANAL this is not legal advice, yadda yadda.

If you ran an exit node, it's possible but bridges are just the entry points and are ok.
Another thing that would help us who are digging around in Russian infrastructure right now: Host Tor exit nodes from residential IPs in Russia. This comes with the risk of exposing yourself though, but you do help a lot of individuals and groups to be able to access resources we wouldn't be able to otherwise. Again, this is risky so don't do this unless you know what you're in for.
I'm pretty pessimistic about Tor and if I were to run a bridge or relay I definitely wouldn't run it locally. If you're going to run one, you might as well host it remotely so that there are extra steps in a state figuring out that you are trafficking other people's data. By design, governments can figure out that you're using Tor and what your "role" is, which is bad for both the users and those hosting bridges.

What we should be doing is encouraging people to use I2P and making it as accessible to the public as Tor (and even more so).

Why I2P over Tor?

- All nodes have the same role, so there's no distinction between nodes in terms of whether they are an entrance relay or any other user.

- It's not designed to be a clearnet proxy, thus there are no "exit" nodes although hidden sites (aka eepsites) can of course be made to forward requests to the clearnet.

- I2P has a sort of DNS system built-in that Tor lacks.

- A totally separate or private P2P network is much easier to form with I2P than Tor.

- Hidden sites are faster on I2P than on Tor.

- I2P didn't come out of DARPA.

- Torrents that are totally internal to the network and don't rely on clearnet trackers or DHT.

Above all, if you have this concept of an "exit" node then it's feasible to observe exit nodes and correlate traffic to a clearnet destination with individual users. Depending on the regime a person is subject to, their use of Tor can potentially backfire on them because the flawed network design.

The concept behind Snowflake seems really cool, and maybe it works out for a lot of people in the short term. It is, however, potentially adding vulnerability to the network by virtue of adding another layer of complexity. Any time you add complexity to a system, you are creating potential for something to go wrong. With Snowflake you are, again, asking for people to identify themselves as Tor bridges (effectively) and neither the Snowflake bridge or the client are benefiting from a darknet connection when talking to each other because they're using WebRTC. WebRTC can of course be used to leak IP addresses.

However, I cannot seem to find the source for the Snowflake browser extension anywhere. This is concerning in and of itself. Does anyone know where it's located? The page for it on addons.mozilla.org does not link to a repo, and the Gitlab repo for Snowflake doesn't appear to include any code for packaging a browser extension. I would not install a browser extension that doesn't have an available source no matter who it's coming from.

If we want censorship-free communication that's as anonymous as can be, then give up on a formalized way of accessing the clearnet and prefer internal networking rather than running glorified VPN proxies.

Tor sucks all the oxygen out of the room while having not adequately addressed the serious flaws in its design.

Although I know there are reasons why people would be interested in running at Tor bridge and using Tor right in this moment, in the long term, we'd be of better help to the world if we worked on bettering and promoting a network project that is overall better for the censored user in the long term. People should be as aware of I2P as Tor and it should be extremely easy to use it. We should also make sure there's plenty of good content available on the I2P network (yes, I am gradually working on this).

I2P implementations:

- https://github.com/i2p/i2p.i2p (the official Java based implementation)

- https://github.com/PurpleI2P/i2pd (a C++ implementation that is also used to make I2P available on Android)

I forget, am I supposed to be pro giving Russian citizens access to unfiltered Internet now, or against?
pro, it's always good to know enemy propaganda, for both sides. besides, i assume in today's world it's very hard to hide facts very widely. Sure some people only watch state TV but bad news eventually will reach almost everyone
Does anyone know where the source code is for the Snowflake browser extension? I'm failing to find it anywhere, including in the Snowflake Gitlab repo. This is concerning to me, but I'm sure there's a good chance I'm just missing it.
(comment deleted)
I've been meaning to do this for a while, so thanks for the reminder!

Now that I set it up, how do I know if it's doing anything? The logs show it bootstraped up to 100% then figured out my IP, and the last line says

> Self-testing indicates your ORPort [my IP]:9393 is reachable from the outside. Excellent. Publishing server descriptor.

Glancing at my router doesn't show any appreciable uptick in traffic. I see a brief spike that hit ~10% of my bandwidth, then it went back down to near zero usage. (I have a static IP and a decently fast symmetric internet connection, fwiw.)