Feel free to ask Spy Blog questions about the use of Tor, or other technologies to help preserve your anonymity, and to circumvent internet censorship by repressive regimes, either in the comments or via email (or via PGP encrypted email )

Some discussions about setting up Tor and other proxy servers, and other advice for Iranian election protestors:

Remember to read and understand the warnings about the ways in which you can still betray your real IP address, even if you are using Tor.

If you are desperate, here is a copy of the Tor / Vidalia / Tor Button / Privoxy bundle for Windows (approximately 8Mb) - currently version 0.2.0.34.

See also the Renesys blog, for details of the temporary outages and congestion of Iranian international internet connections: Iran and the Internet: Uneasy Standoff

There is evidence that Tor is being used in Iran, even though various internet ports may have been temporarily blocked by the Iranian regime.

You would be giving something back to the community, which you yourselves will increasingly have to make use of,in order to escape from the Labour Government's "Eye of Sauron" Intercept Modernisation Programme / Communications Data Bill plans for retaining and snooping on your Communications Traffic Data etc. .

If you are not doing so already, then you could help Iranian democracy, and similarly repressed people in Burma, China, Tibet, Zimbabwe, Pakistan, Cuba etc. by running a Tor Relay or even a Tor Exit node.

What then, can the more than merely internet literate readers of Spy Blog do, to help ?

Others acknowledge that these have helped to spread the story in the West, but are a bit more sceptical about what is actually being used successfully in Iran at the moment, They are also rightly critical of the pointless attempts at Denial of Service attacks on Iranian government websites etc.- see Ethan Zuckerman: Iran, citizen media and media attention

The Twitterverse and the mainstream media seem to be convinced that Twitter and Facebook etc. are important in getting first hand reports and images and videoclips, past the Iranian government censors.

TOR Bridge relays

The current stable release of the Tor software does now support Tor Bridges i.e. Tor relay nodes which are not advertised in public by the Directory servers periodically to every Tor client. This can make it much harder to censor the Tor cloud by blocking all the publicly advertised IP addresses.

Obviously the IP addresses of secret Tor bridge relays, are not something to be broadcast in public via RSS feeds or on Twitter. Those of you with trusted contacts in Iran need to share these privately.

Bridge relays act as private entry points into the Tor cloud, but they are not really needed unless and until normal Tor links are blocked .

ADSL broadband Bandwidth issues

Running the Tor client takes up little bandwidth, only the periodic relay node descriptor updates every 10 minutes or so.

However, running a Tor relay can use up quite a lot of bandwidth, if you let it.

ADSL broadband internet connections in the UK, although very common, are rather overhyped when it comes to the actual speed and bandwidth which is actually delivered.

Very few people, i.e.those living very close tp the local telephone exchange, get close to the commonly advertised 8 Mega Bits Per Second (8 Mbs) download speed. Even they will get far less than this, if there are a lot of other people sharing the one Digital subscriber line access multiplexer (DSLAM) in the local telephone exchange at peak times..

A "good" ADSL broadband internet connection is probably capable of 4 Mbs to 6 Mbs. download speed.

However, in order to run a Tor relay or exit node, or,even your own web server at home, you are limited by the available upload speed. Uploading uses a different frequency band compared with downloading from the ISP, and is typically 450 to 488 Kilo Bits per Second (Kbs), with a theoretical maximum usually of 512 Kbs. Some ISPs offer 768 Kbs or a maximum of 1.2 Mbs upload speed, usually for more money.The upload speed of, say, 488Kbs seems to be common, regardless of whether the download speed is 512Kbs, 1Mbs,2Mbs 8Mbs or 20Mbs.

A Tor relay or exit node needs at least 20 Kilo Bytes per Second bandwidth, i.e. a minimum of 160 Kilo Bits per Second, in both directions.

So a typical home or office broadband connection, which is used mainly for web browsing and email etc., and is not running any other web server or continual peer to peer file transfers could easily run a Tor relay or exit node up to 60 KBs i.e. 480 Kbs,, without noticing any effect on "normal" internet use.

However, even such slow or medium speed Tor relays will, if left active 24 / 7 , transfer tens of Gigabytes of data in a month, perhaps between 50 to 70 Gigabytes for a 450 Kbs connection, and probably around 30 Gigabytes per month for the minimum 160 Kbs bandwidth. This could easily be a problem for ADSL users with data download caps, especially those using mobile 3G phone USB internet connections, which are typically limited to only 5 or 10 or 15 GB per month.

Tor software allows for fair degree of control over bandwidth see the Tor bandwidth shaping FAQ documentation

Allocating the normal and burst bandwidth is easily done through the Vidalia menus, but setting more advanced features like bandwidth accounting periods and the total amount of data transfer to be limited. during such a period e.g. 1GB per day, requires editing of the torrc (N.B. no file extension) configuration file.

You should probably set your burst bandwidth to be no more than twice the normal bandwidth, to cope with sudden momentary peaks, and the periodic download of fresh data about new or expired or modified Tor relays and sessions etc.e.g. setting the BandwidthRate to 65536 i.e. 64 Kilo Bytes per second, limited by the uplink speed, with a BandwidthBurst of 131072 i.e. 128 Kbs typically produces an average throughput of, say 51947 i.e. about 51 Kbs which is about 1.5 GB per day, or 45 GB per month.

Tor relay exit policies

If you set your Tor relay to only talk to other Tor relays in the middle of the encrypted,anonymise Tor cloud, you will help the project overall by helping to mix up and anonymous the traffic.

If you are feeling braver, and more public spirited,then you can amend your Exit policy, to allow, for example, http:// World Wide Web traffic on port 80, or https:// encrypted World Wide Web port 443 traffic to Exit from your Tor node.

This will make it easier for people in say, Iran or China to connect to, for example, a censored BBC foreign language news web page, or YouTube, or Twitter or Gmail etc. but runs the risk of perhaps also aiding criminals and foreign intelligence agents etc. who also use the Tor cloud to hide their activities.

Illegal or morally dubious use of your Tor Exit Node, may potentially cause you trouble, from ignorant law enforcement authorities, who are unaware that your Tor Exit Node, has no way of knowing where the traffic it has received from the Tor cloud is really coming from, or being forwarded on to. All the connections randomly change every 10 minutes or so anyway, and, by default no log files are kept.

See the previous Spy Blog article and comments : Passion and Dalliance blog: Why you need balls of steel to operate a Tor exit node

See also Spy Blog's Hints and Tips for Whistleblowers - http://ht4w.co.uk:

Technical Hints and Tips for protecting the anonymity of sources for Whistleblowers, Investigative Journalists, Campaign Activists and Political Bloggers etc. (and other political opponents of Gordon Brown)

