# Evolving Our Tor Relay Security Architecture

https://blog.emeraldonion.org/evolving-our-tor-relay-security-architecture

A new blog post where @alexhaydock goes into some detail showcasing our minimalistic @alpinelinux Tor relays architecture, a threat model, and including a link to our now-public open source "Emerald Relays" orchestration framework.

The past 6 months have proven its success, and now we look forward to phase 2 (read the post!), which we need your help in funding. Emerald Onion is a U.S. 501(c)(3) tax-deductible nonprofit, so please consider donating before 31 December! https://emeraldonion.org/donate/

#Tor #TorOps #Privacy #AntiCensorship #Anonymity #Ansible #Proxmox #Terraform #AMD #Epyc #SEVSNP #NonProfit #GivingTuesday

our disobey.net WebTunnel bridge has been updated to tor v0.4.8.19

and our obfs4 bridge has been updated to tor v0.4.8.19

#tor #webtunnel #anticensorship #privacy #anonymity #torops

Our lead relay engineer @alexhaydock has increased our stateless #Tor exit relay deployment to 96! (+1 because of the new #RISCV bare-metal node, +1 other we redeployed due to a silly spelling error). We're stress testing our three AMD Epyc 7402P servers that use #Proxmox.

Each one of the 96 Tor exit nodes are diskless Unified Kernel Images, 56MB in total size, using @alpinelinux's alpine-make-rootfs with an absolutely bare minimum number of packages. We'll be publishing more about our new architecture and configuration soon.

#AlpineLinux #privacy #anonymity #AntiCensorship #AccessToInformation #TorOps #TorOperators

8 days in and already up to 2.14 Gbps advertised bandwidth!

https://metrics.torproject.org/rs.html#search/as:396507

#tor #privacy #anonymity #torops #toroperators

This question was not addressed on the AMA, in the end.

I'd still like to know the operators' answer, if they'd like to respond on here. #TorOps

Thanks to everyone who joined our Tor Operator AMA on Reddit and Mastodon! Your questions helped highlight the challenges and rewards of running Tor relays, but also highlighted the importance of Tor relays for online privacy.

The Tor network thrives on its community of operators. If you're thinking of running a relay, join the operators channel on Matrix/IRC, mailing list, or forums. We're there to help you get started!

#Tor #TorOps #TorRelays #Anonymity #Privacy #Censorship #AskMeAnything

Can you say more about any steps you take to secure your colocated hardware, including prevention, detection, and remediation? Do you use cameras, special server chassis, etc.? (No details of course: learning what you think is necessary, based on your experience as operators, is useful).

Relatedly, how much do you worry about supply chain attacks and related issues? Would you use Supermicro servers? Juniper switches? Do you worry about disabling ME, etc.?

#TorOps

@tok33 @tor_ama

About data center level surveillance:

Yes very much! We assume most big cloud providers and networks log and share their netflow data. Also it's trivial for a VPS or container provider to listen in on or manipulate the traffic, memory, processes, encryption keys and pretty much anything else.

So we tend to be pretty selective as to which datacenters we use. And we only use our own hardware.

#TorOps

@tok33 @tor_ama

About KAX17:

We think it's okay to ban adversaries from the Tor network, if there is enough evidence to support such a claim. In this case (with some great documentation by @nusenu !) it was established KAX17 was a malicious operator on the network.

But to be honest, I wasn't impressed by KAX17's OPSEC. They made many mistakes leading to them being caught. Imo anyone properly educated/motivated/funded could get away with similar practices, while being undetected.

#TorOpS

@tok33 @tor_ama

About fan mail:

What is often? We get fan mail by government agencies and judicial authorities about once per week on average. And sometimes we get called or invited for a videoconference by a government agency. But the latter is rare.

Generally most government agencies are fairly understanding, both in the technical and non-technical sense.

Judicial authorities often don't understand anything about anything and can be a pain in the ass.

#TorOps

@mynacol @tor_ama

Bonus question:

I once screwed up the compilation of a critical part of our pretty extensive DNS infrastructure, effectively resulting in 22% of the Tor network's circuits not being able to resolve any domain on the clearnet/internet. I only found out the following morning.

Yeah, I'm not proud at that moment...

My takeaway:

Never make significant changes to your infrastructure closely before going to bed and always test thoroughly!

#TorOps

@mynacol @tor_ama

Great question indeed :).

We actually receive emails thanking us fairly regularly, and those are very much appreciated.

But in the end we don't need thanks to do what we do. We know that what we're doing helps a lot of people in situations where certain freedoms are not a given. And that is motivation enough to keep going :).

#TorOps

@tor_ama #TorOps Related to the “motivation” part: What keeps you going after years of investments? E.g. the emails from users in censored countries thanking you, the relay operators community. And: How frequent do you get emails from users that report on how #Tor helps them fighting (internet) censorship?

And maybe one last question: Do you have funny/interesting anecdotes to share? A technical issue you couldn’t crack at first? Some OpsFail you still have to laugh at when thinking about it?

Join us today for an Ask Me Anything (AMA) session with experienced large-scale Tor operators!

Whether you're a privacy advocate, a network enthusiast, a developer, or just curious – we want to hear from you :).

Post your questions on Mastodon by using #TorOps or on Reddit: https://www.reddit.com/r/TOR/comments/1la9zgw/tor_operators_ask_me_anything/.

#Tor #TorOps #Privacy #Anonymity #Censorship #InternetFreedom #AskMeAnything #TorRelays

@tor_ama We're excited to participate together with @artikel10ev @cccs and @r0cketNet ! #TorOps

We're excited to announce a Ask Me Anything by Tor Operators on 13-06-2025 between 08:00-23:00 UTC!

On this day, four large-scale Tor operators will answer all your burning questions.

This offers a unique opportunity to gain firsthand insights into anything you have been curious about.

More information here:
https://www.reddit.com/r/TOR/comments/1krv4rt/tor_operators_ask_me_anything_13062025/

#TorOps

boop boop

back in the top 10!

our tor exit relays seem to be more performant after doubling the RAM from 64GB to 128GB

#tor #torops #TorOperators #privacy #censorship #anonymity #infosec #cyber #cybersecurity

.@torproject Tor 0.4.7.11 has been released

tor (0.4.7.10-1~jammy+1 => 0.4.7.11-1~jammy+1)

#ubuntu #linux #tor #torops #toroperators