Mozilla puts old hardware to new use, runs Tor relays
The plan to run Tor relays was revealed in November, when the software developer announced its Polaris Privacy Initiative, a collaboration with other non-profit organizations to enhance privacy on the Web.
One of those organizations was the Tor Project, which develops the client and server software for the Tor anonymity network. As part of the partnership, Mozilla said that it will make some changes in Firefox to ease the work of Tor Project developers who maintain the Tor Browser, a modified version of Firefox that allows users to access the Web through the Tor network.
The organization also said at the time that it will host its own "high-capacity Tor middle relays to make Tor's network more responsive and allow Tor to serve more users."
On Wednesday, Mozilla announced that its prototype Tor relays are up and running on three HP ProLiant SL170z G6 servers connected to a pair of Juniper EX4200 switches that benefit from two 10Gbps uplinks through one of the organization's transit providers.
"The current design is fully redundant," Mozilla network engineer Arzhel Younsi said in a blog post that contains more details about the project. "This allows us to complete maintenance or have node failure without impacting 100% of traffic. The worst case scenario is a 50% loss of capacity."
The relays currently run outside of Mozilla's production infrastructure, but the organization's security team helped lock them down with strict firewall filtering, operating system hardening, automatic updates, network device management and more.
"We've also implemented a periodic security check to be run on these systems," Younsi said. "All of them are scanned from inside for security updates and outside for opened ports."
The Tor network has three main types of relays, or nodes: middle relays, exit relays and bridges. Internet traffic routed through the Tor network will randomly pass through at least three Tor relays before it exits back onto the Internet to reach its final destination.
Middle relays are responsible for passing data within the Tor network. Over time, middle relays can automatically become entry guard nodes as they build trust according to a network consensus algorithm -- in fact one of Mozilla's middle relays has already become an entry guard. Entry guards serve as the first links between users and the Tor network.
At the other end are exit relays, which act as the last hops in the network and whose purpose is to send the traffic back on the Internet. A site that receives a request from a Tor user will see the request originating from the Internet Protocol (IP) address of a Tor exit relay, not the real IP address of the user.
Exit relays are very valuable for the Tor network, but they're also small in number because people running them expose themselves to abuse complaints and legal risks. It's their IP address that shows up in other people's logs in case of malicious activity routed through Tor.
Tor is a great privacy tool and is very useful to users in countries that censor the Internet or where political and human rights activism can land people in jail. However, it's also used by criminals to hide their location and evade law enforcement.
U.S. Assistant Attorney General Leslie Caldwell reportedly said at a conference this week that 80 percent of Tor traffic is related to child pornography, citing a University of Portsmouth study. That estimation is wrong, Wired reported, because the study was about traffic to Tor hidden services, websites that are only accessible within the Tor network, not all traffic routed through Tor.
Most people use Tor to hide their IP address when visiting regular Internet sites, not to access Tor hidden services. According to the Tor Project, the traffic to Tor hidden services accounts for around 1.5 percent of the overall traffic that goes through Tor.
Like Caldwell, many law enforcement leaders complain that widespread adoption of encryption technologies by Internet companies and device manufacturers makes it much harder for their agencies to do their jobs. They call this the Going Dark problem.
But, there's no denying that some Tor traffic is malicious. There are documented botnets and ransomware programs that use Tor to hide the real location of their command-and-control servers.
By running middle and not exit relays, Mozilla is avoiding potential illegal activities by Tor users tracing back to its IP addresses and the legal issues that might arise from that. But the Tor network most likely needs additional exit nodes more than middle ones.
Mozilla did not immediately respond to a request for comment.
Increasing middle capacity will improve the traffic flow inside the Tor network -- including to those illegal sites that operate as Tor hidden services -- but also has other benefits. By having trusted, high-capacity middle relays the network can better defend itself against traffic confirmation and other types of attacks aimed at deanonymizing users.
"Depending on the results of the POC [proof-of-concept], we may move the nodes to a managed part of our infrastructure," Younsi said. "As long as their private keys stay the same, their reputation will follow them wherever they go, no more ramp up period."