Regarding web-servers hosting Tor relays, it is much more likely for them to sit behind a CDN such as Cloudflare for DoS protection and delivery optimization.
Other services of course, however.. ------- Original Message ------- xmrk2 via tor-relays <tor-relays@lists.torproject.org> schrieb am Sonntag, 11. Juni 2023 um 1:46 nachm.: > I'd like to raise awareness of the Comcast blocking. > > As stated in subject, I believe Comcast blocks all traffic between its > customers and public tor relay nodes. That is, the blocking is not limited to > tor-related traffic, all other services / ports on the tor relay are blocked. > > Background: I am running a lightning node, lightning is a layer 2 protocol to > scale Bitcoin. Lightning nodes need to be connected to each other ideally > 24/7. I was contacted by the operator of another Lightning node, complaining > that he cannot connect to my node. He is Comcast customer, I am not. I was > also running a tor relay on the same public IPv4 address. > > I am pretty sure that the blocking is done by Comcast and is triggered by > being in public list of tor relays. The blocking disappeared after I stopped > my tor relay and restarted my router (thus getting a new external IPv4 > address). After 1 day, I relaunched the tor relay, and the blocking > reappeared a few hours later. It was also confirmed by the said operator of > the lightning node, who said there were various rounds of blocking tor, > customers complaining and Comcast lifting the block for some time, only to > reinstate the blocking later. > > Comcast thus discourages me and similar people from running tor relays, or at > least forces me to run tor in bridge mode. So this is an insidious attack on > tor. Note that Bitcoin is not particularly relevant, Comcast is blocking tor > nodes, not bitcoin nodes. So even if you hate Bitcoin, note that the same > problem could arise even if Bitcoin never existed: e.g. a self-hosted web > server, whose owner wants to donate his free capacity to tor by running tor > relay. By doing this, he prevents any Comcast customers from accessing his > web server, and this consequence is not obvious at all. > > Any ideas on how to combat this? I was thinking about including some false > positives in tor relay list. Imagine including some Google servers' IP > addresses - Comcast customers suddenly cannot connect to Google, unless > Comcast stops this blocking... or simply whitelists Google. But those false > positives sound ugly and a bit malicious, not sure it is a good idea. > > I already wrote about this publicly, and also wrote a mail to EFF. Hope I am > not spamming, I feel this is quite important issue and am a bit frustrated by > the lack of attention it gets.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
