I would like to set up a Tor bridge in the Amazon cloud. I have read the project page at cloud.torproject.org and I think I can do this at little to no cost based on what I've read. Amazon just sent me a $50 credit because I signed up to AWS but never used it so maybe I can use that to cover any overages. Did anyone else get one of those coupons?
More questions: Why is the only region available for the Tor images us-east virginia? I thought I could use the free tier in other places. Wouldn't it be better to vary the regions instead of sticking them all in one place? And also wouldn't it be better to vary the OS and images in case there is a vulnerability in one, the rest of the ecosystem using different OSs are ok? I read in Tor Weekly News today that the obfs3 protocol is vulnerable to active probing attacks and there is a replacement ScrambleSuit. If I setup the AWS Obfsproxy image now does that mean the Chinese can detect it and block it? Is that image obfs2 or 3 or both? Should I just wait until ScrambleSuit is supported, or can I modify the config file to only use ScrambleSuit, or is that not a good idea at this point? I don't want to run something that nobody is going to be able to use because governments can just detect it and block it. Is Tor obfuscation specifically more likely to come under attack from repressive governments? How is security handled. For example suppose there's a known vulnerability in Tor or Ubuntu does the server shut down until it's fixed and an update is available or does the server stay up and risk being hacked? Is there any notification sent to the AWS administrator in these cases? I would imagine even a small window is gold for some state run group to break in. How can I determine the integrity of the server and do I have any responsibility to do that? Do you guys who are running these instances in the Tor Cloud just set it and forget it or is there some oversight required? I would take an active role in securing the instance if necessary but I need to know what to do. What do you guys do? Has anyone here built their own Tor setup in EC2 similar to what Tor Cloud offers? Thanks -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
