Introduction

During one of my long scrolls through Reddit, I once discovered a post proposing different ways to participate in the open source world. Among the obvious solutions were: participating in the development of open source projects, using your connection to seed Linux ISOs (😉), or even… hosting your own Tor relay.

I quickly got interested and started learning more about it (technically, legally, etc.), and since then I’ve been contributing a few nodes to the network myself. In this article I’ll walk you through the minimum configuration of a Tor relay, which you may decide to host (ideally with a cloud provider)!

Types of relays on the Tor network

Before we get into hosting a relay, it’s important to understand a little more about how Tor works, and more specifically, the infrastructure that makes the network possible.

Tor runs on different types of relays, each of which has different legal implications and technical requirements.

Guard & Middle relays (non-exit relays)

A Guard Relay is the first relay in a chain of three relays that make up a Tor circuit.

A Middle Relay is neither a Guard nor an Exit, but acts as the second hop between the two. To become a Guard, a relay must be stable and fast (at least 2MByte/s) or it will remain a Middle Relay.

Guard Relay and Middle Relay generally do not receive complaints of abuse. It’s important to note that all relays will be listed in the public Tor relay list, so they may be blocked by services that don’t understand how Tor works or that deliberately want to censor its users.

If you’re running a relay from home and have a static IP, you should consider running a Bridge instead so that your non-Tor traffic isn’t blocked as if it came from Tor.

A non-exit relay requires little maintenance effort, and bandwidth usage can be highly customized in the Tor configuration.

Exit relay

The Exit Relay is the last relay in a Tor circuit, the one that sends traffic to its destination.

Services that Tor clients connect to (website, chat service, email provider, etc.) will see the exit relay’s IP address instead of the Tor user’s real IP address.

Exit relays have the most legal exposure and liability of any relay.

For example, if a user downloads copyrighted content using your exit relay, you, the operator, may receive a DMCA notice: any abuse complaints about the exit will be directed to you (via your host). In general, most complaints can be handled with form letters, but you should make sure that your host does not prohibit hosting this type of relay. More info here: Good Bad ISPs.

Because of the legal exposure that comes with running an exit relay, you should not run a Tor exit relay from your home. Ideal exit relay operators are affiliated with an institution (university, library, hackerspace, privacy organization).

If you’re considering running an exit relay, it’s important to learn more about the legal considerations in your country.

Bridge

The design of the Tor network means that the IP address of Tor relays is public. One way Tor can be blocked by governments or ISPs is to block the IP addresses of these public Tor nodes.

Naturally, a solution has been thought of to prevent this. Tor Bridges are network nodes that are not listed in the public Tor directory, which makes it harder for ISPs and governments to block them.

Bridges are useful for Tor users under oppressive regimes, or for people who want an extra layer of security because they’re afraid someone will recognize that they’re contacting a public Tor relay IP address. Several countries have found ways to detect and block connections to Tor Bridges.

Bridges are Tor nodes that are relatively easy to set up, low-risk, and low-bandwidth to operate, but they have a significant impact on users.