Experiences and Recommendations from Operating a Tor Exit Node at a University

Abstract

We report on a multi-year operation of a Tor exit node at a public university and provide recommendations for running other instances. These include legal issues, such as permissions perhaps required in advance, and where potential pitfalls are, like blocking content/DNS resolution or monitoring/logging requirements. We also discuss organizational aspects including preparations for inquiries and problem reports, how to avoid issues with potential legal enforcement, or who should have access to which systems. Technical issues are discussed in detail, including lessons learnt from DoS attacks both on the university as well as the exit node in particular. Finally, we provide technical and organizational recommendations on longitudinal data collection and other research on exit node traffic without compromising anonymity.

Publication
Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP)