 So, we have our database server up and running, web server up and running, you can create a website and we will not do that in this workshop, I'll leave that to you. Let's add a couple of other pieces of software and one of our very first workshop was on internet privacy and we covered things like secure shell, web proxies, VPN servers and Tor, anonymous routing. For Tor, Tor allows you, from your computer, if you're using Tor, your data, instead of being sent direct to a web server, the data is sent to some Tor server which then goes to some other random Tor server, then another one and then on to the web server with the idea that the web server won't know it came from you, they'll think it came from one of those Tor servers. It's for providing privacy in the internet. It's very easy to use on your computer. You can go to a website and install what's called the Tor browser bundle and use it directly. What we're going to do is set up the Tor server on our VPS so that our VPS acts as one of those intermediate Tor relays that forwards traffic of other peoples, okay. So if you want your data to be private when you're browsing the web, you use, say, the Tor browser bundle on your computer. You don't do this. But if you want to participate in the Tor network and forward other peoples data, you can set up a Tor server or what we'll call a Tor relay. We're going to do that now. It's not too hard. Install some software. Actually, it is hard because we need to do some special things to install some software so I'm going to do it very quickly. And again, I'm going to copy and paste from the website so I don't get the instructions wrong. We're going to install the Tor software but we need to install it from a special software repository. I think maybe with Android, you download all your software from Google Play, the Google Store, but you can side load. You can install software from other places. That's what we're going to do now. We're going to install Tor software from another place. So we need to set it up so that we can do that. Don't worry if you don't understand these steps, just do them. You can see the website which will explain a little bit more and provide links for further information. Pseudo Nano, this file tells us which repositories we would use to install software. I'll scroll down to the bottom, page up, page down, and I'll add a new line. I'm going to copy that from the web page as well. Add that line to the bottom. You can copy it from the terminal. This says also allow my computer to install software from this location, which is the official Tor website or the official Tor repository. Control X, save, save, yes, enter. The way that the software repositories are used is that there's some keys to provide security. We need to update or get some keys. So again, copy and paste from the website this. It's quite a complex command. You need to get it exact. It is using some keys, we're going to use some keys to download. What's wrong with yours? It's okay, it's a warning. I know what it is, but it's okay. There's a problem with the host name, but it's working. Don't worry yet, we'll fix it later. The next few commands from the website, let's just copy and paste. We can move along a bit faster. Be careful when you copy and paste from a website that you copy the entire command. Don't copy the, in this case, there's a wrap around. It's all one command. Be careful with the web page if it wraps around that you don't copy the line break as well. That will cause you problems. Okay, now we've set up the new software repository. We need to update our list. Press enter. Okay, I'm just following from the website the set of commands. Pseudo, go back to the website. Pseudo apt-get update. Pseudo apt-get update. And that's done, do the next one, which is to install this key ring. Again, it's one of the special steps to install software from a different repository. Press enter, and the last one is to actually install Tor. So this is the one we wanted in the end. Tor is, will be the server that runs on our computer, the server software, that will act as a relay, will set it up so that when other people are trying to browse privately, their data will be sent via our VPS. Okay, so we don't know who, that's the idea of Tor, that everything's encrypted such that even though we're forwarding someone else's data, we don't know who it came from and where it's going to. That's how we'll set it up. There may be some problems here. We are sending other people's data through the internet. First problem, the bandwidth that our VPS provides is being used by others. So what's going to be happening is that, remember we pay per month to get, in our case, one terabyte of bandwidth. One terabyte of data could go through our VPS. But now other people are sending data to our VPS, and our VPS will send it out. So it's using some of our bandwidth. So in a moment we'll set it up so that we limit how much people can use our VPS for Tor. So we don't go over our upper limit and we don't spend too much money. The other problem maybe is that other people are visiting websites via our Tor server. What if they visit bad websites? Well, can the bad website, bad in terms of bad from the perspective of some government or bad from the perspective of what they do on that website, can they identify back to us? Well first, the idea of Tor is that those websites cannot find out who was the original person visiting. They think it's one of the Tor servers that's visiting. That could be a problem for us in that the website thinks someone visited their website, the web server, and they trace it back to us, our VPS, mine in fact, it's under my name. So that's a problem because they think we visited the website when it was in fact someone else. But we will set up our Tor server such that it's just a relay in that we will not be the last one in the link. And we will not be the server that contacts the website. Another Tor server will. So we'll protect ourselves to some extent in that we're not a Tor exit node, we're just one relay that will forward onto another Tor node. The end result is that the web server will never connect it back to our server. So from that perspective it's safe. You need to read a bit more about Tor to understand how that works. But generally it's safe, so we'll do it. Safe in terms of if someone accesses some illegal website it will not be traced back to us. Do you want to install? Yes. I'm installing Tor, the server, and Tor ARM. ARM gives us a nice graphical interface to monitor our server. Yes installed, it downloads, installs, and then we'll set it up. We need to edit some configuration file to make a few changes. And the file sudo nano slash etc slash Tor slash Tor RC. That's the configuration file. So text file, press enter, and you'll see many different parameters in there. We'll edit just a few to get it started. Text file, everything with a hash is a comment. And you'll scroll through and you'll find a number of parameters. The first one we want to find is OR port. You scroll down, look for OR port. There it is, OR port 9001. It's currently commented out. The hash is there means it's a comment. It's not set. We want to set it. So just remove the hash. Delete that character. The OR port is a port that our server or relay is going to listen on. A web server listens on port 80. A secure shell server listens on port 22. Our Tor server is going to listen on port 9001. Remove the hash. Next thing, next parameter, nickname. Somewhere there's a nickname. Scroll down, nickname. It doesn't matter what you set it to. Sorry, I've done the wrong thing. Nickname, uncomment the nickname and set it to some value. Not so important. You don't need it in fact, but let's add one. Next thing, we want to limit how much other people can use our server. So we're going to put some rate limits on it. And there's some default ones set up. Just relay bandwidth rate 100 kilobytes per second, uncomment. And the burst, uncomment. That means the speed at which someone can send via our server is limited to 100 kilobytes per second, 800 kilobytes per second. However, for sure periods they can send a burst up to 200 kilobytes per second. So it's a little bit nice in that they can send a bit faster sometimes. There are okay values to get started. You may adjust them later. We have a limit of how much data we're allowed to send per month through our VPS. If we send more, we pay more. So let's put a limit on how much talk and use. The accounting max, let's set it to the default 4 gigabytes. And the accounting start starts at the start of the day. Meaning we'll allow them 4 gigabytes per day. What's that? 120 gigabytes per month. Our limit is 1 terabyte, 1,000 gigabytes. For Tor, we can only use it for 120 gigabytes. You may change this if you want later. So in summary of uncommented, so far, 6 parameters. OR port, nickname, relay bandwidth, 2 parameters. Accounting max, accounting 2 parameters. The most important one, keep going down. Exit, policy, reject, uncomment. This means that this Tor server will not be an exit. It's the Tor exit nodes which get into trouble, legal trouble. When other people use them to access illegal material. We will not be an exit, meaning we will not get into trouble. If you want to be an exit, you need to take a few other precautions, which we're not trying to address. So make sure that exit policy is reject, meaning we will not be an exit server. Last thing, yes. Who will be the exit server? Someone nicer than us. Someone else. Why? Because the way Tor works, what happens? Basically, here's you, these are Tor servers, and here's a web server. This is the exit node. This is the Tor relay, us, and this is the Tor entry node. This person, you, wants to access a website, but you actually send it via these Tor servers, and they use encryption such that the data, when it gets to the website, the website thinks it came from this exit node. But it actually came from you at the start. But it's all hidden. That's how Tor works. Now, let's say someone accesses a website, and what they do on the website or what they access is illegal. Someone, maybe a government, goes to the website operator and they say to them, who accessed this webpage at this time? And the website operator looks in their logs and they find out the IP address of the person who accessed this website at that time, and they trace it back to this node. And it's this node that gets the contact from the government or the company or whoever. So this is the one that the website identifies, and therefore they can potentially get into trouble. But it wasn't them. It was someone that they forwarded data on behalf of. That's why you may not want to act as the exit node. The main thing is that when people download illegal or copyrighted movies, they download a copyright movie, the movie company comes to the website and says, who downloaded that movie? And they say, this node downloaded it. And therefore the movie company sends this node a notice saying you downloaded the movies illegally, we're going to take you to court or something. So if you don't want that to happen, if you act just as this relay node, the website doesn't know it came from your relay. They only know it came from the exit node. And the exit node knows it came from your relay, but they don't know who the original source is. And so the company that investigates the website will not connect it back to you. So now your question, who operates the exit node? People who are willing to take that risk. And in fact you can. Who would? Many people will. Because it's not as big a risk as it may be in different countries, the law may allow what they're doing. We're not going to do it on these, but you may investigate and see in the country that you're operating in whether it's appropriate to do it. Last one. Let's add one more thing. And it's just a special command. You can copy it from the website. And I will because I'm not a good typer. It's just to stop some debugging messages when we run the web into the monitor. So we've uncommitted some parameters. Save. Control X. Save. And if everything's set correct, we can now start the Tor server. Or in fact restart it may have been running. Pseudo service Tor restart. Which is a common thing in Ubuntu Linux. A server or service, the name of it is Tor we want to restart it. Which is stop and start. Stop if it was running. Restart, it reloads the config file that we just edited. And Tor is running. Which means soon people can start sending traffic via our node. The last thing with Tor, we can monitor what's happening. And we use what's called ARM, a program called ARM. We need to run it as Pseudo. And there's a special way to do it. Run it as the Debian Tor user. A little bit confusing. It means run ARM, not as the root user, but as the user called Debian Tor, which is a special user that was set up before when we installed Tor. Try it. Presenter. And you get a fancy graphical user interface that shows some monitoring of your Tor relay node. It will show you the upload and download instantaneous rates and some averages over time. Actually what happens when your Tor relay starts is that it contacts some other device, other nodes in the network to learn about and be made aware or tells others about its presence. And it takes maybe a few minutes, even a few hours before others start sending traffic via your node. So at this stage you may not see much happening here. But if you left it running for a day, a month, then you'll start to see some statistics of how much people are sending via your VPS. Any last questions on Tor? Now, we haven't explained how it works. Some of you may have seen that in an earlier workshop. If not, then you're all smart enough to go and learn about it yourself. We will not do it today. Yep? Okay, what's the question about which part? This is working. Now, there's some warning error messages maybe down the bottom, but that's usually on the start-up. It's not that interesting until people start using your server. And zero bytes, bits per second. No one's using it at the moment. Press Q, you need to press Q twice to get out. I have Tor running on one of my other servers. This is the statistics from my other server, which has been running for a month or so, a bit longer. So this is a little bit more realistic. So you see, in this case, the average is about 36 kilobits per second. 35 kilobits per second download, upload. On a Tor relay that's been running for, I don't know, a few weeks a month or so, since our past workshop on Tor. So that's the amount of traffic that goes through it from other people. It's not too big. When your monthly bandwidth is one terabyte and it uses a few gigabytes, not a problem. But maybe later, as it gets used more, this may go up. And you need to be careful and make sure you don't overuse your bandwidth.