 Hey. Thank you all for coming. My name is John Box. I co-founded Emerald Union. We're a 501c3 transit ISP. We currently route a whole bunch of Tor Exit traffic based in Seattle, Washington. Three years ago, I started this idea, I started sharing this idea with some friends of mine in the privacy community, that the current way of building out the Tor network might not be ideal for our... the version of the internet that we want, and that might be to Torify everything, to push everything through Tor, whatever. I think that Brave is testing using Tor in the private browser mode. That's awesome. Facebook has their onion. That's awesome. DuckDuckGo, all of the media organizations that use SecureDrop, that's great. But if we want more providers using onion services to protect their users' privacy, then I think we need to go about building out Tor infrastructure and privacy infrastructure a little bit better. So a year ago, me and some friends co-founded Emerald Union. We registered in Seattle, in Washington State. And we've been online for a short little over a year now. Most of the content in my slide deck is, or the details of the content is on our website, emeraldunion.org, because I don't have enough time to go through all of the detail in this talk. So, starting up, we did the Washington non-profit status, $50. The articles of incorporation that we did were compliant with the IRS 501c3 requirements. It's there on that website there, emeraldunion.org, forward slash articles. So I should step back actually real quick. So one of the overall purposes of Emerald Union is to try all of this stuff, make it work, and then publish what we do on our website. So like the articles, like all the other stuff in this presentation, they're going to be online. So you all can easily approach these problems. So step two for us was registering with Aaron to get our ASN and our IPv6 and IPv4 scopes. So Aaron, if you don't know, is like a domain registrar, except instead of going there for domains, you go there for IPs. There's an application process. You have an ASN that you use to talk to other ASNs if you're using protocols like BGP, which we do. And this process took a little less than a month. The application process that we went through is also published on our website so that you can more easily do that. So this is our ASN. We have a slash 36 IPv6 scope. We have a slash 24 IPv4 scope. We use our ASN again to communicate with other ASNs that we peer with in the Seattle Internet Exchange. This is hard. So yeah, ASNs, they're cool. So use your ASN to announce to other ASNs. Yeah, we use BGP. So one really cool thing that we found out, someone randomly told us on Twitter, which was pretty cool. So IPv4 scopes were exhausted in a few years ago. Aaron actually has this 4.10 policy, which was set aside to facilitate the adoption of IPv6. So if you can articulate to Aaron and go through that process, they'll actually give you a free slash 24 IPv4 scope. So that's what we did. We were able to articulate this because Tor in its current state only supports IPv4 traffic between relays. So from middle to, or from guard to middle to exit, that's all IPv4 only. Tor project wants to expand and do more IPv6, but we need more operators to use IPv6 in order to curtail potential surveillance issues around having a limited subset of our nodes being IPv4 only. So please add, if you're an operator, please support IPv6 because we need it and hopefully one day we'll be able to only use IPv6 and we can get rid of our IPv4 scopes. So because our long-term goal was to get 501c3 status as a public charity. Sorry, that's a little early. So the IRS EIN, so this is basically your social security number for your organization. It's a quick, easy thing that you do online. 501c3. So we wanted to become a public charity so that we could be sustainable in our funding. It's easy if you do it right. This was one of the biggest hurdles that we had mentally going into this. We had no idea how long it was going to take, if it was going to be possible. We were being coached by Rise Up Networks and Calix Institute and other not-for-profits and it just seemed like this might be an impossible task in this current day and age for a tech organization to get 501c3 charity status. It was actually really easy. So the trick that we learned is that don't make $50,000 in your operating budget like for your first year and that qualifies you for the 1023 easy. The 1023 is what you would use to apply for 501c3 status through the IRS and make sure that you do that within the first year roughly to do that. So the 1023 easy not only made it cheap, it was $275 compared to I think the normal 1023 process is $850. We didn't need a CPA, we didn't need a lawyer and if you can see by these dates here it was 16 days. I mean for some reason the IRS didn't actually tell us that we got charity status, we had to look it up manually online. So cool but we got it. So part of our articles of incorporation, this is article four, one of our goals as a organization that wants to support privacy was to try and make sure that our scope was general. So the purpose of this corporation is to promote and support online anonymity and privacy. We wanted to keep it very general so that in the event that Tor is you know the hot stuff right now, maybe mix nets, maybe whatever is going to be what we need to build out in the future and there's a whole bunch of other stuff that we could potentially do as a 501c3 charity. So we wanted a general mission statement. Another small thing in the 1023 process, this is how you signify to the IRS what kind of an organization that you are. There's a huge list of NTE codes. We spent a couple of weeks like going through all of them and deciding which one we wanted to go with but we felt like this was the best one given our presumed scope for operating as a transit ISP. So as you can see here, this was the timeline and how much it cost to like legitimately become a 501c3 transit ISP. If we had known that the IRS process was going to be so easy, we'd have done that sooner and we probably could have done it by July. But yeah, so like bottom line, this is something that you can do. This is not that hard. We didn't need a CPA, we didn't need a lawyer. We had them anyway because we were fortunate and our network of friends and family supported us but it's actually not needed if you do these things in the right way. So we turned on our exit relays in July of 2017. We actually made a small mistake that I want to touch on real quick. We originally first leased our IP space from our upstream ISP. We should have just run as a middle relay until we got our own IP scopes. So there was one day when our ISP emailed us and said, hey, we're getting abuse, we're going to start charging you a dollar on abuse complaint if you don't stop. So that would have been kind of expensive and thankfully the Aaron had already approved our IP scope so we were in transition already to use our own scopes. But it's just a lot easier starting up if you start as a middle relay and then once you get your own IP scopes, go towards, you can start exiting. So in this year process, we translated 3.5 Pebby bytes of data and we received roughly 3100 unique abuse complaints. 99% of these abuse complaints were automated. We noticed, but they came in nonetheless. Most of them also don't require any kind of response, but we responded anyway just to be proactive just in case something were to escalate. And we use the Zendesk to automate that automated response back and we serve our legal FAQ, which I'll be talking about shortly, to educate them about what we do and why we're doing it. So if basic math here, which I think is pretty cool, for every 1.13 terabytes we receive an abuse complaint and that's a unique abuse complaint and it could be anything from spam because we run as an unfiltered exit router so we don't block any ports. It could be spam, it could be SSH attacking, I don't know, like there's just a bunch of random stuff. We used to get a bunch of DMCA but that stopped randomly. So Emeril Ennion preemptively developed a strong legal backbone right at the beginning. We reached out to Marsha Hoffman at Zeitgeist Law to help us create some legal FAQs that are also on our website for free. So please check them out and use them if you're operating like we are in the United States because they're not really valid anywhere else. We have two versions of the legal FAQ. One of them you would give to your ISP if your ISP receives an abuse complaint, you could give them this FAQ and it would be valid and explaining like what you're doing is legal. And then we have another legal FAQ which is if you were to receive abuse from anyone so that is the one that we use for automated responding now that we have our own IP space. So one small thing we just note publicly that we don't log any information. Tor does a good job of this already but we audit our devices to make sure that we don't log any network information above and beyond what Tor already doesn't record. So the extents of what we technically have is DNS cache and BGP caches but none of those are super sensitive thankfully. So this is our policy that we state on our website. So DMCA is interesting. It's stupid but it's here. Basically in order to be compliant with the DMCA safe harbor or the DMCA protections of a conduit provider, you need to have a termination policy. This is our termination policy here. It basically says we don't have any subscribers. We can't identify our users but in a appropriate circumstances we'll terminate. We don't really have a technical way to do that because of Tor but we have to have this policy just to be compliant with the DMCA protections. So cool. Okay. So also in that past year we received two subpoenas. This is just one example. Both of them were from the Department of Homeland Security. We published a transparency report here on our website and there's a whole bunch of other things beyond subpoenas that we list just to be explicit. So we update that regularly. This was pretty scary for us to receive the first time like we kind of expected that something like this might eventually happen just talking to CalX and other operators. These came in via email. They don't come in via mail. That surprised us. So they send it to our admin address. It was really scary at first but it doesn't seem that way now just because we've had a little bit of practice. So basically like some takeaways. Don't run an exit router from your home. Obviously Tor Project does a good job educating people about this. The reason why you don't want that is because you don't want to be at the, you don't want law enforcement to come and kick in your door and take your computers just because someone did something presumably malicious from your exit router. So put it in a data center and ideally own your own IP scopes. Like your own V6 and V4 address scopes. And that way you can, instead of being at the part of law enforcement where they come and kick down your door and take your stuff, they come, they send you an email and they're civil and they're like, hey, we have this IP address. We need some user data and we can just literally just reply and say, hey, we're running Tor. We don't have data. Here's a legal FAQ. Please let us know if we can help further. Again, a lawyer isn't needed for this process. At first we did have our general counsel call and just talk to them just to understand this process but it's actually to the point where we're just going to email them back now if they send us another one and just say, hey, we can't help. Sorry. So today we're launching a new program. It's called onion.lawyer. Something that's been missing in the Tor community for a while is clear legal support. So our general counsel Matt McCoy is leading this and in partnership with the Yale Privacy Lab. It's a distribution that you can contact in the event that you are under legal duress because of your operations with Tor. It's a network of pro bono attorneys that will do their best to support you in the event that you need help. If they can't, hopefully they're networked and they can find someone that can. But hopefully this is something that becomes important in supporting operators. Oh, yes, if you're an attorney, please reach out and volunteer for this. If you have a friend that's an attorney, please convince them that this is something that they might want to do and have them reach out so that we can grow this. Okay, so data center stuff. So to move in, we had to have three types of insurance. This is the three types. We bought our own hardware. We use low power Z on D platform that has integrated 10 gigabit fiber. So it's nice and cool and has good connectivity. We, because the Tor network is roughly 90% Debian, we decided to go with a BST platform. We decided to go with Harden BST because of its inherent exploit mitigations and general security, which we think also improves the health of the Tor network. This is an outstanding project. If you are into BST, please support them. If you're an operator, please consider using Harden BST or something that isn't Debian, that'd be cool. Okay, so this is our current co-location and under cost. Nothing special about it. We have a gigabit unmetered link. This particular link is actually part of our internet exchange point connectivity. So we transit through that connection so we only have one 10 gigabit fiber drop, which is cool. And then we have connectivity to Seattle internet exchange, which I'll talk about more here. So internet exchange points are really cool. They provide direct access to a whole bunch of peers. And what I mean by peer is someone that you physically connect to. And this is really important for Tor exit operating because instead of that Tor exit traffic, say you're facilitating the Tor traffic from a middle relay to your exit and then it's going out to the internet from that exit. It is ideal, I think, in that traffic that you're exiting to its final destination has as little hops as possible. And what I mean by a hop is some other router or switch on the internet that is owned by some unknown company and every one that it traverses is an opportunity for surveillance in some form or fashion. So peering is really awesome. I think for the Tor network, not just because of latency minimization. Like I think our average latency to our peers in the six is .35 milliseconds. So it's really quick. So that also helps user experience kind of. But mainly it's the surveillance minimization properties of IXPs that we think is really valuable. So as you can see here, we're peered directly with Google, with Amazon, with Akamai, open DNS, Twitter. So if people are using our exit relays, they're going to terminate at those end points very quickly and with no other third parties observing that traffic, hopefully, aside from the route servers that we connect to in the IXP. Hoping that they're not backdoored. And I'll talk more about that. So, we are, we're kind of fortunate with the CL internet exchange. It's a non-profit IXP. It's, it's, it advises that you don't surveil the ports if you're up here, which is good. I'm hoping that they eventually one day adopt a transparency report that would be better. Non-profits have inherent transparency aspects to them like publishing where they get their money, what they spend it on, stuff like that. So finding non-profit IXPs I think is really awesome. Geolocation, so that could mean it's proximity to like an undersea cable. It could mean it's proximity to a certain provider. It could, there's like 100 and I think 20 about IXPs in the United States. So there's quite a selection and most of them are in dense areas to begin with. So there's not a lot of choice but there's some strategic things that you can, some strategic choices that you can make. So participation, this could be like a certain provider like Amazon, like Cloudflare, Akamai, like big providers, places that traffic will go on the internet, the more the better so that there's more peers that you're sending extra traffic to. And then of course cost. Most of the IXPs that we've seen are for-profit and pretty expensive. Ours, we paid $2,000 for a 10 gig port. It's a one-time cost. There's no recurring fees, which is awesome. So not many are like that. This was a recent article about the biggest, one of the biggest IXPs in the world and it's in Germany, which is unfortunate because a lot of the Tor network is in Germany, like just because of their, how cheap their bandwidth is. It's not clear how good, or obviously not good, how bad this might be for the Tor network. Personally, I would try to avoid DECIX just because of this known issue of active government surveillance, also part of Five Eyes. So it's best to avoid that if possible. So challenges for finding good IXPs. Obviously, if they're under active surveillance, that's not ideal. There's lots of data centers without IXPs. Like I said, there's 120 roughly in the United States. They're large IXPs, so Comcast, AT&T, whatever. Because they're profit-driven, they tend to have restrictive peering policies, which means they're not open to peering with anyone. They're only going to charge money, which is not good for, I think, surveillance, or I should say privacy. And then content providers with no peering policies. So some providers just refuse to peer because it doesn't make sense, which is also unfortunate because that means we can't, it means we have to send traffic around in some other way and it's going through some other provider that we just have no accountability for, that there's no accountability for. Okay, so undersea cables. So we know that these are, we have a good guess that these are all tapped. Which is lame. The way that the tour bandwidth authorities currently work means that the tour traffic largely bounces back and forth between Western Europe and Eastern United States. So there's a whole lot of traffic that crosses the Atlantic Ocean. This, we have a working theory where there could be some more strategic decisions made in order to place tour routers, especially exit routers. One of them is to place them in IXPs because of the early termination and the properties there. Another is because, or if they can be placed close to undersea cables. So again, so if they can receive that traffic as soon as it comes into the U.S. And it can terminate as quickly as it can without going anywhere else in the U.S. that I think is better. So we are just developing this theory in order to try to find things that can help us more strategically place exit routers around the U.S. Today we're also launching this project called Safe Crossing. The first part of this is just us, Emerald Onion expanding into other places in the U.S. We think we're going to go somewhere along the East Coast because of the things that I just discussed. But more importantly, Safe Crossing is going to be research and development around the deployment of net new IXPs. So because of our experience with not being able to find non-profit affordable IXPs with the qualities that I already talked about, we want to build our own. So where there is dense connectivity, we're looking there. There's some underserved areas that we think that IXPs could be built. Places like Puerto Rico we think would be a really great starting point for something like this. But it's basically to compete with the profit driven IXPs that are also generally surveillance friendly. So it's about creating safer spaces on the Internet like basically kind of the backbone of the Internet. This is kind of a cheap way to do that. Create safe spaces for traffic to move about. If you're interested in helping create non-profit IXPs and being involved with Safe Crossing, please contact us here. Particularly if you're involved with the open compute projects, we're interested in that platform because it's open hardware, free Liberty software, goes up to 100 gigabit. It just seems like an ideal platform that creates a safe space for your compute infrastructure. If you have any IXP management experience, we are interested in learning more about how to actually build one. We'll figure it out. If you have IP scopes or are working for a company that has IP scopes that you're not using, like IPv4 scopes, consider donating them to us because we will either use them or we'll give them to an organization like us that is able to use them for privacy. We're looking for partners. If we can create one IXP somewhere, we want to have big partners on day one so that it entices other people to become part of this new mission and grow the infrastructure in that region because the more peers, the better. This is just some quick details about our income. To get started, we received a grant from TorService.net for $5,000. Our directors have been donating monthly, currently up to the sum of about $10,000. We've received about $1,000 of direct funding and DuckDuckGo included us in their privacy challenge just a couple of months ago and received enough money to pay for our whole year of operations for this next year, which is awesome. In the PayPal giving campaign, someone signed us up for that and they just sent us a random check, which is cool. But that's like the benefit of being a 501c3 charity is you can take advantage of some of these programs. Another one that I didn't mention here that we haven't really used yet is if your company prices or matches donations that you make to nonprofits, because we're in those networks as well as a 501c3, which is cool. Challenges. Fees, obviously, it costs money to do this stuff. IP transit, that's our ISP, ASN fees, IP scope fees, transport is where you have to lay fiber from point to point within the data center. That has a recurring cost sometimes, co-location fees, equipment fees, peering port fees. These are all challenges that we have. We're trying to figure out ways that we can make these cheap or free and share that information with the larger community. Generally, it's hard to prioritize privacy over anything else. Like it's really cool to work for Emerald Union and think about privacy first, not logging, using disk encryption, whatever. But it makes it hard because we can't log. So when someone dices us, we actually have no idea who does it because we don't log the perimeter firewall. Just in case some Tor user ends up hitting our firewall in some weird way and causes us to log the traffic. We just don't want the IPs. So making those kinds of choices makes it hard to operate in that way. But that's what we think is important. So we prioritize privacy over money. Open source networking hardware. So there is more and more open hardware showing up, but specifically networking hardware is unique. Both firmware and like full stack compute is challenging. There's some options out there like I mentioned the open compute projects, but there needs to be more. We can always use more. Network redundancy. So one thing that we want to do better is having redundancy in our WAN and LAN stacks. But if we want redundancy there, we're going to be multiplying our cost by at least a factor of two just because we have to have at least two of everything. But that usually comes with other additional costs as well. So we want to have that. But again, that's a big challenge. IPv4 scopes, obviously because of the exhaustion issue, it creates a higher bar for someone jumping into this to get started. If they could just jump in with only an IPv6 scope that would be easier. And of course technical volunteers. It's hard to find people and keep people that are passionate about this stuff. So that's always a challenge. So I wanted to give a quick shout out to Tor Project for hiring their really advocate. Colin, aka Foole is their advocate. If you are an operator, he probably has already reached out to you. If you have updated contact information in your Tor RC file. So if you need help directly, like something that you can't get from the email lists, you can reach out to Colin and he can help you out. Lastly, I want to thank my team. So I have a really amazing team of volunteers on the board of directors and our advisory board. We just wouldn't be here without the help of everyone. So, yeah. Thanks. That's how I'm learning.