It’s easy to setup a Tor bridge on AWS – and you should

Panel including Laura Poitras, Jacob Applebaum and Robert Tibbo at Citizen Four screening in Hong Kong

I was lucky enough to be invited to a screening of Citizen Four with a follow up Q&A panel with director Laura Poitras, cybersecurity legend Jacob Appelbaum and  asylum and extradition lawyer Robert Tibbo, by the JMSC at Hong Kong University. The film is great but this post relates more to the discussion about internet security after and how everyone should facilitate the use of Tor anonymous browsing.

During the film, it is made abundantly clear that various governments (especially the United States and United Kingdom) are aiding each other in spying on citizens without probably cause or sufficient scrutiny. Journalists can face harassment by these security agencies and Poitras and Applebaum now live in Germany to lessen their risk of such measures.

One of the technologies that can help to reduce eavesdropping is Tor. This is an anonymous browsing network that can help to hide your online activities from would be snoopers.

Something that was made clear during the Q&A after the screening is that it helps people like journalists or political dissidents if everyone uses these secure systems for various reasons.

  1. If only journalists with something to hide use Tor, the act of using Tor is a red flag to prying agencies.
  2. If only a few people use Tor etc, then it is still valuable to the government to build massive data harvesting capabilities whereas if only a few people act openly online, the cost of building these systems is not warranted by the information they can harvest.

Thus there is a sort of herd-immunity that can be obtained by increasing the use of Tor and other online-security systems that may not be of use to you directly but can help others that you may sympathise with and want to protect i.e. journalists and free-thinkers.

So – inspired by this, I decided to aid the cause by setting up a Tor bridge. This is basically a server that acts as an obfuscating go-between for Tor users when they are browsing etc online. It turns out this is really, really easy to do, using Amazon AWS cloud services.

I’m not going to go into a full how-to here, it is so simple and there are very clear instructions on the Tor Cloud ‘get started’ page.

Suffice to say, if you have an AWS account,  you simply need to:

  1. Launch an instance
  2. search for ‘tor-cloud’ in the community AMIs for your region
  3. select either the public bridge (used by any Tor user, if you’re not in US-East-1 Virginia region, the AMI is ‘copied from ami-4a7c1a23’) or private bridge (not shared with other TOR users, if you’re not in the US-East-1 Virginia region, the AMI is ‘copied from ami-567c1a3f’)
  4. select all defaults up until ‘select a security group’, at which point create a new one called e.g. ‘Tor-cloud-servers’ and make sure that SSH (port 22), HTTPS (443), Custom TCP Rule (ports 40872 and 52176) are open with ‘source’ set to ‘anywhere’.
  5. Click through to ‘launch’ at which point you’ll be asked if you want to create a new security ‘key-pair’ – do this and download it to a safe place if you ever want to log into your Tor server.
  6. Click on ‘launch’ one final time and that’s it! You’re now helping the TOR project.

For details of how to find your server’s IP address, log in and check that it is actually running, see questions 3,5 and 4 of the Tor cloud FAQ respectively.

The cost of this server (using the default T1 micro instance) is $20 per month – unless you have only just set up your AWS account and qualify for the free-tier usage in which case it should only cost you $3 per month (to cover the extra bandwidth not included in the free-tier). I will try to update this page with my observed costs.

There are other types of server configuration that can be setup and full details of all Tor’s settings can be found in the documentation at the Tor Project site. Of course the other part of this is to get the Tor browser so you can boost that herd immunity as well as keeping your online activity more private.

One thing that needs to be remembered! The simple answer to “Am I totally anonymous if I use Tor?” is ‘No’.

Another question that I’m not entirely sure about is “Is Amazon going to keep Tor secure?” Of the releases since Edward Snowden, it is clear that governments are pressuring or outright violating private corporations to circumvent privacy and security measures. Only time and more whistle-blowers will tell.

Leave a Reply

Your email address will not be published. Required fields are marked *