Back in November, Mozilla teamed-up with Tor Project under a new initiative called Polaris, in order to help reduce finite number of Tor connections occurring at the same time by adding high-capacity Tor middle relays to the Tor network, and now the company is ready with its first Tor Middle relays.
The Firefox maker has given the Tor network a high-capacity middle relays with the launch of 12 relays, all located in the United States, that will help distribute user traffic; the Tor browser is a great way to keep prying eyes from tracking you.
Mozilla is one of the most trusted companies on the internet, particularly when it comes to user privacy. The partnership of Mozilla and Tor aimed at providing more privacy features to Firefox browser, and increased Tor network support.
The Polaris Privacy Initiative was an effort of Mozilla, the Tor Project and the Center of Democracy and Technology — an advocacy group for digital rights, in order to help build more privacy controls into technology.
Engineers working under the Polaris Project made use of Mozilla's spare and decommissioned hardware, which included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2*Xeon L5640, 2*1Gbps NIC) servers, along with a dedicated existing IP Transit provider to the project (2 X 10Gbps).
"The current design is fully redundant. This allows us to complete maintenance or have node failure without impacting 100% of traffic. The worst case scenario is a 50% loss of capacity," French Mozilla engineer Arzhel Younsi said in a blog post.
"The design also allows us to easily add more servers in the event we need more capacity, with no anticipated impact."
However, the platform is not close to running its maximal bandwidth capacity and could receive further improvements including being moved into Mozilla's managed infrastructure and having IPv6 connectivity support.
Underlining some limitations, Younsi explains that due to safety reasons, not more than two Tor nodes can share a single IP address. But if so, an attacker could launch a variety of fake nodes to bypass the anonymity.
Moreover, a newly started Tor Relay would last up to two months in order to use its full bandwidth. It would therefore monitor the utilization of the bandwidth precisely.
Engineers used the open source Ansible platform for configuration management, a tool under consideration for which there is already a "ansible-tor" profile. Also, the tool does not require a heavy client/server infrastructure which should make it more accessible to other operators.
The platform was secured with strict firewall filters, hardened operating systems, hardened the network devices management plane, and implemented edge filtering in an effort to make sure only authorized systems can connect to the "network management plane."
"It is important to note, that many of the security requirements align nicely with what's considered a good practices in general system and network administration," Younsi said.
Before the launch of Polaris initiative, Facebook started offering a special Tor-only URL – facebookcorewwwi.onion – in an attempt to make it easier for anonymous users to access the Internet, it sounds like the little Onion Router is finally hitting the mainstream.