1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
+++
title = "A Tor middle relay at home, and the ignorance from the \"Cybersecurity\" team"
description = "I was running a Tor middle relay at home, and I received a call from the \"Cybersecurity\" department from a client. They didn't know much about Tor."
date = 2025-06-10
authors = ["Nicolás Dato"]
[taxonomies]
Tags=["Tor"]
+++
## Background
Some years ago I decided to contribute to the Tor network by running a Tor middle relay. I decided to run it at home, in my personal computer. I knew there could be some negative consequences like some websites blocking me, or an increment in captchas I had to solve.
That personal computer is the same I use to work, and we have a client that is a big corpo. From time to time we provide technical support by connecting to their VPN. I hadn't connect to their VPN for a long time.
When someone uses Tor, they use 3 relays in order: the guard, the middle, and the exit relay. If someone sees a connection from an IP that is an exit relay, it can be a Tor connection. *If someone sees a connection from a middle relay IP, it CAN'T be a Tor connection* because Tor doesn't work like that, the middle relay connects to the exit relay and it's the exit node that connects to the destination.
## The call from the big corpo
One day they changed their VPN and I had a call with them to configure the new VPN, set up the account and so on. Of course, as this is a big corpo they use proprietary software, I always try to use a free software alternative if it works, but as I was in a phone call with them I decided to boot Windows and install that proprietary VPN. I followed all instructions, successfully connected to their VPN, disconnected, and ended the phone call.
Minutes latter I received a phone call from an unknown number. I didn't answer but they called again so I answered. They asked me if I was me (yes) and they said they where from the cybersecurity team from that big corpo. They started asking me weird questions about which software I was using to connect to their VPN. That was a big surprise because I would expect those questions if I had used an unofficial free software from Linux, but in this case I did use Windows and the official proprietary software. I told them that I was in a phone call with them and they guided me on how to connect to the VPN and I that followed all the steps, but they kept asking about me how I connected to their VPN. I think they were hiding the real question, maybe they first wanted to gather information from me, because after some time *they finally asked if I was using Tor* (or something like that).
At first, I was kind of excited. *It was my moment to talk about Tor*. I thought it would be easy to explain, as they were the cybersecurity team they should know even more than me about Tor. So I would just say I run the middle relay, maybe explain a bit about Tor just in case, and they would be happy and I would be happy too because I could talk about Tor to someone else.
The reality was that *they knew nothing about Tor*, only that it was a privacy software. I tried to explain them how the guard-middle-exit relays works, and that I run a middle relay but I wasn't using the Tor network, and that I was on Windows so there wasn't any relay running at that time. But I couldn't explain myself, or they didn't want to take me explanation. They didn't understand that if they were seeing my IP it meant that I wasn't using Tor because I was a middle relay, if I had been using Tor they would have seen the IP of an exit relay.
Eventually they decided to consult with their manager and that they would call me back. I checked that I hadn't run an exit relay by mistake (I wasn't), and I tried to convince myself, to prove myself, that I wasn't connecting through Tor (I wasn't).
Finally, they contacted me by email and *they demanded me to stop using Tor to connect to their VPN*. In the email there was an screenshot showing a log with my IP and some information. I searched that line and I found literally the same line on a website that lists all the Tor relays. One of the columns was the type of relay and my IP was a middle relay, as it should be.
I didn't like that email, it meant they didn't know anything about Tor, and they accused me of doing something that I didn't do, and demanded me to stop doing that thing that I wasn't doing. I was thinking in sending an email telling them that I didn't use Tor and writing an explanation with links to Tor's website. But I decided the best was to follow they commands, i.e. do nothing. I told them "I won't use Tor to connect to their VPN", which was what they wanted to read from me, and somehow I was satisfied because I wasn't lying nor saying that I did use Tor.
Anyway, I decided to stop running the Tor middle relay at home in case I needed to connect to their VPN (but I never had to connect to their VPN ever again). I knew that having it at home wasn't good for the network because I was rebooting the computer or powering it off constantly. After that I set up a VPS (this website) [that runs a Tor relay](https://metrics.torproject.org/rs.html#details/7EAAA9A9A1B0B834B74C60CDBBCE306CA7F91423).
## Thoughts about the Cybersecurity team and their demands
At that time, when I received the phone call and then the email, I thought they were idiots, ignorants, that were in a position (cybersecurity) that they didn't deserve, and that they were saying and demanding nonsenses.
Now I understand that they have protocols and software with alarms, and that they have to comply with that. If the software says that there was a suspicious connection, and the protocol is to stop it, I get it, no matter what I could tell them, they didn't like my connection and I should stop doing whatever I was doing.
However, I still think they were (are) ignorants and idiots, I think they should have said something like "ok, I understand that you run a middle relay and in fact the log says so. I understand that you didn't connect through the Tor network. But you know that as we've got an alarm here we can't let it go, and if you connect again the alarm will show up again. Can you stop the tor middle relay if you are going to connect to our VPN?".
|
