Merge branch 'main' into 'main'

docs: Relay Governance Docs

See merge request tpo/web/community!373
This commit is contained in:
Gus 2024-07-15 15:18:55 +00:00
commit d8088a7507
13 changed files with 392 additions and 3 deletions

View File

@ -27,7 +27,7 @@ To communicate with other translators, please join the [Tor localization mailing
Most of our localization efforts are hosted on [weblate](https://hosted.weblate.org/projects/tor/), a third-party translation platform.
You can submit anonymous suggestions, but it is better to create an account so you can comment and discuss with other translators, or review their contributions.
You can submit anonymous suggestions, but it is better to create an account, so you can comment and discuss with other translators, or review their contributions.
Remember that the username and email address you choose will be publicly visible on the translation platform since they will be associated with the changes you make.
We encourage the use of pseudonymous accounts.
@ -46,16 +46,21 @@ The page includes guidelines, resources, and priorities that will help you make
1. Go to [Notifications](https://hosted.weblate.org/accounts/profile/#notifications) and select `Tor Project` from watched projects.
Other projects we recommend are Guardian Project and Onionshare:
![Watch Tor Project in Weblate](/static/images/localization/watch-projects.png#fullwidth).
1. Make sure to also select [notifications for your watched projects](https://hosted.weblate.org/accounts/profile/#notifications).
1. Make sure to also select notifications for your watched projects.
1. Now you will see the Tor Project translations on your [weblate dashboard](https://hosted.weblate.org/):
![Weblate dashboard](/static/images/localization/weblate-dashboard.png#fullwidth).
1. To start translating a new resource, you first need to agree to its 'Contributor Agreement'. Each resource has its own Contributor Agreement.
# What to translate first?
If there are already Tor resources released to your language, please start by updating those.
You can see the translations with more priority at our [translation statistics page](https://tpo.pages.torproject.net/community/l10n/stats.html#high-priority-translations).
#IRC channel
We hang out in the #tor-l10n channel on the oftc IRC network. Please [join us to talk about localization](https://support.torproject.org/get-in-touch/#irc-help) (l10n)!
You can also use Element https://element.io/ to connect: #tor-l10n:matrix.org.
# [Tor Monthly Localization Hangouts](../hangouts/)
We meet on our irc channel every 3rd Friday of the month. Come over to hang out with other translators, ask questions, or simply translate together.

View File

@ -0,0 +1,35 @@
section: Localization
---
section_id: localization
---
color: primary
---
_template: layout.html
---
title: Monthly Localization Hangouts
---
subtitle: Every 3rd Friday of the month the Tor L10n Team meets to translate together, share tricks, meet fellow translators, and find out about the l10n priorities for the Tor Project.
---
key: 2
---
html: two-columns-page.html
---
body:
Every 3rd Friday of the month the Tor L10n Team meets to translate together, share tricks, have fun while translating, meet fellow translators, and find out about the l10n priorities for the Tor Project.
Come join us on the Localization Hangout, from Noon UTC, on the [#tor-l10n channel in OFTC](https://support.torproject.org/get-in-touch/#irc-help). (you can also use Element <https://element.io/> to connect: #tor-l10n:matrix.org)
At 13 UTC we make a call on [Big Blue Button](https://tor.meet.coop/emm-qmu-8o2-d2w)
If you are not a translator yet, you still have time to [become one](../becoming-tor-translator/) before the hangout.
![person hanging out](/static/images/home/png/block-trackers.png)
### What do we do in a hangout?
- Translate stuff
- Share translation tips and resources
- Complain about developers
- Talk about translation priorities
- Talk about our local contexts
- Practice bug reporting and git skills

View File

@ -0,0 +1,25 @@
section: Governance
---
section_id: governance
---
color: primary
---
_template: layout.html
---
title: Governance
---
subtitle: The processes and policies that govern relays on the Tor network.
---
key: 8
---
html: two-columns-page.html
---
body:
The Tor network operates on principles of openness, inclusivity, and decentralization.
As a global community-driven project, it is imperative to establish transparent and effective governance mechanisms to ensure the integrity, security, and reliability of the network.
This section provides insight into the processes, policies, and structures that govern the operation and use of Tor relays.
Effective governance of relays is crucial for upholding the trust of users and ensuring the continued robustness of the Tor network.
By transparently documenting these processes, Tor aims to foster a community-driven approach to network security, enabling collaboration among developers, operators, and users.

View File

@ -0,0 +1,26 @@
_model: page
---
color: primary
---
title: Handling Bad Relays
---
html: two-columns-page.html
---
_template: layout.html
---
key: 1
---
section: Governance
---
section_id: governance
---
body:
Having [processes to handle bad relays](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Bad-relay-work) in open networks like the Tor network is crucial to maintaining user privacy and security.
Malicious actors may attempt to join the network to attack Tor users.
To counter these threats, the Network Health team within the Tor Project actively detects and prevents such malicious efforts.
They collaborate with Tor [Directory Authorities](/relay/governance/policies-and-proposals/directory-authority) to take action against identified bad relays.
While we strive for transparency at the Tor Project, hunting bad relays is one of the few areas where we are in [need to find a balance between secrecy and openness](https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html).
The following resources are available to help users of the Tor network understand how we handle bad relay work.

View File

@ -0,0 +1,27 @@
_model: page
---
color: primary
---
title: Rejected Fingerprints
---
html: two-columns-page.html
---
_template: layout.html
---
key: 2
---
section: Governance
---
section_id: governance
---
body:
We publish all rejected fingerprints associated with attacks on a monthly basis, typically for the preceding month.
However, occasional delays may occur, particularly in cases of ongoing attacks or other rare circumstances.
These delays are necessary to prevent attackers from gaining insights into our methods of detecting malicious relays.
In April 2021, we started publishing the list of rejected fingerprints. Nevertheless, volunteers are allowed to explore historical data and document rejected fingerprints from the past if desired.
> You can view the [rejected fingerprints for 2021 - 2024](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Rejected-fingerprints-found-in-attacks).
The documentation of these fingerprints serves as a valuable resource for understanding and mitigating attacks on the Tor network, fostering a safer and more secure environment for all users.

View File

@ -0,0 +1,35 @@
_model: page
---
color: primary
---
title: Criteria for Rejecting Bad Relays
---
html: two-columns-page.html
---
_template: layout.html
---
key: 1
---
section: Governance
---
section_id: governance
---
body:
The Tor network relies on the contributions of volunteer relay operators to maintain its integrity and security.
However, there are instances where relays may be misconfigured or actively harmful to users.
The Network Health team is responsible for identifying and addressing these issues.
For more details on how we address these issues, you can reference our [criteria for rejecting bad relays](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays) guide.
In cases of misconfigured exit relays, which can cause usability issues for users, efforts are made to contact the operator to rectify the problem.
If direct communication isn't possible, the relay may be labeled as a "BadExit," indicating that it should no longer handle exit traffic while still remaining within the network.
Relays are considered malicious if they engage in behaviors such as DNS poisoning, SSL stripping, or sniffing user traffic.
In such cases, the relays are swiftly removed from the network to protect users.
Unlike misconfigured relays, malicious relays are not contacted before removal.
Corner cases may arise where the intention behind a relay's behavior is unclear.
In such instances, communication with the operator is essential to determine the appropriate course of action.
We encourage users to [report bad relays](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays#reporting-bad-relays) to the Bad Relays mailing list, providing detailed information to aid in investigation and resolution.
This collaborative effort helps maintain the integrity and security of the Tor network for all users.

View File

@ -0,0 +1,22 @@
_model: page
---
color: primary
---
title: Policies and Proposals
---
html: two-columns-page.html
---
_template: layout.html
---
key: 3
---
section: Governance
---
section_id: governance
---
body:
Policies refer to the rules, guidelines, and best practices that govern the operation of Tor relays and relay operators.
These policies cover various aspects of relay operation, including security, performance, privacy, Tor's network health, and community.
By following these policies and actively participating in the proposal process, relay operators can contribute to the security, reliability, and integrity of the Tor network.

View File

@ -0,0 +1,25 @@
_model: page
---
color: primary
---
title: Directory Authorities
---
html: two-columns-page.html
---
_template: layout.html
---
key: 3
---
section: Governance
---
section_id: governance
---
body:
# Directory Authorities
Directory Authorities are important components within the Tor network that serve as trusted entities responsible for managing and maintaining the list of Tor relays.
They are a set of specialized servers within the Tor network that collectively generate and distribute a signed document (known as the consensus) containing information about all known Tor relays.
These authorities are operated by trusted organizations or individuals with a strong commitment to the principles of privacy, security, and network neutrality.
> [Read our directory authority policy](https://gitlab.torproject.org/tpo/core/torspec/-/blob/HEAD/attic/authority-policy.txt).

View File

@ -0,0 +1,52 @@
_model: page
---
color: primary
---
title: Evaluation Criteria for Proposals
---
html: two-columns-page.html
---
_template: layout.html
---
key: 2
---
section: Governance
---
section_id: governance
---
body:
The [evaluation criteria for proposals](https://community.torproject.org/policies/relays/evaluation-criteria-for-solution-to-combat-malicious-relays/) are built on some important goals: keeping it easy to set up relays, protecting the network from bad actors, respecting human rights, and following Tor's values of transparency and accountability.
These criteria help us keep the Tor network inclusive, safe, and principled.
We recognize the potential conflicts between our goals for relay operators and our broader goals of user privacy and security.
Though before we set any goals or policies, we try to verify that one set of goals does not negatively impact the other.
For example, we want to keep the barrier for running relays low and build a transparent network.
But, on the other hand, a small increase in the entry requirements for running relays could also make the network more secure by keeping out bad actors.
That's why we created the evaluation criteria; to carefully examine these security concerns without overloading relay operators.
This process helps us maintain a strong and reliable network, with a community of operators who are invested in transparency.
The criteria for reviewing proposals go beyond looking at technical feasibility, because we prioritize will-it-work over can-it-work.
For instance, while a proposal might be technically sound, our evaluation criteria go deeper to assess its practicality for relay operators and potential impact on the network's overall health ("will-it-work").
This helps us make sure we don't overburden operators or introduce unintended privacy risks.
A [past proposal](https://lists.torproject.org/pipermail/tor-relays/2020-July/018643.html) suggested requiring physical addresses for verification from relay operators.
Rather, following our evaluation criteria, we explored [alternative verification methods](https://lists.torproject.org/pipermail/tor-relays/2023-October/021358.html) that could be less intrusive for the operator community.
Keeping user information private and the network secure can be tricky when we also want to be open and accountable, but our evaluation criteria check that were on the right path.
These criteria serve as a rulebook for any improvements to the relays and processes for people who run them.
One key way were delivering this transparency is by making all proposed network health enhancements public knowledge, easy to find, and clear to understand.
On top of that, we establish clear and publicly accessible rules and policies to govern specific situations and behaviours. These rules and policies outline what a violation is, and the corresponding actions we take.
For example, our [criteria for rejecting bad relays](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays) policy defines what qualifies as a malicious relay, and details the steps we take to identify and remove them.
By making the policy public, the Tor community can hold us accountable for its enforcement.
Users and operators can monitor how the policy is applied and raise concerns if they believe relays are being unfairly targeted.
While transparency is a core value, we recognize the potential challenges. We keep our methods for finding suspicious activity as open as we can, even though it might give attackers some insights.
We try to extend our commitment to transparency and accountability across all our processes.
By being open about our decision-making and actions, we aim to foster trust with the Tor community so they can rely on us to safeguard their privacy and security.
Every proposal is carefully reviewed to check that it aligns with all our community values, as outlined in Tor's [Code of Conduct](https://community.torproject.org/policies/code_of_conduct/) and [Social Contract](https://community.torproject.org/policies/social_contract/).
Additionally, we evaluate proposals based on how well they meet our [established criteria](https://community.torproject.org/policies/relays/evaluation-criteria-for-solution-to-combat-malicious-relays/) for supporting the relay operator community and achieving Tor's overall goals.
If youre interested in [submitting a proposal](/relay/governance/policies-and-proposals/proposals), please review [our policies](https://community.torproject.org/policies/) to understand the principles that govern relays and the relay operator community.

View File

@ -0,0 +1,32 @@
_model: page
---
color: primary
---
title: New policies and proposals for the Tor relay operator community
---
html: two-columns-page.html
---
_template: layout.html
---
key: 1
---
section: Governance
---
section_id: governance
---
body:
Historically, the management of the Tor relay operator community was informal, depending on interactions among [relay operators](/relay/governance/relay-operators/becoming-relay-operator), [Directory Authorities](/relay/governance/policies-and-proposals/directory-authority), and Tor Project staff during meetups.
However, as the community has grown and become more diverse, a structured process is necessary to evaluate and implement proposals systematically.
The proposals for relay operators are focused on operational, policy, and community-related aspects specific to the relay operator community, contrasting with the technical specifications covered by [Tor specifications](https://spec.torproject.org/) (aka torspec).
Topics include security measures against malicious relays, expectations for relay operators, sustainability, and guidelines for investigating and removing malicious actors.
The proposals undergo a thorough review process involving drafting, community consensus, and final approval by the proposal editors, ensuring they align with the Tor Project's policies and operational goals.
Learn more about the [process for new policies and proposals for the Tor relay operator community](https://community.torproject.org/policies/relays/001-community-relay-operator-process/).
The following are sample proposal formats you can use to get started.
- [[tor-relays] Proposal: Restrict ContactInfo to Mandatory Email Address](https://lists.torproject.org/pipermail/tor-relays/2023-October/021358.html)
- [[tor-relays] Process for new policies and proposals for the Tor relay operator community](https://community.torproject.org/policies/relays/001-community-relay-operator-process/)
- [Expectations for relay operators](https://community.torproject.org/policies/relays/expectations-for-relay-operators/)

View File

@ -0,0 +1,51 @@
_model: page
---
color: primary
---
title: Becoming a Relay Operator
---
html: two-columns-page.html
---
_template: layout.html
---
key: 1
---
section: Governance
---
section_id: governance
---
body:
At the heart of the Tor network are volunteer-operated relays, which help anonymize and route user traffic.
Becoming a Tor relay operator is a rewarding way to contribute to online privacy and freedom.
Here's a step-by-step guide to help you get started:
1. **Understand the basics of Tor**
Before diving into becoming a relay operator, it's important that you have a basic understanding of how the Tor network functions.
You can read through our documentation and try routing traffic through the Tor network using the Tor Browser.
2. **Assess your resources**
To operate a Tor relay, there are [technical requirements and resources](/relay/relays-requirements/) that youll need.
If you decide to become a relay operator, make sure you meet the requirements, have some technical expertise, and some time to maintain the relay.
3. **Choose your relay type**
There are [three types of relays](/relay/types-of-relays/) in the Tor network: entry relays, middle relays, and exit relays.
As a relay operator, you can either run an exit relay or a non-exit relay because you cannot operate middle relays alone.
Decide which type of relay you want to operate based on your resources and preferences.
4. **Set up your relay**
Once you've chosen the type of relay you want to operate, you'll need to [configure the relay](/relay/setup/) on an operating system youre comfortable with managing.
You can follow the [instructions](/relay/setup/) carefully to ensure your relay is set up securely and correctly.
5. **Configure Bandwidth and Security Settings**
As a relay operator, you can configure the bandwidth limits for your relay to ensure it doesn't overwhelm your internet connection.
Additionally, you'll want to configure security settings to protect your relay from potential attacks and abuse.
6. **Monitor and Maintain Your Relay**
Operating a Tor relay is an ongoing commitment.
You'll need to monitor your relay regularly to ensure it's running smoothly and efficiently. This includes checking for software updates, monitoring bandwidth usage, and addressing any issues that may arise.
7. **Join the Community**
As a Tor relay operator, you're part of a global community dedicated to promoting online privacy and freedom.
Joining the Tor community allows you to connect with other relay operators, share knowledge and experiences, and contribute to the ongoing development of the Tor network.
8. **Spread the Word**
Lastly, help raise awareness about the importance of the Tor network and the role of relay operators in maintaining its integrity.
Encourage others to become relay operators or support the Tor project in other ways.
> Read our [Expectations for Relay Operators](/relay/governance/relay-operators/relay-operator-expectations) guide for more detail on what it means to be a good relay operator.
By following these steps, you can become a valuable contributor to the Tor community and play an important role in safeguarding online privacy and freedom for users around the world.

View File

@ -0,0 +1,26 @@
_model: page
---
color: primary
---
title: Relay Operators
---
html: two-columns-page.html
---
_template: layout.html
---
key: 2
---
section: Governance
---
section_id: governance
---
body:
Relay operators form the backbone of the Tor network, facilitating anonymous and secure internet browsing for users worldwide.
Operating a relay involves running specialized software that routes encrypted traffic through a series of relays, protecting user privacy and security.
In the past, our approach to organizing the Tor relay operator community relied heavily on the informal dynamics between [relay operators](/relay/governance/relay-operators/becoming-relay-operator), [Directory Authorities](/relay/governance/policies-and-proposals/directory-authority-policy), and The Tor Project staff.
Now, through discussions and interactions in meetups and similar events, we collaborate with operators to determine best practices for managing Tor relays.
This is beneficial to both user safety and the continued effectiveness of [Directory Authorities](/relay/governance/policies-and-proposals/directory-authority) and The Tor Project.
Relay operators contribute valuable bandwidth and computing resources to the network, enabling Tor users to access the internet anonymously.

View File

@ -0,0 +1,28 @@
_model: page
---
color: primary
---
title: Expectations for Relay Operators
---
html: two-columns-page.html
---
_template: layout.html
---
key: 2
---
section: Governance
---
section_id: governance
---
body:
Relay operators play a crucial role in the health, safety, and sustainability of the Tor network.
While they generously invest their time, energy, and resources to support the network, it is essential to have clear expectations to ensure the integrity and security of the entire system.
These expectations help maintain user trust, and network functionality.
Operators must prioritize user anonymity and security, maintain good operational practices, and align their activities with Tor's values and mission.
This mutual commitment between the Tor Project and relay operators is vital for the Tor network's continuous success.
> See the [full expectations for relay operators](https://community.torproject.org/policies/relays/expectations-for-relay-operators/).
If questions about adherence to these expectations come up, our [community policies](https://community.torproject.org/policies/) provide a framework for decision-making and enforcement within the Tor community.