New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The entire point is for nobody to be a relay. They can still be a CLIENT on Tor by using a bridge in their configuration. Torsocks accesses the local Tor service - it would still work. We have already tested this. The only thing it can't be is a relay/without contacting others directly. Anything else, it can do over a bridge. Bridges basically act like socks proxies of their own in a way (oversimplified) and all traffic into the Tor network goes you -> bridge -> Tor ... Works just fine.
Even a single node running will cause bgp.tools to flag is "Tor" as well as ip2location and others. Even browserleaks.com will classify it with a lovely "TOR" tag + a "VPN" tag.
We have had most removed - but I agree that it isn't fair. I don't think an entire ASN should be penalized for at max 4 users. I think it's a bit overkill and that those using these flags to handle blocks should rethink it. But there isn't much we can do. All we can do is let the databases with those flags know that those nodes no longer operate, ask them to remove the flags, etc.
You spent 10 EUR (~12USD). As per your request, it has been donated directly to the Tor project. Screenshots follow. Thank you for supporting them. They're great projects - I just wish there was less bad actors on the Tor network specifically or that they didn't list all IPs publicly to get ASNs blocks like this.
I’d like to share a quick impression of this VPS service.
Honestly, the VPS is very fast — even more than I expected. Performance has been consistently smooth and responsive, which was a pleasant surprise.
What also stands out is the support team: they are polite, helpful, and genuinely willing to assist. It really feels like they care about providing good service and trying to meet each customer’s needs.
Below is my fresh YABS test from the Micro VPS for reference:
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
Yet-Another-Bench-Script
v2025-04-20
https://github.com/masonr/yet-another-bench-script
## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ##
Sat 18 Apr 2026 13:49:18 IST
Basic System Information:
Uptime : 0 days, 0 hours, 8 minutes
Processor : AMD EPYC 7302 16-Core Processor
CPU cores : 2 @ 2994.372 MHz
AES-NI : ✔ Enabled
VM-x/AMD-V : ✔ Enabled
RAM : 1.9 GiB
Swap : 2.0 GiB
Disk : 38.2 GiB
Distro : Debian GNU/Linux 13 (trixie)
Kernel : 6.12.74+deb13+1-amd64
VM Type : KVM
IPv4/IPv6 : ✔ Online / ✔ Online
IPv6 Network Information:
ISP : Andrew Kristuli
ASN : AS210464 AVS ISP
Host : Andrew Kristuli
Location : Tirana, Tirana (11)
Country : Albania
fio Disk Speed Tests (Mixed R/W 50/50) (Partition /dev/sda2):
iperf3 Network Speed Tests (IPv4):
iperf3 Network Speed Tests (IPv6):
Geekbench 6 Benchmark Test:
Test | Value
|
Single Core | 1112
Multi Core | 1951
Full Test | https://browser.geekbench.com/v6/cpu/17691728
YABS completed in 15 min 32 sec
Why not just suspend users who appear on the Tor consensus? Because blocking connections prevents people from running a bridge, even if it doesn't stop them from using someone else's bridge. For example, imagine someone wants to support the Tor network with your service. They can't run a regular relay, so they want to run a bridge, as that won't put you on any blacklists. However, they quickly find that the bridge cannot connect to the network.
Also, it interferes with other projects like I2P. Many people run both Tor and I2P, me included. Now people who want to run an I2P router on your servers will be unable to connect to my I2P routers simply because my routers run off the same IP that my Tor relay runs on. Same with my public Monero nodes (and many Monero nodes, actually). Likewise, if someone runs a Tor middle at home, they won't even be able to SSH into their VPS if they run it with you.
Another example is Snowflake proxies. These act somewhat like bridges, being fully unlisted, and allow censored users in Iran, China, Russia, etc. to access Tor. But you're effectively banning people from running Snowflake proxies too, because Snowflake needs to be able to connect to Tor.
I just think it would be better, if you really have to block Tor, not to block the network itself and instead just to suspend users who publish a relay descriptor. If you really, really, really have to block the whole network, then block the IP:ORPort combo of relays so that other services running on the same IP are not blocked.
Thank you!
I am curious why your service in particular seems to be affected more by this than others, though. I guess if a lot of people use your IPs to try to watch Netflix, it might make sense as they'll detect it as a datacenter IP, but it won't affect the average person who just needs an IP that isn't on Spamhaus or AbuseIPDB and doesn't really care if BGP Tools says that the ASN has middles. Not arguing, but genuinely curious.
I suppose if you ever supported BYOIP, people could run relays then?
yup. It's sad to see a host go that far to block Tor as a relay operator myself.
Somebody didn't read at all how it works. You mentioned IP blocks, which we don't do. We block IP + Port combo. It won't interfere with I2p. 2 services can't run on the same port. This is simply impossible.
As for BYOIP, if it's on our ASN, it'd be blocked down. For BGP sessions, it isn't blocked. We block only from source IPs on our ASN -> IP:PORT combo of tor nodes. Nothing else.
We literally do the minimum to block it. We only block src our IPs -> dest IP:PORT Orport as listed. We don't block whole IPs or even whole ports.
Oh, got it. Thanks for clarifying.
Hmm, I wonder if it would be possible to prevent people from running relays without blocking connections to the Tor network by simply blocking all but one of the directory authorities. That would prevent anyone from publishing a relay descriptor and getting on the consensus but wouldn't prevent people from running Snowflake.
If only a single directory authority can be reached, it's enough to bootstrap as a client (e.g. for Snowflake, which you can't run behind a bridge because it is a bridge), but it's not enough to be added to the consensus as a relay.
I'm actually fully open to this idea if anyone has time to test it. Our goal is never to break Tor entirely, only to forbid relays so that the ASN doesn't get flagged and services block other clients from accessing legit services without hoops.
I wouldn't even know how that works to be honest, since as far as I knew, Tor is supposed to be distributed with a consensus formed by Other Relays, not a single well-known directory IP.
thanks for the "double-spec plan" ordering process worked well - VPS work
Happy to test it. I have got your London VPS. Shall I open a ticket about it?
I mean you can't test it behind the existing block. I meant for someone to test what he's saying (not sure if they're even listed anywhere publicly if they even work this way) about blocking certain nodes and it keeping a VM from joining the pool or being listed as a relay.
But thanks mate, appreciate it.
I think this test would need to be ran on home internet or another VM that doesn't block anything, wide open -> block the ones hes saying -> setup as relay -> wait 24 hours -> check relay list and see if it's listed.
@forest drop me a DM with instructions for dump people
, happy to test.
@forest : I don't quite understand, there's a nice and interesting offer here and you're just bothering us with your ideas - that's not so good - anyway, I've ordered the VPS and I'm happy about the doubling of capacity, the location and the good connection
!
I've got nothing against the offer, it looks quite good. I hope I'm not bothering anyone. The ideas should help reduce collateral damage.
When a client connects to the Tor network, it tries to contact one of a few directory authorities (their IPs are hardcoded in the Tor binary) that transfer the list of relays to the client, and then the client can make connections on its own. All it needs is one authority to be reachable. The reason it uses multiple authorities rather than a fully distributed consensus is so that it can kick malicious relays off the network.
When a client wants to become a relay, it generates some keys and uploads those keys to the directory authorities. Then all the directory authorities will try to open up a connection to test the new relay, and if a sufficient number of authorities (3 or 4 I think?) can reach it, they will add it to the consensus that all clients get (and that BGP Tools uses to mark ASNs that have relays). If too few authorities can reach it, it won't get added as a relay, but can still be a client.
It might also be enough just to block new incoming connections from the authorities, which would make them think the relay is unreachable while not preventing clients from bootstrapping. I'm going to set up a new relay on Loclix soon and I'll monitor the connections to the authorities when the relay is getting published to see exactly what they do. If you're still interested, I'll report back after the test.
it was funny !
Thank you for the kind words, we appreciate your feedback
Enjoy the VPS, and please let us know if you have any issues at all.
Yeah mate, let me know how it goes. But tbh with you, I'm not quite sure it's that simple. Because if it was, anyone could just censor Tor entirely by blocking those known servers. And Tor is expected to be a distributed, redundant network, resistant to blocks and censorship. Have you read the great firewall code for Tor blocking? They do a LOT more than just block some directory servers. Networks wouldn't be doing DPI to block Tor (Russia, China, etc) if it was as simple as blocking a few IPs.
Is there a looking glass?
I'm a bit torn. One the one hand I really like my @avsisp VPS
but one the other hand I very much dislike @forest again and again derailing this thread for his Tor spam. I'm not against Tor and certainly not against forest whose comments I often value - but in this thread he really unnerved (probably not only) me.
Try gooning
I think it's them? https://globalping.io/networks/rs-computers
https://www.avsisp.com/lg/
Edit- seems it needs updating @avsisp
It's their upstream
Macedonia
If you like servers then just buy them. Everything else is irrelevant really.
wish this was half monthly price instead of double specs
is reddit guest blocked on their macedonia IP range? i have problems with a vps in albania with them
Yep. That one only runs on UK. Need to add other locations. But thanks mate
You've probably been a victim of the whole thread-derail part of the Tor flagging blocking our ASN on Reddit. As far as I know, that's no longer the case and Reddit works fine. At least we haven't had those kind of complaints in a while since the block was implemented.
If you'd like, we (or another user) can run a "media test script" and see what it says?
Who the fuck cares? Buy the vps and move on.