Contributing to Tor Network Diversity: Geographic and AS Diversity Guide

Tor's threat model assumes adversaries who control some fraction of relays attempt correlation attacks. An adversary controlling both the guard and exit relay for a circuit can correlate traffic entering and leaving Tor. If an adversary controls many relays concentrated in one ISP or one country, they have a higher probability of controlling both ends of a circuit for users in or routing through that region. Tor's network is historically over-represented in Germany (Hetzner, OVH), France, Netherlands, and the US. A new relay in Nigeria, South America, Southeast Asia, or South Africa contributes more to diversity-based security than the 1,000th relay in Frankfurt. The Tor Project publishes AS-level diversity statistics showing which autonomous systems host too many relays (potentially a risk if that ASN is adversarial) and which regions need more relays.

Check Tor Metrics for relay distribution: metrics.torproject.org/rs.html?search=flag:Guard allows browsing relay locations. Count relays per country and per AS (autonomous system number). Over-represented countries (many relays per capita or per internet usage): Germany (~500+ relays), Netherlands (~300+), France (~200+), US (~1500+). Under-represented countries with good network infrastructure: Japan, South Korea, Taiwan, Brazil, India, South Africa, Kenya, Nigeria, Mexico, Colombia, Argentina, Czech Republic, Poland, Ukraine. For AS diversity: search by ASN on Tor Metrics. AS3320 (Deutsche Telekom), AS16276 (OVH), AS24940 (Hetzner) host many relays. Hosting in less-populated ASNs contributes more to diversity. Use tools like iplocation.net or BGP lookup tools to find ASNs of potential hosting providers.

For geographic diversity, consider regional providers: Brazil: Locaweb, HostGator Brazil, KingHost. India: DigitalOcean Mumbai, AWS ap-south-1, Azure Southeast Asia. Southeast Asia: Exabytes (Singapore/Malaysia), DigitalOcean Singapore, Linode Singapore. East Africa: Angani (Kenya), MCI Telecom (Kenya). South Africa: Afrihost, Vox Telecom, Hetzner South Africa. Latin America: Kaizen Global (Colombia), HostSonic (Argentina). Iceland: 1984 Hosting, Greenhost Iceland, Advania. The Tor Project maintains a list of providers known to allow Tor relay operation. Check the provider's ToS before deploying - some regional providers have specific restrictions. Exit relays may be harder to operate in some regions due to different abuse handling practices; start with middle relays or bridges.

Intelligence-sharing alliances (Five Eyes: US, UK, Canada, Australia, New Zealand; Nine Eyes adds France, Netherlands, Denmark, Norway; Fourteen Eyes adds Germany, Belgium, Italy, Spain, Sweden) share intelligence including internet surveillance data. Tor relays in non-Five Eyes jurisdictions that also have strong privacy laws provide the strongest jurisdiction diversity. Recommended jurisdictions for diversity: Iceland (strong data protection laws, outside Five Eyes), Romania (EU data protection but outside Anglophone alliance), Switzerland (strict privacy laws, outside EU/NATO data sharing frameworks for some purposes), Iceland, and non-EU non-Anglophone countries. Hosting relays in multiple jurisdictions means an adversary cannot compel all relay operators through a single legal framework.

Configuration to maximize diversity contribution: (1) set ContactInfo with your email and use the same email across multiple relays to enable the Tor Project to contact you about abuse, (2) set MyFamily to link all relays you operate (prevents Tor from selecting your relays for both ends of the same circuit), (3) configure ORPort to listen on port 443 or 80 where possible (easier to access through firewalls in some regions), (4) enable IPv6 (ORPort [::]:9001) if the VPS has IPv6 - IPv6 relay diversity is even lower than IPv4, (5) set RelayBandwidthRate to an amount you can sustainably provide long-term - a consistent 10 Mbit/s relay in Nigeria contributes more over time than an inconsistent 100 Mbit/s relay that goes offline frequently. Register your relay in the Tor relay operator network (registry.torproject.org) for visibility in the operator community.