Weekly Edition
Return to the Security page
| |||||||||||||
Janik: Tor exit node for less than a week
On his blog, Tim Janik reports on his efforts to run a Tor exit node. Unfortunately, he was shut down quickly—because of the terms of service of his server provider.
"It turned out the notice had a twist to it. It was actually my virtual server provider who sent that notice on behalf of a complaining party and argued that I was in violation of their general terms and conditions for purchasing hosting services. Checking those, the conditions read:
"Use of the server to provide anonymity services is excluded."
Regardless of the TMG [German telecommunications law], I was in violation of the hosting provider’s terms and conditions which allowed premature termination of the hosting contract. At that point I had no choice but stopping the Tor services on this hosting instance."
(Log in to post comments)
Janik: Tor exit node for less than a week Posted Jul 25, 2013 21:03 UTC (Thu) by smurf (subscriber, #17840) [Link]
On a related note: If you run your email server on the same machine, let TOR use a different IP adress -- some high-profile mail hosters block emails from TOR servers. (I discovered this the hard way.)
Janik: Tor exit node for less than a week Posted Jul 25, 2013 21:21 UTC (Thu) by superjamie (guest, #82025) [Link]
Man fails to read terms of service. This was sure newsworthy.
Janik: Tor exit node for less than a week Posted Jul 25, 2013 21:28 UTC (Thu) by jake (editor, #205) [Link]
> This was sure newsworthy.
Sorry you didn't find it enlightening. I thought it might be helpful to those considering setting up Tor exit nodes.
jake
Janik: Tor exit node for less than a week Posted Jul 25, 2013 22:50 UTC (Thu) by felixfix (subscriber, #242) [Link]
It was useful; some people think their personal tastes are indicative of the entire net.
Janik: Tor exit node for less than a week Posted Jul 26, 2013 7:48 UTC (Fri) by superjamie (guest, #82025) [Link]
Hi, thanks for your reply.
An article about ToS of hosting providers would have been good. Such an article could talk about traffic that hosters typically do/don't allow such as IRC servers/bouncers, voice chat servers, gaming servers, whether they allow legal torrenting for open source/community projects, whether you are allowed to use your service for commercial purposes or personal only, and of course anonymity services.
This article could cover different methods of hosting such as physical servers, VPS, on-demand cloud, web hosting, and platform hosting. Different aspects could be covered like finding out whether the company owns the datacenter they are in or equipment they are on, or if they are just leasing space/machines themselves and on-selling it to you. Different grades of support, different control panels, different places to look for hosting deals like WHT or LEB, the list goes on.
Such an article would be both enlightening and informational. There really is no one thing which suits everyone's needs. It is important to weigh up all the factors when looking for a hosting solution, and a guide on what to look for would be beneficial to many.
I feel content such as I've described would be been a better thing to see on LWN, rather than one man's anecdote about a failed whimsical hosting purchase, which really belongs on a blog and not a news site.
I hope this helps explain my thoughts a little better.
Janik: Tor exit node for less than a week Posted Jul 26, 2013 11:26 UTC (Fri) by pboddie (guest, #50784) [Link]
Are you going to subscribe to LWN in order to make such an article more likely to reach publication? (Yes, I know I'm not subscribed at the moment, but I intend to remedy that in the near future.)
Janik: Tor exit node for less than a week Posted Jul 26, 2013 13:41 UTC (Fri) by jake (editor, #205) [Link]
> I feel content such as I've described would be been a better thing
> to see on LWN, rather than one man's anecdote about a failed whimsical > hosting purchase, which really belongs on a blog and not a news site.
Again, sorry you didn't like it. We do both feature articles for the weekly edition and blurbs that point elsewhere (a blog in this case) for smaller items we think would be of interest to (some of) our readers. This was the latter case. I can see where an article as you describe might be interesting, but it doesn't really seem in the "sweet spot" for LWN.
I think (perhaps wrongly) that readers here are interested in Tor, might be thinking of running an exit node, and might *not* be thinking about their ISP/VPS provider's ToS in that case.
jake
Janik: Tor exit node for less than a week Posted Jul 26, 2013 17:17 UTC (Fri) by hummassa (subscriber, #307) [Link]
I am one of those readers that both have an interest in TOR in particular and anonymization of traffic in general (PRISM, anyone?) and I found the blurb worth my five minutes. I don't think anyone cares to pay a lawyer to (re-?)read the 200-page user agreement/contract with the hosting/connecting provider before installing each service (if anyone thinks those agreements are readable by non-lawyers or even fully legal or enforceable, I have one word: "Ha!").
Janik: Tor exit node for less than a week Posted Jul 26, 2013 10:04 UTC (Fri) by NAR (subscriber, #1313) [Link] Anyway, this line was more interesting: Turned out that the majority of the “liberating” traffic I was relaying were torrenting copyrighted material. How not surprising.
Janik: Tor exit node for less than a week Posted Jul 26, 2013 14:14 UTC (Fri) by ikm (subscriber, #493) [Link]
That actually was surprising. Isn't Tor too slow for that?
Janik: Tor exit node for less than a week Posted Jul 29, 2013 0:20 UTC (Mon) by elanthis (guest, #6227) [Link]
Why would Tor be so significantly slower for this kind of thing? Once you start having a steady stream of packets being delivered, does it matter how many hops they're being bounced around?
Remember, there's both latency (how long it takes for single packets to reach their destination) and bandwidth (the rate at which packets can get to the destination). Slowing down one does not necessarily affect the other; in some cases, it's actually a trade-off and you want to slow down one to improve the other.
Tor's approach I'm assuming adds a lot of latency to packets, so you wouldn't want to use it for a Quake match or the like, but in theory the bandwidth should be close to "raw" unless you're hitting a lot of bottleneck relays you wouldn't normally be routed through.
At least that's my uninformed opinion on it.
Janik: Tor exit node for less than a week Posted Jul 29, 2013 5:12 UTC (Mon) by rahvin (subscriber, #16953) [Link]
Throughput on TOR is extremely low, not just latency. The onion routing pretty much guarantees you'll end up though a slow node because there still aren't enough fast router nodes.
I am personally surprised by the torrent traffic. It would take days to download what could be done in minutes without routing through TOR.
Janik: Tor exit node for less than a week Posted Jul 29, 2013 16:14 UTC (Mon) by joern (subscriber, #22392) [Link]
Handling lots of torrents is actually a good thing for TOR anonymity. If some interested party is trying to track traffic through the TOR network, a slow flow of traffic makes it easier to identify individual packets and defeat the anonymity. Therefore lots of chaff is required to protect the wheat.
Who would have knows that the MPAA is actively fighting for anonymity on the web.
Janik: Tor exit node for less than a week Posted Jul 30, 2013 13:46 UTC (Tue) by drag (subscriber, #31333) [Link]
It only provides benefit if you make your anonymity-izing traffic appear to be torrent traffic. Similar to how crackers use malicious Apache modules to piggy back command and control traffic for their botnets over legitimate http/https traffic. It would be the equivalent of steganography for IP.
Otherwise shifting through millions of packets and separating out the obvious stuff is something that is a trivial task. Sort of like using powerful magnets to look for the proverbial needle in the haystack.
Janik: Tor exit node for less than a week Posted Aug 2, 2013 5:14 UTC (Fri) by wtanksleyjr (subscriber, #74601) [Link]
Isn't that what Tor does -- makes everything look like everything else? (Of course, the exit nodes are a major exception, which is why he knew.)
Janik: Tor exit node for less than a week Posted Aug 2, 2013 14:20 UTC (Fri) by mathstuf (subscriber, #69389) [Link]
No, I think it emulates specific protocols which are less likely to be outright banned (such as Skype). Not all of Tor's possible tricks are public since they're still in an arms race with governments in regards to picking out Tor traffic and banning just it[1].
[1]https://www.youtube.com/watch?v=GwMr8Xl7JMQ around minute 45-60 IIRC.
Janik: Tor exit node for less than a week Posted Jul 26, 2013 17:50 UTC (Fri) by job (guest, #670) [Link]
I've attended some tor talks, and I they've always been very straightforward with what requirements they have on exit nodes. Things such as having control over the abuse address for the whois entry, how to set up ACLs to combat the worst forms of tor abuse, etc. are usually dealt with.
I am surprised someone tried to do it on an el-cheapo virtual hosting, but I am not surprised of the outcome. I'm honestly not sure running a tor exit node without knowing those basics even helps the network. Even if your local admin doesn't immediately throw you out, you will start spewing out a stream of spam, so help your neighboring admins first by making sure that gets filtered somewhere. A relay node, on the other hand, is easy to run and won't land you in (much) trouble.
There are also various kinds of traffic obfuscation software you can run to help people get on tor. Subscribing to the mailing list is a great start to find out what you can do.
You can also pitch in with a little money to help an existing tor exit node be kept alive, such as torservers.net (those guys are absolutely serious about what they're doing and could really use some help!).
Just be sure to read up on the docs first so you know what you're in for! (Disclaimer: I have absolutely nothing to do with the project, so please listen to those who do instead of me.)
Janik: Tor exit node for less than a week Posted Jul 27, 2013 7:47 UTC (Sat) by gmaxwell (subscriber, #30048) [Link]
So, to the "Read the TOS" crowd— what do you do when every ToS available has some objectionable term or another?
ToS's are a joke. Verizon's residential broadband services prohibit any usage for "sexually explicit purposes". Lets see them enforce that.
Because of the multitude of insane and unenforced terms it can be very difficult to figure out which, if any, terms will actually be enforced.
Janik: Tor exit node for less than a week Posted Jul 27, 2013 10:37 UTC (Sat) by superjamie (guest, #82025) [Link]
In my experience, hosting providers are the opposite of this. Their terms are usually very short and clear, not some novel-like EULA that you need a lawyer to understand. At worst, you could just contact support and ask them if they'd object to your exact intended usage.
Janik: Tor exit node for less than a week Posted Jul 28, 2013 11:40 UTC (Sun) by hawk (subscriber, #3195) [Link]
I think it can reasonably be expected that any applicable term will be enforced if they have a problem with the customer.
But obviously service providers will not typically be searching for reasons to get rid of their customers, they have the terms for the case where the customer is causing "trouble".
In case of TOR exit nodes, it's a fairly high profile thing.
Even in the case of this article I do not think that the service provider was necessarily doing any work actually searching for TOR exit nodes in their network, it was probably just their response to the small flood of abuse complaints that the TOR exit node attracted.
After all, I would assume that is the typical reason why TOR exit nodes often are "not welcome" at your typical service provider; they attract more abuse complaints (costly, whether valid or not), more legal complaints (costly, whether valid or not), more blacklisting of address ranges (costly, inflicts badwill from other customers) and so on compared to your average service.
Janik: Tor exit node for less than a week Posted Jul 30, 2013 13:54 UTC (Tue) by drag (subscriber, #31333) [Link]
> So, to the "Read the TOS" crowd— what do you do when every ToS available has some objectionable term or another?
You have to look for one that doesn't. They exist.
Believe me, your money matters to these people. You being upset on some website comment section doesn't. So give the money to people that agree with you.
Janik: Tor exit node for less than a week Posted Jul 30, 2013 13:58 UTC (Tue) by gmaxwell (subscriber, #30048) [Link]
The intersection of low cost hosting providers and ones without horrifying TOS seem to be the empty set. So long as you don't need high availability, counting on the near total non-enforcement and just switching to another one (out of a near infinite set of crap providers) seems like a more efficient strategy.
Even though it feeds evil. :(
Janik: Tor exit node for less than a week Posted Jul 30, 2013 20:19 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]
> The intersection of low cost hosting providers and ones without horrifying TOS seem to be the empty set.
that's actually not surprising.
these horrifying TOS tems all make it easier on the hosting provider, which translates into cheaper.
So if you want an unrestricted pipe, be willing to pay a little more for it.
Janik: Tor exit node for less than a week Posted Jul 29, 2013 11:15 UTC (Mon) by njwhite (subscriber, #51848) [Link]
I'd encourage anyone else considering setting up an exit node (or indeed on the lookout for good hosting companies) to take a look at the Tor Project's ISP list: https://trac.torproject.org/projects/tor/wiki/doc/GoodBad...
|
|||||||||||||