[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Why you need balls of steel to operate a Tor exit node

On Thu, Sep 10, 2009 at 10:51 AM,  <andrew@xxxxxxxxxxxxxx> wrote:
> In general, these sorts of stories are the exception, not the norm.  I
> ran an exit-node, and still do, for over 5 years.  I've had my share of
> abuse complaints and dmca threat letters, but a simple response has
> taken care of all that.  Posting the default Tor exit notice has stopped
> all complaints lately;
> https://svn.torproject.org/svn/tor/trunk/contrib/tor-exit-notice.html

I think there should be an easily found list of best practices for
reducing trouble:

(1) run the above notice
(2) make the reverse DNS obvious "tor-exit.foo.bar.net"
(3) Log nothing about the traffic you carry. Logs wouldn't be useful
to anyone anyways, since if they are bothering you they already know
everything the logs would contain, but it can be tempting to go
fishing none the less. Its easier if you can simply state "there is
nothing there; the system is read-only"
(4) Keep the Tor exit on a separate piece of hardware; even some old
trash can PC should be able to keep up with the traffic most exits run
and doing so it makes it possible to compartmentalize the harm if your
node is sized, also makes the threat of seizure less worrying.
(5) Avoid running an exit from your home; not only is a raid of your
home the least desirable outcome but keeping it out of a private
residence will cause law enforcement to reconsider their assumptions,
it makes the notice from item 1 more plausible.
(5a) Institutional operation is even better. If you don't happen to be
staff at a research university perhaps you could get a local Linux
Users group to sponsor and operate an exit.

I don't think that any of these pieces of advice risk reducing the
usefulness of the Tor network unlike advice to only exit to safer
services might.