Re: Tor grassroots advocacy
I finally got my act together and put my Introduction to Tor presentation online. You can find it on my Google site here: http://sites.google.com/site/mateogoog/files Feel free to use the presentation in any way you see fit! -Matt
Time Warner to charge for bandwidth usage
This article also talks about ATT and Comcast's strategies to limit home bandwidth: http://www.businessweek.com/technology/content/mar2009/tc20090331_726397.htm Did I mention how much I absolutely LOVE Time Warner Cable?? -Matt
Tor grassroots advocacy
I gave a talk to a small group of people on Saturday at BarCampAustin: http://www.barcamp.org/BarCampAustin4 I have also given this talk in two of my graduate classes at St. Edward's University. These kinds of informal talks are a great way to educate others about Internet censorship, Internet monitoring, what Tor is, how to run a Tor server, etc. In each of my talks, the response has been positive. If nothing else, they now know that their Internet traffic IS being monitored and that they have a choice about whether or not to succumb to that monitoring. If anyone is interested, I will e-mail you a copy of my Introduction to Tor presentation. I may also create a Google presentation and share it with the world if there is enough interest... Has anyone else given these kinds of talks about Tor? Perhaps we could combine our Tor educational resources and put them on a website...? Thanks, Matt
Re: more on the Comcast 250 GB/mo. problem
Scott- Sorry to hear that you are also having problems with your ISP. I ended up dropping Time Warner and signing up for Earthlink - which actually uses the same TWC network. So now I am back on TWC and must watch my p's and q's or I will be kicked off. I even have the same TWC account number... And, according to the last TWC security official, I will be kicked off their network if I get another Tor related complaint. My solution was to get the cheapest Earthlink connection for my home use and to setup a VPS that is running a Tor exit node. I am using Linode's VPS services and have a Linode 540 account that gives me 300 GB per month of data transfer. So I can run a 50K/s Tor exit node without worrying about my home Internet being disconnected. Worst case scenario is that Linode tells me to stop running Tor and I do...and then look for a more friendly VPS company to do all of my future business with. But I have had no complaints for the past couple months. Incidentally, Time Warner Cable's security department made it very clear that they did not want to have me as a customer. I explained to them that I paid extra for increased bandwidth which I intended to use. The security representative said that I was not a business customer (i.e. paying 2-3 times as much for the same connection) and thus they would not tolerate any more complaints. He did not mention any complaints about bandwidth... But it is clear that Time Warner Cable does not care about you as a customer unless you are a business customer. Only then will they give you a chance to explain why you have received unjustified and unproven complaints. /rant -Matt Scott Bennett wrote: Last week I found a voice mail message from a phone number I didn't recognize, who claimed to be from the Comcast Security Assurance Division, demanding that I call them at yet another number I didn't recognize. I called the normal number to reach Comcast, explained what had happened, and gave that person the phone numbers. I was told then that those did not appear to be Comcast phone numbers and that they had never heard of such a department or division in Comcast. I asked whether I should report the incident to the police. They said that would be a good idea, so I did report it to the local police, stating that I suspected a possible phone scam aimed at identity theft. The next day (Fri.) I received another call, which I answered before noticing that the number was the one that had called a day earlier. The caller made the same claim as the day before, to which I replied that I didn't believe them, that I had already reported their number to both Comcast and the local police department. I then ended the call and called Comcast again to let them know what was going on. That conversation lasted quite a while, during which time my call got transferred to their tech. support area. The lady in tech. support did some investigation and found that the phone numbers in question were, in fact, Comcast numbers and that the Security Assurance Division was legitimate after all. She had never heard of them before, but connected me into a conference call with someone at the number I had been told to call. The upshot was that I was being contacted because their system claimed that in February my setup had transmitted and/or received more than 250 GB, an arbitrary limit that exceeding a second time would get my connection shut off for a minimum of 12 months. They claimed that my combined transmissions and receptions had totaled between 661 GB and 662 GB for February, a number I still do not accept. Further, Comcast sales staff and tech. support staff were unaware of any such limit, much less of specifically 250 GB. That means that when I was signed up last August for a reception rate limit of 6 Mb/s (~600 KB/s) and a transmission rate limit of 768 Kb/s (~76 KB/s), they didn't inform me that actual usage of those rates would use up a fixed, 250 GB, monthly allotment of data in less than 4.5 days. A month or a bit more ago, Comcast finished upgrading its infrastructure and cable system software, which led to their increasing the data rates, so that my connection can now run at 12 Mb/s (~1.2 MB/s) for reception and 1 Mb/s (~100 KB/s) for transmission. If used at capacity, these rates can exhaust the monthly data ration in a little over 2 days and 6 hours. I believe this constitutes deceptive marketing and possibly even fraud under U.S. law. At present I don't have an alternate ISP on tap to replace Comcast, but I am looking. Meanwhile I asked how much of the current month's allotment had already been used (according to their very questionable system) and was told that they were unable to tell me that. They said that they deal only with exception notices issued when someone exceeds 250 GB transferred in a billing month. They suggested taking the 662 GB figure, dividing that by 28 days for February,
Re: Time Warner bad / VPS recommendations
I agree that starting a business may be problematic but I am not sure this would be true for a non-profit in the US. Does anyone know if US non-profits are required to log connection information? I help several businesses (including a large company) and non-profits maintain their websites, networks, etc. and am not aware of any requirement to log this kind of information. Thanks, Matt Sebastian Lechte wrote: Hi everyone, Please do not give money to node operators. This will complicate matters and bring in the wrong people. I support sharing costs for a node in a small group of people, but don't make it a way to receive money from anyone - there will be people who abuse it. It might also have legal implications. Receiving money for a service might render it a 'business', to which other rules (like keeping logfiles of forwarded connections or something) might apply that will bring in yet other bad things. Sebastian
Re: Time Warner bad / VPS recommendations
I take issue with the premise that the only course of action that ISPs have is to disconnect customers that generate these complaints. I know that some ISPs simply pass on the complaints to their customers with the expectation that the customer fix the problem. It seems to me that this is all the ISP is required to do (see the EFF DMCA response letter for details). tor-opera...@sky-haven.net wrote: Right. In terms of cost, I'm also considering the cost of our general counsel fending off irritating cease-and-desist crap from various rightsholders. And the cost of having a support staffer be forced to investigate a server because of a complaint from a third party. In principle {RI,MP,whatever}AA complaints are handled the same as Dos/DDoS/spam/UCE reports: we get too many implicating the same customer and the customer gets booted.
Re: Time Warner bad / VPS recommendations
I agree that it may be a risk for one organization to own a large number of Tor nodes. But if that organization is a non-profit and run by some of the Tor users, developers, and operators on this list, that should reduce the risk that the organization will willingly compromise its Tor network. Also, you could setup an independent auditing system in which Tor experts could examine the Tor boxes or VPSs to be sure that they are not compromised. It is all about transparency! Peter Lombardo wrote: It's a risk regarding a large number of nodes being run by a single entity. The upside to such a business model though would be if they donated a percentage of profits to the Tor foundation. If they get pummeled by CD letters and eventually shut down, at least TOR can keep the money for future development. If I can make a disclaimer, I'm working on such a service where one of the 'pay for' plans allow for a user to VPN into a TOR server configured to transparently route traffic over the TOR network. But we never use VPS's; only dedicated boxes rented from quasi-random ISPs. I've limited it to one TOR box per ISP so far. Peter
Re: Time Warner bad / VPS recommendations
Yup, I restricted my exit node policy in hopes that it would limit torrent traffic and it seemed to work. However, the last hacking complaint was the result of someone making excessive or inappropriate postings on a newsgroup or website. So while the torrent/DMCA complaints stopped, the hacking complaints continued. Thanks, Matt Scott Bennett wrote: On Tue, 3 Feb 2009 21:17:47 +0100 Eugen Leitl eu...@leitl.org wrote: On Tue, Feb 03, 2009 at 07:44:18PM +0100, Thomas Hluchnik wrote: Zitat von Xinwen Fu xinwe...@gmail.com: The problem is: was the violation done through Tor? A bot may do the same thing. Time to scan your computer?:) Maybe you can run Tor as an entry or a middle node, not an exit node. Cheers, Xinwen Fu Yes, and one pertty nice day we have 1 middlemen and no exit node anymore. 1 middlemen with hidden services and no exits wouldn't be all that bad, actually. :-) Indeed, although there would undoubtedly still be the hundreds of thousands or millions of other services that would no longer be accessible via tor. I am also still pondering the implications/possibilities stemming from something I had never pieced together from the tor documentation until someone pointed it out on this list a while back: hidden services can be offered from client-only instances of tor; relay mode is not necessary to run a hidden service. However, back to the OP's problem...were potential exit policy changes suggested in the conversation(s) with Time-Warner? Others on this list have satisfied their ISPs by rejecting exits to the ports that were attacked, in some cases, rejecting those ports only for certain IP addresses. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Time Warner bad / VPS recommendations
Wow, that is a very cool idea. This could even be turned into a non-profit organization... We could take donations to support running Tor exit nodes which, in turn, supports everyone's ability to use the Internet without fear of censorship, harassment, and authoritarian (or up-and-coming authoritarian) governments. What do you all think? By the way, there was a Nova special last night on the NSA and their minority report like computer system in development: http://www.pbs.org/wgbh/nova/spyfactory/ Mitar wrote: Hi! On Tue, Feb 3, 2009 at 8:50 PM, slush sl...@slush.cz wrote: Yes, Im using linode.com, plan Linode 720. Tor runs without any problem (but my bandwidth is only about 150kB/s; there are another network services too). Interesting. That is $40/month with 400 GB limit. I have a collocation for around 110 EUR per month for 100 Mbit/s best-effort with no limit on data transfer and yet without any problems with ISP (they said that it is not their issue what I am running on my server). So ... maybe ... there is an idea. I could offer to setup Tor nodes with this ISP with simple CPU/RAM/diskless/self updatable/no logs systems for 100 Mbit/s default policy exit nodes. If anybody would like to monthly contribute/donate money for collocation and this initial hardware. Or few people together. I just do not know what would ISP say if they would have multiple such nodes there. Maybe they would become less liberal. Mitar
Re: Time Warner bad / VPS recommendations
I sent TWC a modified version of the EFF DMCA response letter for the DMCA takedown notices. I even personally replied to one of the DMCAs from an agent for Paramount. I was only able to personally reply to one of the complaints as TWC would not forward me any of the other notices. The technician from the abuse department said that because my account already had 5 complaints, he would disconnect me if I received another. He was very clear on that point. He understood that I was running Tor and that this traffic was coming from the Tor network. Again, there is nothing in the AUP or TOS that stated that I could not run a service like Tor. But it does state that violating intellectual property rights and hacking are not allowed. As I explained previously, 3 of the notices were DMCA notices (copyright violations) and 2 were hacking complaints. This tech and TWC believe that the user of their service is responsible for any of these violations. Thus, it seems that they may try to disconnect my service based upon these 5 complaints. Again, I would rather setup Tor on a VPS if anyone has a recommendation for a company and hosting plan! Thanks, Matt Scott Bennett wrote: On Mon, 02 Feb 2009 20:42:01 -0600 Matthew McCabe mate...@mrmccabe.com wrote: So Time Warner Cable finally gave me an ultimatum that either I stop running Tor or they will shut off my service. This was after 3 DMCA and 2 general abuse/hacking complaints. Note that Time Warner does not say anything about proxy servers in their AUP. They were just tired of getting these complaints on my account. Also, ATT was not able to setup DSL service at my location...so I have decided to kill my Tor exit node. Really? When you sent Time-Warner a letter based upon http://www.torproject.org/eff/tor-dmca-response.html.en what was their response? Did you counter with a politely stated promise to file a formal letter of complaint with the FCC against Time-Warner if they disconnect you without justification under your contract with them or under their AUP? You could point out in such a complaint that you had abided by the contract and the AUP and had no recourse to another service (assuming that no other service is indeed available). I would really like to continue running a Tor exit node. I have looked Are you giving up too soon? at a couple virtual hosting companies such as vpslink and slicehost. Some of their cheaper plans seem like they would be sufficient for running a Tor exit node. Does anyone run Tor on a VPS? If so, which company and plan do you use? Have you gotten any flack for running a Tor exit node? Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Need help with MPAA threats
Thank you for all of your suggestions regarding exit policies and contacting the EFF. I am a member and will be beating down Kurt Opsahl's door if the MPAA decides to pursue this any further. So just to clarify, it is possible to transfer bit torrent file content over Tor, right? And the only way to reduce or eliminate this traffic is by using a white-list exit policy? Roger, can you confirm this? Thanks, Matt
Need help with MPAA threats
Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt
Abuse complaint
Hey- Last night, Time Warner Cable temporarily disabled my account due to an alleged attack coming from my IP address and targeting a server in Europe (Denmark I believe). Below is the e-mail I sent them to respond to the complaint. Does anyone have any suggestions on how to respond to these complaints? Is IP filtering the best (or only) option for addressing TWC's issues? Thanks for your help, Matt Dear Time Warner Cable, Last night I was notified that my cable modem Internet service had been temporarily disabled due to an abuse complaint. I called and left a message on your abuse telephone number last night and received a call today from one of your representatives. She explained that an attack on a server in Europe had been launched from my IP address. I explained to your representative that I am running a Tor relay node which someone may have used to launch an attack. Here is a description of what Tor is (from torproject.org): Tor is network software that helps users to enhance their privacy, security, and safety online. It does not host or make available any content. Rather, it is part of a network of nodes on the Internet that simply pass packets among themselves before sending them to their destinations, just as any Internet host does. The difference is that Tor tunnels the connections such that no hop can learn both the source and destination of the packets, giving users protection from nefarious snooping on network traffic. Tor protects users against hazards such as harassment, spam, and identity theft. In fact, initial development of Tor, including deployment of a public-use Tor network, was a project of the U.S. Naval Research Laboratory, with funding from ONR and DARPA. (For more on Tor, see https://www.torproject.org/.) To be clear, this attack was not launched from any computer that I own and instead may have come from the inappropriate use of the Tor network. I explained to your representative that if she would forward me the abuse complaint, I would configure Tor so that this server would not be accessible from my Tor relay. Specifically, I will deny access to the server that was attacked from my Tor relay using IP address filtering. Thus, I need the IP address of the server in question before I will be able to setup this policy. If you receive any new abuse complaints for my account, please e-mail or call me before disabling my Internet connection. If you give me specific information about the abuse complaint, I will do my best to immediately address the issue. Here is my contact information: [removed] Thank you, Matthew McCabe