commit a02f1e169a60a77aa21a9b9b72201b2792fd004a
Author: gus <[email protected]>
Date: Thu Jul 4 23:29:59 2019 -0400
Add community resources - tor abuse templates, exit guidelines, tor
universities, goodbadisps
---
.../community-resources/contents.lr | 22 ++--
.../community-resources/good-bad-isps/contents.lr | 45 ++++++++
.../tor-abuse-templates/contents.lr | 8 +-
.../tor-exit-guidelines/contents.lr | 117 +++++++++++++++++++++
.../tor-relay-universities/contents.lr | 49 +++++++++
5 files changed, 226 insertions(+), 15 deletions(-)
diff --git a/content/relay-operations/community-resources/contents.lr
b/content/relay-operations/community-resources/contents.lr
index 145ee9e..935d20d 100644
--- a/content/relay-operations/community-resources/contents.lr
+++ b/content/relay-operations/community-resources/contents.lr
@@ -1,6 +1,6 @@
-section: relay operations
+section: community resources
---
-section_id: relay-operations
+section_id: community-resources
---
color: primary
---
@@ -20,28 +20,28 @@ Exit relay operators should understand the potential risks
associated with runni
# Legal resources
-The [EFF Tor Legal FAQ](https://www.torproject.org/eff/tor-legal-faq.html.en)
answers many common questions about relay operation and the law. We also like
Noisebridge's wiki for additional legal resources:
https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI. In general it's a good
idea to consult with a lawyer before deciding to operate an exit relay,
especially if you live in a place where exit relay operators have been
harassed, or if you're the only exit relay operator in your region. Get in
touch with your local digital rights organization to see if they have
recommendations about legal assistance, and if you're not sure what
organizations are working in your region, write to EFF and see if they can help
connect you: https://www.eff.org/about/contact.
+The [EFF Tor Legal FAQ](https://www.torproject.org/eff/tor-legal-faq.html.en)
answers many common questions about relay operation and the law. We also like
[Noisebridge's wiki](https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI) for
additional legal resources. In general it's a good idea to consult with a
lawyer before deciding to operate an exit relay, especially if you live in a
place where exit relay operators have been harassed, or if you're the only exit
relay operator in your region. Get in touch with your local digital rights
organization to see if they have recommendations about legal assistance, and if
you're not sure what organizations are working in your region, [write to
EFF](https://www.eff.org/about/contact) and see if they can help connect you.
-Also see the [TorExitGuidelines Tor Exit Guidelines](FIXME).
+Also see the [Tor Exit Guidelines](tor-exit-guidelines).
# Responding to abuse complaints
-Operators can put together their own abuse complaint template responses from
one of many templates that Tor has created:
[TorAbuseTemplates](tor-abuse-templates).
+Operators can put together their own abuse complaint template responses from
one of many templates that Tor has created: [Tor Abuse
Templates](tor-abuse-templates).
-It is important to respond to abuse complaints in a timely manner (usually
within 24 hours). If the hoster gets annoyed by the amount of abuse you can
reduce the amount of ports allowed in your exit policy. Please document your
experience with new hosters on the following wiki page: [GoodBadISPs](FIXME)
+It is important to respond to abuse complaints in a timely manner (usually
within 24 hours). If the hoster gets annoyed by the amount of abuse you can
reduce the amount of ports allowed in your exit policy. Please document your
experience with new hosters on the following wiki page:
[GoodBadISPs](/good-bad-isps)
Other docs we like:
-* a letter Boing Boing used to respond to a US federal subpoena about their
exit relay:
https://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html
-* abuse response templates from Coldhak, an organization in Canada that runs
multiple relays:
https://github.com/coldhakca/abuse-templates/blob/master/dmca.template,
https://github.com/coldhakca/abuse-templates/blob/master/generic.template
+* a letter Boing Boing used to respond to a US federal subpoena about their
exit relay: [What happened when we got subpoenaed over our Tor exit
node](https://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html)
+* abuse response templates from Coldhak, an organization in Canada that runs
multiple relays: [DMCA
Template](https://github.com/coldhakca/abuse-templates/blob/master/dmca.template),
[Genetic Abuse
Template](https://github.com/coldhakca/abuse-templates/blob/master/generic.template).
# Running a relay with other people
-Running relays is more fun with other people! You can work with your
university department, your employer or institution, or an organization like
Torservers.net to run a relay.
+Running relays is more fun with other people! You can work with your
university department, your employer or institution, or an organization like
[Torservers.net](https://torservers.net) to run a relay.
## Torservers.net
-Torservers is an independent, global network of organizations that help the
Tor network by running high bandwidth Tor relays. Becoming a Torservers partner
is a good way to become more involved in the Tor relay community, and can help
you connect with dedicated relay operators around the world for solidarity and
support. To start a Torservers partner, the most important thing is to have a
group of people (3-5 suggested to start) interested in helping with the various
activities required for running relays. There should be mutual trust between
the people in the group, and members should commit to running relays for the
long term. If you do not know anyone in your social network interested in
running relays, one place to meet people is your local hackerspace:
https://wiki.hackerspaces.org/Hackerspaces.
+Torservers is an independent, global network of organizations that help the
Tor network by running high bandwidth Tor relays. Becoming a Torservers partner
is a good way to become more involved in the Tor relay community, and can help
you connect with dedicated relay operators around the world for solidarity and
support. To start a Torservers partner, the most important thing is to have a
group of people (3-5 suggested to start) interested in helping with the various
activities required for running relays. There should be mutual trust between
the people in the group, and members should commit to running relays for the
long term. If you do not know anyone in your social network interested in
running relays, one place to meet people is [your local
hackerspace](https://wiki.hackerspaces.org/Hackerspaces).
Once you have a trusted group of people, depending on your region, it is often
advised to create some type of non-profit corporation. This is useful for
having a bank account, shared ownership, grant applications, etc. In many
countries operating as a corporation instead of as an individual can also get
you certain legal protections.
@@ -49,7 +49,7 @@ The next steps are figuring out hardware, transit, and server
hosting. Depending
## At your university
-Many computer science departments, university libraries, and individual
students and faculty run relays from university networks. These universities
include the Massachusetts Institute of Technology (MIT CSAIL), Boston
University, the University of Waterloo, the University of Washington,
Northeastern University, Karlstad University, Universitaet Stuttgart, and
Friedrich-Alexander University Erlangen-Nuremberg. To learn more about how to
get support for a relay on your university's network, check out EFF's
resources: https://www.eff.org/torchallenge/tor-on-campus.html.
+Many computer science departments, university libraries, and individual
students and faculty run relays from university networks. These universities
include the Massachusetts Institute of Technology (MIT CSAIL), Boston
University, the University of Waterloo, the University of Washington,
Northeastern University, Karlstad University, Universitaet Stuttgart, and
Friedrich-Alexander University Erlangen-Nuremberg. To learn more about how to
get support for a relay on your university's network, check out EFF's
resources: [Tor no campus](https://www.eff.org/torchallenge/tor-on-campus.html).
## At your company or organization
diff --git
a/content/relay-operations/community-resources/good-bad-isps/contents.lr
b/content/relay-operations/community-resources/good-bad-isps/contents.lr
new file mode 100644
index 0000000..5f614e0
--- /dev/null
+++ b/content/relay-operations/community-resources/good-bad-isps/contents.lr
@@ -0,0 +1,45 @@
+_model: page
+---
+title: Good Bad ISPs
+---
+body:
+
+This page aims to list community experiences with Tor and various Internet
Service Providers (ISPs) around the world. Some ISPs are Tor-friendly, some are
not. Some are competent and clueful about Tor or about security in general. Let
us know!
+
+Be sure to provide useful information like how much bandwidth you pushed,
whether you thought the deal was cheap or expensive, how hard you had to work
to make them understand what's going on, how long your server has been running,
and whether you'd recommend them to others. Also include dates.
+
+Since non-exits do not attract complaints, it should be fine to run them
without contacting the hoster first. Make sure you understand their policies
regarding bandwidth, especially on "unlimited" (fair use) contracts. For exit
relays, you should read the fine Tor Exit Guidelines first.
+
+For network diversity and stronger anonymity, you should avoid providers and
countries that already attract a lot of Tor capacity.
[metrics](https://metrics.torproject.org/) is a great tool that allows you to
group probabilities by country and AS (autonomous systems), so you can more
easily identify networks you want to avoid.
+
+**Note**: This page is currently being revamped. If you would like to help out
please see [#31063](https://trac.torproject.org/projects/tor/ticket/31063).
+
+## Proposed ISPs
+
+The table below contains some community-suggested ISPs which have yet to be
contacted and/or evaluated on their policies towards Tor hosting of any kind.
If you have seen a host and would like to suggest it to us, but do not have the
time or confidence to reach out, please do leave their website information
below.
+
+
+| **Company/ISP** | **Website** | **Language** | **Tasked?** | **Comments** |
+|-------------------------|------------------|--------------------|------------------|---------------------|
+| [Evolution Host VPS](https://evolution-host.com/vps-hosting.php) |
[Evolution Host](https://evolution-host.com/) | English |
https://evolution-host.com/tos.php | "No problem at all! We certainly aren't
against the use of Tor on our services. You may host any type of Tor node." |
+| QuickPacket | quickpacket.com | English | ToS prohibit "any activity"
related to Tor as of 2015-03-31. See prohibited use 22
http://quickpacket.com/tos.html |
+| Delimiter | delimiter.com | English |
https://www.delimiter.com/terms-conditions/ |
+| Reliable Hosting | reliablehosting.com | English | 2015-12-31 "Sorry, we
don't allow Tor exit node on our servers" |
+| Dacentec | dacentec.com | English | 2015-12-29 Dacentec Support: "Tor Nodes
are prohibited by our terms of service and acceptable use policy. 2 sites were
given https://billing.dacentec.com/hostbill/aup.php and
https://billing.dacentec.com/hostbill/terms.php |
+| Joe's Datacenter | joesdatacenter.com | English | | "For abuse complaints,
if we receive them while your account is still fairly new, we automatically
terminate services." |
+| Wholesale Internet | wholesaleinternet.com | English | 2015-12-29 Wholesale
Internet sales:"We do not block traffic, but you must respond to all abuse
reports within 24 hours." | Core2Duo Dedi 100Mbit connection serves only ~ 35
Mbit (1/5/16)|
+| Datashack.net \\ ASN: AS33387 | datashack.net | English | 2015-11-21
DataShack Sales: "We do not appose TOR, but require to respond to all abuse
reports within 24 hours." |
+| !CrownCloud | crowncloud.net | English | ~~ToS dis-allow bridge, relay, or
exit as of 2015-03-31.~~ As of 2015-07-22, only exits are disallowed. Entry,
bridge and middle are fine. See item 17 at
http://wiki.crowncloud.net/doku.php/vps_tos |
+| Deepnet Solutions | deepnetsolutions.com | English | They specifically allow
Tor relays (not exits) on their dedicated IPV4 VPSs NOT on any NAT or OHM
packages. \\ Some of their locations have a lot of consensus weight (AS12876
and AS16276), maybe not so good for diversity. |
+| Andrews & Arnold | aa.net.uk | English | UK. IPv6. Note: Very very
pro-privacy, has made public their net freedom and anti-surveillance stance.
Zero censorship. |
+
+---
+html: two-columns-page.html
+---
+key: 3
+---
+section: Community Resources
+---
+section_id: community-resources
+---
+subtitle: Some ISPs are Tor-friendly, some are not
diff --git
a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr
b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr
index 475651b..b24cf79 100644
---
a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr
+++
b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr
@@ -6,7 +6,7 @@ body:
# Before You Start
-The best way to handle abuse complaints is to set up your exit node so that
they are less likely to be sent in the first place. Please see [Tips for
Running an Exit Node with Minimal
Harassment](https://blog.torproject.org/running-exit-node ) and [Tor Exit
Guidelines](https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines)
for more info, before reading this document.
+The best way to handle abuse complaints is to set up your exit node so that
they are less likely to be sent in the first place. Please see [Tips for
Running an Exit Node with Minimal
Harassment](https://blog.torproject.org/running-exit-node) and [Tor Exit
Guidelines](/tor-exit-guidelines) for more info, before reading this document.
Below are a collection of letters you can use to respond to your ISP about
their complaint in regards to your Tor exit server.
@@ -281,16 +281,16 @@ If a serious abuse complaint not covered by this template
set arrives, the best
* The ISP is not at fault and not liable for your actions. This is normally
the case, but the poor abuse person dealing with the issues just wants to hear
it isn't the ISPs problem. They will move on after they are comfortable.
* Discuss options. Options Phobos has been offered:
* The ISP/Complaintant may very well demand to see logfiles. Fortunately,
by default, nothing sensitive disclosed. You may want a new ISP if they demand
access to log files ad hoc.
- * The ISP/Complaintant suggests you convert to middleman. In this case, you
may want to counter with a reduced exit policy, such as the one suggested in
[https://blog.torproject.org/running-exit-node item #6 of the above blog post].
+ * The ISP/Complaintant suggests you convert to middleman. In this case, you
may want to counter with a reduced exit policy, such as the one suggested in
[item #6 of the above blog post](https://blog.torproject.org/running-exit-node).
* The ISP/Complaintant demands you disable Tor. You may want a new ISP as a
result.
* The ISP/Complaintant states they will firewall off the traffic on the
default ports. You may want a new ISP as a result.
- * Update the config to disallow traffic to a certain IP range from your exit
node. You may want to suggest the complaintant use the [Tor DNS
RBL](https://www.torproject.org/projects/tordnsel.html.en ) instead.
+ * Update the config to disallow traffic to a certain IP range from your exit
node. You may want to suggest the complaintant use the [Tor DNS
RBL](https://2019.www.torproject.org/projects/tordnsel.html.en) instead.
* After all has been discussed, offer a follow up conversation within a week.
Make sure your agreed upon changes are implemented. Neither the ISP nor
Complaintant may want to do this, but the fact that you offered is in your
credit. This may help them feel "comfortable" with you.
## Other Template Sets
- * [DMCA Response template for Tor node maintainer to ISP](FIXME) as written
by the [EFF](http://www.eff.org EFF).
+ * [DMCA Response template for Tor node maintainer to ISP](FIXME) as written
by the [EFF](http://www.eff.org).
* Moritz Bartl, the operator of some of our fastest Tor exit nodes, has begun
compiling a [set of abuse response template
emails](https://www.torservers.net/wiki/abuse/templates) as well.
---
html: two-columns-page.html
diff --git
a/content/relay-operations/community-resources/tor-exit-guidelines/contents.lr
b/content/relay-operations/community-resources/tor-exit-guidelines/contents.lr
new file mode 100644
index 0000000..37e98d1
--- /dev/null
+++
b/content/relay-operations/community-resources/tor-exit-guidelines/contents.lr
@@ -0,0 +1,117 @@
+_model: page
+---
+title: Tor Exit Guidelines
+---
+body:
+
+These guidelines are meant to give you a quick introduction into the business
of running your own exit relay.
+
+NOTE: This FAQ is for informational purposes only and does not constitute
legal advice. Our aim is to provide a general description of the legal issues
surrounding Tor exit relaying. Different factual situations and different legal
jurisdictions will result in different answers to a number of questions.
Therefore, please do not act on this information alone; if you have any
specific legal problems, issues, or questions, seek a complete review of your
situation with a lawyer licensed to practice in your jurisdiction.
+
+## Hosting
+
+### Tor at Universities: Find allies.
+
+Find some professors (or deans!) who like the idea of supporting and/or
researching anonymity on the Internet. If possible, use an extra IP range whose
abuse contact doesn't go through the main university abuse team. Ideally, use
addresses that are not trusted by the IP-based authentication many
library-related services use -- if the university's entire IP address space is
"trusted" to access these library resources, the university is forced to
maintain an iron grip on all its addresses. Also read [How do I make my
University / ISP / etc happy with my exit node?](FIXME)
+
+### Find Tor-friendly ISPs.
+
+A good ISP is one that offers cheap bandwidth and is not being used by other
members of the Tor community. Before you continue, you may ask the Tor
community if your choice is a good one. We very much need diversity, and it
does not help if we pool too many exits at one friendly ISP.
+
+In any case, add the ISP to the [GoodBadISPs](FIXME) wiki page.
+
+To find an ISP, go through forums and sites where ISPs posts their latest
deals, and contact them about Tor hosting. Once you identified your ISP, you
can follow the two-step advice of TorServers.net.
+
+1. Ask if the ISP is okay with a Tor exit
+
+2. If they come back positively, ask them if they are OK with an IP range
reassignment. If not, you can still explain that you are a non-profit superb
large organization filled with security professionals, and that all will be
good, and why IP reassignment helps reduce their workload.
+
+The two-step process usually helps in elevating your request to higher levels
of support staff without scaring them off too early, even if you don't end up
with your own IP range. Here is template you can use:
[Inquiry](https://www.torservers.net/wiki/hoster/inquiry)
+
+
+## Legal
+
+* Make sure you know the relevant legal paragraphs for common-carrier like
communication services in your country (and the country of your hosting
provider!).
+
+At least most western countries should have regulations that exclude
communication service providers from liability. Please add your country's
regulations to this list.
+
+* USA: [DMCA 512](https://www.law.cornell.edu/uscode/text/17/512); see [EFF's
Legal FAQ for Tor Operators](https://2019.www.torproject.org/eff/tor-legal-faq)
(a very good and relevant read for other countries as well)
+ * Germany: [TMG 8](http://www.gesetze-im-internet.de/tmg/__8.html) and
[15](http://www.gesetze-im-internet.de/tmg/__15.html).
+ * Netherlands: [Artikel 6:196c
BW](http://wetten.overheid.nl/BWBR0005289/Boek6/Titel3/Afdeling4A/Artikel196c/)
+ * Austria: [ECG
13](http://www.ris.bka.gv.at/Dokument.wxe?Abfrage=Bundesnormen&Dokumentnummer=NOR40025809)
+* France: FIXME
+ * Sweden: [16-19 2002:562](https://lagen.nu/2002:562#P16S1)
+
+If you country is missing here and you know a lawyer who can provide a legal
opinion, please get in contact with Tor Project.
+
+* If you're part of an organization that will be running the exit relay (ISP,
university etc), consider teaching your legal people about Tor.
+
+It's way better for them to hear about Tor from you, in a relaxed environment,
than to hear about it from a stranger over the phone. Make them aware of [EFF's
Legal FAQ for Tor
Operators](https://2019.www.torproject.org/eff/tor-legal-faq). EFF has also
offered to talk to other lawyers to explain the legal aspects of Tor; contact
us at [email protected] and we'll make the connections for you.
+
+* If you're not part of an organization, think about starting one!
+
+Depending on the chosen form, setting up a legal body might help with
liability, and in general it helps to appear bigger than you are (and less
likely to get raided). The guys from Torservers.net in Germany found a lawyer
who would agree to "host" them inside his office. They are now are a non-profit
association ("eingetragener Verein, gemeinnutzig") registered inside a lawyer's
office. The setup process was easy and cheap. Similar setups probably exist for
your country. Another benefit of an association-like structure is that it might
still work even when you leave, if you manage to find successors.
+
+* Consider preemptively teaching your local law enforcement about Tor.
+
+"Cybercrime" people actually love it when you offer to [teach them about Tor
and the
Internet](https://blog.torproject.org/blog/talking-german-police-stuttgart) --
they're typically overwhelmed by their jobs and don't have enough background to
know where to start. Contacting them gives you a chance to teach them why Tor
is useful to the world (and why it's [not particularly helpful to
criminals](https://2019.www.torproject.org/docs/faq-abuse#WhatAboutCriminals).
Also, if they do get a report about your relay, they'll think of you as a
helpful expert rather than a potential criminal.
+
+## Handling abuse complaints
+
+### Answering complaints
+
+If you receive an abuse complaint, don't freak out! Here is some advice for
you:
+
+* Answer to abuse complaints in a professional manner within a reasonable time
span.
+
+TorServers.net is a fairly large Tor exit operator and we receive only a very
small number of complaints, especially compared to the amount of traffic we
push. Roughly 80% are automated reports, and the rest is usually satisfied with
[our default reply](https://www.torservers.net/wiki/abuse/templates). We have
not needed the input of a lawyer in many years of operation following the
advice on this page.
+
+In addition to the [templates at
Torservers.net](https://www.torservers.net/wiki/abuse/templates), you can find
many more templates for various scenarios on the [Tor Abuse Templates](FIXME) .
It is exceptionally rare to encounter a scenario where none of these templates
apply.
+
+* If you receive a threatening letter from a lawyer about abusive use or a
DMCA complaint, also don't freak out.
+
+We are not aware of any case that made it near a court, and we will do
everything in our power to support you if it does. You can look up if an IP
address was listed as an exit relay at a given time at
[ExoneraTor](https://exonerator.torproject.org/). Point to that page in your
reply to the complaint. If you feel it might be helpful, we can write you a
signed letter confirming this information: Contact us at
[email protected] if you need one.
+
+In your reply, state clearly that you are not liable for forwarded content
passing through your machine, and include the relevant legal references for
your country.
+
+## Things you can do preemptively
+
+* Make the WHOIS info point as close to you as possible.
+
+One of the biggest reasons exit relays disappear is because the people
answering the abuse address get nervous and ask you to stop. If you can get
your own IP block, great. Even if not, many providers will still reassign
subblocks to you if you ask. ARIN uses
[SWIP](https://www.arin.net/resources/request/reassignments.html), and RIPE
uses something similar. You can also add comments to your range, hinting at
your usage as anonymization service
([Example](https://apps.db.ripe.net/search/query.html?searchtext=ZWIEBELFREUNDE)).
If you have questions about the process, please write an email to
[email protected] and we will try to explain the process to you.
+
+* Register a phone number and a fax number as abuse contact.
+
+At least law enforcement in Germany regularly uses the fax and phone numbers
present in IP records. Torservers.net uses a free German fax-to-email service,
call-manager.de, and a VoIP number from Sipgate.de.
+
+* Consider using the Reduced Exit Policy.
+
+The [Reduced Exit Policy](FIXME) is an alternative to the default exit
policy. It allows many Internet services while still blocking the majority of
TCP ports. This drastically reduces the odds that a Bittorrent user will select
your node and thus reduces or even eliminates the number of [DMCA
complaints](https://2019.www.torproject.org/eff/tor-dmca-response) you will
receive.
+
+If you have your own experience of abuse handling, just share it on our public
mailing list or write us an email to [email protected].
+
+## Technical
+
+Please read all the technical details before getting started. If you have any
questions or need help, please contact us at
[tor-relays](https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays).
+
+* [TorRelayGuide](https://community.torproject.org/relay)
+
+* Set up an informative website on the exit IP(s) on port 80.
+
+A disclaimer helps giving people the right idea about what is behind traffic
coming from these IPs. A simple notice can be published without a separate
webserver using Tor's "DirPortFrontPage " directive.
+
+* Try to use dedicated IPs, and when possible dedicated hardware.
+
+* Disk encryption might be useful to protect your node keys, but on the other
hand unencrypted machines are easier to "audit" if required. We feel it's best
to be able to easily show that you do Tor exiting, and nothing else (on that IP
or server).
+
+* Set reverse DNS to something that signals its use, e.g. 'anonymous-relay',
'proxy', 'tor-proxy'. so when other people see the address in their web logs,
they will more quickly understand what's going on. If you do, and if SMTP is
allowed in your exit policy, consider configuring
[SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) on your domain:
this will protect you from users using your exit node to forge e-mails which
look like they come from you.
+---
+html: two-columns-page.html
+---
+key: 5
+---
+section: Community Resources
+---
+section_id: community-resources
+---
+subtitle: Quick introduction into running your Exit relay
diff --git
a/content/relay-operations/community-resources/tor-relay-universities/contents.lr
b/content/relay-operations/community-resources/tor-relay-universities/contents.lr
new file mode 100644
index 0000000..0fb65a2
--- /dev/null
+++
b/content/relay-operations/community-resources/tor-relay-universities/contents.lr
@@ -0,0 +1,49 @@
+_model: page
+---
+title: Tor Relay Universities
+---
+body:
+
+To keep your exit node running long-term, you're going to need the support of
the people around you. In this sense, Tor provides a lever to help you change
your organization's policies. If the administration considers an Internet
community that helps other people to be a foreign concept, or if they're used
to treating new situations as security risks and telling everybody to quit it,
a Tor relay may give you a way to focus the discussion and find allies who want
to help change policy. In short, running a Tor exit node may well require you
to become an advocate for anonymity and privacy in the world.
+
+The best strategy depends on your situation, but here are some tips to get you
started. (We focus on the university scenario, but hopefully you can adapt it
to your own situation.)
+
+ * First, learn about your university's AUP -- acceptable use policy. Most
likely it is ambiguously worded, to let them allow or deny things based on the
situation. But it might be extremely restrictive ("no services of any kind"),
in which case you're going to have a tough road ahead of you.
+
+ * Second, learn about your local laws with respect to liability of traffic
that exits from your Tor relay. In the US, these appear to be mainly the
[DMCA](https://2019.www.torproject.org/eff/tor-legal-faq.html#DMCA) and
[CDA](https://2019.www.torproject.org/eff/tor-legal-faq.html#Lawsuits), and
the good news is that many lawyers believe that Tor exit node operators are in
the same boat as the ISPs themselves. Become familiar with
+[the EFF's template letter regarding DMCA notices for
Tor](https://2019.www.torproject.org/eff/tor-dmca-response.html), which is
quite clear about not putting liability on service providers. The CDA is less
clear, because it was written before the modern Internet emerged, but EFF and
ACLU are optimistic. Of course, you need to understand that without actual
clear precedent (and even then), it's still possible that a given judge will
not interpret things the way the lawyers expect. In any case, the key here is
to become familiar with the laws and their implications and uncertainties.
+
+ * Third, learn about Tor's design. Read the [design
overview](https://2019.www.torproject.org/overview.html), the [design
paper](https://www.torproject.org/svn/trunk/doc/design-paper/tor-design.html),
and the FAQ. Hang out on IRC (irc.oftc.net - #tor-relays) for a while and
learn more. If possible, attend a talk by one of the Tor developers. Learn
about the types of people and organizations who need secure communications on
the Internet. Practice explaining Tor and its benefits and consequences to
friends and neighbors -- the [abuse
FAQ](https://2019.www.torproject.org/faq-abuse) may provide some helpful
starting points.
+
+ * Fourth, learn a bit about authentication on the Internet. Many
library-related services use source IP address to decide whether a subscriber
is allowed to see their content. If the university's entire IP address space is
"trusted" to access these library resources, the university is forced to
maintain an iron grip on all its addresses. Universities like Harvard do the
smart thing: their students and faculty have actual methods to authenticate --
say, certificates, or usernames and passwords -- to a central Harvard server
and access the library resources from there. So Harvard doesn't need to be as
worried about what other services are running on their network, and it also
takes care of off-campus students and faculty. On the other hand, universities
like Berkeley simply add a "no proxies" line to their network policies, and are
stuck in a battle to patrol every address on their network. We should encourage
all these networks to move to an end-to-end authentication model rather th
an conflating network location with who's on the other end.
+
+ * Fifth, start finding allies. Find some professors (or deans!) who like the
idea of supporting and/or researching anonymity on the Internet. If your school
has a botnet research group or studies Internet attacks (like at Georgia Tech
and UCSD), meet them and learn more about all the scary things already out
there on the Internet. If you have a law school nearby, meet the professors
that teach the Internet law classes, and chat with them about Tor and its
implications. Ask for advice from everybody you meet who likes the idea, and
try to work your way up the chain to get as many good allies as you can in as
many areas as you can.
+
+ * Sixth, teach your university's lawyers about Tor. This may seem like a
risky move, but it's way better for them to hear about Tor from you, in a
relaxed environment, than to hear about it from a stranger over the phone.
Remember that lawyers don't like being told how to interpret laws by a
non-lawyer, but they are often pleased to hear that other lawyers have done a
lot of the research and leg-work (this is where [the EFF's legal
FAQ](https://2019.www.torproject.org/eff/tor-legal-faq) comes in, along with
your law school contacts if you found any). Make sure to keep these discussions
informal and small -- invite one of the general counsel out to coffee to
discuss "something neat that may come up later on." Feel free to bring along
one of the allies you found above, if it makes you more comfortable. Avoid
having actual meetings or long email discussions, and make it clear that you
don't need their official legal opinion yet. Remember that lawyers are paid to
say no unless they hav
e a reason to say yes, so when the time finally comes to ask their opinion on
running a Tor exit node, make sure the question is not "are there any liability
issues?", but rather "we'd like to do this, can you help us avoid the biggest
issues?" Try to predict what they will say, and try to gain allies among the
lawyers who like your cause and want to help. If they have concerns, or raise
questions that you don't know how to answer, work with them to figure out the
answers and make them happy. Becoming friends with the lawyers early in the
process will avoid situations where they need to learn about everything and
make a decision in one day.
+
+ * Seventh, teach your network security people about Tor. You aren't going to
keep your Tor exit node a secret from them for long anyway, and like with the
lawyers, hearing it from you is way better than hearing it from a stranger on
the phone. Avoid putting them on the spot or formally asking permission: most
network security people will like the idea of Tor in theory, but they won't be
in a position to "authorize" your Tor relay. Take them out to coffee to explain
Tor and let them know that you are planning to run a Tor server. Make it clear
that you're willing to work with them to make sure it isn't too much hassle on
their part; for example, they can pass complaints directly on to you if they
like. These people are already overworked, and anything you can do to keep work
off their plate will make everybody happier. You might let them know that there
are ways you can dial down the potential for abuse complaints, for example by
rate limiting or partially restricting your exit poli
cy -- but don't be too eager to offer or take these steps, since once you give
up ground here it's very hard to get it back.
+
+You'll also want to learn if there are bandwidth limitations at your
organization. (Tor can handle a variety of rate limiting approaches, so this
isn't the end of the world).
+
+In some cases, you should talk to the network security people before you talk
to the lawyers; in some cases, there will be yet other groups that will be
critical to educate and bring into the discussion. You'll have to make it up as
you go.
+
+If the authorities contact your university for logs, be pleasant and helpful.
Tor's default log level doesn't provide much that's useful, so if they want
copies of your logs, that's fine. Be helpful and take the opportunity to
explain to them about Tor and why it's useful to the world. (If they contact
you directly for logs, you should send them to
+your university's lawyers -- acting on it yourself is [almost always a poor
idea](https://2019.www.torproject.org/eff/tor-legal-faq.html#RequestForLogs).
+
+If there are too many complaints coming in, there are several approaches you
can take to reduce them. First, you should follow the tips in the [Tor relay
documentation](https://community.torproject.org/relay), such
+as picking a descriptive hostname or getting your own IP address. If that
doesn't work, you can scale back the advertised speed of your relay, by using
the Max``Advertised``Bandwidth to attract less traffic from the Tor network.
Lastly, you can scale back your exit policy.
+
+Some people have found that their university only tolerates their Tor relay if
they're involved in a research project around anonymity. So if you're
interested, you might want to get that started early in the process -- see our
[Research Portal](https://research.torproject.org/). This approach has the
added benefit that you can draw in other faculty and students in the process.
The downside is that your Tor relay's existence is more fragile, since the
terms of its demise are already negotiated. Note that in many cases you don't
even need to be researching the exit node itself -- doing research on the Tor
network requires that there be a Tor network, after all, and keeping it going
is a community effort.
+
+---
+cta: Subscribe to Tor at universities, colleges, and other education
institutions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays-universities
+---
+html: two-columns-page.html
+---
+key: 2
+---
+section: Community Resources
+---
+section_id: community-resources
+---
+subtitle: How do I make my University / ISP / etc happy with my exit node?
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
