Posted November 21, 2012 43.1k views
Can i host a exit Tor node with you? Thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
15 answers

DO is not being lazy about TOR. That are lots of “low-cost” providers who explicitly mention that TOR exits are not allowed in their AUP. These are the ones who are being lazy. Running exit nodes require knowledge and responsibility so the answer to this question cannot be a simple yes or no.

I found a handful of DigitalOcean IP addresses in the TOR directory marked as “Exit” and a dozen others who are operating non-exit relays. So you too can run one with proper precautions.

I strongly recommend running a non-exit node for a couple of months so that you know how much resources are being consumed and also to get yourself familiar with the configuration directives of torrc file.

Before moving to an exit node read all the following resources carefully.

In running a Tor server, the user is acting as an ISP.

Yes the user is only “acting” they are not a real ISP which is why they are responsible for their actions just like how a VM acting as a dedicated server is responsible for saturation of its host’s resources.

The response (via the TOS) strikes me as lazy.

As an ISP, your upstream provider understands that you are not liable for us (your subusers). The law (DMCA) specifically protects ISPs from garbage that originates from it's subusers (Safe Harbor Provision).

Your only required action upon receiving an abuse complaint is to forward it to the droplet operator. If a response isn't received, you are obligated (in some circumstances) to block the content.

I am paraphrasing, but your subuser policy sounds like this:

"As an ISP I relay on the Safe Harbor provisions of the DMCA to insulate me from my sub-users. Otherwise my business model wouldn't exist. My users cannot excercise the same provisions (for which they are probably eligible) unless I am not bothered in any way. If anyone (anyone at all, on the internet, with spurious poof) complains, I will shut down my customers instead of forwarding the emails".

I get that you are running a business, but instead of proactively alienating customers... why not back your customers first? Is opening a ticket for each abuse email (copy&paste) and turning off droplets that don't respond in a timely manner really that hard? It sounds like a cron job to me...
Please open up a ticket so that we can take a look at your specific case. Thank you!
There are no problems with customers running VPN servers to bounce through whether it be to anonymize their browsing or as a security precaution to connect to other hosts.

However you would still be subject to our TOS and would need to ensure that you are using this primarily for your own needs instead of making it publicly accessible where it is possible that it could cause issues with our TOS in which case it could lead to a suspension.

If its for your own anonymous regular browsing it should be ok.
Further to this question..

I was recommended to look at your service by a user on the tor-relays email list. That implies that you are conetect for tor to run on your servers. I currently run a middle node (no exit) elsewhere and would like to do the same here. Your TOS says:

Acts of Sub-Users

Users are responsible for the acts of others utilizing their Network access, and will be held responsible for violations of this AUP by their sub-users or persons who gain access to the Network using the User's access codes. Any activity that a User is prohibited from performing by this AUP is equally prohibited to anyone using the Network-access of the User. Accordingly, Users agree to take the following actions to control the activities of those who connect to the Network by any means."

Now if I set up a tor node on your service, I have absolutely no control over what others do through tor. So what is your position please? Are you content for me to run a tor node (and with a VPN of my own into that tor node) on your servers?


Our policy is exactly as stated in our TOS, you will be responsible for the sub-users that connect to your TOR service, if there is abuse that is a result of your sub-users we do not have a way to differentiate that so it will be as if your account was abusive, which will get flagged by our backend and lead to your account being suspended and virtual servers destroyed.

We do not recommend running open services where any user can connect and possibly be abusive as it will all fall under your account and can lead to service interruptions for you.

We do not restrict the installation of software but you are responsible for how it is used and how freely available you make the service.
OK - thanks. I take that to mean that you would not object to a tor middle node (since there will simply be unidentifiable encrypted traffc passing through the node), but would object to an exit node since that might lead to possible apparent misuse (it happens) being attributed to my node.

And the fact that other users have apparently used your services for middle nodes quite happily supports that view.

(Fast setup by the way. Very impressive so far).
Thanks for the feedback =]

As long as its all pass through traffic and the IP of the virtual server isn't being explicitly used then it shouldn't generate any abuse complaints if a user was to do something mischievous.

But its really your best judgement, if its something that may generate abuse complaints thats when the backend gets involved and flags the account.

If there are none, then you're good to go.

Hope that helps a bit.

I'm not sure which response you are referring to that you led you to believe that our policies for handling abuse complaints is otherwise than forwarding them to the user and awaiting a reply and resolution.

My earlier response was to make sure that customers understood that running tor makes them liable to other people's actions which some customers may not grasp initially, which means if repeated complaints are generated they are logged under their account and if that occurs, as you stated we can power off the droplet or possibly suspend the account.

Looking forward to clarifying any specific questions that you may have =]
So we're held accountable for the actions of others, when we don't even know who those "others" are?
Previous 1 2 Next