November 21, 2012 17k views
Can i host a exit Tor node with you? Thanks
15 Answers

DO is not being lazy about TOR. That are lots of "low-cost" providers who explicitly mention that TOR exits are not allowed in their AUP. These are the ones who are being lazy. Running exit nodes require knowledge and responsibility so the answer to this question cannot be a simple yes or no.

I found a handful of DigitalOcean IP addresses in the TOR directory marked as "Exit" and a dozen others who are operating non-exit relays. So you too can run one with proper precautions.

I strongly recommend running a non-exit node for a couple of months so that you know how much resources are being consumed and also to get yourself familiar with the configuration directives of torrc file.

Before moving to an exit node read all the following resources carefully.

In running a Tor server, the user is acting as an ISP.

Yes the user is only "acting" they are not a real ISP which is why they are responsible for their actions just like how a VM acting as a dedicated server is responsible for saturation of its host's resources.

Please open up a ticket so that we can take a look at your specific case. Thank you!
There are no problems with customers running VPN servers to bounce through whether it be to anonymize their browsing or as a security precaution to connect to other hosts.

However you would still be subject to our TOS and would need to ensure that you are using this primarily for your own needs instead of making it publicly accessible where it is possible that it could cause issues with our TOS in which case it could lead to a suspension.

If its for your own anonymous regular browsing it should be ok.
Further to this question..

I was recommended to look at your service by a user on the tor-relays email list. That implies that you are conetect for tor to run on your servers. I currently run a middle node (no exit) elsewhere and would like to do the same here. Your TOS says:

Acts of Sub-Users

Users are responsible for the acts of others utilizing their Network access, and will be held responsible for violations of this AUP by their sub-users or persons who gain access to the Network using the User's access codes. Any activity that a User is prohibited from performing by this AUP is equally prohibited to anyone using the Network-access of the User. Accordingly, Users agree to take the following actions to control the activities of those who connect to the Network by any means."

Now if I set up a tor node on your service, I have absolutely no control over what others do through tor. So what is your position please? Are you content for me to run a tor node (and with a VPN of my own into that tor node) on your servers?


Our policy is exactly as stated in our TOS, you will be responsible for the sub-users that connect to your TOR service, if there is abuse that is a result of your sub-users we do not have a way to differentiate that so it will be as if your account was abusive, which will get flagged by our backend and lead to your account being suspended and virtual servers destroyed.

We do not recommend running open services where any user can connect and possibly be abusive as it will all fall under your account and can lead to service interruptions for you.

We do not restrict the installation of software but you are responsible for how it is used and how freely available you make the service.
OK - thanks. I take that to mean that you would not object to a tor middle node (since there will simply be unidentifiable encrypted traffc passing through the node), but would object to an exit node since that might lead to possible apparent misuse (it happens) being attributed to my node.

And the fact that other users have apparently used your services for middle nodes quite happily supports that view.

(Fast setup by the way. Very impressive so far).
Thanks for the feedback =]

As long as its all pass through traffic and the IP of the virtual server isn't being explicitly used then it shouldn't generate any abuse complaints if a user was to do something mischievous.

But its really your best judgement, if its something that may generate abuse complaints thats when the backend gets involved and flags the account.

If there are none, then you're good to go.

Hope that helps a bit.
The response (via the TOS) strikes me as lazy.

As an ISP, your upstream provider understands that you are not liable for us (your subusers). The law (DMCA) specifically protects ISPs from garbage that originates from it's subusers (Safe Harbor Provision).

Your only required action upon receiving an abuse complaint is to forward it to the droplet operator. If a response isn't received, you are obligated (in some circumstances) to block the content.

I am paraphrasing, but your subuser policy sounds like this:

"As an ISP I relay on the Safe Harbor provisions of the DMCA to insulate me from my sub-users. Otherwise my business model wouldn't exist. My users cannot excercise the same provisions (for which they are probably eligible) unless I am not bothered in any way. If anyone (anyone at all, on the internet, with spurious poof) complains, I will shut down my customers instead of forwarding the emails".

I get that you are running a business, but instead of proactively alienating customers... why not back your customers first? Is opening a ticket for each abuse email (copy&paste) and turning off droplets that don't respond in a timely manner really that hard? It sounds like a cron job to me...

I'm not sure which response you are referring to that you led you to believe that our policies for handling abuse complaints is otherwise than forwarding them to the user and awaiting a reply and resolution.

My earlier response was to make sure that customers understood that running tor makes them liable to other people's actions which some customers may not grasp initially, which means if repeated complaints are generated they are logged under their account and if that occurs, as you stated we can power off the droplet or possibly suspend the account.

Looking forward to clarifying any specific questions that you may have =]
So we're held accountable for the actions of others, when we don't even know who those "others" are?
@tlongren: Yes, you're held accountable for every packet that goes out of your server. See section 2.11 in the ToS.
Yes, that is the lazy response. In running a Tor server, the user is acting as an ISP. So they should not be held responsible. That said, I can understand DO's position here, and will avoid running any exit nodes.
Basically the answer is: "you can do what you want, so long as it's typical pattern of use will result in minimal traffic, so that we can over-subscribe our servers and basically charge full rates for what amounts to piping a couple of electrons through our cheap 40 Gbit NICs".

Do AWS or GCE have terms like this too...?
I can understand what the issues are with setting up a Tor exit node though on the other hand setting up Tor relays should presumably be ok.

In lieu of NSA revelations and campaigns like Reset The Net setting up Tor relays is a great way for individuals to get involved.

What would be amazing would be for Digital Ocean to support the Reset The Net campaign and have a clear policy on what they do and do not support with regards to Tor. Talk to your lawyers if you have to, yes it's that important.

At the moment the EFF as a Tor Challenge campaign and so clarity from Digital Ocean would be awesome:
I don't think there will be much of any complaints if you just allow ports 80 and 443 (the http and ssl ports). I think if you allow everything, then it could be a potential issue, although those laws you cited are a good point and I'm not familiar with them, so I can't say how digitalocean would be affected. Still, ports 80 and 443 are pretty much the only ports most people need, other than for gaming or programmy stuff. Just remember those complaints will be against you specifically. If you want to help, running a relay is pretty helpful, too, and promoting the use of the actual VPN is pretty good as well (you can run a site on the network without an exit node).
Have another answer? Share your knowledge.