Question

Tor

  • Posted November 21, 2012

Can i host a exit Tor node with you?

Thanks

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

DO is not being lazy about TOR. That are lots of “low-cost” providers who explicitly mention that TOR exits are not allowed in their AUP. These are the ones who are being lazy. Running exit nodes require knowledge and responsibility so the answer to this question cannot be a simple yes or no.

I found a handful of DigitalOcean IP addresses in the TOR directory marked as “Exit” and a dozen others who are operating non-exit relays. So you too can run one with proper precautions.

I strongly recommend running a non-exit node for a couple of months so that you know how much resources are being consumed and also to get yourself familiar with the configuration directives of torrc file.

Before moving to an exit node read all the following resources carefully.

In running a Tor server, the user is acting as an ISP.

Yes the user is only “acting” they are not a real ISP which is why they are responsible for their actions just like how a VM acting as a dedicated server is responsible for saturation of its host’s resources.

DO is not being lazy about TOR. That are lots of “low-cost” providers who explicitly mention that TOR exits are not allowed in their AUP. These are the ones who are being lazy. Running exit nodes require knowledge and responsibility so the answer to this question cannot be a simple yes or no.

I found a handful of DigitalOcean IP addresses in the TOR directory marked as “Exit” and a dozen others who are operating non-exit relays. So you too can run one with proper precautions.

I strongly recommend running a non-exit node for a couple of months so that you know how much resources are being consumed and also to get yourself familiar with the configuration directives of torrc file.

Before moving to an exit node read all the following resources carefully.

In running a Tor server, the user is acting as an ISP.

Yes the user is only “acting” they are not a real ISP which is why they are responsible for their actions just like how a VM acting as a dedicated server is responsible for saturation of its host’s resources.

DO is not being lazy about TOR. That are lots of “low-cost” providers who explicitly mention that TOR exits are not allowed in their AUP. These are the ones who are being lazy. Running exit nodes require knowledge and responsibility so the answer to this question cannot be a simple yes or no.

I found a handful of DigitalOcean IP addresses in the TOR directory marked as “Exit” and a dozen others who are operating non-exit relays. So you too can run one with proper precautions.

I strongly recommend running a non-exit node for a couple of months so that you know how much resources are being consumed and also to get yourself familiar with the configuration directives of torrc file.

Before moving to an exit node read all the following resources carefully.

In running a Tor server, the user is acting as an ISP.

Yes the user is only “acting” they are not a real ISP which is why they are responsible for their actions just like how a VM acting as a dedicated server is responsible for saturation of its host’s resources.

The response (via the TOS) strikes me as lazy. <br> <br>As an ISP, your upstream provider understands that you are not liable for us (your subusers). The law (DMCA) specifically protects ISPs from garbage that originates from it’s subusers (Safe Harbor Provision). <br> <br>Your only required action upon receiving an abuse complaint is to forward it to the droplet operator. If a response isn’t received, you are obligated (in some circumstances) to block the content. <br> <br>I am paraphrasing, but your subuser policy sounds like this: <br> <br>“As an ISP I relay on the Safe Harbor provisions of the DMCA to insulate me from my sub-users. Otherwise my business model wouldn’t exist. My users cannot excercise the same provisions (for which they are probably eligible) unless I am not bothered in any way. If anyone (anyone at all, on the internet, with spurious poof) complains, I will shut down my customers instead of forwarding the emails”. <br> <br>I get that you are running a business, but instead of proactively alienating customers… why not back your customers first? Is opening a ticket for each abuse email (copy&paste) and turning off droplets that don’t respond in a timely manner really that hard? It sounds like a cron job to me…

I don’t think there will be much of any complaints if you just allow ports 80 and 443 (the http and ssl ports). I think if you allow everything, then it could be a potential issue, although those laws you cited are a good point and I’m not familiar with them, so I can’t say how digitalocean would be affected. Still, ports 80 and 443 are pretty much the only ports most people need, other than for gaming or programmy stuff. Just remember those complaints will be against you specifically. If you want to help, running a relay is pretty helpful, too, and promoting the use of the actual VPN is pretty good as well (you can run a site on the network without an exit node).

I can understand what the issues are with setting up a Tor exit node though on the other hand setting up Tor relays should presumably be ok. <br> <br>In lieu of NSA revelations and campaigns like Reset The Net https://www.resetthenet.org/ setting up Tor relays is a great way for individuals to get involved. <br> <br>What would be amazing would be for Digital Ocean to support the Reset The Net campaign and have a clear policy on what they do and do not support with regards to Tor. Talk to your lawyers if you have to, yes it’s that important. <br> <br>At the moment the EFF as a Tor Challenge campaign and so clarity from Digital Ocean would be awesome: https://www.eff.org/torchallenge/

Basically the answer is: “you can do what you want, so long as it’s typical pattern of use will result in minimal traffic, so that we can over-subscribe our servers and basically charge full rates for what amounts to piping a couple of electrons through our cheap 40 Gbit NICs”. <br> <br>Do AWS or GCE have terms like this too…?

Yes, that is the lazy response. In running a Tor server, the user is acting as an ISP. So they should not be held responsible. That said, I can understand DO’s position here, and will avoid running any exit nodes.

@tlongren: Yes, you’re held accountable for every packet that goes out of your server. See section 2.11 in the ToS.

So we’re held accountable for the actions of others, when we don’t even know who those “others” are?