[tor-relays] How to Run Torservers.net

Discussion:

Moritz Bartl

2012-07-11 12:33:55 UTC

Hi!

In regular intervals, people ask me what it takes to run a large number
of exit relays. Let me try to document a few steps that I think you need
to take to become a Large Tor Operator (TM).

1) Think about registering a (non-profit) association.
At least in Germany this helps with liability, and in general it helps
to appear bigger than you are (and less likely to get raided).
What we did was try and find a lawyer who would agree to "host" us
inside his office. We succeeded, and now are a non-profit registered
inside a lawyers office. How cool is that? :)

2) Register a fax number.
At least law enforcement in Germany regularly uses the fax number
present in IP records. We use a free German fax-to-email service,
www.call-manager.de.

3) Register a phone number.
The IP records should contain a phone number for abuse reports, and you
don't want that to be your personal phone number. We use Sipgate One, a
German VoIP service that redirects calls to cellphones and Skype for free.

4) Create handles for your organization at ARIN and/or RIPE.
Example record:
https://apps.db.ripe.net/whois/lookup/ripe/person-role/MB22990-RIPE.html
With RIPE, it works far better, most abuse reports will hit you and not
that of your upstream. Having your own IP records is a key element for
abuse handling.

5) Find a good ISP.
This is going to be a hard one. But not too hard. Go through forums and
sites where ISPs posts their latest deals, and contact them about Tor
hosting. We usually divide it into a two-step process: We first ask if
they were okay with a Tor exit, and with reassignment of the IP range -
no details in the first mail! When they come back positively, or
somewhat worried, you can still explain that you are a non-profit superb
large organization filled with security professionals, and that all will
be good.
The two step process usually helps in elevating your request to higher
levels of support staff and without scaring them off to early.
See also https://www.torservers.net/wiki/hoster/inquiry

5a) Still find a good ISP.
A good ISP is one that offers cheap bandwidth and is not being used by
other members of the Tor community.

6) Be quick in answering abuse.
We receive a very small number of complaints, given that we run high
bandwith nodes. I am actually still surprised how few complaints we get.
Roughly 80% are automated reports, which we ignore, and for the rest it
is usually good enough to send our default template.
See https://www.torservers.net/wiki/abuse/templates
and https://www.torservers.net/wiki/abuse/dmca

For police inquiries, we usually give them a one-liner (something like
"As a German organization, we fully comply with Telemediengesetz ?15
(the German telemedia law), which prohibits to log any user identifiable
data or usage data unless required for billing purposes.").
We get one policy inquiry per quarter on average.

What did I forget?
--
Moritz Bartl
https://www.torservers.net/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120711/40f7ec97/attachment.pgp>

Geoff Down

2012-07-11 13:51:29 UTC

Permalink

Post by Moritz Bartl
Roughly 80% are automated reports, which we ignore,

How do you decide which are automated?
GD

--
http://www.fastmail.fm - Accessible with your email software
or over the web

Julian Wissmann

2012-07-11 13:54:24 UTC

Permalink

They usually say that they are ;-) and very often there are 10-15 identical Mails.
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Post by Moritz Bartl
Roughly 80% are automated reports, which we ignore,

How do you decide which are automated?
GD
--
http://www.fastmail.fm - Accessible with your email software
or over the web

_____________________________________________

tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120711/1550228b/attachment.html>

Julian Wissmann

2012-07-11 14:47:52 UTC

Permalink

Actually I can offer to publish a bunch of those abuse mails if there is interest.
Just need to find some time to polish them a little- anonymize stuff and maybe make some pretty statistics.

Julian
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Julian Wissmann <juwi at da0s0a.de> schrieb:

They usually say that they are ;-) and very often there are 10-15 identical Mails.
--
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

Post by Moritz Bartl
Roughly 80% are automated reports, which we ignore,

tor-admin

2012-07-11 20:05:22 UTC

Permalink

Post by Moritz Bartl
6) Be quick in answering abuse.
We receive a very small number of complaints, given that we run high
bandwith nodes. I am actually still surprised how few complaints we get.
Roughly 80% are automated reports, which we ignore, and for the rest it
is usually good enough to send our default template.
See https://www.torservers.net/wiki/abuse/templates
and https://www.torservers.net/wiki/abuse/dmca

Can you tell how many abuse messages you receive per week?

Regards

Rejo Zenger

2012-07-11 20:51:37 UTC

Permalink

Post by tor-admin
Can you tell how many abuse messages you receive per week?

I am running one exit relay for a couple of months now and I have seen less than one notification a month.
--
Rejo Zenger . <rejo at zenger.nl> . 0x21DBEFD4 . <https://rejo.zenger.nl>
GPG encrypted e-mail preferred . +31.6.39642738 . @rejozenger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120711/d53d7e2d/attachment.pgp>

Andrew Lewis

2012-07-11 21:16:35 UTC

Permalink

When running an exit relay I had one FBI visit, one other LE inquiry(both bomb threats), and would get anywhere from 0-15 webmail related spam notices, averaging ~2 a month. This was with the reduced exit node policy in place.

Andrew

Post by Rejo Zenger

Post by tor-admin
Can you tell how many abuse messages you receive per week?

I am running one exit relay for a couple of months now and I have seen less than one notification a month.
--
Rejo Zenger . <rejo at zenger.nl> . 0x21DBEFD4 . <https://rejo.zenger.nl>
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Julian Wissmann

2012-07-11 23:24:58 UTC

Permalink

Post by tor-admin

6) Be quick in answering abuse. We receive a very small number of
complaints, given that we run high bandwith nodes. I am actually
still surprised how few complaints we get. Roughly 80% are
automated reports, which we ignore, and for the rest it is
usually good enough to send our default template. See
https://www.torservers.net/wiki/abuse/templates and
https://www.torservers.net/wiki/abuse/dmca

Can you tell how many abuse messages you receive per week?
Regards

Short answer: ~110 of which we ignore 105
Long answer:
About 15 automated abuses from MediaSentry, Icecat, IP-Echelon and the
likes per day, which we used to automatically answer, but don't bother
about, any more.
Then there are celepar.pr.gov.br and SpamCop from whom we receive the
occasional email and an average of 4-5 regular, "legit" abuse
mails/calls per week. Those are not evenly distributd however! There
are certain "abuse peaks" where we get a lot followed, usually, by
getting none for some time. I also have a feeling (needs confirmation
by me sitting down and plotting our abuses) that it has been getting
less abuse mails over the last year.

Overall those add up to ~110 abuse mails a week of which 105 are
automated and belong to senders who apparently don't care about what
we do/don't care about getting an answer at all/don't react in any
way, like MediaSentry who weren't even reachable by phone.
There are of course, also legit automated abuse mails - I've once had
a wonderful conversation with a guy who apparently also hosts a Tor
node after one of his system's ids sent an email to us, which I replied.

Then there are those few abuses from real people. Those can be
anything from Police inquiries from all over the world, Interpol,
Companies, normal People. Regular subjects frange from Spam and DDoS
to hacked mail accounts and stuff like that. Every few months there is
stuff like harrassment, threats and credit card fraud. There have
however also been police inquiries about terrorism and murder. Gladly
those have been non-recurring, unique events though and I hope it
stays that way.

So about those automated abuses. We took that seriously in the
beginning, answering them, trying to establish contact, explain what
we do. Usually people on the other end were like "We don't care", so
we started ignoring them and yeah, they really don't care and also
won't stop sending stuff.
There have been a few noteworthy exceptions though, like a guy whom
I've had a conversation with after answering an email from his IDS.
Turned out, he hosted a Tor node himself.
So sending a template answer that explains Tor and stuff once or twice
to automated mails can't be wrong, but afterwards its probably okay to
just start ignoring them, if there's no reaction.

Abuses from real people - Important. Answer! We have templates for the
standard situations, otherwise we write specific responses. We try to
answer within 24h, which works 98% of the time.
Often these inquries also result in conversations, some short, some
long, some people just wanting more info, some being supportive of
what we do and some very emotional (usually in a negative way). Some
even resulted in hate mails for months.
There are a few unfortunate ones, however. I speak English, German and
a little French, as does everyone else answering abuses at Torservers,
so whenever an email in any other language comes in we usually ask to
resend the request in one of those three languages, else we have to
ignore it.

Julian

tor-admin

2012-07-12 06:08:50 UTC

Permalink

Post by Julian Wissmann
Short answer: ~110 of which we ignore 105
About 15 automated abuses from MediaSentry, Icecat, IP-Echelon and the
likes per day, which we used to automatically answer, but don't bother
about, any more.

[...]
Thanks for your detailed answer. My nodes with an average traffic of 300MBit/s
generate about 1 abuse message per week using a restricted exit policy. I
don't have a custom whois entry, so all messages are forwarded from my ISP.
Therefore I am very cautious to answer all of them in a way that satisfies my
ISP. My normal response times are less than one hour. I have blocked notorious
spammers like Icecat.

Best regards

Wendy Seltzer

2012-07-12 08:00:07 UTC

Permalink

Post by Moritz Bartl
Hi!
In regular intervals, people ask me what it takes to run a large number
of exit relays. Let me try to document a few steps that I think you need
to take to become a Large Tor Operator (TM).

Thanks Moritz! This is a helpful write-up. If others have experience in
other settings or jurisdictions, it would be interesting to compare.
What do you think about adding this to the wiki?

--Wendy

--
Wendy Seltzer -- wendy at seltzer.org +1 617.863.0613
Fellow, Yale Law School Information Society Project
Fellow, Berkman Center for Internet & Society at Harvard University
http://wendy.seltzer.org/
https://www.chillingeffects.org/
https://www.torproject.org/
http://www.freedom-to-tinker.com/

Jon

2012-07-12 13:51:22 UTC

Permalink

First of all, thanks Moritz for beginning the thread and the info you
passed on. It has given me some good info. :)

In my case, I have been running a full exit relay now for just over 2 1/2
years. When I first began, I would get reports from my ISP about abuses.
They just called me on the phone and told me about it. I asked them what
port it was and specifically what the problem issue was. They advised they
had several reports about copyright infringement issues on music and a
couple on movies. I took the info and and blocked that specific port.

That solved the problem. I went several months before I got called again
for the same thing, but from a different complainer. I did again block the
new port and everything was solved. I went for over a year with out any
complaints and this year got called again. It was about my IP addy doing
some mass mailing spam. I advised them ( my ISP ) that I did not do this. I
asked what port was used and who the complaint came from. I was told both
and I resolved that issue after we hung up.

In all of my complaints, it was done by phone from my ISP, and I was able
to put a fix right away. From reading other Tor Op's reports about the
complaints, I had expeted more and was worried how I was going to handle
it. I have been greatly surprised that it has been as few as it is.

In my case I would say no more than total of 10-15 complaints in 2 1/2
years in running a full exit relay.

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20120712/304127af/attachment.html>