On Fri, Oct 25, 2013 at 11:03:27AM -0400, Christopher Jones wrote:
I just wanted to thank the list members for giving me some great advice on working with my ISP to deal with the DMCA nastygrams. I restricted my exit policy to allow most legitimate TCP services and block the rest, which should hopefully disincentivize those damn P2P users from picking my relay as an exit in most cases.
If you want to go even more conservative, you could allow just 80 and 443. It would still be useful to many people, and be even less likely to draw dmca complaints. Something to consider for the future if you need another step in the negotiation.
Does the Tor project run a database to track abuse complaints? Could be useful in terms of uncovering who the largest pains in the ass are (mine was from Irdeto on behalf on NBC Universal), as well as organizing targeted campaigns to put pressure on companies like Irdeto to at least perform some due diligence and not send out DMCA originating from exit relays. If not, maybe I?ll start working on a project to do so if there isn?t something else like it elsewhere.
Lunar's pointer to Chilling Effects is a good one.
But see also this mail from the distant past: https://lists.torproject.org/pipermail/tor-talk/2005-October/016301.html
You see, if somebody sends you a DMCA takedown knowing that it doesn't apply to you, then *they're* breaking the law. So in theory you could notify them that you've got safe harbor under DMCA 512(a) and would they kindly stop harrassing you, and then when they send the next letter you can countersue. Somebody should do this someday, but it will be an involved and messy process. On the plus side, some large universities have successfully used this approach (or more precisely, the threat of using it) to stop the bigger DMCA bullies from wasting their time. On the minus side, you as a customer of your ISP don't get to make this decision, at least not by yourself, because your main problem is the policy of your ISP, not any actual laws.
One more question and I?ll probably feel stupid after reading the answers, but does ?RelayBandwidthRate? apply separately to rx and tx rates or the combined throughput of them both? The server I run has an unmetered 100Mb/s connection. I?ve got RelayBandwidthRate set to 5MB and RelayBandwidthBurst set to 10MB. 12.5MB/s being the theoretical max, if I bumped up my bandwidth rate to, say, 8, would my relay overload the NIC or would it continue to behave?
Tor counts bytes separately in each direction. So 5Mbytes means 5mbytes reading and 5mbytes writing. So you are currently limiting your relay to a long-term average of 40mbps.
At last check, I had 1140 TCP connections according to lsof and vnstat is showing throughputs of 13-18Mbit/s rx and 14-19Mbit/s tx. Tor CPU usage is about 22-27% according to top.
Does this look reasonable or should I tweak some things like max connections?
There isn't any functionality currently to limit how many connections your relay will use/accept. You need to be able to have a connection open to every other relay, and to the exit destinations that users ask for (if your exit policy allows it), and to clients if they pick you for their first hop. Refusing to do any of those connections degrades service (and in the relay-to-relay connection case, it potentially messes with anonymity in complex ways too, since the Tor network is no longer a clique topology).
Fortunately, sockets are basically free on a real OS. The main challenge comes up in cheap VPS systems where they artificially limit system resources to make it hard for you to do anything with your VPS.
--Roger