Hi list,
I am running Kadoc[0] for a few weeks and got today a more aggressive complain from a System Administrator of my VPS provider. I seek for an appropriate response to not get banned. Does someone experienced a similar scenario and succeeded to educate the sys admins ? Here's the complain:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.// //You are the one responsible for the traffic generated on/trough your server, so you should make sure that no similar traffic will appear in future. Illegal actions are strictly prohibited in our network/servers.// //Please take immediate actions to stop this kind of activity./
I am almost sure that trying to argument that I am not responsible for the traffic generated through my Exit is not the right angle with such guy. Any ideas ?
Best,
Florentin Rochet
[0] https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B99...
On Tue, Mar 14, 2017 at 01:41:53PM +0100, Florentin Rochet wrote:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.//
Abuse complaints are rarely false positives, with the exception of something like UDP which Tor doesn't relay.
//You are the one responsible for the traffic generated on/trough your server, so you should make sure that no similar traffic will appear in future. Illegal actions are strictly prohibited in our network/servers.// //Please take immediate actions to stop this kind of activity./
Essentially, they're just saying your use of Tor breaches their terms of service. You can try and find a more friendlier ISP. (See GoodBadISPs [1].)
I couldn't find the terms of service for the provider you're using, so I can't tell.
I am almost sure that trying to argument that I am not responsible for the traffic generated through my Exit is not the right angle with such guy. Any ideas ?
Tor relay operators are generally not liable for the traffic transmitted in law. See if you have a limited liability in your jurisdiction.
On 14.03.2017 13:41, Florentin Rochet wrote:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.//
Well yeah, it's not a "false positive". That "you cannot do anything about it" might not be the best argument here either: I suggest you block the destination IP address(es) for some weeks via ExitPolicy, let the sender of the complaint konw that you will remove the block again in X weeks, while putting your ISP in CC. Then you can use that as the argument that you "took care of it" and that you don't accept "illegal actions" either.
Then, another possible argument in most cases is that what is being reported is not "illegal activity", but merely a notification about some event that triggered some IDS (port scanning, script-kiddie/metasploit stuff, etc). Ultimately it will be hard to argue why a scan does not automatically mean that it is "illegal" these days, but it might help in certain discussions.
On Tue, Mar 14, 2017 at 02:17:14PM +0100, Moritz Bartl wrote:
about it" might not be the best argument here either: I suggest you block the destination IP address(es) for some weeks via ExitPolicy, let
My concern with this is the liability on operator. In Finland (and Europe?), the limited liability provisions have three criteria for service/network providers (Tietoyhteiskuntakaari 7.11.2014/917, 182 § Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa):
1. You're not the one initiating the network transfer; 2. You're not selecting the recipient; and 3. You don't select or modify the data to be transferred.
I believe FICORA has advised blocking ports as necessary for security reasons (e.g. port 25) is fine, but when it's being extended to IP-address and/or port combinations, that's where it starts becoming gray (in regards to #2).
So far, replying to every abuse complaint and giving advice how to block Tor using DNSBL or similar has worked for me. I can see it's probably not what original poster's ISP would like to hear to have the issue resolved, but it's less ambiguous on law and limited liability. Thus, I suggested looking into other more friendly ISPs.
If its an exit just use the reduced reduced exit policy - I dont get any abuse complaints apart from those heroes at webiron
Cheers Mark B Snaptor.co.uk (non commercial)
On 14 Mar 2017, at 14:36, Juuso Lapinlampi wub@partyvan.eu wrote:
On Tue, Mar 14, 2017 at 02:17:14PM +0100, Moritz Bartl wrote: about it" might not be the best argument here either: I suggest you block the destination IP address(es) for some weeks via ExitPolicy, let
My concern with this is the liability on operator. In Finland (and Europe?), the limited liability provisions have three criteria for service/network providers (Tietoyhteiskuntakaari 7.11.2014/917, 182 § Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa):
- You're not the one initiating the network transfer;
- You're not selecting the recipient; and
- You don't select or modify the data to be transferred.
I believe FICORA has advised blocking ports as necessary for security reasons (e.g. port 25) is fine, but when it's being extended to IP-address and/or port combinations, that's where it starts becoming gray (in regards to #2).
So far, replying to every abuse complaint and giving advice how to block Tor using DNSBL or similar has worked for me. I can see it's probably not what original poster's ISP would like to hear to have the issue resolved, but it's less ambiguous on law and limited liability. Thus, I suggested looking into other more friendly ISPs. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 14.03.2017 15:36, Juuso Lapinlampi wrote:
My concern with this is the liability on operator. In Finland (and Europe?)
Yes, this is "harmonized" and modelled after the US DMCA law, in Europe in the "e-Commerce directive" respectively the federal implementations. See https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines (and add links to your local implementation!)
I believe FICORA has advised blocking ports as necessary for security reasons (e.g. port 25) is fine, but when it's being extended to IP-address and/or port combinations, that's where it starts becoming gray (in regards to #2).
I would argue it's not. Since you advertise that your network cannot be used for these ports and/or IPs, you do not influence the "selection of the recipient". Otherwise, any network that only routes to particular destinations would lose limited liability, which would be pretty much against how the Internet works.
So far, replying to every abuse complaint and giving advice how to block Tor using DNSBL or similar has worked for me. I can see it's probably not what original poster's ISP would like to hear to have the issue resolved, but it's less ambiguous on law and limited liability. Thus, I suggested looking into other more friendly ISPs.
I agree, helping the "other side" to understand Tor and how to NOT BLOCK using DNSBLs but rather use DNSBLs as a component to identify potentially harmful connections, and treat those differently (eg. require user registration) is a lot better. Having Wordpress plugins and similar things for the most popular CMS would help a lot, if those plugins guide you through a process where you don't end up simply blocking all Tor users right away.
In many cases, ISPs are OK if you explain your options, they just want to see you "dealt with it" within a reasonable timespan (~24 hours) and are in touch with the sender of the complaint.
Hi Florentin,
Read the policy of your hoster. I had the same situation and already configured a reduced exit policy. So I just changed my exit policy. Now I do not relay to their entire IP block on port 80 anymore. So it can't happen again......
My hoster was fine with that. Along with this I sent an explenation that I am not the only Exit node and how to easily block all exit nodes. (The default text from the tor project website)
I had the luck that the employee agreed that Tor's value to society makes the abuse acceptable.
Maarten.
Florentin Rochet wrote on 14-03-17 13:41:
Hi list,
I am running Kadoc[0] for a few weeks and got today a more aggressive complain from a System Administrator of my VPS provider. I seek for an appropriate response to not get banned. Does someone experienced a similar scenario and succeeded to educate the sys admins ? Here's the complain:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.// //You are the one responsible for the traffic generated on/trough your server, so you should make sure that no similar traffic will appear in future. Illegal actions are strictly prohibited in our network/servers.// //Please take immediate actions to stop this kind of activity./
I am almost sure that trying to argument that I am not responsible for the traffic generated through my Exit is not the right angle with such guy. Any ideas ?
Best,
Florentin Rochet
[0] https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B99...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 03/14/2017 10:08 AM, Maarten wrote:
Hi Florentin,
Read the policy of your hoster. I had the same situation and already configured a reduced exit policy. So I just changed my exit policy. Now I do not relay to their entire IP block on port 80 anymore. So it can't happen again......
My hoster was fine with that. Along with this I sent an explenation that I am not the only Exit node and how to easily block all exit nodes. (The default text from the tor project website)
I had the luck that the employee agreed that Tor's value to society makes the abuse acceptable.
When I was first setting up Tor back in the day, I gave an explanation to my ISP (Cable ONE) and experimentally ran an exit node from home. If memory serves, within three days they got a DMCA notice whereupon they cut me off at the knees. I quickly learned that help desks aren't, and that Cable ONE perforce did not want to deal with the legal overhead or hear about the elections in Iran. They have a three-strikes policy, so nowadays I proselytize Tor, read the fine print, and encourage others to do the same.
Hi Maarten (and others who answered back),
I got a few more mail exchange with them. I tried to educate a bit and it seems they agreed (not explicitly) that the right to privacy is something that should not be removed to people due to the illegal actions of a few others. They told me to be forced by law, as a service provider, to do their best to reduce this kind of illegal traffic.
I told them I will reject targeted IPs seen in more than one complain. In my opinion, that's an appropriate tradeoff. Right now, it seems that I will not get banned :-)
I appreciate the help,
Florentin
On 2017-03-14 17:08, Maarten wrote:
Hi Florentin,
Read the policy of your hoster. I had the same situation and already configured a reduced exit policy. So I just changed my exit policy. Now I do not relay to their entire IP block on port 80 anymore. So it can't happen again......
My hoster was fine with that. Along with this I sent an explenation that I am not the only Exit node and how to easily block all exit nodes. (The default text from the tor project website)
I had the luck that the employee agreed that Tor's value to society makes the abuse acceptable.
Maarten.
Florentin Rochet wrote on 14-03-17 13:41:
Hi list,
I am running Kadoc[0] for a few weeks and got today a more aggressive complain from a System Administrator of my VPS provider. I seek for an appropriate response to not get banned. Does someone experienced a similar scenario and succeeded to educate the sys admins ? Here's the complain:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.// //You are the one responsible for the traffic generated on/trough your server, so you should make sure that no similar traffic will appear in future. Illegal actions are strictly prohibited in our network/servers.// //Please take immediate actions to stop this kind of activity./
I am almost sure that trying to argument that I am not responsible for the traffic generated through my Exit is not the right angle with such guy. Any ideas ?
Best,
Florentin Rochet
[0] https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B99...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hey Florentin,
That is great to hear!
I always include the argument that I am complying with their wishes. But it is totally pointless as I am not the only exit node.
If they are truly interested in stopping abuse/attacks, they can block all exit nods as they are publicly provided by tor. But not all criminals use tor, some just used compromised servers and such. Block Tor completely does not block all abuse.
And so security should be improved on the "complaining" server, no matter if it is reachable by tor or not.
This leads me to the question if they are serious about security, or serious about undermining privacy with excuses and legal loopholes.
The trick is to not offend anyone when making these statements. Offended people usually have a hard time listening to reason, and only focus on the damage to their image. Even if it is a private conversation.
Maarten.
Florentin Rochet wrote on 16-03-17 12:18:
Hi Maarten (and others who answered back),
I got a few more mail exchange with them. I tried to educate a bit and it seems they agreed (not explicitly) that the right to privacy is something that should not be removed to people due to the illegal actions of a few others. They told me to be forced by law, as a service provider, to do their best to reduce this kind of illegal traffic.
I told them I will reject targeted IPs seen in more than one complain. In my opinion, that's an appropriate tradeoff. Right now, it seems that I will not get banned :-)
I appreciate the help,
Florentin
On 2017-03-14 17:08, Maarten wrote:
Hi Florentin,
Read the policy of your hoster. I had the same situation and already configured a reduced exit policy. So I just changed my exit policy. Now I do not relay to their entire IP block on port 80 anymore. So it can't happen again......
My hoster was fine with that. Along with this I sent an explenation that I am not the only Exit node and how to easily block all exit nodes. (The default text from the tor project website)
I had the luck that the employee agreed that Tor's value to society makes the abuse acceptable.
Maarten.
Florentin Rochet wrote on 14-03-17 13:41:
Hi list,
I am running Kadoc[0] for a few weeks and got today a more aggressive complain from a System Administrator of my VPS provider. I seek for an appropriate response to not get banned. Does someone experienced a similar scenario and succeeded to educate the sys admins ? Here's the complain:
/"It is running a Tor Exit, hence producing a false positive." is not a valid reason.// //You are the one responsible for the traffic generated on/trough your server, so you should make sure that no similar traffic will appear in future. Illegal actions are strictly prohibited in our network/servers.// //Please take immediate actions to stop this kind of activity./
I am almost sure that trying to argument that I am not responsible for the traffic generated through my Exit is not the right angle with such guy. Any ideas ?
Best,
Florentin Rochet
[0] https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B99...
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Florentin Rochet -
Juuso Lapinlampi -
Kenneth Freeman -
Maarten -
Moritz Bartl -
Sec INT