-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
A year and a month later, I suppose it's a good time to share the experiences of running "wubthecaptain1" [1] exit relay from a residential IP-address. Or, the abuse reports and mail letters that came with it and why you shouldn't run a Tor exit at home.
I started running this exit on 2016-02-02, [2] which has since been turned back to a middle relay in July 2016 due to abuse complaints. [3] At the time, I believe wubthecaptain1 was the second largest Tor exit in Finland, and if I recall correctly the only one not hosted at FlokiNET.
In that time, I received an uncounted amount of abuse reports from my Internet service provider, tens or hundreds of malware infection incidents daily according to ISP's autoreporter logs, and one concern from NCSC-FI/CERT-FI (FICORA) regarding a suspicion of "botnet drone".
I was also interrogated by Finnish police for alleged identity crimes, fraud and attempts of fraud (and needlessly had my personal rights violated, to my belief). [4] They have since frozen the investigation and don't suspect me to be responsible for the allegations. [5] I can't say for certain these investigations to have had anything to do with wubthecaptain1 exit specifically, but that's my best guess.
Now, there's something new I'd like to share with this mailing list.
Starting from December 2016, – long after the exit was turned into a middle relay – I've now been targeted by four different law firms representing copyright holders, demanding reimbursements for alleged copyright infringements from residential IP-addresses assigned to wubthecaptain1 Tor exit and threats to sue to market court. The parties involved and their reimbursement demands are:
- Hedman Partners (on behalf of Crystalis Entertainment UG / Scanbox Entertainment A/S), Black Sails (S3E4) (150 EUR) / Taken 3 (900 EUR) - Tekijänoikeusturva TOT (on behalf of Interallip LLP), "Z-Nation" (900 EUR) - Adultia (on behalf of Copyright Management Services Ltd / Echo Alpha Inc), various adult pornography works (16600 EUR) - NJORD Law (on behalf of Nu Image, Inc), Survivor (550 EUR), Olympus Has Fallen (550 EUR), Automata (550 EUR)
According to the letters, the aclaimed infringements have happened in early or mid-2016 while wubthecaptain1 was an exit. But they've only started sending these letters months after the aclaimed infringements and court decisions.
One of the parties in particular was very well aware of me hosting a Tor exit on said IP-addresses, but still sent me demands – perhaps in hopes to "fraud" the recipient of money, given how this business of sending copyright letters works. They've since seemingly taken a word to aim their demands to the actual infringer instead of me as an Internet connection subscriber and former Tor exit operator.
The other parties have been more ignorant and have continued delivering me letters titled "warning of suing to market court", despite efforts to educate about shared connection / Tor.
The police in Finland is not interested in investigating these letters or their sending parties from what I've heard, claiming they are a "private dispute" between the parties out of legal scope.
A journalist from national public-broadcasting company Yle has become interested in these copyright letters, and is expected to publish news about them sometime in this month at Yle MOT. (I've still yet to scan the latest two received letters to them.)
Nonetheless I believe the law is on my side with non-liability, so I'm not concerned for my personal legal defence. If anyone is concerned, I've not agreed to any of the imbursements so far and I've not spent any money on a lawyer or legal advice. (Though, thanks to torservers.net for the offer earlier!)
I've not counted how much bandwidth was actually served and contributed to the Tor network, but it was among lines of 90 Mbps for that time and that counts for a lot in months. Since turning it to a middle relay, the actual relayed bandwidth has dropped dramatically. We need more exit relays, especially in Finland too.
Meanwhile, "partyvan1" [6] exit hosted at a datacenter (AS42708 Portlane AB) has received much less abuse reports (~10/year), though the bandwidth contributed is also smaller. Since it is registered in the RIPE database to Partyvan's contact addresses, I've not heard of one complaint from the ISP and it's been a smoother experience. [7]
Hope this information was helpful to someone! If anything, this should discourage other operators from running a Tor exit from home.
[1]: https://atlas.torproject.org/#details/337B7E307550F48DCDADA7481FA8436B2FCDAD... [2]: https://lists.torproject.org/pipermail/tor-relays/2016-July/009684.html [3]: https://lists.torproject.org/pipermail/tor-relays/2016-July/009684.html [4]: https://lists.torproject.org/pipermail/tor-relays/2016-October/010842.html [5]: https://lists.torproject.org/pipermail/tor-relays/2016-November/010918.html [6]: https://atlas.torproject.org/#details/758C1D8401F31949EB1213E4A0D831BA835C97... [7]: https://partyvan.eu/transparency/emails/abuse/
Hi,
On Thu, Mar 9, 2017 at 2:04 PM, Juuso Lapinlampi wub@partyvan.eu wrote:
In that time, I received an uncounted amount of abuse reports from my Internet service provider, tens or hundreds of malware infection incidents daily according to ISP's autoreporter logs, and one concern from NCSC-FI/CERT-FI (FICORA) regarding a suspicion of "botnet drone".
NCSC-FI just doing their job to create this autoreporter log. Each ISP in Finland receives this log every day. If you operate an exit node there will be these malware incidents.
I was also interrogated by Finnish police for alleged identity crimes, fraud and attempts of fraud (and needlessly had my personal rights violated, to my belief). [4] They have since frozen the investigation and don't suspect me to be responsible for the allegations. [5] I can't say for certain these investigations to have had anything to do with wubthecaptain1 exit specifically, but that's my best guess.
Running an exit node is legal in Finland.
Now, there's something new I'd like to share with this mailing list.
Starting from December 2016, – long after the exit was turned into a middle relay – I've now been targeted by four different law firms representing copyright holders, demanding reimbursements for alleged copyright infringements from residential IP-addresses assigned to wubthecaptain1 Tor exit and threats to sue to market court. The parties involved and their reimbursement demands are:
- Hedman Partners (on behalf of Crystalis Entertainment UG / Scanbox Entertainment A/S), Black Sails (S3E4) (150 EUR) / Taken 3 (900 EUR)
- Tekijänoikeusturva TOT (on behalf of Interallip LLP), "Z-Nation" (900 EUR)
- Adultia (on behalf of Copyright Management Services Ltd / Echo Alpha Inc), various adult pornography works (16600 EUR)
- NJORD Law (on behalf of Nu Image, Inc), Survivor (550 EUR), Olympus Has Fallen (550 EUR), Automata (550 EUR)
You don't have to pay these. These are just empty demands from private organizations.
Nonetheless I believe the law is on my side with non-liability, so I'm not concerned for my personal legal defence. If anyone is concerned, I've not agreed to any of the imbursements so far and I've not spent any money on a lawyer or legal advice. (Though, thanks to torservers.net for the offer earlier!)
Yes, the law of Finland protects your rights.
I've not counted how much bandwidth was actually served and contributed to the Tor network, but it was among lines of 90 Mbps for that time and that counts for a lot in months. Since turning it to a middle relay, the actual relayed bandwidth has dropped dramatically. We need more exit relays, especially in Finland too.
Finland would be an excellent place for fast dedicated exit nodes.
Regards, Juha
tor-relays@lists.torproject.org
-
Juuso Lapinlampi -
Nurmi, Juha