-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
[cross-posted on tor-talk and tor-relays]
i've found that the Tor GoodBadISPs list [1] is somewhat outdated on current hosts that allow Tor (exit) relays to be hosted. i'm trying to find a cheap host that allows exits to be operated from their services, and navigating the outdated list and finding an operator that isn't extremely expensive is time consuming (some entries go back to 2010!).
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
thanks. - ---- mikael ball 0xB1910271AE8587F4 @subkeys
[1]: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I fully agree. I proposed a while back to try work on sortable tables and to make the entire thing table based with factual information and then have a column for anecdotal comments.
As a community I think we should also be more transparent in communications with the ISP's in question. For example, rather than stating a yes/no instead we find a tidy way to paste their exact response and link it in the table so we know exactly who they talked to, waht their question was and the reason they disallowed it.
I believe Moritz also has a private list which may be more up to date than the GoodBadISP list (second hand information, I'll wait for his chime on this) which we could merge.
On the thoughts of community feedback, the work of approaching companies right now is limited to time. I think the cover letter to ISP's could do with a revamp and made more clear where it is so people can use it to save them having to write their own. If people know their is a standard cover letter that they can use, they may be more inclined to share their results.
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting.
- -T
On 13/10/2014 01:56, subkeys@riseup.net wrote:
[cross-posted on tor-talk and tor-relays]
i've found that the Tor GoodBadISPs list [1] is somewhat outdated on current hosts that allow Tor (exit) relays to be hosted. i'm trying to find a cheap host that allows exits to be operated from their services, and navigating the outdated list and finding an operator that isn't extremely expensive is time consuming (some entries go back to 2010!).
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
thanks. ---- mikael ball 0xB1910271AE8587F4 @subkeys
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Mon, Oct 13, 2014 at 02:09:50AM +0100, Thomas White wrote:
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting. On 13/10/2014 01:56, subkeys@riseup.net wrote:
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
Sounds great, please do!
Also, while we're on the topic of good interactions with ISPs, let me reiterate something I said back in November:
""" I worry about the "slash and burn agriculture" approach to running Tor relays, where you set up an exit relay, and if anybody gets angry you move on to another ISP. That approach is really appealing since it's simple, but it assumes the Internet is infinite. If in fact we're destroying land without regard to sustainability, and we run out of land...
Today's interactions with ISPs influence Tor's future viability. """
from https://lists.torproject.org/pipermail/tor-relays/2013-November/003240.html
Thanks! --Roger
Perhaps instead of enumerating ISP's one by one the best way to figure this out could be to partner with someone like the EFF. When the EFF had the Tor Relay challenge it seemed very successful, perhaps there could be a "Tor ISP Exit challenge" where the goal is to get as many independant ISP organizations to commit to running 1 High speed Exit for 6-12 months ? Obviously much harder to co-ordinate but might be the best way to convince many ISP's all at once that running an exit is a feasible option for their customers (plus good press). -Jason
On 10/13/2014 01:20 AM, Roger Dingledine wrote:
On Mon, Oct 13, 2014 at 02:09:50AM +0100, Thomas White wrote:
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting. On 13/10/2014 01:56, subkeys@riseup.net wrote:
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
Sounds great, please do!
Also, while we're on the topic of good interactions with ISPs, let me reiterate something I said back in November:
""" I worry about the "slash and burn agriculture" approach to running Tor relays, where you set up an exit relay, and if anybody gets angry you move on to another ISP. That approach is really appealing since it's simple, but it assumes the Internet is infinite. If in fact we're destroying land without regard to sustainability, and we run out of land...
Today's interactions with ISPs influence Tor's future viability. """
from https://lists.torproject.org/pipermail/tor-relays/2013-November/003240.html
Thanks! --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I feel we might get marginally better responses if there was an official @torproject.org mail sending the message as it'll carry more authority in the eyes of the ISP that what is being said is true. There have been cases that I've been made aware of where the host support team says ill-informed statements like Tor enables spammers, that Tor will get them on the spamhaus BL for the whole range, Tor nodes get raided weekly etc. Now I am not probably the best person to have them talking to regarding that last point, but the others are pretty refutable and I am sure I could convince my current ISP's (where I host my mammoth cluster) to verify when I say Spamhaus has never BL'd any of my exits and that spam mail hasn't been a problem.
Getting the EFF on board would help to get individuals motivated but I am not sure how much companies would become involved without some kind of incentive to do so.
To branch from an idea myself and Virgil discussed in Paris, some form of rating or star system for hosts? ISP's love to brag about their ratings with independent authorities, for which I'd class the EFF and Tor Project as both independent tech-orientated groups. Perhaps some kind of rating system for hosts would bring them to consider policies?
For example, ratings of 0-5 are given based on categories such as allow tor nodes, allows exits, accepts bitcoin, abuse complaints policies (subjective and a bit ambiguous I understand - detail later) among other possible factors (suggestions?).
- -T
On 13/10/2014 02:25, jason@icetor.is wrote:
Perhaps instead of enumerating ISP's one by one the best way to figure this out could be to partner with someone like the EFF. When the EFF had the Tor Relay challenge it seemed very successful, perhaps there could be a "Tor ISP Exit challenge" where the goal is to get as many independant ISP organizations to commit to running 1 High speed Exit for 6-12 months ? Obviously much harder to co-ordinate but might be the best way to convince many ISP's all at once that running an exit is a feasible option for their customers (plus good press). -Jason
On 10/13/2014 01:20 AM, Roger Dingledine wrote:
On Mon, Oct 13, 2014 at 02:09:50AM +0100, Thomas White wrote:
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting. On 13/10/2014 01:56, subkeys@riseup.net wrote:
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
Sounds great, please do!
Also, while we're on the topic of good interactions with ISPs, let me reiterate something I said back in November:
""" I worry about the "slash and burn agriculture" approach to running Tor relays, where you set up an exit relay, and if anybody gets angry you move on to another ISP. That approach is really appealing since it's simple, but it assumes the Internet is infinite. If in fact we're destroying land without regard to sustainability, and we run out of land...
Today's interactions with ISPs influence Tor's future viability. """
from https://lists.torproject.org/pipermail/tor-relays/2013-November/003240.html
Thanks!
--Roger
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Thomas White:
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting.
Sounds like a good idea but anybody working on this should keep in mind that diversity is crucial. Until we get better autonomous systems awareness in Tor path selection, I tend to sweat looking at the current situation: https://metrics.torproject.org/bubbles.html#as
Almost all meaningful relays in a handful of networks means easier job for an adversary. Be it one of the big ISP, a collusion of several of these ISPs, or an agency taping Internet eXchange Point.
Please aim for new providers. (Yes, it's going to be more expensive than OVH.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This of course would be part of the aim. If people can even just suggest providers, we can get in touch with them (if we can get an @torproject.org address for such things it'd be even better). Plus, if we log communications with them we can try work together on convincing hosts with additional assurances/information as needed. This means we'll be adding more hosts who'll allow Tor and therefore great ISP diversity.
As Roger pointed out, with people hopping between ISP's and not challenging it when they are given troubles people are being forced into a narrower pool every time.
Re: Tapping IXPs. This would not be difficult to do on a European scale for example and I am quite sure GCHQ already has done this. Almost every IXP in the UK is controlled by LINX so it only takes a single compromise in them to control virtually all points between UK backbones. I know the same is true also for the Netherlands, Sweden, Germany and France. Unfortunately this is an infrastructure challenge and really whilst it's great to have diversity, I think working around IXP's is going to create an even greater bottleneck.
- -T
On 13/10/2014 08:13, Lunar wrote:
Thomas White:
Anyone with access to create a new page on the list and we can add subsections to a new page containing the dated responses from each company on their policy towards Tor hosting.
Sounds like a good idea but anybody working on this should keep in mind that diversity is crucial. Until we get better autonomous systems awareness in Tor path selection, I tend to sweat looking at the current situation: https://metrics.torproject.org/bubbles.html#as
Almost all meaningful relays in a handful of networks means easier job for an adversary. Be it one of the big ISP, a collusion of several of these ISPs, or an agency taping Internet eXchange Point.
Please aim for new providers. (Yes, it's going to be more expensive than OVH.)
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 10/13/2014 02:56 AM, subkeys@riseup.net wrote:
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
There's no good/bad ISP in my opinion, there're just ISs who forbid exit nodes by their terms and conditions or not. All others is in the eye of the beholder.
I do have a nifty example to illustrate it, a response of a german ISP (language is german, no translation needed !):
Guten Tag Herr Förster,
laut Deutschem Recht sind Tor Server im Moment nicht verboten. Aus diesem Grund sind Tor Server bei uns auch nicht verboten. Aus Erfahrung raten wir jedoch vom Betrieb eines Tor Exit Node ab. Leider wird oft ueber Tor Server Content verbreitet welcher laut Deutschem Recht nicht erlaubt ist. Dies kann Ermittlungen von Behoerden nach sich ziehen.
Do you see it ?
The welcome contains the german unlaut "ö" - the Text itself not, all german umlauts arre replaced with the appropriate "ae", "oe" and "ue". Among many technical explanations, could this mean by any chance, that the writers opinion differ from the (got from outside ?) official response ?
Also i guess its high time that TOR network starts thinking about folks like us with low bandwidth.
I am in as well for devoting my time for any help required
Date: Mon, 13 Oct 2014 19:21:49 +0200 From: toralf.foerster@gmx.de To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] GoodBadISPs revamp?
On 10/13/2014 02:56 AM, subkeys@riseup.net wrote:
should the community start a revamp project (or start a whole new list)? i'd be willing to donate my time to help get this started if need be.
There's no good/bad ISP in my opinion, there're just ISs who forbid exit nodes by their terms and conditions or not. All others is in the eye of the beholder.
I do have a nifty example to illustrate it, a response of a german ISP (language is german, no translation needed !):
Guten Tag Herr Förster,
laut Deutschem Recht sind Tor Server im Moment nicht verboten. Aus diesem Grund sind Tor Server bei uns auch nicht verboten. Aus Erfahrung raten wir jedoch vom Betrieb eines Tor Exit Node ab. Leider wird oft ueber Tor Server Content verbreitet welcher laut Deutschem Recht nicht erlaubt ist. Dies kann Ermittlungen von Behoerden nach sich ziehen.
Do you see it ?
The welcome contains the german unlaut "ö" - the Text itself not, all german umlauts arre replaced with the appropriate "ae", "oe" and "ue". Among many technical explanations, could this mean by any chance, that the writers opinion differ from the (got from outside ?) official response ?
-- Toralf pgp key: 0076 E94E
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 10/12/2014 6:56 PM, subkeys@riseup.net wrote:
[cross-posted on tor-talk and tor-relays]
i've found that the Tor GoodBadISPs list [1] is somewhat outdated on current hosts that allow Tor (exit) relays to be hosted. i'm trying to find a cheap host that allows exits to be operated from their services, and navigating the outdated list and finding an operator that isn't extremely expensive is time consuming (some entries go back to 2010!).
I may have an update for Digital Ocean here soon. Over the weekend my exit node was used by someone brute forcing wordpress logins. As expected the network to my droplet was disabled and I've been communicating with them since. They seemed respectful that I could show my droplet wasn't compromised and they directed me to their TOS which doesn't disallow tor traffic but does hold one responsible for the traffic.
My latest response to them is that I'm happy to address abuse but I can only do it if I'm informed about it however their TOS suggests that they may terminate droplets if abuse occurs which doesn't give me time to be responsible. I already run a limited exit policy to avoid DMCA hassle but any response to abuse by it's very nature occurs after abuse has taken place. I'm hoping to hear from them whether they'll allow responsible actions for abuse or if they will simply terminate droplets that have a history behind them.
I will open this up on trac tomorrow and go about with a few proposals of how exactly to redesign it. If Tor is to scale we'll need to consider a few factors as the reasonable expectation is for both the list to continue to grow and that if it is made easier to use, that it will be used more often too.
One shortcoming somebody highlighted to me on IRC today was Tor doesn't not have a page for ISPs and nearly all work communicating to ISP's is left to the individual. If anyone is interested in perhaps forking this onto a seperate page just let me know, otherwise should we develop this alongside the page overhaul?
-T
On 14/10/2014 18:38, tor-exit0 wrote:
On 10/12/2014 6:56 PM, subkeys@riseup.net wrote:
[cross-posted on tor-talk and tor-relays]
i've found that the Tor GoodBadISPs list [1] is somewhat outdated on current hosts that allow Tor (exit) relays to be hosted. i'm trying to find a cheap host that allows exits to be operated from their services, and navigating the outdated list and finding an operator that isn't extremely expensive is time consuming (some entries go back to 2010!).
I may have an update for Digital Ocean here soon. Over the weekend my exit node was used by someone brute forcing wordpress logins. As expected the network to my droplet was disabled and I've been communicating with them since. They seemed respectful that I could show my droplet wasn't compromised and they directed me to their TOS which doesn't disallow tor traffic but does hold one responsible for the traffic.
My latest response to them is that I'm happy to address abuse but I can only do it if I'm informed about it however their TOS suggests that they may terminate droplets if abuse occurs which doesn't give me time to be responsible. I already run a limited exit policy to avoid DMCA hassle but any response to abuse by it's very nature occurs after abuse has taken place. I'm hoping to hear from them whether they'll allow responsible actions for abuse or if they will simply terminate droplets that have a history behind them.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
One shortcoming somebody highlighted to me on IRC today was Tor doesn't not have a page for ISPs and nearly all work communicating to ISP's is left to the individual.
Moritz did/does have a page with ISP inqury templates, but they are outdated and specifically aligned to certain hosting offers from the ISPs rather than a general inquiry regaring tor (exit) hosting on a perspective ISP's network.
also, in the templates, we should have a excerpt asking for the ASN the host operates from to help correct the lack of ASN diversity... just thoughts.
cheers
tor-relays@lists.torproject.org
-
jason@icetor.is -
Lunar -
mikael ball -
Roger Dingledine -
subkeys@riseup.net
-
Thomas White -
Tor Zilla -
tor-exit0 -
Toralf Förster