Exit node situation in Finland
Greetings Tor Relay mailing list, I decided to write little bit about Finnish exit node situation. I am maintaining this exit node campaign in Finland: http://campaigns.ahmia.fi/finnish-tor-campaign/index_en.html In Finland: - Running an exit node is absolutely legal - ISP may cut your connection because it is listed as malware host - The National Cyber Security Center Finland (NCSC-FI) is able to "whitelist" your IP address so the ISP does not get those automated malware detections - Sebastian Mäki got police visit because his exit node - The National Bureau of Investigation is using exonerator.torproject.org so basically they are considering this information before they rush to your home - There has been warming up phase that maybe Finnish libraries start some Tor activity I am doing a lot of local advocacy work here :) Best, Juha
Hi Juha, I'd just like to say great work! I'm sure I speak for everyone when I say I really appreciate the local advocacy and positive vibes you're spreading! Exciting stuff and a good situation to be in! I'm sure Alison and Nima in particular will be very excited about the library stuff! Cheers, Sam On 1 Apr 2016 12:37 p.m., "Nurmi, Juha" <juha.nurmi@ahmia.fi> wrote:
Greetings Tor Relay mailing list,
I decided to write little bit about Finnish exit node situation.
I am maintaining this exit node campaign in Finland:
http://campaigns.ahmia.fi/finnish-tor-campaign/index_en.html
In Finland:
- Running an exit node is absolutely legal - ISP may cut your connection because it is listed as malware host - The National Cyber Security Center Finland (NCSC-FI) is able to "whitelist" your IP address so the ISP does not get those automated malware detections - Sebastian Mäki got police visit because his exit node - The National Bureau of Investigation is using exonerator.torproject.org so basically they are considering this information before they rush to your home - There has been warming up phase that maybe Finnish libraries start some Tor activity
I am doing a lot of local advocacy work here :)
Best, Juha
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 04/01/2016 04:54 PM, Sam Lanning wrote:
Hi Juha,
I'd just like to say great work! I'm sure I speak for everyone when I say I really appreciate the local advocacy and positive vibes you're spreading! Exciting stuff and a good situation to be in!
I'm sure Alison and Nima in particular will be very excited about the library stuff!
I've thought the same. The burgeoning of Tor in various nation-state library systems is particularly cogent!
Hi, NCSC-FI is totally different organization than police. They are just listing malware detections and automatically sending this feed to ISPs. Tor exit is not real malware machine so detection is false. I contacted them and they agreed that exit nodes should be labeled somehow to prevent false malware detections. exonerator.torproject.org is very useful service for crime investigation. I went to talk The National Bureau of Investigation and they told me that this tool is indeed useful for them. These organizations have publicly stated that they are neutral towards any general purpose technology like Tor and recognize that Tor is useful. Best, Juha
How do you know the police and so on have that approach? How did the police come to think that way about tor? Which came first in the official acknowledgement of tor?
Robert
Juha wrote - The National Cyber Security Center Finland (NCSC-FI) is able to "whitelist" your IP address so the ISP does not get those automated malware detections
- The National Bureau of Investigation is using exonerator.torproject.org <http://exonerator.torproject.org> so basically they are considering this information before they rush to your home
Juha, What a brilliant place! You felt you could speak directly to them and they were receptive. ... an absence of fear and blame...and knotted paranoia... Your early schooling must play a part in such sense. Robert Australia (USA clone) unfortunately
These organizations have publicly stated that they are neutral towards any general purpose technology like Tor and recognize that Tor is useful.
Best, Juha
I can pitch in for running the second largest exit in Finland (wubthecaptain1). Actually, it was Juha's project that inspired me to compete with other Finnish relays in terms of bandwidth. :) I've operated wubthecaptain1 exit since 2016-02-02. Unfortunately the home server supposed to host this relay died few days earlier, so it's currently hosted on my workstation (ouch). Before I started, the top 4 relays were all hosted on FlokiNET with very little diversity. I was moving into a new apartment, and thanks to Ficora pretty much every building built after 2014 or 2015 has fiber access and 100-1000 Mbps connections (atypical). CloudFlare CAPTCHAs kicked in about a month later, and initial symptoms of blocked webpages appeared within a week of exit uptime. Once the dynamic IPv4-address changes, CloudFlare CAPTCHAs are gone for a day or two but quickly return. I'd argue it's actually pretty difficult to get into Finnish colocation with a good hosting provider unless you have good contacts to people running that sort of stuff. I found it much easier to colocate in Sweden, a bit cheaper too. Essentially I had given up on Finnish colocation for few years due to lack of choices and contacts.
- Running an exit node is absolutely legal
For the curious, the law is Tietoyhteiskuntakaari 7.11.2014/917, 182 § Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa.
- ISP may cut your connection because it is listed as malware host
This happened to me within 3 days of starting the exit relay from a home connection. I had contacted my ISP's abuse department to let them know well in advance and to mark my subscription to be a Tor exit [1], however they had done so for the wrong subscriber and I was accidentally suspended. :) I called the customer service, quickly mentioned I operate a Tor exit as discussed and had no questions asked. He forwarded my message to the abuse department and I was unsuspended in about 30 minutes.
- The National Cyber Security Center Finland (NCSC-FI) is able to "whitelist" your IP address so the ISP does not get those automated malware detections
AS1759 TeliaSonera Finland Oyj seems to receive a lot of autoreporter logs about my Tor exit. They also reminded me about it.[2] I didn't ask the IP-address to be whitelisted, but it doesn't seem to bother my ISP. I did attempt to request autoreporter logs to my email address, but never received a reply from CERT-FI (NCSC-FI).
- Sebastian Mäki got police visit because his exit node
Source (in Finnish): http://blogi.sebastianmaki.fi/2012/12/keskusrikospoliisi-me-tultiin-tekemaan... As for running a very large Tor exit from my home, I am aware of that risk and legally prepared for it. It would not be my first time getting the police do a home search and seizure (unrelated to Tor).
- There has been warming up phase that maybe Finnish libraries start some Tor activity
Care to elaborate which libraries are interested in this? I've had a discussion with Electronic Frontier Finland members about the idea too. [1]: https://partyvan.eu/transparency/emails/2016-01-09-teliasonera-tor-exit.mbox [2]: https://paste.debian.net/plainh/a969ce33
I can pitch in for running the second largest exit in Finland (wubthecaptain1). Actually, it was Juha's project that inspired me to compete with other Finnish relays in terms of bandwidth. :)
That's great to hear :)
- Running an exit node is absolutely legal
For the curious, the law is Tietoyhteiskuntakaari 7.11.2014/917, 182 § Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa.
According to law about information services -> data transfer -> discharge from liability is basically saying (my translation): If the service is transferring data and does not cache it more than it is technically reasonable then it is not responsible about the data that is transferred. This kind of service 1) is not the one who start the transfer; 2) does not select the receiver; 3) is not modifying the data. This law basically says that routers, proxies and Tor nodes etc. are not liable for the content of the data transfer.
- ISP may cut your connection because it is listed as malware host
This happened to me within 3 days of starting the exit relay from a home connection. I had contacted my ISP's abuse department to let them know well in advance and to mark my subscription to be a Tor exit [1], however they had done so for the wrong subscriber and I was accidentally suspended. :)
I called the customer service, quickly mentioned I operate a Tor exit as discussed and had no questions asked. He forwarded my message to the abuse department and I was unsuspended in about 30 minutes.
That's nice. Your ISP seems to help you with this and tolerates exit nodes.
- There has been warming up phase that maybe Finnish libraries start some Tor activity
Care to elaborate which libraries are interested in this? I've had a discussion with Electronic Frontier Finland members about the idea too.
Capital area libraries. You are doing awesome work Juuso! Best, Juha
2016-04-06 7:24 GMT+02:00 Juuso Lapinlampi <wub@partyvan.eu>:
and thanks to Ficora pretty much every building built after 2014 or 2015 has fiber access and 100-1000 Mbps connections (atypical).
Thx for letting the rest of Europe know. I will now cry me to sleep while hugging my PTSD teddy ...
I mentioned in this thread how I was running a Tor exit from a home connection in Finland. TeliaSonera Finland Oyj (AS1759)'s abuse department has today requested me to remove my 90 Mbps Tor exit from their network, which I have been running since February 2016 on a home connection. They're citing concerns about not wanting to be profilerated as a bulletproof ISP and contractual obligations. At the time, my relay was still the second largest exit and the third largest Tor node in Finland according to Compass. They would have allowed me to continue having an exit on ports 80 and 443, but I didn't see that to do much good so I've turned my relay into a middle relay. They say they've received over 8200 abuse reports from my broadband connection since February 2016, most of them autoreporter logs of course which they've shared with me frequently. I'm still happy with how long they've cooperated and allowed me to run an exit. It's been fun, and I'd hope to be allowed to do this again in the future.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/12/2016 09:29 PM, Juuso Lapinlampi wrote:
They would have allowed me to continue having an exit on ports 80 and 443, but I didn't see that to do much good so I've turned my relay into a middle relay Why ? And didn't you consider to run an exit w/ minimal # of exit ports (eg. 443 and 6667) and then open step by step few more of those listened hre: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ?
IMO it is not necessary to open all 65535 ports, 1 or 2 dozen are enough to cover a majority of the needs of the users. - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAleFS/UACgkQxOrN3gB26U6hfgD/dIRRwKG3HOV5t1OO0coygbob dWEQe/xn49In8dhj6YkA/AxvedZTMq/Xm2ssjdNVyGH6tb1CANZjrD6T2mrOvrQ5 =f7dm -----END PGP SIGNATURE-----
running 3 exit nodes with HTTP + HTTPS (niftymouse,niftygerbil and niftyguineapig) on cheap VPSs and can confirm: There are heavily used and meaningful. Even with only HTTP + HTTPS. I got 12 abuse mails ... so you wont get rid of this issue but I will be way less. Please think about using less ports. Markus 2016-07-12 21:58 GMT+02:00 Toralf Förster <toralf.foerster@gmx.de>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 07/12/2016 09:29 PM, Juuso Lapinlampi wrote:
They would have allowed me to continue having an exit on ports 80 and 443, but I didn't see that to do much good so I've turned my relay into a middle relay Why ? And didn't you consider to run an exit w/ minimal # of exit ports (eg. 443 and 6667) and then open step by step few more of those listened hre: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ?
IMO it is not necessary to open all 65535 ports, 1 or 2 dozen are enough to cover a majority of the needs of the users.
- -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iF4EAREIAAYFAleFS/UACgkQxOrN3gB26U6hfgD/dIRRwKG3HOV5t1OO0coygbob dWEQe/xn49In8dhj6YkA/AxvedZTMq/Xm2ssjdNVyGH6tb1CANZjrD6T2mrOvrQ5 =f7dm -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
IMO it is not necessary to open all 65535 ports, 1 or 2 dozen are enough to cover a majority of the needs of the users.
For a minimal exit, you really only need "at least two of the ports 80, 443, and 6667" to qualify. Ref: https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2133
On Tue, Jul 12, 2016 at 10:10:56PM +0200, Markus Koch wrote:
running 3 exit nodes with HTTP + HTTPS (niftymouse,niftygerbil and niftyguineapig) on cheap VPSs and can confirm: There are heavily used and meaningful. Even with only HTTP + HTTPS. I got 12 abuse mails ... so you wont get rid of this issue but I will be way less. Please think about using less ports.
Most of the abuse that my ISP receives are TCP/80 bots. c2, virut, gozi, Zeus/Gameover, Tinba, pony, nymaim malware get lots of sinkhole hits, on average 3-6 abuse reports every hour. A government agency FICORA was interested in a case of Ramnit bot from my exit, but that's nothing surprising or alerting. A majority of the > 8200 abuse reports are these autoreporter logs about these bots, so allowing ports 80 and 443 in my exit policy would not reduce the amount of abuse reports generated. I am in belief that my ISP would not actually see port 80 and 443 bots being "malicious traffic" per AUP, but their recommendation for me was to start looking elsewhere with reverse DNS appropriately set for a Tor exit node. Still, they say to be pro-anonymity and have given me some leanway for that goal. For me, it's not as meaningful to run an exit and deal with abuse complaints if it doesn't allow at least ports 22 (SSH), 80 (HTTPS), 110 (POP3), 143 (IMAP), 443 (HTTPS) and 6667 (6665-6669) (IRC). There's also a high barrier of entry to colocation services in Finland, so hosting an exit somewhere else in this country is not easy to accomplish.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 To run an exit, you can start w/ 443 and 6667. That's all. And it helps. - -- Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAleFZ3YACgkQxOrN3gB26U4VlgD9HGI6Lw7bDRftRhpqd3IU4Zu6 DR+eIoXit6VbkIYJwsYA/RoZcyt40lkJRjM3BQNwBpWZrapod3rq4T3rjHNZn605 =zaXy -----END PGP SIGNATURE-----
participants (9)
-
Green Dream -
I -
Juha Nurmi -
Juuso Lapinlampi -
Kenneth Freeman -
Markus Koch -
Nurmi, Juha
-
Sam Lanning -
Toralf Förster