[tor-relays] Blocking filesharing traffic (was: Re: Amazon abuse report)

Moritz Bartl moritz at torservers.net
Sat Nov 2 10:52:46 UTC 2013


On 11/01/2013 07:22 PM, Nelson wrote:
> Please excuse my ignorance operating Tor relays, but if I run an exit
> node on Windows 7 and use something like Peerblock and correspoding
> block lists of P2P sites, wouldn't this be somewhat effective in
> stopping this sort of undesired traffic on Tor?

Please don't do this! You really don't want to mess with user traffic
apart from what is possible using the exit policy. The whole point of
Tor is to create a censorship free, neutral network. Until there is a
way to reflect back to the clients what kind of traffic you want to see
so they can choose different relays, blacklists such as Peerblock really
don't achieve what you seem to think it does. Peerblock especially does
not block P2P traffic at all, to the contrary: It is meant to *optimize*
your file sharing experience by blocking IP addresses of "bad peers". I
have not checked, but I suspect the blacklist to contain Tor relay IPs,
so you will mess with Tor routing and break clients in subtle ways. Not
only file sharers.

Relays, and exit relays especially, should *never* filter their traffic.
Be it "anti virus" solutions, Peerblock, or anything else.

Apart from that, are we really discussing that "any kind of file sharing
is bad"?

If you want to minimize file sharing, simply reduce the number of
allowed ports. You can start with the extensive "reduced exit policy"
[1], and potentially reduce further, to, say, port 22, 80, 443 etc.

Apart from the technical difficulty, there's also legal reasons not to
mess with relay traffic: You will likely lose liability protection as
"common carrier" as soon as you influence traffic like that.

[1] https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy

-- 
Moritz Bartl
https://www.torservers.net/



More information about the tor-relays mailing list