[tor-relays] Thanks for the advice on handling DMCA complaints.

[Roger Dingledine]

On Fri, Oct 25, 2013 at 11:03:27AM -0400, Christopher Jones wrote:
> I just wanted to thank the list members for giving me some great advice
>on working with my ISP to deal with the DMCA nastygrams. I restricted
>my exit policy to allow most legitimate TCP services and block the rest,
>which should hopefully disincentivize those damn P2P users from picking
>my relay as an exit in most cases.

If you want to go even more conservative, you could allow just 80 and 443.
It would still be useful to many people, and be even less likely to draw
dmca complaints. Something to consider for the future if you need another
step in the negotiation.

> Does the Tor project run a database to track abuse complaints? Could
>be useful in terms of uncovering who the largest pains in the ass are
>(mine was from Irdeto on behalf on NBC Universal), as well as organizing
>targeted campaigns to put pressure on companies like Irdeto to at least
>perform some due diligence and not send out DMCA originating from exit
>relays. If not, maybe I?ll start working on a project to do so if there
>isn?t something else like it elsewhere.

Lunar's pointer to Chilling Effects is a good one.

But see also this mail from the distant past:
https://lists.torproject.org/pipermail/tor-talk/2005-October/016301.html

You see, if somebody sends you a DMCA takedown knowing that it doesn't
apply to you, then *they're* breaking the law. So in theory you could
notify them that you've got safe harbor under DMCA 512(a) and would
they kindly stop harrassing you, and then when they send the next letter
you can countersue. Somebody should do this someday, but it will be an
involved and messy process. On the plus side, some large universities
have successfully used this approach (or more precisely, the threat of
using it) to stop the bigger DMCA bullies from wasting their time. On
the minus side, you as a customer of your ISP don't get to make this
decision, at least not by yourself, because your main problem is the
policy of your ISP, not any actual laws.

> One more question and I?ll probably feel stupid after reading the
>answers, but does ?RelayBandwidthRate? apply separately to rx and tx
>rates or the combined throughput of them both? The server I run has an
>unmetered 100Mb/s connection. I?ve got RelayBandwidthRate set to 5MB and
>RelayBandwidthBurst set to 10MB. 12.5MB/s being the theoretical max,
>if I bumped up my bandwidth rate to, say, 8, would my relay overload
>the NIC or would it continue to behave?

Tor counts bytes separately in each direction. So 5Mbytes means 5mbytes
reading and 5mbytes writing. So you are currently limiting your relay
to a long-term average of 40mbps.

> At last check, I had 1140 TCP connections according to lsof and vnstat
>is showing throughputs of 13-18Mbit/s rx and 14-19Mbit/s tx. Tor CPU
>usage is about 22-27% according to top.
> 
> Does this look reasonable or should I tweak some things like max connections?

There isn't any functionality currently to limit how many connections
your relay will use/accept. You need to be able to have a connection
open to every other relay, and to the exit destinations that users ask
for (if your exit policy allows it), and to clients if they pick you for
their first hop. Refusing to do any of those connections degrades service
(and in the relay-to-relay connection case, it potentially messes with
anonymity in complex ways too, since the Tor network is no longer a
clique topology).

Fortunately, sockets are basically free on a real OS. The main challenge
comes up in cheap VPS systems where they artificially limit system
resources to make it hard for you to do anything with your VPS.

--Roger