[tor-relays] DigitalOcean starting Exit node crackdown

Shawn Nock nock at aphr.asia
Thu May 15 17:44:36 UTC 2014

Hello friends,

As I recall, there are several exits running on DigitalOcean's
infrastructure. This is presented FYI:

Background: I've run an exit on DigitalOcean for about a year without
issues (lost track of uptime duing heartbleed key regen). It wasn't
hidden (the droplet name was 'tor-exit') and it had valid reverse DNS
and the standard informational page was hosted there. At the time of
droplet creation, tor exits were not prohibited by their ToS. I've
mentioned to DigitalOcean staff during support tickets that it was a Tor

Today the exit was shutdown, the message received was this:

>We do see that you are running an exit node for the TOR network.
>Unfortunately we are unable to resume services to this droplet and ask
>you that you please not run any other TOR exit nodes.
>Please get back to us as soon as possible so we can resolve this.

I sent the following response:

>My droplet has been running for months (perhaps a year) with no
>significant incidents. It is well managed, allows only a strict subset
>of traffic to exit and the very few complaints that have been lodged
>have been dealt with quickly and professionally (as said by your
>support team). The droplet has been configured to limit the rate of
>traffic below the droplet's monthly network transfer quota.
>It's well established that under US law ISPs are excluded from
>liability under the safe-harbour provisions of the DCMA for any
>copyright infringing traffic. More generally, the probability under US
>law that an ISP would be held liable carrying user-generated traffic is
>extremely low. Tor exits have been operated by Universities, Churches,
>and corporations (large and small) for slightly more that 10
>years. During this time not a single criminal or civil complaint has
>been brought against an operator's ISP (to my knowledge).
>While it is surely your right to operate your business in the manner of
>your choosing; I politely request an explanation for your apparent
>policy against Tor exit nodes. If there is some way I might change the
>parameters of the exit to suit a policy against specific traffic (to
>certain IP blocks, port ranges); I'd surely comply.
>Finally, in this time where repressive regimes are cracking down on
>Internet traffic and persecuting their countrymen and where free access
>to the internet is nearing the stature of 'human right': if your policy
>is indeed a general one against all Tor exits, I urge you to reconsider
>your policy. It would be a great service to tens-of-thousands of Tor
>users (refugees, political activists, religious minority, abused
>spouses, law enforcement, &c) to revise your policy to allow
>well-maintained exits to remain on your network.
>I appreciate any attention you could give to this serious matter.

nock at aphr.asia (OpenPGP: 0x6FDA11EE 3BC412E3)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 619 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140515/4549dfba/attachment.sig>

More information about the tor-relays mailing list