[tor-relays] "wubthecaptain1" relay a year later, or why running a Tor exit at home is discouraged

Juuso Lapinlampi wub at partyvan.eu
Thu Mar 9 12:04:31 UTC 2017

Hash: SHA512

A year and a month later, I suppose it's a good time to share the
experiences of running "wubthecaptain1" [1] exit relay from a
residential IP-address. Or, the abuse reports and mail letters that came
with it and why you shouldn't run a Tor exit at home.

I started running this exit on 2016-02-02, [2] which has since been
turned back to a middle relay in July 2016 due to abuse complaints. [3]
At the time, I believe wubthecaptain1 was the second largest Tor exit in
Finland, and if I recall correctly the only one not hosted at FlokiNET.

In that time, I received an uncounted amount of abuse reports from my
Internet service provider, tens or hundreds of malware infection
incidents daily according to ISP's autoreporter logs, and one concern
from NCSC-FI/CERT-FI (FICORA) regarding a suspicion of "botnet drone".

I was also interrogated by Finnish police for alleged identity crimes,
fraud and attempts of fraud (and needlessly had my personal rights
violated, to my belief). [4] They have since frozen the investigation
and don't suspect me to be responsible for the allegations. [5] I can't
say for certain these investigations to have had anything to do with
wubthecaptain1 exit specifically, but that's my best guess.

Now, there's something new I'd like to share with this mailing list.

Starting from December 2016, – long after the exit was turned into a
middle relay – I've now been targeted by four different law firms
representing copyright holders, demanding reimbursements for alleged
copyright infringements from residential IP-addresses assigned to
wubthecaptain1 Tor exit and threats to sue to market court. The parties
involved and their reimbursement demands are:

  - Hedman Partners (on behalf of Crystalis Entertainment UG / Scanbox
    Entertainment A/S), Black Sails (S3E4) (150 EUR) / Taken 3 (900 EUR)
  - Tekijänoikeusturva TOT (on behalf of Interallip LLP), "Z-Nation"
    (900 EUR)
  - Adultia (on behalf of Copyright Management Services Ltd /
    Echo Alpha Inc), various adult pornography works (16600 EUR)
  - NJORD Law (on behalf of Nu Image, Inc), Survivor (550 EUR), Olympus
    Has Fallen (550 EUR), Automata (550 EUR)

According to the letters, the aclaimed infringements have happened in
early or mid-2016 while wubthecaptain1 was an exit. But they've only
started sending these letters months after the aclaimed infringements
and court decisions.

One of the parties in particular was very well aware of me hosting a Tor
exit on said IP-addresses, but still sent me demands – perhaps in hopes
to "fraud" the recipient of money, given how this business of sending
copyright letters works. They've since seemingly taken a word to aim
their demands to the actual infringer instead of me as an Internet
connection subscriber and former Tor exit operator.

The other parties have been more ignorant and have continued delivering
me letters titled "warning of suing to market court", despite efforts to
educate about shared connection / Tor.

The police in Finland is not interested in investigating these letters
or their sending parties from what I've heard, claiming they are a
"private dispute" between the parties out of legal scope.

A journalist from national public-broadcasting company Yle has become
interested in these copyright letters, and is expected to publish news
about them sometime in this month at Yle MOT. (I've still yet to scan
the latest two received letters to them.)

Nonetheless I believe the law is on my side with non-liability, so I'm
not concerned for my personal legal defence. If anyone is concerned,
I've not agreed to any of the imbursements so far and I've not spent any
money on a lawyer or legal advice. (Though, thanks to torservers.net for
the offer earlier!)

I've not counted how much bandwidth was actually served and contributed
to the Tor network, but it was among lines of 90 Mbps for that time and
that counts for a lot in months. Since turning it to a middle relay, the
actual relayed bandwidth has dropped dramatically. We need more exit
relays, especially in Finland too.

Meanwhile, "partyvan1" [6] exit hosted at a datacenter
(AS42708 Portlane AB) has received much less abuse reports (~10/year),
though the bandwidth contributed is also smaller. Since it is registered
in the RIPE database to Partyvan's contact addresses, I've not heard of
one complaint from the ISP and it's been a smoother experience. [7]

Hope this information was helpful to someone! If anything, this should
discourage other operators from running a Tor exit from home.

[1]: https://atlas.torproject.org/#details/337B7E307550F48DCDADA7481FA8436B2FCDADA9
[2]: https://lists.torproject.org/pipermail/tor-relays/2016-July/009684.html
[3]: https://lists.torproject.org/pipermail/tor-relays/2016-July/009684.html
[4]: https://lists.torproject.org/pipermail/tor-relays/2016-October/010842.html
[5]: https://lists.torproject.org/pipermail/tor-relays/2016-November/010918.html
[6]: https://atlas.torproject.org/#details/758C1D8401F31949EB1213E4A0D831BA835C976D
[7]: https://partyvan.eu/transparency/emails/abuse/


More information about the tor-relays mailing list