[tor-relays] New exit node best practices

Cristian Consonni cristian at balist.es
Mon May 29 13:16:52 UTC 2017 

On 27/05/2017 03:10, nusenu wrote:
>> - I'm being very upfront with sales@ regarding my purpose before
>> signing up, and making sure they're okay with it.
> 
> That is great.

I think this is a best practice, see also:
https://blog.torproject.org/running-exit-node

>> What questions should I be asking to be sure they'll be Tor friendly
>> before shutting down my exit nodes?
> 
> Often you will find out only after they see the actual abuses coming in,
> but another fine method is to ask for custom WHOIS so the abuse emails
> go to your email address directly.
> (you will not get that from VPS hosters)
>
> please update this wiki page with your ISP results/answers:
> https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs

Here's my experience:
* it's good read all the documents related to the service: in
particular, the contract and Terms of Service (ToS). Look out for what
they say about abuse handling, for example the contract may say that you
have X hours to respond to an abuse complaint and if you are not
responsive after that time they may be entitled to shut down your server
or close your account.
* If the contract/ToS state there that Tor is not allowed, then there is
very little you can do. You can run the node (at your own risk), but you
will be in breach of the contract and they will likely shut the server
down as soon as they notice the node. Furthermore, they may ban you from
their service and you may lose the money you put there.
* If there are generic provision about "running services for third
parties" (which probably there will be), then you should tell them that
you want to run a Tor exit node using their service and ask if this is
within their contract/ToS. Use the most "official" channel available to
you for this request (e.g. opening an issue in their ticketing system,
if they provide one), so that they  can't ignore you and/or they can't
claim that they didn't know about this request after.
The information that a provider stated from its support that Tor is
allowed, not explicitly banned, or banned is a very useful information
to put in the "Good Bad ISPs" page (see link above).
* as nusenu said, custom abuse handling is usually offered with bigger
and more complex packages of services (e.g. dedicated network/dedicated
physical servers) that cost much more than a VPS. You can try, anyway.

I recounted my experience here:
https://balist.es/blog/2016/04/18/running-a-tor-exit-node-on-aruba-arubacloud-a-detailed-account/

Ciao,

C

More information about the tor-relays mailing list