Tor exits in .edu space

Flamsmark flamsmark at
Thu Jan 27 16:51:56 UTC 2011

Hash: SHA256

My name is Thomas Lowenthal, and I'm and undergraduate student at Princeton
University. I'm majoring in the Politics Department, with a
certificate from the
Program in Applications of Computing, and the Program in Information Technology
and Society. I'm also an Undergraduate Fellow at Princeton's Center for
Information Technology Policy[1]. I'll be graduating this summer, in 2011.

I run the exit TempleSouth[2] inside the IP space of Princeton University. The
computer itself isn't a departmental or University piece of equipment, it's
just my own machine that lives under my desk. Over time, it's had different
names and fingerprints, as I moved from machine to machine, and operating
system to operating system. Running an exit node here has been a lot of work,
but it's been extremely interesting to see the reactions that different
administrators here have had.

I run a Tor exit node because I support the ubiquitous availability of strong
anonymity for anyone who wants it. Tor is one of the strongest, best-
researched, and most widely-used online anonymity system, and I want to help
keep it running at maximum capacity.

Initially, I operated a relay but -- not one to shy away from a fight --
reviewed the EFF's legal guidance, and switched to an exit node. This was in
the days before Mike Perry's excellent /Tips for Running and Exit Node with
Minimal Harassment/[3], and I used a wide open exit policy. Of course, after
a little while some DMCA complaints started showing up. I responded with polite
and precise variations on the abuse templates. However, Princeton has a policy
of assuming the accuracy of such notices, and that they refer to actually
illegal behavior. I was sanctioned on the basis that I was personally violating
copyright law. Of course, I argued back.

I gradually made my way through different administrative procedures, talking
with several administrators, and committees, and finally Princeton's general
counsel. It took a few years (and untold meetings) but I've managed to persuade
them that running an exit node is neither illegal nor unethical (if not
actively altruistic). The most interesting part has been the reactions from the
various people involved in the the discipline/discussion process.

The first few administrators, and the committee that sanctioned me to begin
with, were completely incredulous that this whole Tor business could be
anything but an elaborate ploy to download movies and music online. It was
beyond imagining that a message sent by -- highly reputable -- entertainment
companies could be anything but cold hard fact: prima facie evidence of
wrongdoing. I had to pull out Section 230 of the Communications Decency Act[4]
and subtly hint that sanctioning me might be illegal itself, before they'd
consider seeking a second opinion on my "wrongdoing".

Our DMCA contact was much more pragmatic, and genuinely interested in what was
going on. She went out and did her homework on the Tor project, examining things
with a non-judgemental eye. She empathized with my desire to work towards
internet freedom. Her concerns were pragmatic and legal. Se was worried that I
could move towards giving the University a bad name, or causing it actual harm.
She was also skeptical that I -- a student with a home-made computer under my
desk -- could be considered a "service provider" in the eyes of the DMCA,
especially since I hadn't registered a DMCA contact.

However, the school's general counsel was the most understanding. After I
explained to him exactly how Tor works, and we reviewed the safe harbor
provisions of the DMCA, he got on board with the EFF's legal position. He also
realized that this left the University with negligible liability for what was
going on, and that -- on the contrary -- it was only sanctioning me that would
raise the legal risk under the CDA.

The support that I received from the project was somewhat limited, but I can't
really imagine receiving that much more. I spoke with arma on the IRC channel,
and he provided me with moral support, and offered to get me in touch with Ed
Felten at Princeton's CITP. An open letter from lawyers, addressing an ISP or
University's liability concerns might be valuable, but then again it might not.
It's my feeling that this sort of situation is best resolved with polite
determination and some mild politicking, but I don't see that there's much that
the Tor project can do to persuade large organizations of its worth.

The most valuable resource that I have right now is Mike Perry's excellent
/Tips for Running and Exit Node with Minimal Harassment/. That's exactly the
sort of thing that's really valuable to people like me. I'd like it to be
linked directly from 'so you want to be a server' section of the .
Beyond that, the most valuable thing for the project to do is
advocacy. The more
people know about Tor, and respect the value of online anonymity, the easier
people should find it to run exits

That's the position as it currently stands. I think that the University is not
happy, per se, but that they realize that running a Tor node is one of the many
forms of autonomy that must be granted in a liberal academic institution. There
are still blips from time to time when it seems that someone has made a death
threat, or committed a criminal offense while exiting from my node. Mostly,
however, the University just lives and lets live.

- -Thomas Lowenthal
GPG key 80AF07D3
thomas.lowenthal at

A note: Princeton is home to the Center for Information Technology Policy,
directed by Professor Ed Felten, my Computer Science adviser. CITP is home to
research fellows, including Wendy Seltzer, one of Tor's Board of Directors, and
has even had Roger Dingledine visit as a guest speaker. If needed, it's possible
that I could have requested backup, or reinforcements from CITP during the saga
described above, however I preferred to fight this one on my own, as far as

If you want to get in touch with me, please email me, or contact StrangeCharm
in #nottor on . My resume is available at: .

The viewpoints expressed here are my own, and not representative of my
university or employers. Please feel free to redistribute these comments widely.
They are available under a Creative Commons Attribution-ShareAlike 3.0 United
States license[5]. If you excerpt from them, please link to email archives
and/or , and attribute them to
my full name - Thomas Lowenthal.

[2] Fingerprint $500B25C1240DAC33AC6621D1A87D77A0FF91DE33

Version: GnuPG v1.4.10 (GNU/Linux)

To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list