Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Thus spake Moritz Bartl (t...@wiredwings.com): Please get back to us in a week or so with info on your abuse complaint rate with the new policy. I'll update https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment with the policy if it does in fact drastically reduce your abuse complaint raint. It does. There are still some old complaints by MediaSentry and BayTSP being forwarded, but the timestamp clearly show dates before I changed exit policy. Ok, I've updated https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment with this information. Let me know if there is anything else you think might be helpful, too. I will soon set up a (b)log about all incidents. I'll also talk to a lawyer (and friend of mine) if I am allowed to publish all complaints. A blog would be great. Another option besides publishing the actual complaints would be to draft template response letters for various cases and publish those. I'm sure other potential exit operators would greatly benefit from such a collection, and it would be a great thing to link to in that post. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpwIvGADh3YU.pgp Description: PGP signature
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Hi Mike, Ok, I've updated https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment with this information. Let me know if there is anything else you think might be helpful, too. Thanks. Will do. A blog would be great. Another option besides publishing the actual complaints would be to draft template response letters for various cases and publish those. I'm sure other potential exit operators would greatly benefit from such a collection, and it would be a great thing to link to in that post. I have started to collect statistics and some of my answers on a wiki page: http://www.wiredwings.com/wiki/Torservers.net_Main_Page#Statistics So far, there's not been a single real conversation with anyone about the legal status. -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
I also allow 465 and 563. Those are used by authenticated SMTPS and NNTPS. Thanks. I have added them to the exit policy. Please get back to us in a week or so with info on your abuse complaint rate with the new policy. I'll update https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment with the policy if it does in fact drastically reduce your abuse complaint raint. It does. There are still some old complaints by MediaSentry and BayTSP being forwarded, but the timestamp clearly show dates before I changed exit policy. Other than that, I have recieved a few SpamCop reports, most of them about spam being sent through HTTP/Webmail, but two recent ones about spam being sent through ESMTP, eg: Received: from livmgfm (anonymizer2.torservers.net [173.244.197.210]) by mtaout-ma04.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id 54B3FE91 for x; Mon, 28 Jun 2010 19:36:22 -0400 (EDT) Fortunately, SpamCop uses my direct contact address now instead of going through my ISP. I will soon set up a (b)log about all incidents. I'll also talk to a lawyer (and friend of mine) if I am allowed to publish all complaints. -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Sun, 2010-06-27 at 19:36 -0700, Mike Perry wrote: (Though I suspect the SWIP will also help greatly. I am beginning to believe that these abuse-bot companies deliberately pick on new hosters who do not have their own IP allocation specified to bully them off the net). As in, MediaSentry doesn't want Tor to exist (for obvious reasons), so it DMCA-DoS's new exit nodes? Sounds nefarious, but totally plausible. signature.asc Description: This is a digitally signed message part
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
As in, MediaSentry doesn't want Tor to exist (for obvious reasons), so it DMCA-DoS's new exit nodes? No, they pick on everyone pretty much equally .. easy to do when you're just using a script to scrape a tracker and complain. I've investigated many of the complaints over the years, and have yet to find any evidence that that Mediasentry (et.al.) makes any effort to download or verify that the client they are complaining about is in fact, offering the content in question. This was most hilariously demonstrated by Washington University when they spoofed a bunch of printers and got DMCA notices for them(*). (*): http://dmca.cs.washington.edu/ Also, as I've mentioned previously, it's not at all unusual to get complaints for IP addresses (within our block) that have never been used. I get the impression that folks (probably the media companies themselves) are intentionally injecting fake information into BitTorrent like they used to do with Napster .. except that BitTorrent handles this much better. The fallout from that is companies get a bunch of bogus complaints. My 0.02. Cheers, Michael Holstein Cleveland State University *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Hi, On 27.06.2010 04:17, Mondior Folimun wrote: I also allow 465 and 563. Those are used by authenticated SMTPS and NNTPS. There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222- 5223 (xmpp/gchat). Those haven't given me any problems either. Thanks. I have added them to the exit policy. -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Mondior Folimun(mfoli...@elitemail.org)@Sun, Jun 27, 2010 at 04:17:15AM +0200: On Wed, 23 Jun 2010 12:49 +0200, Moritz Bartl t...@wiredwings.com wrote: Hi, Out of curiosity, what exit policy are you now using? Perhaps we want to standardize on a policy that is effective at reducing these complaints. At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993, 995,8008,8080,. Feel free to suggest others. I also allow 465 and 563. Those are used by authenticated SMTPS and NNTPS. So far, I have not received any spam abuse complaints from them, after running a 10Mbit+ exit for the past 2-3 years (though I do occasionally get web spam abuse complaints). Interestingly, I was contacted by the police at some university a couple of years ago about abuse through my Tor node on port 587 (authenticated SMTP). After a ton of explaining what Tor was (at first they believed the abuser to be a client of mine because his bits were coming from my machine), it turned out that they had a severely busted submission port: it was the same as port 25 (so, accepted unauthenticated email from the world). The person they were investigating had used this to send email via Tor to an address there. I finally explained to them that their damaged configuration was letting spam through, and they stopped bothering me. Ah well. I'd suggest adding that port to the mix, since it should be authenticated and TLSed (despite the occasional evidence otherwise). -- Bill Weiss Break yo pipe man, and the funny dudes scribblin' licence plates go away. -- Kha0s, alt.2600 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Thus spake Moritz Bartl (t...@wiredwings.com): On 27.06.2010 04:17, Mondior Folimun wrote: I also allow 465 and 563. Those are used by authenticated SMTPS and NNTPS. There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222- 5223 (xmpp/gchat). Those haven't given me any problems either. Thanks. I have added them to the exit policy. Please get back to us in a week or so with info on your abuse complaint rate with the new policy. I'll update https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment with the policy if it does in fact drastically reduce your abuse complaint raint. (Though I suspect the SWIP will also help greatly. I am beginning to believe that these abuse-bot companies deliberately pick on new hosters who do not have their own IP allocation specified to bully them off the net). -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpUwdiZEx6bI.pgp Description: PGP signature
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Thus spake Moritz Bartl (t...@wiredwings.com): BayTSP/MediaSentry/etc have heard all the excuses, including when they tagged my printer as serving up movies; they don't care. I fully expect they don't even read the responses, just check that a response was received. The response is probably then catalogued for some future court case. I'm not sure it was the most clever thing to do, but I wanted to have this cleared up. After sending a mail to five different BayTSP addresses, they finally came back to me, asking for my DMCA Designated Agent form filing with the US Copyright Office. They also said my counter notification doesn't meet the legal requirements... Can you post a copy of your counter-notification? Did they say in specific why they believe it doesn't meet the requirements? Also, are you familiar with chillingeffects? They catalog DMCA-related correspondence and provide some legal FAQs for counter-notice procedures. This is the section that should be relevant: http://www.chillingeffects.org/dmca512/faq.cgi#QID564 -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpgtyJnbLFGH.pgp Description: PGP signature
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Hi, On 27.06.2010 03:00, Mike Perry wrote: Can you post a copy of your counter-notification? Did they say in specific why they believe it doesn't meet the requirements? Also, are you familiar with chillingeffects? They catalog DMCA-related correspondence and provide some legal FAQs for counter-notice procedures. Thanks. After having read more about it, I doubt that I have to file a counter notification after all. I told them so two days ago, citing the relevant sections from DMCA, and haven't heard back from them since. Midphase (100tb) finally told me they were able to SWIP my range, one day before Softlayer (their data center) told me it wasn't possible. The range is still not SWIPed though, Midphase said they would look into it again. So far, Softlayer shows no sign of understanding anything I've told them, neither about DMCA law (with the appropriate paragraphs and the EFF response cited), nor about Tor not being some file sharing utility, nor about that SWIPing would help on the abuse. Midphase on the other hand doesn't interfere, I guess they want no trouble with Softlayer but understand and respect what I'm doing. Since changing the exit policy, the only reports I've been getting were some by SpamCop, and two complaints by BayTSP/MediaSentry with old timestamps. There seems to be a (small) number of spam senders that use Tor in combination with webmail, but there isn't much I can do about that (always different destination IPs). Fortunately SpamCop was able to change their records of my IP range to my contact address so that's not a big problem. I'm not sure if I'm legally allowed to publish the complaints. I want to put them on my blog when I have some time. The exit policy helps to cool down the situation with Softlayer, and I'll try my best to make them understand what it is I'm running. When and if the IP range is SWIPed, we can think about unblocking unknown ports again. The average speed is 26 MB/s at the moment. I'm not sure what limits the speed, the server should be on a Gbit line, and our plan covers 39MB/s... -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Wed, 23 Jun 2010 12:49 +0200, Moritz Bartl t...@wiredwings.com wrote: Hi, Out of curiosity, what exit policy are you now using? Perhaps we want to standardize on a policy that is effective at reducing these complaints. At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993, 995,8008,8080,. Feel free to suggest others. I also allow 465 and 563. Those are used by authenticated SMTPS and NNTPS. So far, I have not received any spam abuse complaints from them, after running a 10Mbit+ exit for the past 2-3 years (though I do occasionally get web spam abuse complaints). There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222- 5223 (xmpp/gchat). Those haven't given me any problems either. -- http://www.fastmail.fm - Faster than the air-speed velocity of an unladen european swallow *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Hi, Out of curiosity, what exit policy are you now using? Perhaps we want to standardize on a policy that is effective at reducing these complaints. At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993, 995,8008,8080,. Feel free to suggest others. If you've filed the counternotice, maybe suggest your ISP just blackhole future mails from the abuse sender? For each mail passed on to me, I also answered to 100TB.com so they could close their ticket and pass that information on to Softlayer. In every mail, I told them that I am sorry for so many automated complaints coming in, that they should not turn my server off because of these 'spam' mails, and that it would be great to SWIP my IP range. No replies. As far as I know, they never got their test case. Too bad. I am willing to step in, but I am not located in the US, which seems to be a requirement. Being able to tell your ISP that the EFF will defend you in this unlikely situation might also help your position with them. I am not so sure, as they didn't react to anything I passed on to them regarding my legal status. I am now trying again to get them to SWIP an IP range for me. -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Wed, Jun 23, 2010 at 5:49 AM, Moritz Bartl t...@wiredwings.com wrote: Hi, Out of curiosity, what exit policy are you now using? Perhaps we want to standardize on a policy that is effective at reducing these complaints. At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993, 995,8008,8080,. Feel free to suggest others. I don't know if this will help or not, but in the states, my ISP provider calls me when they get a complaint. They tell me what the complaint was about, I get the ports the issues came thru and what they were. All except the last one were Torrents. The last one was allegedly email spamming. I started to explain, but realized that they would just turn off my service for not correcting the problem. In my case the EFF legal notice didn't work as they didn't care about it. Their main concern wee the complaints recieved from my ip addy. ( It could also just be their way of intimidation ). What I did on the Torrents was to turn off the ' misc services exit ' ( tho I would have liked to keep it running there and may try again and see how many if any complants come thru with the ports blocked ) and block the specific ports that were reported. On the email, I just blocked the specific port. That so far has taken care of those issues. ( fingers crossed ) I have yet to receive an actual abuse notice in the mail or via email. Like I said not sure if this will help in your case, but it has worked for me. Jon *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Wed, Jun 23, 2010 at 9:03 AM, Jon torance...@gmail.com wrote: I don't know if this will help or not, but in the states, my ISP provider calls me when they get a complaint. They tell me what the complaint was about, I get the ports the issues came thru and what they were. All except the last one were Torrents. The last one was allegedly email spamming. [snip] (IANAL) FWIW, it appears that a provider which fails to let you respond in objection to a DMCA complain loses their §512.g.1 [1] indemnity. Providers forcing you to take down legal but complaint generating services is really against the intent and letter of the law. Sadly, playing hard-ball with the ISP isn't likely to do you any good, since they can just find another reason to terminate your service. ISTM that every exit operator should probably make the effort to SWIP their blocks prior to the generation of these nasty-grams in order to head off this problem. [1] http://www.law.cornell.edu/uscode/html/uscode17/usc_sec_17_0512000-.html *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
If you can get SoftLayer to do SWIP on the IP address/range assigned to you, that will offload their complaint person and let you handle everything automatically. Agreed. Having the whois info for your TOR box come to you as an ORG-ABUSE will offload a lot of this from Softlayer. BayTSP, et.al. don't bother doing ASN lookups, they complain by IP whois. BayTSP/MediaSentry/etc have heard all the excuses, including when they tagged my printer as serving up movies; they don't care. True. We get tons of them for nonexistant IP ranges. They never answer any questions about it. The response is probably then catalogued for some future court case. As are all of the bogus notices and supporting documentation that nothing has ever occupied that IP address. Cheers, Michael Holstein Cleveland State University *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Hi, BayTSP/MediaSentry/etc have heard all the excuses, including when they tagged my printer as serving up movies; they don't care. I fully expect they don't even read the responses, just check that a response was received. The response is probably then catalogued for some future court case. I'm not sure it was the most clever thing to do, but I wanted to have this cleared up. After sending a mail to five different BayTSP addresses, they finally came back to me, asking for my DMCA Designated Agent form filing with the US Copyright Office. They also said my counter notification doesn't meet the legal requirements... -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Automated threat messages force limitation of Exit Policy (Softlayer)
Hi, After running our 300MBit/s Tor node for less than a week, the US data center Softlayer has forced me to limit our exit policy to well-known ports after receiving 25 automated Torrent DMCA complaints this weekend and again more than 20 in the last two days. I hope that now that the policy is restricted they will allow the node to stay up. All these complaints list pretty much the same Torrents, have been issued by MediaSentry or BayTSP, and each offers to get back to them on changing email addresses and through a web form. For each single abuse case, I have tried to reach them to tell them about the node and its background, including the offer to block on IP/Port basis and the URL to EFF's legal page, but they didn't get back to me and didn't stop the spamming. I even filed a counter notification with written signature etc. It's frightening to see how easy it is to effectively shut down any server at large ISPs such as Softlayer by just repeatedly sending the same - possibly unjustified - complaints. If you know of any Tor-friendly ISPs with large bandwidth plans, please let me know. -- Moritz Bartl http://www.torservers.net/ http://anonymizer2.torservers.net/ (stats) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
Thus spake Moritz Bartl (t...@wiredwings.com): After running our 300MBit/s Tor node for less than a week, the US data center Softlayer has forced me to limit our exit policy to well-known ports after receiving 25 automated Torrent DMCA complaints this weekend and again more than 20 in the last two days. I hope that now that the policy is restricted they will allow the node to stay up. Out of curiosity, what exit policy are you now using? Perhaps we want to standardize on a policy that is effective at reducing these complaints. All these complaints list pretty much the same Torrents, have been issued by MediaSentry or BayTSP, and each offers to get back to them on changing email addresses and through a web form. For each single abuse case, I have tried to reach them to tell them about the node and its background, including the offer to block on IP/Port basis and the URL to EFF's legal page, but they didn't get back to me and didn't stop the spamming. I even filed a counter notification with written signature etc. I'm not a lawyer, but as a common carrier/service provider, you should be specifically exempt from these noticies, as you're not hosting content and are not the infringing party. If you've filed the counternotice, maybe suggest your ISP just blackhole future mails from the abuse sender? Did they SWIP you the IP block? Back in 2005, the EFF was actively looking for a test case to demonstrate that Tor exit nodes and other service providers are exempt via safe harbor provisions: http://archives.seul.org/or/talk/Oct-2005/msg00208.html As far as I know, they never got their test case. We can check to see if they are still looking for one, and what it might take for your situation to develop into a good test case for them. The abuse senders may actually have to initiate legal action against you first, which is unlikely. Being able to tell your ISP that the EFF will defend you in this unlikely situation might also help your position with them. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpJBxluNk2yd.pgp Description: PGP signature
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Wed, 23 Jun 2010 02:20:16 +0200 Moritz Bartl t...@wiredwings.com wrote: All these complaints list pretty much the same Torrents, have been issued by MediaSentry or BayTSP, and each offers to get back to them on changing email addresses and through a web form. For each single abuse case, I have tried to reach them to tell them about the node and its background, including the offer to block on IP/Port basis and the URL to EFF's legal page, but they didn't get back to me and didn't stop the spamming. I even filed a counter notification with written signature etc. From experience, with SoftLayer even, don't try to explain anything; no one cares. All they see is customer X is costing us a human dealing with all of these complaints, make it stop. I simply had a script that responded to each and every automated complaint with an automated response. Take the template response from https://www.torproject.org/eff/tor-dmca-response.html and change the right variables to whatever you receive in an automated fashion. And then mail it back to whomever. It's their bot versus yours. If you can get SoftLayer to do SWIP on the IP address/range assigned to you, that will offload their complaint person and let you handle everything automatically. BayTSP/MediaSentry/etc have heard all the excuses, including when they tagged my printer as serving up movies; they don't care. I fully expect they don't even read the responses, just check that a response was received. The response is probably then catalogued for some future court case. And to your scary realization, yes, baseless accusations have concrete affects in the real world. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/