Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-30 Thread Wendy Seltzer
On Wed, Jun 30, 2010 at 8:41 AM, Moritz Bartl  wrote:

> I have started to collect statistics and some of my answers on a wiki page:
> http://www.wiredwings.com/wiki/Torservers.net_Main_Page#Statistics
> So far, there's not been a single real conversation with anyone about the
> legal status.
>

Documenting your experience is helpful, thanks!  I hope you can also
get to the root of the problem.

I can't give you legal advice, but I've operated Chilling Effects for
7+ years without encountering any serious problems publishing
cease-and-desist letters people have received.  I haven't heard that
the postings have caused anyone else trouble either.  We've said that
posting the letters is necessary to analysis of their legal claims,
and therefore fair use, see


Best,
--Wendy

-- 
Wendy Seltzer
http://wendy.seltzer.org/blog/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-30 Thread Moritz Bartl

Hi Mike,


Ok, I've updated
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
with this information. Let me know if there is anything else you think
might be helpful, too.


Thanks. Will do.


A blog would be great. Another option besides publishing the actual
complaints would be to draft template response letters for various
cases and publish those. I'm sure other potential exit operators would
greatly benefit from such a collection, and it would be a great thing
to link to in that post.


I have started to collect statistics and some of my answers on a wiki page:
http://www.wiredwings.com/wiki/Torservers.net_Main_Page#Statistics
So far, there's not been a single real conversation with anyone about 
the legal status.


--
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-30 Thread Mike Perry
Thus spake Moritz Bartl (t...@wiredwings.com):

> >Please get back to us in a week or so with info on your abuse
> >complaint rate with the new policy. I'll update
> >https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
> >with the policy if it does in fact drastically reduce your abuse
> >complaint raint.
> 
> It does. There are still some old complaints by MediaSentry and BayTSP 
> being forwarded, but the timestamp clearly show dates before I changed 
> exit policy.

Ok, I've updated
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
with this information. Let me know if there is anything else you think
might be helpful, too.

> I will soon set up a (b)log about all incidents. I'll also talk to a 
> lawyer (and friend of mine) if I am allowed to publish all complaints.

A blog would be great. Another option besides publishing the actual
complaints would be to draft template response letters for various
cases and publish those. I'm sure other potential exit operators would
greatly benefit from such a collection, and it would be a great thing
to link to in that post.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpwIvGADh3YU.pgp
Description: PGP signature


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-29 Thread Michael Holstein

> As in, MediaSentry doesn't want Tor to exist (for obvious reasons), so
> it DMCA-DoS's new exit nodes?
>   

No, they pick on everyone pretty much equally .. easy to do when you're
just using a script to scrape a tracker and complain.

I've investigated many of the complaints over the years, and have yet to
find any evidence that that Mediasentry (et.al.) makes any effort to
download or verify that the client they are complaining about is in
fact, offering the content in question. This was most hilariously
demonstrated by Washington University when they spoofed a bunch of
printers and got DMCA notices for them(*).

(*): http://dmca.cs.washington.edu/

Also, as I've mentioned previously, it's not at all unusual to get
complaints for IP addresses (within our block) that have never been
used. I get the impression that folks (probably the media companies
themselves) are intentionally injecting fake information into BitTorrent
like they used to do with Napster .. except that BitTorrent handles this
much better. The fallout from that is companies get a bunch of bogus
complaints.

My 0.02.

Cheers,

Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-29 Thread Ted Smith
On Sun, 2010-06-27 at 19:36 -0700, Mike Perry wrote:
> (Though I suspect the SWIP will also help greatly. I am beginning to
> believe that these abuse-bot companies deliberately pick on new
> hosters who do not have their own IP allocation specified to bully
> them off the net). 

As in, MediaSentry doesn't want Tor to exist (for obvious reasons), so
it DMCA-DoS's new exit nodes?

Sounds nefarious, but totally plausible.


signature.asc
Description: This is a digitally signed message part


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-29 Thread Moritz Bartl

I also allow 465 and 563. Those are used by authenticated SMTPS and
NNTPS.

Thanks. I have added them to the exit policy.

Please get back to us in a week or so with info on your abuse
complaint rate with the new policy. I'll update
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
with the policy if it does in fact drastically reduce your abuse
complaint raint.


It does. There are still some old complaints by MediaSentry and BayTSP 
being forwarded, but the timestamp clearly show dates before I changed 
exit policy.


Other than that, I have recieved a few SpamCop reports, most of them 
about spam being sent through HTTP/Webmail, but two recent ones about 
spam being sent through ESMTP, eg:


Received: from livmgfm (anonymizer2.torservers.net [173.244.197.210])
	by mtaout-ma04.r1000.mx.aol.com (MUA/Third Party Client Interface) with 
ESMTPA id 54B3FE91 for ; Mon, 28 Jun 2010 19:36:22 -0400 (EDT)


Fortunately, SpamCop uses my direct contact address now instead of going 
through my ISP.


I will soon set up a (b)log about all incidents. I'll also talk to a 
lawyer (and friend of mine) if I am allowed to publish all complaints.


--
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-27 Thread Mike Perry
Thus spake Moritz Bartl (t...@wiredwings.com):

> On 27.06.2010 04:17, Mondior Folimun wrote:
> > I also allow 465 and 563. Those are used by authenticated SMTPS and
> > NNTPS.
> > There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222-
> > 5223 (xmpp/gchat). Those haven't given me any problems either.
> 
> Thanks. I have added them to the exit policy.

Please get back to us in a week or so with info on your abuse
complaint rate with the new policy. I'll update
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment
with the policy if it does in fact drastically reduce your abuse
complaint raint.

(Though I suspect the SWIP will also help greatly. I am beginning to
believe that these abuse-bot companies deliberately pick on new
hosters who do not have their own IP allocation specified to bully
them off the net).

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpUwdiZEx6bI.pgp
Description: PGP signature


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-27 Thread Bill Weiss
Mondior Folimun(mfoli...@elitemail.org)@Sun, Jun 27, 2010 at 04:17:15AM +0200:
> On Wed, 23 Jun 2010 12:49 +0200, "Moritz Bartl" 
> wrote:
> > Hi,
> >
> > > Out of curiosity, what exit policy are you now using? Perhaps we
> > > want to standardize on a policy that is effective at reducing these
> > > complaints.
> >
> > At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993,
> > 995,8008,8080,. Feel free to suggest others.
> 
> I also allow 465 and 563. Those are used by authenticated SMTPS and
> NNTPS.
> So far, I have not received any spam abuse complaints from them, after
> running a 10Mbit+ exit for the past 2-3 years (though I do occasionally
> get web spam abuse complaints).

Interestingly, I was contacted by the police at some university a couple
of years ago about abuse through my Tor node on port 587 (authenticated
SMTP).  After a ton of explaining what Tor was (at first they believed the
abuser to be a client of mine because his bits were coming from my
machine), it turned out that they had a severely busted submission port:
it was the same as port 25 (so, accepted unauthenticated email from the
world).  The person they were investigating had used this to send email
via Tor to an address there.

I finally explained to them that their damaged configuration was letting
spam through, and they stopped bothering me.  Ah well.

I'd suggest adding that port to the mix, since it should be authenticated
and TLSed (despite the occasional evidence otherwise).

-- 
Bill Weiss
 
Break yo pipe man, and the funny dudes scribblin' licence plates go away.
-- Kha0s, alt.2600

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-27 Thread Moritz Bartl
Hi,

On 27.06.2010 04:17, Mondior Folimun wrote:
> I also allow 465 and 563. Those are used by authenticated SMTPS and
> NNTPS.
> There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222-
> 5223 (xmpp/gchat). Those haven't given me any problems either.

Thanks. I have added them to the exit policy.

--
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-26 Thread Mondior Folimun
On Wed, 23 Jun 2010 12:49 +0200, "Moritz Bartl" 
wrote:
> Hi,
>
> > Out of curiosity, what exit policy are you now using? Perhaps we
> > want to standardize on a policy that is effective at reducing these
> > complaints.
>
> At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993,
> 995,8008,8080,. Feel free to suggest others.

I also allow 465 and 563. Those are used by authenticated SMTPS and
NNTPS.
So far, I have not received any spam abuse complaints from them, after
running a 10Mbit+ exit for the past 2-3 years (though I do occasionally
get web spam abuse complaints).

There's also the chat ports: 1863 (MSN), 5190 (aim), 5050 (yahoo), 5222-
5223 (xmpp/gchat). Those haven't given me any problems either.

-- 
http://www.fastmail.fm - Faster than the air-speed velocity of an
  unladen european swallow

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-26 Thread Moritz Bartl
Hi,

On 27.06.2010 03:00, Mike Perry wrote:
> Can you post a copy of your counter-notification? Did they say in
> specific why they believe it doesn't meet the requirements?
> Also, are you familiar with chillingeffects? They catalog DMCA-related
> correspondence and provide some legal FAQs for counter-notice
> procedures.

Thanks. After having read more about it, I doubt that I have to file a
counter notification after all. I told them so two days ago, citing the
relevant sections from DMCA, and haven't heard back from them since.

Midphase (100tb) finally told me they were able to SWIP my range, one
day before Softlayer (their data center) told me it wasn't possible. The
range is still not SWIPed though, Midphase said they would look into it
again.

So far, Softlayer shows no sign of understanding anything I've told
them, neither about DMCA law (with the appropriate paragraphs and the
EFF response cited), nor about Tor not being some file sharing utility,
nor about that SWIPing would help on the abuse. Midphase on the other
hand doesn't interfere, I guess they want no trouble with Softlayer but
understand and respect what I'm doing.

Since changing the exit policy, the only reports I've been getting were
some by SpamCop, and two complaints by BayTSP/MediaSentry with old
timestamps. There seems to be a (small) number of spam senders that use
Tor in combination with webmail, but there isn't much I can do about
that (always different destination IPs). Fortunately SpamCop was able to
change their records of my IP range to my contact address so that's not
a big problem.
I'm not sure if I'm legally allowed to publish the complaints. I want to
put them on my blog when I have some time.

The exit policy helps to cool down the situation with Softlayer, and
I'll try my best to make them understand what it is I'm running. When
and if the IP range is SWIPed, we can think about unblocking unknown
ports again.

The average speed is 26 MB/s at the moment. I'm not sure what limits the
speed, the server should be on a Gbit line, and our plan covers 39MB/s...

-- 
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-26 Thread Mike Perry
Thus spake Moritz Bartl (t...@wiredwings.com):

> > BayTSP/MediaSentry/etc have heard all the
> > excuses, including when they tagged my printer as serving up movies;
> > they don't care. I fully expect they don't even read the responses, just
> > check that a response was received.  The response is probably then
> > catalogued for some future court case.
> 
> I'm not sure it was the most clever thing to do, but I wanted to have
> this cleared up. After sending a mail to five different BayTSP
> addresses, they finally came back to me, asking for my "DMCA Designated
> Agent form filing with the US Copyright Office". They also said my
> counter notification doesn't meet the legal requirements...

Can you post a copy of your counter-notification? Did they say in
specific why they believe it doesn't meet the requirements?

Also, are you familiar with chillingeffects? They catalog DMCA-related
correspondence and provide some legal FAQs for counter-notice
procedures.

This is the section that should be relevant:
http://www.chillingeffects.org/dmca512/faq.cgi#QID564


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpgtyJnbLFGH.pgp
Description: PGP signature


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-23 Thread Moritz Bartl
Hi,

> BayTSP/MediaSentry/etc have heard all the
> excuses, including when they tagged my printer as serving up movies;
> they don't care. I fully expect they don't even read the responses, just
> check that a response was received.  The response is probably then
> catalogued for some future court case.

I'm not sure it was the most clever thing to do, but I wanted to have
this cleared up. After sending a mail to five different BayTSP
addresses, they finally came back to me, asking for my "DMCA Designated
Agent form filing with the US Copyright Office". They also said my
counter notification doesn't meet the legal requirements...

-- 
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-23 Thread Michael Holstein

> If you can get SoftLayer to do SWIP on the IP address/range assigned to
> you, that will offload their complaint person and let you handle
> everything automatically.  

Agreed. Having the whois info for your TOR box come to you as an
ORG-ABUSE will offload a lot of this from Softlayer. BayTSP, et.al.
don't bother doing ASN lookups, they complain by IP whois.

> BayTSP/MediaSentry/etc have heard all the
> excuses, including when they tagged my printer as serving up movies;
> they don't care. 

True. We get tons of them for nonexistant IP ranges. They never answer
any questions about it.

> The response is probably then
> catalogued for some future court case.
>
>   

As are all of the bogus notices and supporting documentation that
nothing has ever occupied that IP address.

Cheers,

Michael Holstein
Cleveland State University
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-23 Thread Gregory Maxwell
On Wed, Jun 23, 2010 at 9:03 AM, Jon  wrote:
>  I don't know if this will help or not, but in the states, my ISP
> provider calls me when they get a complaint. They tell me what the
> complaint was about, I get the ports the issues came thru and what
> they were. All except the last one were Torrents. The last one was
> allegedly email spamming.
[snip]

(IANAL)

FWIW, it appears that a provider which fails to let you respond in
objection to a DMCA complain loses their §512.g.1 [1] indemnity.


Providers forcing you to take down legal but complaint generating
services is really against the intent and letter of the law. Sadly,
playing hard-ball with the ISP isn't likely to do you any good, since
they can just find another reason to terminate your service.


ISTM that every exit operator should probably make the effort to SWIP
their blocks prior to the generation of these nasty-grams in order to
head off this problem.




[1] 
http://www.law.cornell.edu/uscode/html/uscode17/usc_sec_17_0512000-.html
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-23 Thread Jon
On Wed, Jun 23, 2010 at 5:49 AM, Moritz Bartl  wrote:
> Hi,
>
>> Out of curiosity, what exit policy are you now using? Perhaps we want
>> to standardize on a policy that is effective at reducing these
>> complaints.
>
> At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993,
> 995,8008,8080,. Feel free to suggest others.
>

 I don't know if this will help or not, but in the states, my ISP
provider calls me when they get a complaint. They tell me what the
complaint was about, I get the ports the issues came thru and what
they were. All except the last one were Torrents. The last one was
allegedly email spamming.

I started to explain, but realized that they would just turn off my
service for not correcting the problem. In my case the EFF legal
notice didn't work as they didn't care about it. Their main concern
wee the complaints recieved from my ip addy. ( It could also just be
their way of intimidation ).

What I did on the Torrents was to turn off the ' misc services exit '
( tho I would have liked to keep it running there and may try again
and see how many if any complants come thru with the ports blocked )
and block the specific ports that were reported. On the email, I just
blocked the specific port. That so far has taken care of those issues.
( fingers crossed )

I have yet to receive an actual abuse notice in the mail or via email.
Like I said not sure if this will help in your case, but it has worked
for me.

Jon
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-23 Thread Moritz Bartl
Hi,

> Out of curiosity, what exit policy are you now using? Perhaps we want
> to standardize on a policy that is effective at reducing these
> complaints.

At the moment, I allow ports 20-22,53,79-81,110,143,443,706,873,993,
995,8008,8080,. Feel free to suggest others.

> If you've filed the counternotice, maybe suggest your ISP just blackhole
> future mails from the abuse sender?

For each mail passed on to me, I also answered to 100TB.com so they
could close their ticket and pass that information on to Softlayer. In
every mail, I told them that I am sorry for so many automated complaints
coming in, that they should not turn my server off because of these
'spam' mails, and that it would be great to SWIP my IP range. No replies.

> As far as I know, they never got their test case.

Too bad. I am willing to step in, but I am not located in the US, which
seems to be a requirement.

> Being able to tell your ISP that the EFF will defend you in this 
> unlikely situation might also help your position with them.

I am not so sure, as they didn't react to anything I passed on to them
regarding my legal status. I am now trying again to get them to SWIP an
IP range for me.

-- 
Moritz Bartl
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-22 Thread Andrew Lewman
On Wed, 23 Jun 2010 02:20:16 +0200
Moritz Bartl  wrote:

> All these complaints list pretty much the same Torrents, have been
> issued by MediaSentry or BayTSP, and each offers to get back to them
> on changing email addresses and through a web form. For each single
> abuse case, I have tried to reach them to tell them about the node
> and its background, including the offer to block on IP/Port basis and
> the URL to EFF's legal page, but they didn't get back to me and
> didn't stop the spamming. I even filed a counter notification with
> written signature etc.

From experience, with SoftLayer even, don't try to explain anything;
no one cares.  All they see is customer X is costing us a human
dealing with all of these complaints, make it stop. 

I simply had a script that responded to each and every automated
complaint with an automated response.  Take the template response from
https://www.torproject.org/eff/tor-dmca-response.html and change the
right variables to whatever you receive in an automated fashion.  And
then mail it back to whomever.  It's their bot versus yours.  

If you can get SoftLayer to do SWIP on the IP address/range assigned to
you, that will offload their complaint person and let you handle
everything automatically.  BayTSP/MediaSentry/etc have heard all the
excuses, including when they tagged my printer as serving up movies;
they don't care. I fully expect they don't even read the responses, just
check that a response was received.  The response is probably then
catalogued for some future court case.

And to your scary realization, yes, baseless accusations have concrete
affects in the real world.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
skype:  lewmanator
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


Re: Automated threat messages force limitation of Exit Policy (Softlayer)

2010-06-22 Thread Mike Perry
Thus spake Moritz Bartl (t...@wiredwings.com):

> After running our 300MBit/s Tor node for less than a week, the US data
> center Softlayer has forced me to limit our exit policy to well-known
> ports after receiving 25 automated Torrent DMCA complaints this weekend
> and again more than 20 in the last two days. I hope that now that the
> policy is restricted they will allow the node to stay up.

Out of curiosity, what exit policy are you now using? Perhaps we want
to standardize on a policy that is effective at reducing these
complaints.
 
> All these complaints list pretty much the same Torrents, have been
> issued by MediaSentry or BayTSP, and each offers to get back to them on
> changing email addresses and through a web form. For each single abuse
> case, I have tried to reach them to tell them about the node and its
> background, including the offer to block on IP/Port basis and the URL to
> EFF's legal page, but they didn't get back to me and didn't stop the
> spamming. I even filed a counter notification with written signature etc.

I'm not a lawyer, but as a common carrier/service provider, you should
be specifically exempt from these noticies, as you're not hosting
content and are not the infringing party.

If you've filed the counternotice, maybe suggest your ISP just blackhole
future mails from the abuse sender? Did they SWIP you the IP block?

Back in 2005, the EFF was actively looking for a test case to
demonstrate that Tor exit nodes and other service providers are exempt
via safe harbor provisions:
http://archives.seul.org/or/talk/Oct-2005/msg00208.html

As far as I know, they never got their test case.

We can check to see if they are still looking for one, and what it
might take for your situation to develop into a good test case for
them. The abuse senders may actually have to initiate legal action
against you first, which is unlikely. Being able to tell your ISP
that the EFF will defend you in this unlikely situation might also
help your position with them.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpJBxluNk2yd.pgp
Description: PGP signature