Re: [tor-relays] Aggressive abuse report

[Maarten]

Hey Florentin,

That is great to hear!

I always include the argument that I am complying with their wishes. But
it is totally pointless as I am not the only exit node.

If they are truly interested in stopping abuse/attacks, they can block
all exit nods as they are publicly provided by tor.
But not all criminals use tor, some just used compromised servers and
such. Block Tor completely does not block all abuse.

And so security should be improved on the "complaining" server, no
matter if it is reachable by tor or not.

This leads me to the question if they are serious about security, or
serious about undermining privacy with excuses and legal loopholes.

The trick is to not offend anyone when making these statements.
Offended people usually have a hard time listening to reason, and only
focus on the damage to their image. Even if it is a private conversation.

Maarten.

Florentin Rochet wrote on 16-03-17 12:18:
> Hi Maarten (and others who answered back),
> 
> I got a few more mail exchange with them. I tried to educate a bit and
> it seems they agreed (not explicitly) that the right to privacy is
> something that should not be removed to people due to the illegal
> actions of a few others. They told me to be forced by law, as a service
> provider, to do their best to reduce this kind of illegal traffic.
> 
> I told them I will reject targeted IPs seen in more than one complain.
> In my opinion, that's an appropriate tradeoff. Right now, it seems that
> I will not get banned :-)
> 
> I appreciate the help,
> 
> Florentin
> 
> On 2017-03-14 17:08, Maarten wrote:
>> Hi Florentin,
>>
>> Read the policy of your hoster.
>> I had the same situation and already configured a reduced exit policy.
>> So I just changed my exit policy. Now I do not relay to their entire IP
>> block on port 80 anymore. So it can't happen again..
>>
>> My hoster was fine with that.
>> Along with this I sent an explenation that I am not the only Exit node
>> and how to easily block all exit nodes. (The default text from the tor
>> project website)
>>
>> I had the luck that the employee agreed that Tor's value to society
>> makes the abuse acceptable.
>>
>> Maarten.
>>
>> Florentin Rochet wrote on 14-03-17 13:41:
>>> Hi list,
>>>
>>> I am running Kadoc[0] for a few weeks and got today a more aggressive
>>> complain from a System Administrator of my VPS provider. I seek for an
>>> appropriate response to not get banned. Does someone experienced a
>>> similar scenario and succeeded to educate the sys admins ? Here's the
>>> complain:
>>>
>>> /"It is running a Tor Exit, hence producing a false positive." is not a
>>> valid reason.//
>>> //You are the one responsible for the traffic generated on/trough your
>>> server, so you should make sure that no similar traffic will appear in
>>> future. Illegal actions are strictly prohibited in our network/servers.//
>>> //Please take immediate actions to stop this kind of activity./
>>>
>>> I am almost sure that trying to argument that I am not responsible for
>>> the traffic generated through my Exit is not the right angle with such
>>> guy. Any ideas ?
>>>
>>> Best,
>>>
>>> Florentin Rochet
>>>
>>> [0]
>>> https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B993B
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>>>
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
<>___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Aggressive abuse report

[Florentin Rochet]

Hi Maarten (and others who answered back),

I got a few more mail exchange with them. I tried to educate a bit and 
it seems they agreed (not explicitly) that the right to privacy is 
something that should not be removed to people due to the illegal 
actions of a few others. They told me to be forced by law, as a service 
provider, to do their best to reduce this kind of illegal traffic.


I told them I will reject targeted IPs seen in more than one complain. 
In my opinion, that's an appropriate tradeoff. Right now, it seems that 
I will not get banned :-)


I appreciate the help,

Florentin

On 2017-03-14 17:08, Maarten wrote:

Hi Florentin,

Read the policy of your hoster.
I had the same situation and already configured a reduced exit policy.
So I just changed my exit policy. Now I do not relay to their entire IP
block on port 80 anymore. So it can't happen again..

My hoster was fine with that.
Along with this I sent an explenation that I am not the only Exit node
and how to easily block all exit nodes. (The default text from the tor
project website)

I had the luck that the employee agreed that Tor's value to society
makes the abuse acceptable.

Maarten.

Florentin Rochet wrote on 14-03-17 13:41:

Hi list,

I am running Kadoc[0] for a few weeks and got today a more aggressive
complain from a System Administrator of my VPS provider. I seek for an
appropriate response to not get banned. Does someone experienced a
similar scenario and succeeded to educate the sys admins ? Here's the
complain:

/"It is running a Tor Exit, hence producing a false positive." is not a
valid reason.//
//You are the one responsible for the traffic generated on/trough your
server, so you should make sure that no similar traffic will appear in
future. Illegal actions are strictly prohibited in our network/servers.//
//Please take immediate actions to stop this kind of activity./

I am almost sure that trying to argument that I am not responsible for
the traffic generated through my Exit is not the right angle with such
guy. Any ideas ?

Best,

Florentin Rochet

[0]
https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B993B



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Aggressive abuse report

[Moritz Bartl]

On 14.03.2017 15:36, Juuso Lapinlampi wrote:
> My concern with this is the liability on operator. In Finland (and
> Europe?)

Yes, this is "harmonized" and modelled after the US DMCA law, in Europe
in the "e-Commerce directive" respectively the federal implementations.
See https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
(and add links to your local implementation!)

> I believe FICORA has advised blocking ports as necessary for security
> reasons (e.g. port 25) is fine, but when it's being extended to
> IP-address and/or port combinations, that's where it starts becoming
> gray (in regards to #2).

I would argue it's not. Since you advertise that your network cannot be
used for these ports and/or IPs, you do not influence the "selection of
the recipient". Otherwise, any network that only routes to particular
destinations would lose limited liability, which would be pretty much
against how the Internet works.


> So far, replying to every abuse complaint and giving advice how to block
> Tor using DNSBL or similar has worked for me. I can see it's probably
> not what original poster's ISP would like to hear to have the issue
> resolved, but it's less ambiguous on law and limited liability. Thus, I
> suggested looking into other more friendly ISPs.

I agree, helping the "other side" to understand Tor and how to NOT BLOCK
using DNSBLs but rather use DNSBLs as a component to identify
potentially harmful connections, and treat those differently (eg.
require user registration) is a lot better. Having Wordpress plugins and
similar things for the most popular CMS would help a lot, if those
plugins guide you through a process where you don't end up simply
blocking all Tor users right away.

In many cases, ISPs are OK if you explain your options, they just want
to see you "dealt with it" within a reasonable timespan (~24 hours) and
are in touch with the sender of the complaint.

-- 
Moritz Bartl
https://www.torservers.net/
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Aggressive abuse report

[Maarten]

Hi Florentin,

Read the policy of your hoster.
I had the same situation and already configured a reduced exit policy.
So I just changed my exit policy. Now I do not relay to their entire IP
block on port 80 anymore. So it can't happen again..

My hoster was fine with that.
Along with this I sent an explenation that I am not the only Exit node
and how to easily block all exit nodes. (The default text from the tor
project website)

I had the luck that the employee agreed that Tor's value to society
makes the abuse acceptable.

Maarten.

Florentin Rochet wrote on 14-03-17 13:41:
> Hi list,
> 
> I am running Kadoc[0] for a few weeks and got today a more aggressive
> complain from a System Administrator of my VPS provider. I seek for an
> appropriate response to not get banned. Does someone experienced a
> similar scenario and succeeded to educate the sys admins ? Here's the
> complain:
> 
> /"It is running a Tor Exit, hence producing a false positive." is not a
> valid reason.//
> //You are the one responsible for the traffic generated on/trough your
> server, so you should make sure that no similar traffic will appear in
> future. Illegal actions are strictly prohibited in our network/servers.//
> //Please take immediate actions to stop this kind of activity./
> 
> I am almost sure that trying to argument that I am not responsible for
> the traffic generated through my Exit is not the right angle with such
> guy. Any ideas ?
> 
> Best,
> 
> Florentin Rochet
> 
> [0]
> https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B993B
> 
> 
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
<>___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Aggressive abuse report

[Sec INT]

If its an exit just use the reduced reduced exit policy - I dont get any abuse 
complaints apart from those heroes at webiron

Cheers
Mark B
Snaptor.co.uk (non commercial)


> On 14 Mar 2017, at 14:36, Juuso Lapinlampi  wrote:
> 
>> On Tue, Mar 14, 2017 at 02:17:14PM +0100, Moritz Bartl wrote:
>> about it" might not be the best argument here either: I suggest you
>> block the destination IP address(es) for some weeks via ExitPolicy, let
> 
> My concern with this is the liability on operator. In Finland (and
> Europe?), the limited liability provisions have three criteria for
> service/network providers (Tietoyhteiskuntakaari 7.11.2014/917, 182 §
> Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa):
> 
> 1. You're not the one initiating the network transfer;
> 2. You're not selecting the recipient; and
> 3. You don't select or modify the data to be transferred.
> 
> I believe FICORA has advised blocking ports as necessary for security
> reasons (e.g. port 25) is fine, but when it's being extended to
> IP-address and/or port combinations, that's where it starts becoming
> gray (in regards to #2).
> 
> So far, replying to every abuse complaint and giving advice how to block
> Tor using DNSBL or similar has worked for me. I can see it's probably
> not what original poster's ISP would like to hear to have the issue
> resolved, but it's less ambiguous on law and limited liability. Thus, I
> suggested looking into other more friendly ISPs.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Aggressive abuse report

[Juuso Lapinlampi]

On Tue, Mar 14, 2017 at 02:17:14PM +0100, Moritz Bartl wrote:
> about it" might not be the best argument here either: I suggest you
> block the destination IP address(es) for some weeks via ExitPolicy, let

My concern with this is the liability on operator. In Finland (and
Europe?), the limited liability provisions have three criteria for
service/network providers (Tietoyhteiskuntakaari 7.11.2014/917, 182 §
Vastuuvapaus tiedonsiirto- ja verkkoyhteyspalveluissa):

1. You're not the one initiating the network transfer;
2. You're not selecting the recipient; and
3. You don't select or modify the data to be transferred.

I believe FICORA has advised blocking ports as necessary for security
reasons (e.g. port 25) is fine, but when it's being extended to
IP-address and/or port combinations, that's where it starts becoming
gray (in regards to #2).

So far, replying to every abuse complaint and giving advice how to block
Tor using DNSBL or similar has worked for me. I can see it's probably
not what original poster's ISP would like to hear to have the issue
resolved, but it's less ambiguous on law and limited liability. Thus, I
suggested looking into other more friendly ISPs.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Aggressive abuse report

[Florentin Rochet]

Hi list,

I am running Kadoc[0] for a few weeks and got today a more aggressive 
complain from a System Administrator of my VPS provider. I seek for an 
appropriate response to not get banned. Does someone experienced a 
similar scenario and succeeded to educate the sys admins ? Here's the 
complain:


/"It is running a Tor Exit, hence producing a false positive." is not a 
valid reason.//
//You are the one responsible for the traffic generated on/trough your 
server, so you should make sure that no similar traffic will appear in 
future. Illegal actions are strictly prohibited in our network/servers.//

//Please take immediate actions to stop this kind of activity./

I am almost sure that trying to argument that I am not responsible for 
the traffic generated through my Exit is not the right angle with such 
guy. Any ideas ?


Best,

Florentin Rochet

[0] 
https://atlas.torproject.org/#details/171696AFDB589CA2C4978EED2C6A91153D2B993B 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays