[tor-relays] Thanks for the advice on handling DMCA complaints.

2013-10-25 Thread Christopher Jones
Hey all,

I just wanted to thank the list members for giving me some great advice on 
working with my ISP to deal with the DMCA nastygrams. I restricted my exit 
policy to allow most legitimate TCP services and block the rest, which should 
hopefully disincentivize those damn P2P users from picking my relay as an exit 
in most cases. 

Does the Tor project run a database to track abuse complaints? Could be useful 
in terms of uncovering who the largest pains in the ass are (mine was from 
Irdeto on behalf on NBC Universal), as well as organizing targeted campaigns to 
put pressure on companies like Irdeto to at least perform some due diligence 
and not send out DMCA originating from exit relays. If not, maybe I’ll start 
working on a project to do so if there isn’t something else like it elsewhere.

On another note, I discovered I prefer running Tor on FreeBSD over Linux. Ran 
CentOS for a bit, but somehow encrypting /tmp blew it up and the NOC had to 
re-install the OS. I went with FreeBSD instead and dig it immensely. Pf is much 
less of a headache than IPTables — I actually got port forwarding from 80 to 
9091 and 43 to 9090 working. Administration is more straightforward. I like the 
clear separation of the base system from additional software added from ports. 
Compiling ports, while more time consuming, is a delight compared to some of 
the binary package management issues I’ve had in the past with Linux. FreeBSD 
also appears to manage memory more efficiently. I run Linux as a desktop OS, 
but for a server OS, FreeBSD has won me over with its simplicity, less 
convoluted security (no SELinux — yes I know you can turn it off, but I’m the 
masochist who leaves it on), better support for chroot jails. Just my opinion.

One more question and I’ll probably feel stupid after reading the answers, but 
does “RelayBandwidthRate” apply separately to rx and tx rates or the combined 
throughput of them both? The server I run has an unmetered 100Mb/s connection. 
I’ve got RelayBandwidthRate set to 5MB and RelayBandwidthBurst set to 10MB. 
12.5MB/s being the theoretical max, if I bumped up my bandwidth rate to, say, 
8, would my relay overload the NIC or would it continue to behave?

My server specs are as follows:

FreeBSD 9.2
Dual Core Atom D2500
4GB RAM
2TB SATA drive (encrypted swap and /tmp)
100Mbit unmetered traffic
5 usable IPv4 addresses

At last check, I had 1140 TCP connections according to lsof and vnstat is 
showing throughputs of 13-18Mbit/s rx and 14-19Mbit/s tx. Tor CPU usage is 
about 22-27% according to top.

Does this look reasonable or should I tweak some things like max connections?

Thanks,
Chris

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Thanks for the advice on handling DMCA complaints.

2013-10-25 Thread Lunar
Christopher Jones:
 Does the Tor project run a database to track abuse complaints? Could
 be useful in terms of uncovering who the largest pains in the ass are
 (mine was from Irdeto on behalf on NBC Universal), as well as
 organizing targeted campaigns to put pressure on companies like Irdeto
 to at least perform some due diligence and not send out DMCA
 originating from exit relays. If not, maybe I’ll start working on a
 project to do so if there isn’t something else like it elsewhere.

Not the Tor project itself, but have a loot at Chilling Effects:
https://www.chillingeffects.org/. It was founded by Wendy Seltzer who
is also on the board of directors of The Tor Project. Chilling Effects
would probably welcome your help. :)

-- 
Lunar lu...@torproject.org


signature.asc
Description: Digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


Re: [tor-relays] Thanks for the advice on handling DMCA complaints.

2013-10-25 Thread Roger Dingledine
On Fri, Oct 25, 2013 at 11:03:27AM -0400, Christopher Jones wrote:
 I just wanted to thank the list members for giving me some great advice
on working with my ISP to deal with the DMCA nastygrams. I restricted
my exit policy to allow most legitimate TCP services and block the rest,
which should hopefully disincentivize those damn P2P users from picking
my relay as an exit in most cases.

If you want to go even more conservative, you could allow just 80 and 443.
It would still be useful to many people, and be even less likely to draw
dmca complaints. Something to consider for the future if you need another
step in the negotiation.

 Does the Tor project run a database to track abuse complaints? Could
be useful in terms of uncovering who the largest pains in the ass are
(mine was from Irdeto on behalf on NBC Universal), as well as organizing
targeted campaigns to put pressure on companies like Irdeto to at least
perform some due diligence and not send out DMCA originating from exit
relays. If not, maybe I?ll start working on a project to do so if there
isn?t something else like it elsewhere.

Lunar's pointer to Chilling Effects is a good one.

But see also this mail from the distant past:
https://lists.torproject.org/pipermail/tor-talk/2005-October/016301.html

You see, if somebody sends you a DMCA takedown knowing that it doesn't
apply to you, then *they're* breaking the law. So in theory you could
notify them that you've got safe harbor under DMCA 512(a) and would
they kindly stop harrassing you, and then when they send the next letter
you can countersue. Somebody should do this someday, but it will be an
involved and messy process. On the plus side, some large universities
have successfully used this approach (or more precisely, the threat of
using it) to stop the bigger DMCA bullies from wasting their time. On
the minus side, you as a customer of your ISP don't get to make this
decision, at least not by yourself, because your main problem is the
policy of your ISP, not any actual laws.

 One more question and I?ll probably feel stupid after reading the
answers, but does ?RelayBandwidthRate? apply separately to rx and tx
rates or the combined throughput of them both? The server I run has an
unmetered 100Mb/s connection. I?ve got RelayBandwidthRate set to 5MB and
RelayBandwidthBurst set to 10MB. 12.5MB/s being the theoretical max,
if I bumped up my bandwidth rate to, say, 8, would my relay overload
the NIC or would it continue to behave?

Tor counts bytes separately in each direction. So 5Mbytes means 5mbytes
reading and 5mbytes writing. So you are currently limiting your relay
to a long-term average of 40mbps.

 At last check, I had 1140 TCP connections according to lsof and vnstat
is showing throughputs of 13-18Mbit/s rx and 14-19Mbit/s tx. Tor CPU
usage is about 22-27% according to top.
 
 Does this look reasonable or should I tweak some things like max connections?

There isn't any functionality currently to limit how many connections
your relay will use/accept. You need to be able to have a connection
open to every other relay, and to the exit destinations that users ask
for (if your exit policy allows it), and to clients if they pick you for
their first hop. Refusing to do any of those connections degrades service
(and in the relay-to-relay connection case, it potentially messes with
anonymity in complex ways too, since the Tor network is no longer a
clique topology).

Fortunately, sockets are basically free on a real OS. The main challenge
comes up in cheap VPS systems where they artificially limit system
resources to make it hard for you to do anything with your VPS.

--Roger

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays