Re: [tor-relays] Very Safe Exit Policy
Thanks for that Roger, it's a valid point. How do they simultaneously protect the rights of their actual users while warning against all the bad actors that feel the need to defecate all over such an important service (Tor, that is :). Part of me thinks that some kind of system like the way car insurance works in the US with 'points' might make sense, but that would totally break the whole point of Tor - to provide anonymity for its users. Bleah. Pesky humans :) -Chris On Tue, Feb 17, 2015 at 11:55 AM, Roger Dingledine a...@mit.edu wrote: On Tue, Feb 17, 2015 at 11:02:45AM -0500, Chris Patti wrote: I tried running an exit for a bit and it lasted a few weeks before some brainless wonder hijacked someone's Gmail with my exit, so I had to pull it down and go relay only. Even worse (or maybe better), this sort of thing happens when a Tor user connects to her Gmail, and then Google warns her that there was a Tor connection and omg it's time to freak out, and then she freaks out. I mean, maybe it happened the way you describe, but also maybe it didn't. The large services like Gmail and Facebook have been struggling over the past few years to find the right balance between if there's a connection from Tor, tell the user to freak out and actually for some users connecting over Tor is totally the smarter move, and we should encourage that. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Christopher Patti - Geek At Large | GTalk: cpa...@gmail.com | AIM: chrisfeohpatti | P: (260) 54PATTI Technology challenges art, art inspires technology. - John Lasseter, Pixar ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Very Safe Exit Policy
On Tuesday, February 17, 2015 11:02am, Chris Patti cpa...@gmail.com said: [snip] I tried running an exit for a bit and it lasted a few weeks before some brainless wonder hijacked someone's Gmail with my exit, so I had to pull it down and go relay only. Me too. I dearly wish there a way to block webmail while still leaving access to the parent site. Unfortunately, Google, Yahoo, AOL, etc. make it very difficult to separate their mail services from their overall web presence. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Very Safe Exit Policy
On Tue, Feb 17, 2015 at 11:02:45AM -0500, Chris Patti wrote: I tried running an exit for a bit and it lasted a few weeks before some brainless wonder hijacked someone's Gmail with my exit, so I had to pull it down and go relay only. Even worse (or maybe better), this sort of thing happens when a Tor user connects to her Gmail, and then Google warns her that there was a Tor connection and omg it's time to freak out, and then she freaks out. I mean, maybe it happened the way you describe, but also maybe it didn't. The large services like Gmail and Facebook have been struggling over the past few years to find the right balance between if there's a connection from Tor, tell the user to freak out and actually for some users connecting over Tor is totally the smarter move, and we should encourage that. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Very Safe Exit Policy
Hey Stephen, I'm a relatively new operator, and I run over a half dozen Reduced Exit relays and a few middle relays. Abuse complaints shouldn't be common coming from IRC - the main culprits for complaints are DMCA and related for alleged IP (Intellectual Property) theft. That would be your torrents and other downloading services. The Reduced Exit Policy disables the ports traditionally used by those services. (But its rude to download off Tor anyway...) But remember, a Very Safe exit policy is also a very restrictive policy. You may unintentionally inhibit legal activities/dissent/communication/free flow of knowledge. Also, regarding whether it's a reduced exit, or full blown wide open: It is most definitely strongly encouraged, and sensible to put up a tor exit notice. IMHO get this setup before you open your ports. Define the intention before you implement the decision. There are template notices available that only need minor modifications. As well, it's always good to contact your provider and let them know that you're running a Tor relay. I contacted mine, let them know what I was intending to do, how many I was planning on setting up, and I specifically asked for them to contact me immediately over any concern. They were more than kind, and understanding. This sets up a positive environment for when they may in the future get some complaints - they will already know it's not YOU per se, and that no malice was intended. Even if your provider says they permit it, let them know anyway. The whole matter of whether or not the companies that file the complaints have a legal leg to stand on, depending on country, is well beyond the scope of this email. But it is VERY important to understand your rights and responsibilities regarding retransmission of data, as well as that of your provider. In many cases, country dependant, your provider cannot be held liable for retransmission, nor can you. I would STRONGLY encourage you to read as much as possible about this as possible before running an exit relay of any type. Again, I'm relatively new so others could slam my comments as ignorant or whatever... There is a ton of information available to you. If you're concerned about running an exit relay, I would suggest getting confident (and damn proud) of running a middle relay first, then when comfortable move toward a Reduced Exit policy. Kind regards, Matt Speak Freely ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Very Safe Exit Policy
Hi list, I was looking for suggestions/discussion on very conservative policies for an exit relay. I run a relay now that is reject *:* and I wanted to open up a few exit ports. I don't want to open up major ports due to potential abuse issues. My server host states that, although they do allow Tor, there is a chance of the relay being terminated at their will [1]. I was considering using a whitelist exit policy and opening up only the following ports to be safe: 43 - WHOIS protocol 53 - DNS 389 - LDAP 464,543,544,749 - Kerberos 531 - AOL IM 636 - LDAP over SSL 706 - SLIC 873 - rsync 5190 - ICQ and AOL Instant Messenger 5222,5223,5269,5280,5281,5298 - XMPP 5353 - Multicast DNS 5999 - CVSup 8332,8333 - Bitcoin 9091 -Transmission (BitTorrent client) Web Interface 11371 - OpenPGP key server 64738 - Mumble/Murmur I constructed the list based on a quick skimming of the WP ports list [2]. I suspect allowing IRC would eventually be grounds for my host to terminate my relay. This would be my first time running an exit relay and I'd be happy to hear advice and suggestions! Thanks, Steve [1] https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#OVH [2] https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers pgpFiw0Hnh6RP.pgp Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays