Running a Tor node: Difference between revisions

Some notes on running a Tor node at BitFolk.

What's Tor?

"Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy."
– https://www.torproject.org/about/overview.html.en

A Tor exit node basically proxies traffic from the Tor network to the Internet. Some customers wish to run a Tor node on their BitFolk VPSes in order to assist the Tor network in providing this service, but this can cause some issues.

Who is responsible for traffic sent through a Tor node?

You are BitFolk's customer and what you run on your VPS is your responsibility. If abusive activity is traced back to your VPS then BitFolk expects you to deal with it, which includes making a reasonable effort to prevent re-occurrence.

BitFolk is not going to speculate on who is legally responsible for actions taken through a Tor exit node, but you are BitFolk's customer and in event of a legal issue BitFolk will supply your contact details to law enforcement on receipt of a valid court order.

Is running a Tor node at BitFolk allowed?

Yes, but:

• If BitFolk receives abuse reports or complaints as a result of something running on your VPS then BitFolk will expect you to answer them.
• If persistent abuse is observed through your VPS then usual BitFolk policy is to not keep you as a customer - this is the case whether you run a Tor node or not.
• Due to common abuse issues encountered previously, you are required to implement some things in your exit policy.
• There are already several Tor nodes at BitFolk and the UK in particular is very well served with nodes, so do consider if running an additional node at BitFolk is the best use of resources.

Common problems

Almost any form of abusive activity that someone may wish to engage in on the Internet can be done through the Tor network so as to make it practically impossible to track the perpetrator. Common issues include:

• Email and web comment spam.
• SSH brute force dictionary attacks.
• BitTorrent and other p2p filesharing of copyrighted material.

Required exit policies

Allowing the following traffic causes too many problems for BitFolk and so if you wish to run a Tor exit node you are required to enforce the following exit policies:

• Disable port 22 to the Internet due to SSH brute force dictionary attacks.
• Disable port 25 to the Internet due to email spam.

Recommended exit policies

In addition to the above required exit policies, it is strongly recommended that you block the common BitTorrent ports. Rights holders are routinely joining torrents to obtain a list of IP addresses serving them, and then reporting this to the service providers responsible for the IP addresses. When BitFolk receives these abuse reports they are passed on to the customer. You may not wish to take the risk of legal action.

Running a relay node

If you'd like to help the Tor network but don't want to risk possibly being the last traceable hop in some form of illegal activity, you may prefer to run a relay node. Relays only talk to other Tor nodes, so only deal with encrypted traffic and are certainly less effort to maintain than an exit node.

Remember to replace the default exit policy in your Tor configuration with this:

reject *:*

Bridge relays

A Bridge relay are a special type of relay that is not listed in the main Tor directory. As there is no complete list of bridge relays, they can't be easily blocked by ISPs.

Further information

• Why You Shouldn't Run BitTorrent Over Tor - includes a sample exit policy for blocking common BitTorrent ports.
• Tipe for Running an Exit Node with Minimal Harassment