During a conference some while ago, Jacob Appelbaum gave a talk on the usefulness of the Tor project, allowing you to browse anonymously, liberating speech online, enabling web access in censored countries, etc.
Jacob described how the anonymizing Tor network consists of many machines world wide that use encryption and run the Tor software, which are routing internet traffic and on the way anonymize it, and then traffic leaves the network at some random host so the original sender cannot be traced back. These hosts are called "exit nodes".
At the end of his talk, he prompted the audience: "Why don’t you run an exit node yet?" I had been using Tor in the past on and off, and while I couldn’t agree more with the privacy goals and anti-censorship measures outlined, I never setup an exit node to help the network. And I do admin quite a number of hosted machines that have idle bandwidth available…
It took me a while to get round to it, but some months after that I started to set up the first exit node on a hosted virtual server. It took a while to get it all going, I made sure I read up the legal implications of running it in Germany, setup disclaimers on the host for people checking it’s port 80, etc. After half a day or so, I had it going, watched in the logs how it connected to the network and… let it run.
Traffic came in slowly at first, but after 1 or 2 days, the node’s presence had propagated through the net and it started to max out CPU and bandwidth limits as configured. So far so good, I was happy helping people all over the world browsing the net anonymously and especially helping folks in countries with internet censorship to access all the net.
Or so I thought at least.
It only took some 5 or so days for me to get an official notice to cease network activity on this host immediately. Complaints about Copyright infringement were cited as the reason. Turned out that the majority of the "liberating" traffic I was relaying were torrenting copyrighted material. I had checked out the Tor guidelines in advance, which are correctly outlining that in Germany the TMG (law on telecommunication media) paragraphs §8 and §15 are actually protecting me as a traffic router from liability for the actual traffic contents, so initially I assumed I’d be fine in case of claims.
It turned out the notice had a twist to it. It was actually my virtual server provider who sent that notice on behalf of a complaining party and argued that I was in violation of their general terms and conditions for purchasing hosting services. Checking those, the conditions read: "Use of the server to provide anonymity services is excluded." Regardless of the TMG, I was in violation of the hosting provider’s terms and conditions which allowed premature termination of the hosting contract. At that point I had no choice but stopping the Tor services on this hosting instance.
All in all a dissatisfying experience, but at least I could answer Jacob’s question now: "I’m not running an exit node because it’s not uncommon for German providers to exclude the use of anonymity services on the merits." I actually got back to Jacob in Email and suggested that a note be added to the TorExitGuidelines wiki page so future contributors know to check out the terms and conditions of their hosting services. It seems my request has been ignored up to this day, for one reason or another.
I’d still like to support the Tor network however, so for all savvy readers out there, I’m asking:
Do you have any provider recommendations where running Tor exit nodes is not an issue? (In Germany perhaps?)
Is it at all feasible to be running Tor exit nodes in Germany without having to set a legal budget aside to defend yourself against claims?