Jul 252013


During a conference some while ago, Jacob Appelbaum gave a talk on the usefulness of the Tor project, allowing you to browse anonymously, liberating speech online, enabling web access in censored countries, etc.

Jacob described how the anonymizing Tor network consists of many machines world wide that use encryption and run the Tor software, which are routing internet traffic and on the way anonymize it, and then traffic leaves the network at some random host so the original sender cannot be traced back. These hosts are called “exit nodes”.

At the end of his talk, he prompted the audience:
Why don’t you run an exit node yet?
I had been using Tor in the past on and off, and while I couldn’t agree more with the privacy goals and anti-censorship measures outlined, I never setup an exit node to help the network. And I do admin quite a number of hosted machines that have idle bandwidth available…

It took me a while to get round to it, but some months after that I started to set up the first exit node on a hosted virtual server. It took a while to get it all going, I made sure I read up the legal implications of running it in Germany, setup disclaimers on the host for people checking it’s port 80, etc. After half a day or so, I had it going, watched in the logs how it connected to the network and… let it run.

Traffic came in slowly at first, but after 1 or 2 days, the node’s presence had propagated through the net and it started to max out CPU and bandwidth limits as configured. So far so good, I was happy helping people all over the world browsing the net anonymously and especially helping folks in countries with internet censorship to access all the net. Great!

Or so I thought at least. It only took some 5 or so days for me to get an official notice to cease network activity on this host immediately. Complaints about Copyright infringement were cited as the reason. Turned out that the majority of the “liberating” traffic I was relaying were torrenting copyrighted material. I had checked out the Tor guidelines in advance, which are correctly outlining that in Germany the TMG (law on telecommunication media) paragraphs §8 and §15 are actually protecting me as a traffic router from liability for the actual traffic contents, so initially I assumed I’d be fine in case of claims.

It turned out the notice had a twist to it. It was actually my virtual server provider who sent that notice on behalf of a complaining party and argued that I was in violation of their general terms and conditions for purchasing hosting services. Checking those, the conditions read:
Use of the server to provide anonymity services is excluded.
Regardless of the TMG, I was in violation of the hosting provider’s terms and conditions which allowed premature termination of the hosting contract. At that point I had no choice but stopping the Tor services on this hosting instance.

All in all a dissatisfying experience, but at least I could answer Jacob’s question now:
I’m not running an exit node because it’s not uncommon for German providers to exclude the use of anonymity services on the merits.
I actually got back to Jacob in Email and suggested that a note be added to the TorExitGuidelines wiki page so future contributors know to check out the terms and conditions of their hosting services. It seems my request has been ignored up to this day, for one reason or another.

I’d still like to support the Tor network however, so for all savvy readers out there, I’m asking:

  • Do you have any provider recommendations where running Tor exit nodes is not an issue? (In Germany perhaps?)
  • Is it at all feasible to be running Tor exit nodes in Germany without having to set a legal budget aside to defend yourself against claims?

  21 Responses to “Tor exit node for less than a week”

  1. Thanks for running a node, even briefly. Torservers.net is based in Germany, and they have lots of experience running exit nodes.

    • Thank you Karen, such a nice reply!
      And thanks to Anon for the link, I’ll have a look at GoodBadISPs and see if there’re good possibilities for running nodes in Germany.

  2. Check out leaseweb! Based in the Netherlands.

    Contact them first to be polite. I asked them if it was ok to run a Tor exit and they said yes, as long as port 25 is closed.

    Been with them now for over 5 months. No issues. Any copyright or spam I receive I reply saying I’m a Tor exit. Never had any issues.

    Tor exit = vandaltwoagain

    • I have been running an exit node there for over a year, and I can’t recommend them. They require you to block a whole range of TCP ports, make you fill out a form for every abuse message that is received, and even then harass you to take measures to lower the number of abuse messages. Definitely not Tor friendly (any more). Probably because some knowledgeable personnel left the company.

  3. I am not running a Tor exit node, because my friend has already been taken to the police for running an open wi-fi access point. Someone downloaded child porn from that.

    My country is Russia.

    • Thanks for the comment Alexander, that’s really shocking, all the best for your friend!
      I suppose you don’t have something like the EFF in Russia to support him?

  4. What I’m interested in is why people are using it to torrent copyrighted materials. Is this a real issue or faked by the hosting company to shut this down more easily, to make anonymity synonymous with illegal activity? I’ve heard that sharing .torrent files and magnet links is okay via Tor but actual torrenting using Tor proxies is a strain.

  5. I am running high capacity exit nodes since several years. Using a vserver is probably not a good choice for running an exit. I first started with a vserver too, but noticed quickly that the normal vserver offerings are not good for running tor. That is probably the reason for your hoster to keep out tor nodes with their tos. Better order a root server for this kind of relay.

  6. A couple of suggestions. First, the Tor Exit Guidelines page does already advise checking with the hosting company before setting up an exit, so while your advice to link to the list of Good/Bad ISPs is reasonable, you should really have seen that 😉 Second, I’d strongly recommend the tor-relay list: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays – people there are really nice and helpful. Best of luck, and I hope you try again with a better hoster!

  7. Hey Tim,

    Eine Exit-Node würd eich in Deutschland nur als “Verein” betreiben.

    Außer eine Exit-Node und Ports wie Port 80, Bittorrent etc sperren, dann auch in Deutschland.

    Ansonsten kann man hier wunderbar Relay (non-exit) betreiben;

    Denke für den “kleinen Mann” ist dies der einfachere Weg und für ein Exit-Node kann amn ja an Vereine spenden – siehe: torservers.net

    Liebe Grüße

  8. Will it help if one restricted the kind of traffic that one allows through their exit relay?

    Just – SSL, POP, IMAP, and IM. Will this stop users who are torrenting?

    • First, the kind of Tor traffic restrictions you’re suggesting don’t fix the provider’s legal requirements.
      Second, filtering just by port numbers isn’t really effective to restrict the type of data transmitted.
      Third, Tor is all about enabling an anonymized, private and more secure but still complete web experience for people which is incompatible with arbitrary protocol restrictions.
      Last but not least, for some people on this planet, Tor is the *only* way to use this internet at all or without risking their lives. They need and deserve full functionality for legitimate uses just as much as you, me or anybody else.

  9. how can I limit the data that goes through an exit node if I choose to set one up? By that I mean is it possible to limit the data to non torrent traffic?

  10. Yeah I know what you mean about the exit nodes. Non-exit relays and bridges are great though, bridges especially, entrance only. Otherwise host in a better country at better datacenter next time. Going more into hidden services and starting to keep more traffic inside of the network is the good goal to go towards. Hidden services are the best.

  11. Compared to Tor, Luminati has a different model of service: While TOR has around 20K IPs, which are all marked and identified, Luminati’s peer to peer (P2P) network has over 17 million residential IPs that are not identified as Proxies/Tor. Our architecture, which has an inbuilt IP rotation management layer, allows you to use our P2P network for sending your HTTP / HTTPS requests via millions of IPs in every country and every city worldwide. With the right architecture on your side, you can achieve a failure rate of less than 1%.

    Register for your 7 day free trial here: https://luminati.io/

    [ed: affiliation link removed]

    • Being hosted by a corporation, Luminati doesn’t provide anonymized protection against state level adversaries. So dissidents, journalists, NGO workers, etc still need to use Tor for reliable anonymization.

  12. Its a bit late, but you can try contabo.de
    You will get a unlimited 100 Mbit/s connection for 6,99 €/month.
    They allow relays and exit nodes, i have asked the support 😉

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>