An Open Letter to Tor Users

The idea behind the Tor project is a good one.  There are a lot of people around the world who have only filtered Internet access, and this project allows them to do things like read Wikipedia and other informational sites, whether or not their government wants them too.  It also provides a means of engaging in illegal acts while reducing your chances of getting caught.

And then again, you could be running an exit node, as I was.  Well, inadvertantly.  Apparently the version of Tor I put on my workstation was acting as one by default.  I don’t mind being a middleman node (where you just pass traffic to other Tor nodes), but running an exit node is a bit risky, especially at an educational institution.  I found this out the hard way, after the school forwarded me a DMCA infringement notice.  Now, if you look on the Tor site, they actually have a template for this, which is in fact a somewhat common occurance (at least enough such that they have a form letter made up).  However, due to the rules in place where I’m at I think this is on my record now.

I don’t care; I’m not a heavy torrent user at all, and have never gotten such a notice in the past.  However this is annoying, in that it means that somewhere on the Tor network someone was proxying their Bittorrent traffic.  Now, as I said it seemed that the default exit policy was to make my machine a full-fledged exit node, not blocking anything (unless I missed something).  Normally blocking torrents is a good policy, along with spam.  I would say I would probabably have been fine with the exit node if I’d have done this.  But it so happens I didn’t.  It would however be very nice if Tor wasn’t abused, though, as it really can be helpful.  So, think about that if you ever become a Tor user yourself (whether you run just a client, or also have your machine be a relay).

And to the people with the balls and bandwidth to run an exit, I salute you.

2 thoughts on “An Open Letter to Tor Users”

  1. Tor should default to a safe configuration like middle or bridge. If there is any implementation of Tor that doesn’t do this they should change it.

    Trying to restrict file sharing by exit policy port is a losing battle; if you’re concerned about any kind of DMCA/legal service you should try exit 80 and 443 at most until the risks are more known.

  2. Thanks for your reply. I’ve been kind of busy, but eventually I’ll take a look at the Gentoo Tor’s default torrc, and verify whether or not it was set up that way by default. (Thinking about it, there’s a good chance this was my own error.)

    I may consider just allowing exiting to 80 and 443, but for now I’m going to stick to running a middleman node (possibly two). These two can still be abused, of course, but the biggest issue is probably piracy via things like BitTorrent. I’ll think about it more when I don’t have a universitie’s terms of service to worry about.

Leave a Reply

Your email address will not be published. Required fields are marked *