tor-webwml.git

1) ## translation metadata

2) # Revision: $Revision$

3) # Translation-Priority: 3-low
4) 
5) #include "head.wmi" TITLE="Tor Project: Abuse FAQ" CHARSET="UTF-8"
6) <div id="content" class="clearfix">
7)   <div id="breadcrumbs">

8)     <a href="<page index>">Home &raquo; </a>

9)     <a href="<page docs/documentation>">Documentation &raquo; </a>
10)     <a href="<page docs/faq-abuse>">Abuse FAQ</a>
11)   </div>
12)   <div id="maincol"> 
13)     <!-- PUT CONTENT AFTER THIS TAG -->
14)     <h1>Abuse FAQ</h1>

15)     <hr>

16)     #<!-- BEGIN SIDEBAR -->
17)     #<div class="sidebar-left">
18)     #<h3>Questions</h3>
19)     #<ul>
20)     #<li><a href="<page docs/faq-abuse>#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></li>
21)     #<li><a href="<page docs/faq-abuse>#DDoS">What about distributed denial of service attacks?</a></li>
22)     #<li><a href="<page docs/faq-abuse>#WhatAboutSpammers">What about spammers?</a></li>
23)     #<li><a href="<page docs/faq-abuse>#HowMuchAbuse">Does Tor get much abuse?</a></li>
24)     #<li><a href="<page docs/faq-abuse>#TypicalAbuses">So what should I expect if I run an exit relay?</a></li>
25)     #<li><a href="<page docs/faq-abuse>#IrcBans">Tor is banned from the IRC network I want to use.</a></li>
26)     #<li><a href="<page docs/faq-abuse>#SMTPBans">Your nodes are banned from the mail server I want to use.</a></li>
27)     #<li><a href="<page docs/faq-abuse>#Bans">I want to ban the Tor network from my service.</a></li>
28)     #<li><a href="<page docs/faq-abuse>#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></li>
29)     #<li><a href="<page docs/faq-abuse>#RemoveContent">I want some content removed from a .onion address.</a></li>
30)     #<li><a href="<page docs/faq-abuse>#LegalQuestions">I have legal questions about Tor abuse.</a></li>
31)     #</ul>
32)     #</div>
33)     #<!-- END SIDEBAR -->

34)     <h3>Questions</h3>
35)     <ul>
36)     <li><a href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></li>
37)     <li><a href="#DDoS">What about distributed denial of service attacks?</a></li>
38)     <li><a href="#WhatAboutSpammers">What about spammers?</a></li>
39)     <li><a href="#HowMuchAbuse">Does Tor get much abuse?</a></li>
40)     <li><a href="#TypicalAbuses">So what should I expect if I run an exit relay?</a></li>
41)     <li><a href="#IrcBans">Tor is banned from the IRC network I want to use.</a></li>
42)     <li><a href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></li>
43)     <li><a href="#Bans">I want to ban the Tor network from my service.</a></li>
44)     <li><a href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></li>
45)     <li><a href="#RemoveContent">I want some content removed from a .onion address.</a></li>
46)     <li><a href="#LegalQuestions">I have legal questions about Tor abuse.</a></li>
47)     </ul>
48)     <hr>

49)     
50)     <a id="WhatAboutCriminals"></a>
51)     <h3><a class="anchor" href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></h3>
52)     
53)     <p>Criminals can already do bad things. Since they're willing to
54)     break laws, they already have lots of options available that provide
55)     <em>better</em> privacy than Tor provides. They can steal cell phones,
56)     use them, and throw them in a ditch; they can crack into computers
57)     in Korea or Brazil and use them to launch abusive activities; they
58)     can use spyware, viruses, and other techniques to take control of
59)     literally millions of Windows machines around the world. </p>
60)     
61)     <p>Tor aims to provide protection for ordinary people who want to follow
62)     the law. Only criminals have privacy right now, and we need to fix that. </p>
63)     
64)     <p>Some advocates of anonymity explain that it's just a tradeoff &mdash;
65)     accepting the bad uses for the good ones &mdash; but there's more to it
66)     than that.
67)     Criminals and other bad people have the motivation to learn how to
68)     get good anonymity, and many have the motivation to pay well to achieve
69)     it. Being able to steal and reuse the identities of innocent victims
70)     (identify theft) makes it even easier. Normal people, on the other hand,
71)     don't have the time or money to spend figuring out how to get
72)     privacy online. This is the worst of all possible worlds. </p>
73)     
74)     <p>So yes, criminals could in theory use Tor, but they already have
75)     better options, and it seems unlikely that taking Tor away from the
76)     world will stop them from doing their bad things. At the same time, Tor
77)     and other privacy measures can <em>fight</em> identity theft, physical
78)     crimes like stalking, and so on. </p>
79)     
80)     <!--
81)     <a id="Pervasive"></a>
82)     <h3><a class="anchor" href="#Pervasive">If the whole world starts using
83)     Tor, won't civilization collapse?</a></h3>
84)     -->
85)     
86)     <a id="DDoS"></a>
87)     <h3><a class="anchor" href="#DDoS">What about distributed denial of service attacks?</a></h3>
88)     
89)     <p>Distributed denial of service (DDoS) attacks typically rely on having a group
90)     of thousands of computers all sending floods of traffic to a victim. Since
91)     the goal is to overpower the bandwidth of the victim, they typically send
92)     UDP packets since those don't require handshakes or coordination. </p>
93)     
94)     <p>But because Tor only transports correctly formed TCP streams, not
95)     all IP packets, you cannot send UDP packets over Tor. (You can't do
96)     specialized forms of this attack like SYN flooding either.) So ordinary
97)     DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth
98)     amplification attacks against external sites: you need to send in a byte
99)     for every byte that the Tor network will send to your destination. So
100)     in general, attackers who control enough bandwidth to launch an effective
101)     DDoS attack can do it just fine without Tor. </p>
102)     
103)     <a id="WhatAboutSpammers"></a>
104)     <h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3>
105)     
106)     <p>First of all, the default Tor exit policy rejects all outgoing
107)     port 25 (SMTP) traffic. So sending spam mail through Tor isn't going to
108)     work by default. It's possible that some relay operators will enable
109)     port 25 on their particular exit node, in which case that computer will
110)     allow outgoing mails; but that individual could just set up an open mail
111)     relay too, independent of Tor. In short, Tor isn't useful for spamming,
112)     because nearly all Tor relays refuse to deliver the mail. </p>
113)     
114)     <p>Of course, it's not all about delivering the mail. Spammers can use
115)     Tor to connect to open HTTP proxies (and from there to SMTP servers); to
116)     connect to badly written mail-sending CGI scripts; and to control their
117)     botnets &mdash; that is, to covertly communicate with armies of
118)     compromised computers that deliver the spam.
119)     </p>
120)     
121)     <p>
122)     This is a shame, but notice that spammers are already doing great
123)     without Tor. Also, remember that many of their more subtle communication
124)     mechanisms (like spoofed UDP packets) can't be used over Tor, because
125)     it only transports correctly-formed TCP connections.
126)     </p>
127)     
128)     <a id="ExitPolicies"></a>
129)     <h3><a class="anchor" href="#ExitPolicies">How do Tor exit policies work?</a></h3>
130)     
131)     <p>

132)     <a href="<page docs/faq>#ExitPolicies">See the main FAQ</a>

133)     </p>
134)     
135)     <a id="HowMuchAbuse"></a>
136)     <h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3>
137)     

138)     <p>Not much, in the grand scheme of things. The network has been running

139)     since October 2003, and it's only generated a handful of complaints. Of

140)     course, like all privacy-oriented networks on the net, it attracts its

141)     share of jerks. Tor's exit policies help separate the role of "willing
142)     to donate resources to the network" from the role of "willing to deal
143)     with exit abuse complaints," so we hope our network is more sustainable
144)     than past attempts at anonymity networks. </p>
145)     
146)     <p>Since Tor has

147)     <a href="<page about/torusers>">many good uses as

148)     well</a>, we feel that we're doing pretty well at striking a balance
149)     currently. </p>
150)     
151)     <a id="TypicalAbuses"></a>
152)     <h3><a class="anchor" href="#TypicalAbuses">So what should I expect if I run an exit relay?</a></h3>
153)     
154)     <p>If you run a Tor relay that allows exit connections (such as the
155)     default exit policy), it's probably safe to say that you will eventually
156)     hear from somebody. Abuse
157)     complaints may come in a variety of forms. For example: </p>
158)     <ul>
159)     <li>Somebody connects to Hotmail, and sends a ransom note to a
160)     company. The
161)     FBI sends you a polite email, you explain that you run a Tor relay,
162)     and they say "oh well" and leave you alone. [Port 80]</li>
163)     <li>Somebody tries to get you shut down by using Tor to connect to Google
164)     groups and post spam to Usenet, and then sends an angry mail to
165)     your ISP about how you're destroying the world. [Port 80]</li>
166)     <li>Somebody connects to an IRC network and makes a nuisance of
167)     himself. Your ISP gets polite mail about how your computer has been
168)     compromised; and/or your computer gets DDoSed. [Port 6667]</li>
169)     <li>Somebody uses Tor to download a Vin Diesel movie, and
170)     your ISP gets a DMCA takedown notice. See EFF's
171)     <a href="<page eff/tor-dmca-response>">Tor DMCA Response
172)     Template</a>, which explains why your ISP can probably ignore
173)     the notice without any liability. [Arbitrary ports]</li>
174)     </ul>

175) 
176)     <p>For a complete set of template responses to different abuse complaint
177)     types, see <a
178)     href="<wiki>TheOnionRouter/TorAbuseTemplates">the collection of templates
179)     on the Tor wiki</a>. You can also proactively reduce the amount of abuse you
180)     get by following <a href="<blog>tips-running-exit-node-minimal-harassment">these tips
181)     for running an exit node with minimal harassment</a>.

182)     
183)     <p>You might also find that your Tor relay's IP is blocked from accessing
184)     some Internet sites/services. This might happen regardless of your exit
185)     policy, because some groups don't seem to know or care that Tor has
186)     exit policies. (If you have a spare IP not used for other activities,
187)     you might consider running your Tor relay on it.) For example, </p>
188)     
189)     <ul>
190)     <li>Because of a few cases of anonymous jerks messing with its web
191)     pages, Wikipedia is currently blocking many Tor relay IPs from writing
192)     (reading still works). We're talking to Wikipedia about how they might
193)     control abuse while still providing access to anonymous contributors,
194)     who often have hot news or inside info on a topic but don't want to risk
195)     revealing their identities when publishing it (or don't want to reveal
196)     to local observers that they're accessing Wikipedia). Slashdot is also
197)     in the same boat.</li>
198)     
199)     <li>SORBS is putting some Tor relay IPs on their email
200)     blacklist as well. They do this because they passively detect whether your
201)     relay connects to certain IRC networks, and they conclude from this that
202)     your relay is capable of spamming. We tried to work with
203)     them to teach them that not all software works this way,
204)     but we have given up. We recommend you avoid them, and <a
205)     href="http://paulgraham.com/spamhausblacklist.html">teach your friends
206)     (if they use them) to avoid abusive blacklists too</a>.</li>
207)     
208)     </ul>
209)     
210)     <a id="IrcBans"></a>
211)     <h3><a class="anchor" href="#IrcBans">Tor is banned from the IRC network I want to use.</a></h3>
212)     
213)     <p>Sometimes jerks make use of Tor to troll IRC channels. This abuse
214)     results in IP-specific temporary bans ("klines" in IRC lingo), as the
215)     network operators try to keep the troll off of their network. </p>
216)     
217)     <p>This response underscores a fundamental flaw in IRC's security model:
218)     they assume that IP addresses equate to humans, and by banning the
219)     IP address they can ban the human. In reality this is not the case &mdash;
220)     many such trolls routinely make use of the literally millions of open
221)     proxies and compromised computers around the Internet. The IRC networks
222)     are fighting a losing battle of trying to block all these nodes,
223)     and an entire cottage industry of blacklists and counter-trolls has
224)     sprung up based on this flawed security model (not unlike the antivirus
225)     industry). The Tor network is just a drop in the bucket here. </p>
226)     
227)     <p>On the other hand, from the viewpoint of IRC server operators, security
228)     is not an all-or-nothing thing.  By responding quickly to trolls or
229)     any other social attack, it may be possible to make the attack scenario
230)     less attractive to the attacker.  And most individual IP addresses do
231)     equate to individual humans, on any given IRC network at any given time.
232)     The exceptions include NAT gateways which may be allocated access as
233)     special cases. While it's a losing battle to try to stop the use of open
234)     proxies, it's not generally a losing battle to keep klining a single
235)     ill-behaved IRC user until that user gets bored and goes away. </p>
236)     
237)     <p>But the real answer is to implement application-level auth systems,
238)     to let in well-behaving users and keep out badly-behaving users. This
239)     needs to be based on some property of the human (such as a password he
240)     knows), not some property of the way his packets are transported. </p>
241)     
242)     <p>Of course, not all IRC networks are trying to ban Tor nodes. After
243)     all, quite a few people use Tor to IRC in privacy in order to carry
244)     on legitimate communications without tying them to their real-world
245)     identity. Each IRC network needs to decide for itself if blocking a few
246)     more of the millions of IPs that bad people can use is worth losing the
247)     contributions from the well-behaved Tor users. </p>
248)     
249)     <p>If you're being blocked, have a discussion with the network operators
250)     and explain the issues to them. They may not be aware of the existence of
251)     Tor at all, or they may not be aware that the hostnames they're klining
252)     are Tor exit nodes.  If you explain the problem, and they conclude that
253)     Tor ought to be blocked, you may want to consider moving to a network that
254)     is more open to free speech.  Maybe inviting them to #tor on irc.oftc.net
255)     will help show them that we are not all evil people. </p>
256)     
257)     <p>Finally, if you become aware of an IRC network that seems to be
258)     blocking Tor, or a single Tor exit node, please put that information on <a

259)     href="<wiki>TheOnionRouter/BlockingIrc">The Tor

260)     IRC block tracker</a>
261)     so that others can share.  At least one IRC network consults that page
262)     to unblock exit nodes that have been blocked inadvertently. </p>
263)     
264)     <a id="SMTPBans"></a>
265)     <h3><a class="anchor" href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></h3>
266)     
267)     <p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for
268)     spamming</a>, some over-zealous blacklisters seem to think that all
269)     open networks like Tor are evil &mdash; they attempt to strong-arm network
270)     administrators on policy, service, and routing issues, and then extract
271)     ransoms from victims. </p>
272)     
273)     <p>If your server administrators decide to make use of these
274)     blacklists to refuse incoming mail, you should have a conversation with
275)     them and explain about Tor and Tor's exit policies. </p>
276)     
277)     <a id="Bans"></a>
278)     <h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3>
279)     
280)     <p>We're sorry to hear that. There are some situations where it makes
281)     sense to block anonymous users for an Internet service. But in many
282)     cases, there are easier solutions that can solve your problem while
283)     still allowing users to access your website securely.</p>
284)     
285)     <p>First, ask yourself if there's a way to do application-level decisions
286)     to separate the legitimate users from the jerks. For example, you might
287)     have certain areas of the site, or certain privileges like posting,
288)     available only to people who are registered. It's easy to build an
289)     up-to-date list of Tor IP addresses that allow connections to your
290)     service, so you could set up this distinction only for Tor users. This
291)     way you can have multi-tiered access and not have to ban every aspect
292)     of your service. </p>
293)     
294)     <p>For example, the <a
295)     href="http://freenode.net/policy.shtml#tor">Freenode IRC network</a>
296)     had a problem with a coordinated group of abusers joining channels and
297)     subtly taking over the conversation; but when they labelled all users
298)     coming from Tor nodes as "anonymous users," removing the ability of the
299)     abusers to blend in, the abusers moved back to using their open proxies
300)     and bot networks. </p>
301)     
302)     <p>Second, consider that hundreds of thousands of
303)     people use Tor every day simply for
304)     good data hygiene &mdash; for example, to protect against data-gathering
305)     advertising companies while going about their normal activities. Others
306)     use Tor because it's their only way to get past restrictive local
307)     firewalls. Some Tor users may be legitimately connecting
308)     to your service right now to carry on normal activities. You need to
309)     decide whether banning the Tor network is worth losing the contributions
310)     of these users, as well as potential future legitimate users. (Often
311)     people don't have a good measure of how many polite Tor users are
312)     connecting to their service &mdash; you never notice them until there's
313)     an impolite one.)</p>
314)     
315)     <p>At this point, you should also ask yourself what you do about other
316)     services that aggregate many users behind a few IP addresses. Tor is
317)     not so different from AOL in this respect.</p>
318)     
319)     <p>Lastly, please remember that Tor relays have <a

320)     href="<page docs/faq>#ExitPolicies">individual exit policies</a>. Many
321)     Tor relays do

322)     not allow exiting connections at all. Many of those that do allow some
323)     exit connections might already disallow connections to
324)     your service. When you go about banning nodes, you should parse the
325)     exit policies and only block the ones that allow these connections;
326)     and you should keep in mind that exit policies can change (as well as
327)     the overall list of nodes in the network).</p>
328)     
329)     <p>If you really want to do this, we provide a
330)     <a href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">Tor
331)     exit relay list</a> or a
332)     <a href="<page projects/tordnsel>">DNS-based list you can query</a>.
333)     </p>
334)     
335)     <p>
336)     (Some system administrators block ranges of IP addresses because of
337)     official policy or some abuse pattern, but some have also asked about
338)     whitelisting Tor exit relays because they want to permit access to their
339)     systems only using Tor. These scripts are usable for whitelisting as well.)
340)     </p>
341)     
342)     <a id="TracingUsers"></a>
343)     <h3><a class="anchor" href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></h3>
344)     
345)     <p>
346)     There is nothing the Tor developers can do to trace Tor users. The same
347)     protections that keep bad people from breaking Tor's anonymity also
348)     prevent us from figuring out what's going on.
349)     </p>
350)     
351)     <p>
352)     Some fans have suggested that we redesign Tor to include a <a

353)     href="<page docs/faq>#Backdoor">backdoor</a>.

354)     There are two problems with this idea. First, it technically weakens the
355)     system too far. Having a central way to link users to their activities
356)     is a gaping hole for all sorts of attackers; and the policy mechanisms
357)     needed to ensure correct handling of this responsibility are enormous
358)     and unsolved. Second, the bad people <a href="#WhatAboutCriminals">aren't
359)     going to get caught by this anyway</a>, since they will use other means
360)     to ensure their anonymity (identity theft, compromising computers and
361)     using them as bounce points, etc).
362)     </p>

363) 
364)     <p>
365)     This ultimately means that it is the responsibility of site owners to protect
366)     themselves against compromise and security issues that can come from
367)     anywhere. This is just part of signing up for the benefits of the
368)     Internet. You must be prepared to secure yourself against the bad elements,
369)     wherever they may come from. Tracking and increased surveillance are not
370)     the answer to preventing abuse.
371)     </p>
372) 

373)     <p>
374)     But remember that this doesn't mean that Tor is invulnerable. Traditional
375)     police techniques can still be very effective against Tor, such as

376)     investigating means, motive, and opportunity, interviewing suspects,
377)     writing style analysis, technical analysis of the content itself, sting operations,
378)     keyboard taps, and other physical investigations. The Tor Project is also happy to work with everyone
379)     including law enforcement groups to train them how to use the Tor software to safely conduct
380)     investigations or anonymized activities online.

381)     </p>

382) 
383) 

384)     <a id="RemoveContent"></a>
385)     <h3><a class="anchor" href="#RemoveContent">I want some content removed from a .onion address.</a></h3>
386)     <p>The Tor Project does not host, control, nor have the ability to
387)     discover the owner or location of a .onion address.  The .onion address is
388)     an address from <a href="<page docs/hidden-services>">a hidden
389)     service</a>.  The name you see ending in .onion is a hidden service descriptor.
390)     It's an automatically generated name which can be located on any Tor
391)     relay or client anywhere on the Internet.  Hidden services are designed
392)     to protect both the user and service provider from discovering who they
393)     are and where they are from.  The design of hidden services means the
394)     owner and location of the .onion site is hidden even from us.</p>
395)     <p>But remember that this doesn't mean that hidden services are
396)     invulnerable. Traditional police techniques can still be very effective

397)     against them, such as interviewing suspects, writing style analysis,
398)     technical analysis of the content itself, sting operations, keyboard taps,
399)     and other physical investigations.</p>
400) 

401)     <p>If you have a complaint about child pornography, you may wish to report
402)     it to the National Center for Missing and Exploited Children, which serves
403)     as a national coordination point for investigation of child pornography:
404)     <a href="http://www.missingkids.com/">http://www.missingkids.com/</a>.
405)     We do not view links you report.</p>

406) 
407)     <p>The Tor Project also encourages the use of Tor by law enforcement in
408)     the investigation, stings, and infiltration of child pornography rings.
409)     Please contact us for information on Tor trainings.
410)     </p>
411)