docs/en/faq-abuse.wml
2a9aaa80
 ## translation metadata
40e07e2e
 # Revision: $Revision$
2a9aaa80
 # Translation-Priority: 3-low
 
 #include "head.wmi" TITLE="Tor Project: Abuse FAQ" CHARSET="UTF-8"
 <div id="content" class="clearfix">
   <div id="breadcrumbs">
b289ef06
     <a href="<page index>">Home &raquo; </a>
2a9aaa80
     <a href="<page docs/documentation>">Documentation &raquo; </a>
     <a href="<page docs/faq-abuse>">Abuse FAQ</a>
   </div>
8ddaa8a1
   <div id="maincol">
2a9aaa80
     <!-- PUT CONTENT AFTER THIS TAG -->
     <h1>Abuse FAQ</h1>
12ac473b
     <hr>
     <h3>Questions</h3>
     <ul>
     <li><a href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></li>
     <li><a href="#DDoS">What about distributed denial of service attacks?</a></li>
     <li><a href="#WhatAboutSpammers">What about spammers?</a></li>
     <li><a href="#HowMuchAbuse">Does Tor get much abuse?</a></li>
     <li><a href="#TypicalAbuses">So what should I expect if I run an exit relay?</a></li>
fa66404b
     <li><a href="#RespondISP">How do I respond to my ISP about my exit relay?</a></li>
12ac473b
     <li><a href="#IrcBans">Tor is banned from the IRC network I want to use.</a></li>
     <li><a href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></li>
     <li><a href="#Bans">I want to ban the Tor network from my service.</a></li>
     <li><a href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></li>
fa66404b
     <li><a href="#RemoveContent">I want some content removed from a .onion address.</a></li>
     <li><a href="#AbuseOpinion">Where does Tor Project stand on abusers using technology?</a></li>
12ac473b
     <li><a href="#LegalQuestions">I have legal questions about Tor abuse.</a></li>
fa66404b
     <li><a href="#HelpPoliceOrLawyers">I have questions about a Tor IP address for a legal case.</a></li>
12ac473b
     </ul>
fa66404b
 
     <a id="abuse"></a>
     <h4 style="margin-bottom: 18px"><a class="anchor" href="#abuse">Abuse:</a></h4>
8ddaa8a1
 
2a9aaa80
     <a id="WhatAboutCriminals"></a>
     <h3><a class="anchor" href="#WhatAboutCriminals">Doesn't Tor enable criminals to do bad things?</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>Criminals can already do bad things. Since they're willing to
     break laws, they already have lots of options available that provide
     <em>better</em> privacy than Tor provides. They can steal cell phones,
     use them, and throw them in a ditch; they can crack into computers
     in Korea or Brazil and use them to launch abusive activities; they
     can use spyware, viruses, and other techniques to take control of
     literally millions of Windows machines around the world. </p>
8ddaa8a1
 
2a9aaa80
     <p>Tor aims to provide protection for ordinary people who want to follow
     the law. Only criminals have privacy right now, and we need to fix that. </p>
8ddaa8a1
 
2a9aaa80
     <p>Some advocates of anonymity explain that it's just a tradeoff &mdash;
     accepting the bad uses for the good ones &mdash; but there's more to it
     than that.
     Criminals and other bad people have the motivation to learn how to
     get good anonymity, and many have the motivation to pay well to achieve
     it. Being able to steal and reuse the identities of innocent victims
4cd4c707
     (identity theft) makes it even easier. Normal people, on the other hand,
2a9aaa80
     don't have the time or money to spend figuring out how to get
     privacy online. This is the worst of all possible worlds. </p>
8ddaa8a1
 
68456035
     <p>So yes, criminals can use Tor, but they already have
2a9aaa80
     better options, and it seems unlikely that taking Tor away from the
     world will stop them from doing their bad things. At the same time, Tor
     and other privacy measures can <em>fight</em> identity theft, physical
     crimes like stalking, and so on. </p>
8ddaa8a1
 
2a9aaa80
     <a id="DDoS"></a>
     <h3><a class="anchor" href="#DDoS">What about distributed denial of service attacks?</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>Distributed denial of service (DDoS) attacks typically rely on having a group
     of thousands of computers all sending floods of traffic to a victim. Since
     the goal is to overpower the bandwidth of the victim, they typically send
     UDP packets since those don't require handshakes or coordination. </p>
8ddaa8a1
 
2a9aaa80
     <p>But because Tor only transports correctly formed TCP streams, not
     all IP packets, you cannot send UDP packets over Tor. (You can't do
     specialized forms of this attack like SYN flooding either.) So ordinary
     DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth
     amplification attacks against external sites: you need to send in a byte
     for every byte that the Tor network will send to your destination. So
     in general, attackers who control enough bandwidth to launch an effective
     DDoS attack can do it just fine without Tor. </p>
8ddaa8a1
 
2a9aaa80
     <a id="WhatAboutSpammers"></a>
     <h3><a class="anchor" href="#WhatAboutSpammers">What about spammers?</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>First of all, the default Tor exit policy rejects all outgoing
     port 25 (SMTP) traffic. So sending spam mail through Tor isn't going to
     work by default. It's possible that some relay operators will enable
     port 25 on their particular exit node, in which case that computer will
     allow outgoing mails; but that individual could just set up an open mail
     relay too, independent of Tor. In short, Tor isn't useful for spamming,
     because nearly all Tor relays refuse to deliver the mail. </p>
8ddaa8a1
 
2a9aaa80
     <p>Of course, it's not all about delivering the mail. Spammers can use
     Tor to connect to open HTTP proxies (and from there to SMTP servers); to
     connect to badly written mail-sending CGI scripts; and to control their
     botnets &mdash; that is, to covertly communicate with armies of
     compromised computers that deliver the spam.
     </p>
8ddaa8a1
 
2a9aaa80
     <p>
     This is a shame, but notice that spammers are already doing great
     without Tor. Also, remember that many of their more subtle communication
     mechanisms (like spoofed UDP packets) can't be used over Tor, because
     it only transports correctly-formed TCP connections.
     </p>
8ddaa8a1
 
2a9aaa80
     <a id="ExitPolicies"></a>
     <h3><a class="anchor" href="#ExitPolicies">How do Tor exit policies work?</a></h3>
8ddaa8a1
 
fa66404b
     <p><a href="<page docs/faq>#ExitPolicies">See the main FAQ</a></p>
8ddaa8a1
 
2a9aaa80
     <a id="HowMuchAbuse"></a>
     <h3><a class="anchor" href="#HowMuchAbuse">Does Tor get much abuse?</a></h3>
8ddaa8a1
 
c22d4215
     <p>Not much, in the grand scheme of things. The network has been running
2a9aaa80
     since October 2003, and it's only generated a handful of complaints. Of
c22d4215
     course, like all privacy-oriented networks on the net, it attracts its
2a9aaa80
     share of jerks. Tor's exit policies help separate the role of "willing
     to donate resources to the network" from the role of "willing to deal
     with exit abuse complaints," so we hope our network is more sustainable
     than past attempts at anonymity networks. </p>
8ddaa8a1
 
2a9aaa80
     <p>Since Tor has
c22d4215
     <a href="<page about/torusers>">many good uses as
2a9aaa80
     well</a>, we feel that we're doing pretty well at striking a balance
     currently. </p>
8ddaa8a1
 
2a9aaa80
     <a id="TypicalAbuses"></a>
     <h3><a class="anchor" href="#TypicalAbuses">So what should I expect if I run an exit relay?</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>If you run a Tor relay that allows exit connections (such as the
     default exit policy), it's probably safe to say that you will eventually
     hear from somebody. Abuse
     complaints may come in a variety of forms. For example: </p>
     <ul>
     <li>Somebody connects to Hotmail, and sends a ransom note to a
     company. The
     FBI sends you a polite email, you explain that you run a Tor relay,
     and they say "oh well" and leave you alone. [Port 80]</li>
     <li>Somebody tries to get you shut down by using Tor to connect to Google
     groups and post spam to Usenet, and then sends an angry mail to
     your ISP about how you're destroying the world. [Port 80]</li>
     <li>Somebody connects to an IRC network and makes a nuisance of
     himself. Your ISP gets polite mail about how your computer has been
     compromised; and/or your computer gets DDoSed. [Port 6667]</li>
     <li>Somebody uses Tor to download a Vin Diesel movie, and
     your ISP gets a DMCA takedown notice. See EFF's
     <a href="<page eff/tor-dmca-response>">Tor DMCA Response
     Template</a>, which explains why your ISP can probably ignore
     the notice without any liability. [Arbitrary ports]</li>
     </ul>
12ac473b
 
9a8dcdc2
     <p>Some hosting providers are friendlier than others when it comes to Tor
af83cb5b
     exits. For a listing see the <a href="<wiki>doc/GoodBadISPs">good and bad
df1f6e4a
     ISPs wiki</a>.</p>
9a8dcdc2
 
12ac473b
     <p>For a complete set of template responses to different abuse complaint
     types, see <a
81720f6d
     href="<wiki>doc/TorAbuseTemplates">the collection of templates
12ac473b
     on the Tor wiki</a>. You can also proactively reduce the amount of abuse you
e233c281
     get by following <a href="<blog>tips-running-exit-node">these tips
9a8dcdc2
     for running an exit node with minimal harassment</a> and <a
af83cb5b
     href="<wiki>doc/ReducedExitPolicy">running a reduced exit policy</a>.</p>
8ddaa8a1
 
2a9aaa80
     <p>You might also find that your Tor relay's IP is blocked from accessing
     some Internet sites/services. This might happen regardless of your exit
     policy, because some groups don't seem to know or care that Tor has
68456035
     exit policies. (If you have a spare IP not used for other activities, you
     might consider running your Tor relay on it.) In general, it's advisable
     not to use your home internet connection to provide a Tor relay.</p>
8ddaa8a1
 
fa66404b
     <a id="RespondISP"></a>
     <h3><a class="anchor" href="#RespondISP">How do I respond to my ISP about my exit relay?</a></h3>
 
     <p>A collection of templates for successfully responding to ISPs is <a
     href="<wiki>doc/TorAbuseTemplates">collected here</a>.</p>
 
2a9aaa80
     <a id="IrcBans"></a>
     <h3><a class="anchor" href="#IrcBans">Tor is banned from the IRC network I want to use.</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>Sometimes jerks make use of Tor to troll IRC channels. This abuse
     results in IP-specific temporary bans ("klines" in IRC lingo), as the
     network operators try to keep the troll off of their network. </p>
8ddaa8a1
 
2a9aaa80
     <p>This response underscores a fundamental flaw in IRC's security model:
     they assume that IP addresses equate to humans, and by banning the
     IP address they can ban the human. In reality this is not the case &mdash;
     many such trolls routinely make use of the literally millions of open
     proxies and compromised computers around the Internet. The IRC networks
     are fighting a losing battle of trying to block all these nodes,
     and an entire cottage industry of blacklists and counter-trolls has
     sprung up based on this flawed security model (not unlike the antivirus
     industry). The Tor network is just a drop in the bucket here. </p>
8ddaa8a1
 
2a9aaa80
     <p>On the other hand, from the viewpoint of IRC server operators, security
     is not an all-or-nothing thing.  By responding quickly to trolls or
     any other social attack, it may be possible to make the attack scenario
     less attractive to the attacker.  And most individual IP addresses do
     equate to individual humans, on any given IRC network at any given time.
     The exceptions include NAT gateways which may be allocated access as
     special cases. While it's a losing battle to try to stop the use of open
     proxies, it's not generally a losing battle to keep klining a single
     ill-behaved IRC user until that user gets bored and goes away. </p>
8ddaa8a1
 
2a9aaa80
     <p>But the real answer is to implement application-level auth systems,
     to let in well-behaving users and keep out badly-behaving users. This
536ce692
     needs to be based on some property of the human (such as a password they
     know), not some property of the way their packets are transported. </p>
8ddaa8a1
 
2a9aaa80
     <p>Of course, not all IRC networks are trying to ban Tor nodes. After
     all, quite a few people use Tor to IRC in privacy in order to carry
     on legitimate communications without tying them to their real-world
     identity. Each IRC network needs to decide for itself if blocking a few
     more of the millions of IPs that bad people can use is worth losing the
     contributions from the well-behaved Tor users. </p>
8ddaa8a1
 
2a9aaa80
     <p>If you're being blocked, have a discussion with the network operators
     and explain the issues to them. They may not be aware of the existence of
     Tor at all, or they may not be aware that the hostnames they're klining
     are Tor exit nodes.  If you explain the problem, and they conclude that
     Tor ought to be blocked, you may want to consider moving to a network that
     is more open to free speech.  Maybe inviting them to #tor on irc.oftc.net
     will help show them that we are not all evil people. </p>
8ddaa8a1
 
2a9aaa80
     <p>Finally, if you become aware of an IRC network that seems to be
     blocking Tor, or a single Tor exit node, please put that information on <a
81720f6d
     href="<wiki>doc/BlockingIrc">The Tor
2a9aaa80
     IRC block tracker</a>
     so that others can share.  At least one IRC network consults that page
     to unblock exit nodes that have been blocked inadvertently. </p>
8ddaa8a1
 
2a9aaa80
     <a id="SMTPBans"></a>
     <h3><a class="anchor" href="#SMTPBans">Your nodes are banned from the mail server I want to use.</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>Even though <a href="#WhatAboutSpammers">Tor isn't useful for
     spamming</a>, some over-zealous blacklisters seem to think that all
     open networks like Tor are evil &mdash; they attempt to strong-arm network
     administrators on policy, service, and routing issues, and then extract
     ransoms from victims. </p>
8ddaa8a1
 
2a9aaa80
     <p>If your server administrators decide to make use of these
     blacklists to refuse incoming mail, you should have a conversation with
     them and explain about Tor and Tor's exit policies. </p>
8ddaa8a1
 
2a9aaa80
     <a id="Bans"></a>
     <h3><a class="anchor" href="#Bans">I want to ban the Tor network from my service.</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>We're sorry to hear that. There are some situations where it makes
     sense to block anonymous users for an Internet service. But in many
     cases, there are easier solutions that can solve your problem while
     still allowing users to access your website securely.</p>
8ddaa8a1
 
2a9aaa80
     <p>First, ask yourself if there's a way to do application-level decisions
     to separate the legitimate users from the jerks. For example, you might
     have certain areas of the site, or certain privileges like posting,
     available only to people who are registered. It's easy to build an
     up-to-date list of Tor IP addresses that allow connections to your
     service, so you could set up this distinction only for Tor users. This
     way you can have multi-tiered access and not have to ban every aspect
     of your service. </p>
8ddaa8a1
 
2a9aaa80
     <p>For example, the <a
     href="http://freenode.net/policy.shtml#tor">Freenode IRC network</a>
     had a problem with a coordinated group of abusers joining channels and
     subtly taking over the conversation; but when they labelled all users
     coming from Tor nodes as "anonymous users," removing the ability of the
     abusers to blend in, the abusers moved back to using their open proxies
     and bot networks. </p>
8ddaa8a1
 
2a9aaa80
     <p>Second, consider that hundreds of thousands of
     people use Tor every day simply for
     good data hygiene &mdash; for example, to protect against data-gathering
     advertising companies while going about their normal activities. Others
     use Tor because it's their only way to get past restrictive local
     firewalls. Some Tor users may be legitimately connecting
     to your service right now to carry on normal activities. You need to
     decide whether banning the Tor network is worth losing the contributions
     of these users, as well as potential future legitimate users. (Often
     people don't have a good measure of how many polite Tor users are
     connecting to their service &mdash; you never notice them until there's
     an impolite one.)</p>
8ddaa8a1
 
2a9aaa80
     <p>At this point, you should also ask yourself what you do about other
     services that aggregate many users behind a few IP addresses. Tor is
     not so different from AOL in this respect.</p>
8ddaa8a1
 
2a9aaa80
     <p>Lastly, please remember that Tor relays have <a
481ccca3
     href="<page docs/faq>#ExitPolicies">individual exit policies</a>. Many
     Tor relays do
2a9aaa80
     not allow exiting connections at all. Many of those that do allow some
     exit connections might already disallow connections to
     your service. When you go about banning nodes, you should parse the
     exit policies and only block the ones that allow these connections;
     and you should keep in mind that exit policies can change (as well as
     the overall list of nodes in the network).</p>
8ddaa8a1
 
2a9aaa80
     <p>If you really want to do this, we provide a
     <a href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">Tor
     exit relay list</a> or a
     <a href="<page projects/tordnsel>">DNS-based list you can query</a>.
     </p>
8ddaa8a1
 
2a9aaa80
     <p>
     (Some system administrators block ranges of IP addresses because of
     official policy or some abuse pattern, but some have also asked about
     whitelisting Tor exit relays because they want to permit access to their
     systems only using Tor. These scripts are usable for whitelisting as well.)
     </p>
8ddaa8a1
 
2a9aaa80
     <a id="TracingUsers"></a>
     <h3><a class="anchor" href="#TracingUsers">I have a compelling reason to trace a Tor user. Can you help?</a></h3>
8ddaa8a1
 
2a9aaa80
     <p>
     There is nothing the Tor developers can do to trace Tor users. The same
     protections that keep bad people from breaking Tor's anonymity also
     prevent us from figuring out what's going on.
     </p>
8ddaa8a1
 
2a9aaa80
     <p>
     Some fans have suggested that we redesign Tor to include a <a
481ccca3
     href="<page docs/faq>#Backdoor">backdoor</a>.
2a9aaa80
     There are two problems with this idea. First, it technically weakens the
     system too far. Having a central way to link users to their activities
     is a gaping hole for all sorts of attackers; and the policy mechanisms
     needed to ensure correct handling of this responsibility are enormous
     and unsolved. Second, the bad people <a href="#WhatAboutCriminals">aren't
     going to get caught by this anyway</a>, since they will use other means
     to ensure their anonymity (identity theft, compromising computers and
     using them as bounce points, etc).
     </p>
12ac473b
 
     <p>
     This ultimately means that it is the responsibility of site owners to protect
     themselves against compromise and security issues that can come from
     anywhere. This is just part of signing up for the benefits of the
     Internet. You must be prepared to secure yourself against the bad elements,
     wherever they may come from. Tracking and increased surveillance are not
     the answer to preventing abuse.
     </p>
 
2a9aaa80
     <p>
     But remember that this doesn't mean that Tor is invulnerable. Traditional
     police techniques can still be very effective against Tor, such as
12ac473b
     investigating means, motive, and opportunity, interviewing suspects,
     writing style analysis, technical analysis of the content itself, sting operations,
     keyboard taps, and other physical investigations. The Tor Project is also happy to work with everyone
     including law enforcement groups to train them how to use the Tor software to safely conduct
     investigations or anonymized activities online.
2a9aaa80
     </p>
12ac473b
 
 
2a9aaa80
     <a id="RemoveContent"></a>
     <h3><a class="anchor" href="#RemoveContent">I want some content removed from a .onion address.</a></h3>
     <p>The Tor Project does not host, control, nor have the ability to
     discover the owner or location of a .onion address.  The .onion address is
c9be5827
     an address from <a href="<page docs/onion-services>">an onion
32316cbf
     service</a>.  The name you see ending in .onion is an onion service descriptor.
2a9aaa80
     It's an automatically generated name which can be located on any Tor
32316cbf
     relay or client anywhere on the Internet.  Onion services are designed
2a9aaa80
     to protect both the user and service provider from discovering who they
32316cbf
     are and where they are from.  The design of onion services means the
2a9aaa80
     owner and location of the .onion site is hidden even from us.</p>
32316cbf
     <p>But remember that this doesn't mean that onion services are
2a9aaa80
     invulnerable. Traditional police techniques can still be very effective
12ac473b
     against them, such as interviewing suspects, writing style analysis,
     technical analysis of the content itself, sting operations, keyboard taps,
     and other physical investigations.</p>
 
16d4bc93
     <p>If you have a complaint about child abuse materials, you may wish to report
2a9aaa80
     it to the National Center for Missing and Exploited Children, which serves
     as a national coordination point for investigation of child pornography:
     <a href="http://www.missingkids.com/">http://www.missingkids.com/</a>.
     We do not view links you report.</p>
12ac473b
 
8ddaa8a1
     <a id="AbuseOpinion"></a>
     <h3><a class="anchor" href="#AbuseOpinion">Where does Tor Project
7889c1ce
 stand on abusers using technology?</a></h3>
8ddaa8a1
 
     <p>We take abuse seriously. Activists and law enforcement
 use Tor to investigate abuse and help support survivors. We
 work with them to help them understand how Tor can help their work.
 In some cases, technological mistakes are being made and we help to
 correct them. Because some people in survivors' communities embrace
 stigma instead of compassion, seeking support from fellow victims
 requires privacy-preserving technology.</p>
 
     <p>Our refusal to build backdoors and censorship into Tor is not
   because of a lack of concern. We refuse to weaken Tor because it
 would harm efforts to combat child abuse and human trafficking in the
 physical world, while removing safe spaces for victims online.
 Meanwhile, criminals would still have access to botnets, stolen
 phones, hacked hosting accounts, the postal system, couriers, corrupt
 officials, and whatever technology emerges to trade content. They are
0c5ef939
 early adopters of technology. In the face of this, it is dangerous for
8ddaa8a1
 policymakers to assume that blocking and filtering is sufficient. We
 are more interested in helping efforts to halt and prevent child
 abuse than helping politicians score points with constituents by
0c5ef939
 hiding it. The role of corruption is especially troubling; see this
8ddaa8a1
 United Nations report on <a
 href="http://www.unodc.org/documents/human-trafficking/2011/
 Issue_Paper_-_The_Role_of_Corruption_in_Trafficking_in_Persons.pdf">The
 Role of Corruption in Trafficking in Persons</a>.</p>
 
     <p>Finally, it is important to consider the world that children will
     encounter as adults when enacting policy in their name. Will they
     thank us if they are unable to voice their opinions safely as
 adults? What if they are trying to expose a failure of the state to
 protect other children?</p>
 
2a9aaa80
     <a id="LegalQuestions"></a>
8ddaa8a1
     <h3><a class="anchor" href="#LegalQuestions">I have legal questions
 about Tor abuse.</a></h3>
 
2a9aaa80
     <p>We're only the developers. We can answer technical questions, but
     we're not the ones to talk to about legal questions or concerns. </p>
8ddaa8a1
 
2a9aaa80
     <p>Please take a look at the
     <a href="<page eff/tor-legal-faq>">Tor Legal FAQ</a>,
     and contact EFF directly if you have any further legal questions. </p>
fa66404b
 
    <a id="HelpPoliceOrLawyers"></a>
    <h3><a class="anchor" href="#HelpPoliceOrLawyers">I have questions about
    a Tor IP address for a legal case.</a></h3>
 
    <p>
    Please read the <a
    href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written
    by EFF lawyers</a>. There's a growing <a
    href="https://blog.torproject.org/blog/start-tor-legal-support-directory">legal
    directory</a> of people who may be able to help you.
    </p>
 
    <p>
    If you need to check if a certain IP address was acting as a Tor exit
    node at a certain date and time, you can use the <a
    href="https://exonerator.torproject.org/">ExoneraTor tool</a> to query the
    historic Tor relay lists and get an answer.
    </p>
 
2a9aaa80
   </div>
   <!-- END MAINCOL -->
   <div id = "sidecol">
 #include "side.wmi"
 #include "info.wmi"
   </div>
   <!-- END SIDECOL -->
 </div>
 <!-- END CONTENT -->
8ddaa8a1
 #include <foot.wmi>