tor-webwml.git

@@ -3,10 +3,10 @@

 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

 <head>

- <title>Legal FAQ for Tor Server Operators</title>

- <meta name="Author" content="EFF" />

+ <title>Abuse FAQ for Tor Server Operators</title>

+ <meta name="Author" content="Roger Dingledine" />

  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />

- <link rel="stylesheet" type="text/css" href="../stylesheet.css" />

+ <link rel="stylesheet" type="text/css" href="stylesheet.css" />

  <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />

 </head>

 <body>

@@ -17,16 +17,16 @@

     <tr>

         <td class="banner-left"></td>

         <td class="banner-middle">

-            <a href="../index.html">Home</a>

-          | <a href="../howitworks.html">How It Works</a>

-          | <a href="../download.html">Download</a>

-          | <a href="../documentation.html">Docs</a>

-          | <a href="../users.html">Users</a>

-          | <a href="../faq.html">FAQs</a>

-          | <a href="../contribute.html">Contribute</a>

-          | <a href="../developers.html">Developers</a>

-          | <a href="../research.html">Research</a>

-          | <a href="../people.html">People</a>

+            <a href="index.html">Home</a>

+          | <a href="howitworks.html">How It Works</a>

+          | <a href="download.html">Download</a>

+          | <a href="documentation.html">Docs</a>

+          | <a href="users.html">Users</a>

+	  | <a class="current">FAQs</a>

+          | <a href="contribute.html">Contribute</a>

+          | <a href="developers.html">Developers</a>

+          | <a href="research.html">Research</a>

+          | <a href="people.html">People</a>

         </td>

         <td class="banner-right"></td>

     </tr>

@@ -63,7 +63,7 @@

 <p>Distributed denial of service attacks typically rely on having a group of thousands of computers all sending floods of traffic to a victim. Since the goal is to overpower the bandwidth of the victim, they typically send UDP packets since those don't require handshakes or coordination. </p>

 <p>But because Tor only transports correctly-formed TCP streams, not all IP packets, you cannot send UDP packets over Tor. (You can't do specialized forms of this attack like SYN flooding either.) So ordinary DDoS attacks are not possible over Tor. Tor also doesn't allow bandwidth amplification attacks against external sites: you need to send in a byte for every byte which the Tor network will send to your destination. So in general, attackers who control enough bandwidth to launch an effective DDoS attack can do it just fine without Tor. </p>

-<p>And if this argument doesn't convince you, go try Tor and see how much aggregate throughput you can eke out of it, then come back to us if you're still worried. <img src="/wiki/classic/img/smile.png" width="15" alt=":)" height="15" > </p>

+<p>And if this argument doesn't convince you, go try Tor and see how much aggregate throughput you can eke out of it, then come back to us if you're still worried. </p>

 <p> </p>

 <h3>What about spammers?</h3>

@@ -82,7 +82,7 @@

 <h3>Does Tor get much abuse?</h3>

 <p>Not much, in the grand scheme of things. We've been running the network since October 2003, and it's only generated a handful of complaints. Of course, like all privacy-oriented networks on the net, we attract our share of jerks. Tor's exit policies help separate the role of "willing to donate resources to the network" from the role of "willing to deal with exit abuse complaints", so we hope our network is more sustainable than past attempts at anonymity networks. </p>

-<p>Since Tor has <a class="external" href="http://tor.eff.org/cvs/tor/doc/tor-doc.html"><img src="/wiki/classic/img/moin-www.png" width="11" alt="[WWW]" height="11" > many good uses as well</a>, we feel that we're doing pretty well at striking a balance currently. </p>

+<p>Since Tor has <a href="http://tor.eff.org/cvs/tor/doc/tor-doc.html">many good uses as well</a>, we feel that we're doing pretty well at striking a balance currently. </p>

 <p> </p>

 <h3>So what should I expect if I run a server?</h3>

@@ -95,7 +95,7 @@

 </li>

 <li class="gap"><p> Somebody connects to an irc network and makes a nuisance of himself. Your ISP gets polite mail about how your computer has been compromised; and/or your computer gets ddosed. [Port 6667] </p>

 </li>

-<li class="gap"><p> Somebody uses Tor to download a Vin Diesel movie, and your ISP gets a DMCA takedown notice. According to our lawyers (and this convinced the Harvard general counsel), your ISP can totally ignore this notice with no liability problems. See <a class="external" href="http://tor.eff.org/eff/tor-dmca-response.html"><img src="/wiki/classic/img/moin-www.png" width="11" alt="[WWW]" height="11" > http://tor.eff.org/eff/tor-dmca-response.html</a>. [Arbitrary ports] </p>

+<li class="gap"><p> Somebody uses Tor to download a Vin Diesel movie, and your ISP gets a DMCA takedown notice. According to our lawyers (and this convinced the Harvard general counsel), your ISP can totally ignore this notice with no liability problems. See <a class="external" href="http://tor.eff.org/eff/tor-dmca-response.html">http://tor.eff.org/eff/tor-dmca-response.html</a>. [Arbitrary ports] </p>

 </li>

 </ul>

 <p>You might also find that your Tor server's IP is blocked from accessing some Internet sites/services. This might happen regardless of your exit policy, because some groups don't seem to know or care that Tor has exit policies. (If you have a spare IP not used for other activities, you might consider running your Tor server on it.) For example, </p>

@@ -115,12 +115,14 @@

 <p>But the real answer is to implement application-level auth systems, to let in well-behaving users and keep out badly-behaving users. This needs to be based on some property of the human (such as a password he knows), not some property of the way his packets are transported. </p>

 <p>Of course, not all IRC networks are trying to ban Tor nodes. After all, quite a few people use Tor to IRC in privacy in order to carry on legitimate communications without tying them to their real-world identity. Each IRC network needs to decide for itself if blocking a few more of the millions of IPs that bad people can use is worth losing the contributions from the well-behaved Tor users. </p>

 <p>If you're being blocked, have a discussion with the network operators and explain the issues to them. They may not be aware of the existence of Tor at all, or they may not be aware that the hostnames they're klining are Tor exit nodes.  If you explain the problem, and they conclude that Tor ought to be blocked, you may want to consider moving to a network that is more open to free speech.  Maybe inviting them to #tor on irc.oftc.net helps them show that we are not all evil people. </p>

-<p>Finally, if you become aware of an IRC network which seems to be blocking Tor, or a single Tor exit node, please put that information on <a href="/noreply/TheOnionRouter/BlockingIrc">../BlockingIrc</a> so that others can share.  At least one IRC network consults that page to unblock exit nodes which have been blocked inadvertently. </p>

+<p>Finally, if you become aware of an IRC network which seems to be

+blocking Tor, or a single Tor exit node, please put that information on

+<a href="http://wiki.noreply.org/wiki/TheOnionRouter/BlockingIrc">BlockingIrc</a> so that others can share.  At least one IRC network consults that page to unblock exit nodes which have been blocked inadvertently. </p>

 <p> </p>

 <h3>Your nodes are banned from the mail server I want to use.</h3>

-<p>Even though <a class="external" href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#WhatAboutSpammers"><img src="/wiki/classic/img/moin-www.png" width="11" alt="[WWW]" height="11" > Tor isn't useful for spamming</a>, some over-zealous blacklisters seem to think that all open networks like Tor should be boycotted. They don't understand how Tor works (e.g. that it has exit policies), and don't seem to care to understand it. If your server administrators decide to make use of these blacklists to refuse incoming mail, you should have a conversation with them and explain how Tor works. </p>

+<p>Even though <a class="external" href="http://wiki.noreply.org/wiki/TheOnionRouter/TorFAQ#WhatAboutSpammers">Tor isn't useful for spamming</a>, some over-zealous blacklisters seem to think that all open networks like Tor should be boycotted. They don't understand how Tor works (e.g. that it has exit policies), and don't seem to care to understand it. If your server administrators decide to make use of these blacklists to refuse incoming mail, you should have a conversation with them and explain how Tor works. </p>

 <p> </p>

 <h3>I want to ban the Tor network from my service.</h3>

@@ -128,16 +130,20 @@

 <p>First, ask yourself if there's a way to do application-level decisions to separate the legitimate users from the jerks. For example, you might have certain areas of the site, or certain privileges like posting, available only to people who are registered. You could set up this distinction only for certain IP addresses such as Tor exit nodes. This way you can have multi-tiered access and not have to ban everything. </p>

 <p>Second, consider that thousands of people use Tor every day to protect against data-gathering corporations like Doubleclick while going about their normal  activities. Some Tor users may be legitimately connecting to your service right now to carry on normal activities. You need to decide whether banning the Tor network is worth losing the contributions of these users, as well as potential future such users. </p>

 <p>Lastly, please remember that Tor servers have individual exit policies. Many Tor servers do not allow exiting connections at all. Many of those that do, probably already disallow connections to your service. When you go about banning nodes, you should parse the exit policies and only block the ones that allow these connections; and you should keep in mind that exit policies can change (as well as the overall list of nodes in the network). </p>

-<p>If you really want to do this, there is a python script to parse the Tor directory <a class="external" href="http://tor.eff.org/cvs/tor/contrib/exitlist"><img src="/wiki/classic/img/moin-www.png" width="11" alt="[WWW]" height="11" > here</a>. </p>

+<p>If you really want to do this, there is a python script to parse the Tor directory <a class="external" href="http://tor.eff.org/cvs/tor/contrib/exitlist">here</a>. </p>

 <p> </p>

 <h3>I have legal questions about Tor abuse.</h3>

 <p>We're only the developers. We can answer technical questions, but we're not the ones to talk to about legal questions or concerns. </p>

-<p>Please take a look at the <a class="external" href="http://tor.eff.org//eff/tor-legal-faq.html"><img src="/wiki/classic/img/moin-www.png" width="11" alt="[WWW]" height="11" > Tor Legal FAQ</a>, and contact EFF directly if you have any further questions. </p>

+<p>Please take a look at the <a class="external" href="http://tor.eff.org//eff/tor-legal-faq.html">Tor Legal FAQ</a>, and contact EFF directly if you have any further questions. </p>

 <p> </p>

   </div><!-- #main -->

   </div>

+    <div class="bottom" id="bottom">

+	<i><a href="mailto:tor-webmaster@freehaven.net" class="smalllink">Webmaster</a></i> -

+	$Id$

+    </div>

 </body>

 </html>