I really want to like running a Tor exit node but I'm tired of my IP address being blacklisted to hell and back "just because Tor exit node." (To say nothing of affecting my neighbors since many of those lists take out the /24 because they can't see that I only have a /27.) I don't mind dealing with e-mailed complaints but I do mind having my e-mail and other outbound connections arbitrarily blown to smithereens.
His take on it is interesting since I hadn't considered putting my money proverbially where my mouth is and signing up for an inexpensive but standalone service elsewhere. I'll probably give this a whirl.
It's pretty much the only way to do it - even running a relay node on your home network gets you blacklisted (which is frustrating since absolutely zero malicious traffic originates from your IP). In addition to the reasons you mentioned, some people have had surprise 6am home visits from law enforcement for running exit nodes (though it was heartening to read that the author has not had any bad encounters with LE).
(Comment made from a throwaway account, because I can't be bothered with the potential for future hassle from possible employers over it)
> In addition to the reasons you mentioned, some people have had surprise 6am home visits from law enforcement for running exit nodes.
As someone who has had one of those surprise 6am home visits, I can attest to it being something you Do Not Want, especially from inexperienced British police officers who don't really understand what Tor is. To their credit they were incredibly professional about the whole thing, but it still resulted in every device in my home capable of storing data being seized, and six month's of social services asserting that I couldn't be alone with my then one year old son while those devices were inspected by police investigators. (And social services really weren't at all professional about the process - their representative as good as told my wife to leave me because I was almost certainly guilty).
You then get the additional problem that "I'm being investigated by police because they think I'm a paedophile" isn't something you can easily talk to people about without conclusions being jumped to, and potentially making things even worse.
In summary, don't run a Tor exit node from your home internet connection in the UK unless you really want to see what the inside of a police cell is like, or fancy several months of intense stress in your life. You may think this is just scaremongering, and it won't happen to you, but that was precisely the attitude that resulted in me writing this.
Man that sucks, especially the social services part. Did everything work out in the end?
> […] in the UK
Or anywhere else for that matter, unless you are absolutely sure about the legality of the matter and how law enforcement will respond. I am under the impression that only corporations and institutions should run Tor exit nodes.
Yeah, it all worked out fine eventually, apart from me still being a little bit jumpy if someone knocks the door in the morning when I'm not expecting it.
The UK is probably one of the worst places in the English-speaking world to be accused of hosting something illegal. I've considered hosting a kink social network here (competition with Fetlife), but any sort of image sharing system would leave me incredibly open to the police. I've known people who hosted specific kink-related forums and similar, even without an image upload system, and had huge problems.
As far as I can tell the most reasonable thing to do if I wanted to go through with this would be to develop the software, and sell it on an ongoing basis to a company somewhere with reasonable laws which can actually operate it.
> even running a relay node on your home network gets you blacklisted
Yeah, that was a fun week when I naively stood up a Tor not-an-exit relay on my home Internet connection and 40% of the Internet turned into "go away" or "enter CAPTCHA to proceed" madness.
> some people have had surprise 6am home visits from law enforcement for running exit nodes
Oh, right. And I even live in Seattle[0] so best not to do that.
There are some providers who "buy" their blacklists from other companies that specialize in that. They essentially get a list of X IP Addresses / Subnets and they blindly block them. Providers compete to generate the "largest blocklist" with "the most bad guys", and therefore end up adding any IP Address they can find. Tor has been used by criminals at least once, therefore any address related to it must be bad, right?
CDN's tend to block Tor. A lot of the Web is stood up behind one CDN or another. Cloudflare is the one that sticks out to me. But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.
So my thought is you probably ran into CDN's of various ilk, likely wasn't your ISP.
For the record, a fair number of large public universities run Tor relays and exits (my lab ran four relays and an exit when I was a grad student), and they seem to be doing okay; we were kind of our "own ISP" but what that really means is you lease everything from the local ISP and get to provision a large sub-block of "their" addresses as you see fit, which in our case was Comcast. I think we had a grand total of one DMCA complaint and no other issues. But it didn't hurt we did have a law school to call on if anything went south (which it didn't).
> But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.
Misinformed at best: you wouldn't want to DDoS anything over Tor, because 1) the nature of the protocol means that the target receives less data than you are sending; 2) any botnet worth worrying over has much more bandwidth available than Tor's exit bandwidth.
Regarding botnet C&C, the picture is more complicated but 1) there has been a very high-profile case of a botnet using Tor to hide it's C&C activities; “surprisingly”, it's very easy to spot when a significant amount of all Tor clients are bots (i.e. the anonymity set is much too small to hide the botnet); 2) those do not tend to be hosted on behind CDNs.
> But it didn't hurt we did have a law school to call on if anything went south (which it didn't).
That's /very/ true: I would strongly urge anybody who considers running exit nodes to do this within a framework/organization where they can get legal assistance if it is ever needed.
That's interesting. I use VPS as my VPN, but I also run tor relay there, just because I think it's the right thing to do. I can certainly say, that I didn't notice any blocks from the web sites. I tried to run tor on my home server, but, unfortunately, my provider seems to block its traffic, so it was never able to bootstrap.
> even running a relay node on your home network gets you blacklisted (which is frustrating since absolutely zero malicious traffic originates from your IP)
Are you sure about this? How would anybody even know if you're running a relay - those aren't published anywhere. Unless your ISP is doing DPI, in which case running a relay and being a Tor user would look the same to them.
How are relays not published anywhere? A very basic property of onion routing is that the client chooses the relays. Even if they are not technically "published", they certainly are public.
Correct! The list of relays (both exit and non-exit) is public. There are several tools with web frontends available as well. There are also relays that are not publically advertised but available by special requests if someone needs a "secret" entry point to the network, they are the so-called bridges,
I've seen this (running a non-exit relay), though in my experience it's been a tiny fraction of sites rather than a majority. I don't get the CAPTCHA prompts for CloudFlare (unless I'm actually browsing via tor, not just my own IP address).
Various organisations will deny their services to you just for running a relay, despite the fact that no proxied traffic will exit your network and connect to them. I hope that it is incompetence, it's often unsurprisingly difficult to contact anyone who's able to deal with the issue.
I've been running relays at home for over a year. The only sites I have trouble with are Monoprice and Apple Support Forums. I don't have any trouble watching Amazon videos.
There's probably a good reason for using a "full" list, but I can't think of one off the top of my head. That site at least offers both and just about explains the difference.
His take on it is interesting since I hadn't considered putting my money proverbially where my mouth is and signing up for an inexpensive but standalone service elsewhere. I'll probably give this a whirl.