[bitfolk] Tor exit node policy updated

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
 
 
Author: Andy Smith
Date:  
To: announce
Subject: [bitfolk] Tor exit node policy updated

Reply to this message
gpg: Signature made Fri Jan 22 19:25:37 2016 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hi,

If you do not operate a Tor exit node at BitFolk then this email
will be of little interest to you.

If you do, then read on…

A number of BitFolk customers operate Tor exit nodes. These generate
a constant stream of abuse reports because quite a lot of abusive
activity is conducted through Tor.

Most of the reports are automated and are informational in nature.
They expect no reply and are therefore ignored on the basis that
"it's a Tor exit node ¯\_(ツ)_/¯".

A minority are real people and in this case BitFolk points out that
the host is a Tor exit node and so neither BitFolk nor BitFolk's
customer has much control of the traffic that goes through it.

A minority of this minority of complainants are for one reason or
another not satisfied with that answer and in those rare cases we
expect the customer to correspond with the complainant.

A recent case was like this and has prompted some updates to our Tor
exit node policy. The updated policy can be found here: 

    https://tools.bitfolk.com/wiki/Running_a_Tor_node


The changes: 

    https://tools.bitfolk.com/w/index.php?title=Running_a_Tor_node&action=historysubmit&diff=1058&oldid=705


Briefly:

- We state clearly that you must use a dedicated IP for your Tor
node. Previously we've insisted customers use a dedicated IP from
the first time an abuse report came in, so this is just
formalising that.

- The correct Tor exit IP must appear in the Tor project list of
exit nodes, for the benefit of remote sites that are using those
lists to construct filters.

One reason why this recent abuse report escalated was because the
customer's exit node was misconfigured to list the VPS's *other*
IP address, so the complainant was seeing abusive activity
(Wordpress brute force in this case) coming from something that
wasn't listed as a Tor node.

- Clarify that when we ask for a response to an abuse report we
expect it within 72 hours.

- Warn that although we prefer correspondence with the complainant
to go through our ticket tracker, if the complainant insists then
you must give them a direct email address that reaches you.

I know that sucks, but it is unfortunately the price that must be
paid for running an abuse magnet like a Tor node: the abuse reports
*must* be answered. In 8 years of having Tor exit nodes at BitFolk
this is the first time that a complainant has insisted upon
corresponding directly with the node operator.

Cheers,
Andy

--
http://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
This message was posted to the following mailing lists:
announce
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Progress of hardware refresh / upgrades[bitfolk] CoreOS at BitFolk->
users
Mailing List Info | Nearby Messages		<-[bitfolk] Fwd: Debian Project mourns the loss of Ian Murdock[bitfolk] CoreOS at BitFolk->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)