Linode vs. TOR and internet privacy

Move your stupid torrents with movies away from Linode, I don't want to read news like "FBI has seized servers from Linode's datacenter for investigation, 5000 VPS were on these servers, one of them is suspected".

Kids with TOR… Who really wants to find you will always be able to find.

You was asked (not banned!) to remove some illegal torrents (traffic, yes) and if you can't do this - it's your problems, your software, and nobody's else.

Tor by it's nature is a flawed technology to run on many networks due the it's anonymity, in a world where everyone played fair and people didn't use it for abuse then it would be a wonderful solution to bypassing oppressive government firewalls etc, of course in a world where everyone played fair there would be no need for Tor.

Linode's TOS states that transmission of illegal data is against the TOS, Tor = transmission.

In the cause of Linode you could run a Tor relay but an exit node is a very complex and time consuming thing to run, if you really want to run an exit node, run it on your home ISP I doubt they will care (I've done it).

I don't see the problem here, I would spell out why but Linode has already done that (several times, by the looks of it) and you still believe yourself to be the injured party, so I don't think there's really a point. I do want to point out though, that throughout that Linode's staff was professional and courteous while you were combative and belligerent (you felt Linode was being rude to you and insulting? really? I bet no one else will get that impression reading the transcription).

I'd just like to add my vote that Linode is in the right here and it has nothing to do Internet privacy.

I understand Linode is in a difficult situation here, but there must be a better way to handle this. The way Linode reacts means anyone can easily close anyone else's Linode account simply by sending Linode a few DMCA take down notices.

Judging from this exchange, whether notices are real or bogus, Linode will keep bugging the customer to change his behavior "so the notices will stop", and will eventually shut down his nodes "if he doesn't change his behavior sufficiently enough for the notices to stop".

@neo:

I understand Linode is in a difficult situation here, but there must be a better way to handle this. The way Linode reacts means anyone can easily close anyone else's Linode account simply by sending Linode a few DMCA take down notices.

The guys running Tor it's most likely they're real, if someones running a normal webserver and someone sends a DMCA you just send one of those "you're talking crap" letters back. The fact complainant is running a open network that anyone can do pretty much anything with means they're just asking for trouble.

@obs:

@neo:

I understand Linode is in a difficult situation here, but there must be a better way to handle this. The way Linode reacts means anyone can easily close anyone else's Linode account simply by sending Linode a few DMCA take down notices.
The guys running Tor it's most likely they're real, if someones running a normal webserver and someone sends a DMCA you just send one of those "you're talking crap" letters back. The fact complainant is running a open network that anyone can do pretty much anything with means they're just asking for trouble.
If you read the exchange, Linode clearly states they do not actively monitor network activity and consider continued complains a criterion for non-compliance.

@neo:

I understand Linode is in a difficult situation here, but there must be a better way to handle this. The way Linode reacts means anyone can easily close anyone else's Linode account simply by sending Linode a few DMCA take down notices.

Judging from this exchange, whether notices are real or bogus, Linode will keep bugging the customer to change his behavior "so the notices will stop", and will eventually shut down his nodes "if he doesn't change his behavior sufficiently enough for the notices to stop".

Linode is just doing what they have to by law. If you don't like that (assuming you're a US citizen), contact your state senators and representative.

You, as the linode purchaser, are responsible for traffic through your linode by virtue of your contract with linode. Your linode has been used to abuse other sites (blog spamming) and to facilitate piracy (torrent traffic). Even though you, yourself, may not be possessing or storing such data (and thus the DMCA is irrelevant), you're are facilitating such traffic and abuse. Therefore it is your responsibility.

Running a tor endpoint would appear to be incompatible with being a responsible netizen because there appear to be no controls on the responsible usage of the network. If such controls are possible then it's your responsibility to ensure they're applied, not Linode's. You don't know how to do this, and (apparently) can't get such information from the Tor guys, which leads me to believe that it isn't really possible.

I fully understand the desire for net-anonymity. 20 years ago, in the UK, I built an anonymous email service for people. It was dialup 'cos the UK was mostly dialup at that time. And it worked well. But, today, the net is a different place; I wouldn't ever run an anonymous service because it will attract abuse. Running a Tor endpoint is making a political statement; "communications may be anonymous" (see the rationale for the original anon.penet.fi service). That's fine for you making such statements, but don't expect others (eg Linode) to defend them on your behalf; it's your responsibility, your choice.

Looking at that exchange, I see insults and beligerancy only flowing in one direction; from you to Linode staff. Linode were perfectly polite and patient with you. To be honest, if I was linode staff I'd be wishing and hoping that you move your service away from my machines asap. But that's another reason why I don't run public services like this, any more! People like you make it hard work.

The issue relates to traffic only. As far as I know, the law has no application here. Linode and the owner of the Tor, are simply routers and have no liability and very limited ability to control what they're routing. It would be like holding ISP's responsible for the contents of your email. It's not possible and it doesn't make much sense either. Nonetheless, the owner of the Tor did make efforts to limit the problem traffic as a goodwill gesture.

Linode say they will leave well alone until something legal forces them to act. It's clearly stated with specific reference to Tor in their Terms of service. I don't find that unreasonable and unless they're handing out your personal details at the first sign of trouble, I don't see what it has to do with privacy either. Support seemed a touch unaware of the technicalities, but that only prolonged the inevitable outcome.

They aren't doing what's required by law, they're doing what's required when organizations with many lawyers and deep pockets come knocking. The issue is not really with Linode, or tor_zealot, or anyone else. It's that the law is imperfect and one party can heap pressure on another without reasonable cause. Something I notice in common with internet activists (/moreappropriateword) is a slight naivety in expecting the world to work a certain way because it should and then being shocked to find out that it doesn't. I don't think the issue is clear-cut enough to take sides, but my prevailing thought is reality check.

I'm impressed at the level of professionalism displayed by the Linode employees you communicated with. If I were caker, I'd be very proud.

You come across as stubborn, arrogant, and extremely self centered. Clearly you're looking for a fight, and seeking as much attention as you can get. You're just a troll, and the Linode folks were extremely patient with you. Despite constant abuse from you, they continued to apologize for rudeness and insults that didn't even exist.

As a customer, I'm glad to see Linode handled this situation as responsibly as they did.

@JshWright:

@neo:

I understand Linode is in a difficult situation here, but there must be a better way to handle this. The way Linode reacts means anyone can easily close anyone else's Linode account simply by sending Linode a few DMCA take down notices.

Judging from this exchange, whether notices are real or bogus, Linode will keep bugging the customer to change his behavior "so the notices will stop", and will eventually shut down his nodes "if he doesn't change his behavior sufficiently enough for the notices to stop".

Linode is just doing what they have to by law. If you don't like that (assuming you're a US citizen), contact your state senators and representative.
Does the law require Linode to assume every DMCA take down notice they receive is legitimate and not bogus and/or fake?

@neo:

Does the law require Linode to assume every DMCA take down notice they receive is legitimate and not bogus and/or fake?

No, but when the result to passing on the DMCA takedown is:

a) I don't care or

b) I can't really stop it:

@tor_zealot:

–---------------------------------

Title: House MD (TV)

Infringement Source: BitTorrent

Initial Infringement Timestamp: 19 Jun 2011 20:37:07 GMT

Recent Infringement Timestamp: 19 Jun 2011 20:37:07 GMT

Infringing Filename: House.S07E18.HDTV.XviD-LOL.avi

Infringing File size: 366764352

Infringers IP Address: 74.207.248.163

Infringers DNS Name: horace.dionysian-mind.net

Bay ID: e967df8b4a924fe8df3580c228152d275d92c279|366764352

Port ID: 53786

TOR_zealot:

I run a ToR relay on my linode, which is likely why you see the occasional torrent traffic. I will block torrent traffic from the ToR end-point filtering rules. Though as a general aside, the DMCA can suck it. ;-)

@tor_zealot:

Title: Van Helsing

Infringement Source: BitTorrent

Initial Infringement Timestamp: 21 Jun 2011 06:16:03 GMT

Recent Infringement Timestamp: 21 Jun 2011 06:16:03 GMT

Infringing Filename: Van Helsing 2004 BRRip {A MnM-RG H264 by Masta}

Infringing File size: 1613881859

Infringers IP Address: 74.207.248.163

Infringers DNS Name: horace.dionysian-mind.net

Bay ID: 5e00eafb67851bcf22f4f3820b25c83d45516ea7|1613881859

Port ID: 58032

TOR_zealot

Yea, what was pretty much my exact point from my first response, there's nothing that's going to stop someone from just changing their ports, or otherwise encapsulate their traffic, and pumping whatever traffic they'd like through the ToR network – in this case changing from ports 6881-6900, to a less standard port of 58032.

Then.. that's NOT a "No, I'm not using my bandwidth for anything copyright."

@tor_zealot:

Disclaimer: I was an otherwise happy linode customer for quite some time, and only recently began building out TOR nodes to assist in the propagation of the network that I believe is incredibly vital in global politics today.

Grow up, stop relaying illegal materials or keep doing it, get busted and go to prison.

@jebblue:

or keep doing it, get busted and go to prison.
Calm down, man, it looks like a blind rage.

He just doesn't understand possible consequences of his whims for other users of Linode.

I agree that if anyone sounded rude in ANY of those interactions, it was you, not Linode. Seriously, you think Linode just happens to hire people who are rude and dismissive? I think not, and IMHO, they were awesome. As one other poster commented, advising them to FO and ignore false positives is about as arrogant and demanding as a customer can get.

(I mean, seriously, how is Linode to determine if a request is a false positive or not? Should they monitor every request, and personally analyze it? Should they hire additional staff just to respond to these false positives, so that you don't have to be bothered? Arrogant!)

The bottom line here is that if Linode gets served with C&D's, investigatory briefs, subpoenas or whatever, then they are perfectly within their rights to request that you fix things. They are doing what is in the best interest of THEIR company!

Maybe you don't want to move your Tor (and BTW I fully appreciate and support TOR's ideas, by the way) to another host? Well, how would you like it if Linode went under from lawsuits (or threats of lawsuits, and defending them in court) and took your sites with them? Then you would have to find a new host anyhow. Just jump now and MOVE.

Any decent and caring ISP will do the same thing. It's how you legally handle these things. Get a complaint, have the offending customer fix it and be nice. If that doesn't work on a continued basis, then boot the customer and let them take their political statement somewhere else. Personally, I applaud Linode for staying with you all this time already.

Look, I appreciate what you're trying to do. I just don't think the way you're going about it is all that cool. If you feel so strongly about making this a political statement, find a hosting company that is more lenient towards this type of application. There are MANY. But let's not point the finger back at Linode, and let's not take down the rest of Linode's customers just so you can keep hosting here.

I would like to see where you are in three months. Still at Rackspace? Huh. Did you know they have one of the highest boot rates in the hosting business? Wonder why…?

Thanks,

Bruce

> psandin

Hello,

Our policy is more strict than required by law. Under our terms of service you are responsible for all traffic in and out of your Linode regardless or your level of personal interaction with that traffic.

That sums up the issue.

Tor_zealot makes a valid point that running a Tor exit node that relays copyright-infringing BitTorrent traffic may not be illegal in the U.S. (or at least that's what EFF says.) But the question is not about what is or isn't allowed by U.S. copyright law. The question is about what is or isn't allowed by Linode's TOS, which is stricter than U.S. law. The TOS is a contract between you and Linode, so Linode has every right to enforce it. If you don't like it, find a company with a different TOS.

It's possible to run a Tor exit node without much hassle, but it takes some effort to set it up. You'll need to colocate your own hardware in a good datacenter, and purchase your own IP block from your RIR so that any complaints go directly to you instead of the datacenter.

Tor's philosophy is excellent IMO, but I find libertarians annoying when they expect others (such as Linode) to protect their rights for them all the time. A serious libertarian protects his own rights as much as he can. If you care for anonymity so much, do some real work, spend some real money.

@neo:

Does the law require Linode to assume every DMCA take down notice they receive is legitimate and not bogus and/or fake?
The law is whatever your lawyer can prove in court. Right or wrong has nothing to do with it.

People that think the law is some "written in stone" policy are in for a big shock the first time they set foot into a courtroom.

"Might makes right" might have been coined for governments fighting wars, but it's more appropriately used for lawyers in the courtroom.

What all that means is that LINODE is in the hosting business, not the fighting in court business. There's no (none, zip, zlich, nadda) ROI for them to even attempt to argue this in Court. The RIAA/MPAA would eat them alive. In the end, they'd lose, and lose a ton of money, for what? Protecting some kid's right to run a tor exit on their network?

Meh. If the kid continues to whine, kick him loose.

Just to clarify to many posters – I was not running p2p software, or hosting any copy-written material on my linode, nor was I using it to pump out malicious or illegal traffic. I was simply running a TOR node. Linode claims they're fine with that "in principle" but they clearly don't agree with it in actual technical operation. The phrase "you are responsible for all traffic transmitted by your server" is ludicrous to many degrees, particularly in relation to TOR, because there is no way to control a TOR users intentions.

The bottom line is Linode says it's ok to run a TOR node, but if you actually do they harass you with tickets regarding traffic that nobody could block coming out of a TOR node. You can't say "I agree with TOR in principle" but then complain when garbage traffic comes out of it – that's called THE INTERNET. The person who is legally responsible for the DMCA/etc. infringements is the person who originally transmitted the data, not any of the intermediaries used to relay the traffic.

Nobody cares what you can do with your Tor node and what you can't. You have claims and you can't react adequately, so there is only 1 way - turn off this Tor node.

Nobody should take additional risk just to give you ability to play with lawyers. Not Linode, nor neighbors of your VPS.

@tor_zealot:

Just to clarify to many posters – I was not running p2p software, or hosting any copy-written material on my linode,

Point to somewhere where someone stated that you were?

@tor_zealot:

nor was I using it to pump out malicious or illegal traffic. I was simply running a TOR node.

You were indeed pumping out malicious traffic, as shown in the ticket regarding comment spam. That you did not do that intentionally doesn't change the fact that your node relayed it. Running a tor exit node is not "simple", and it carries with it very serious responsibilities, especially when you don't own your hardware and your IPs.

@tor_zealot:

Linode claims they're fine with that "in principle" but they clearly don't agree with it in actual technical operation.

That's why they keep saying "in principle". You're reading but not comprehending. I am ok with completely free speech "in principle", but in reality, I dislike the idea that someone can shout racial slurs in a public place. Linode is ok with tor in principle, but unfortunately, in practice, it can cause problems.

@tor_zealot:

The phrase "you are responsible for all traffic transmitted by your server" is ludicrous to many degrees, particularly in relation to TOR, because there is no way to control a TOR users intentions.

It doesn't matter if you run tor, apache, an open mail relay, or an NTP server. Your outbound traffic is your responsibility. How is this hard to grasp? Nobody is forcing you to run a tor exit relay. If you chose to run software, you accept the responsibilities for what that software does.

@tor_zealot:

You can't say "I agree with TOR in principle" but then complain when garbage traffic comes out of it

Again, you fail to understand what "in principle" means.

Well obviously it's off, now. I've totally canceled my account and moved all services away from the linode network – rackspace cloud is working very nicely indeed! :)

My main point here is that linode is entirely backwards and hypocritical in their traffic monitoring policy and abuse response. I did everything I could to filter traffic to better suit their requests, but in the end it came down to unreasonable requests on their behalf that would be impossible for any TOR node operator or networking god.

When it comes to trivial complaints that are false alarms I would hope my hosting company would respond accordingly. This may seem a silly issue to some, but if you were a citizen of Pakistan, Iran, Libya, etc. and TOR was the only thing standing between your ability to communicate, and having the government bust down your door and shoot you in the face, you might feel less concerned about somebody sneaking some torrent traffic through TOR to get the latest House MD episode.

There are very many legit uses for TOR. In that I believe in freedom and privacy for all I can accept such things can occasionally be used for less than pious purposes.

It may be cliche, but let's all remember:

"Those who give up their liberty for more security neither deserve liberty nor security." --Benjamin Franklin

@tor_zealot:

"Those who give up their liberty for more security neither deserve liberty nor security." –Benjamin Franklin

What about companies that get put out of business by the DMCA because some shmuck decided to violate their ToS?

My money says that Rackspace does exactly the same thing.

@tor_zealot:

I did everything I could to filter traffic
And again: if you can't do enough, it's same as you can't filter traffic. What you could and what not - doesn't matter.

@tor_zealot:

if you were a citizen of Pakistan, Iran, Libya, etc. and TOR was the only thing standing between your ability to communicate, and having the government bust down your door and shoot you in the face
Are you 17 years old? Your node was used to download "House MD" and other copyrighted crap. If you want to play in politic games, want to work for somebody's freedom - be ready to spend big moneys and large amount of nerves. And using VPS for this games - it's ridiculous.

We'll certainly see. But neither linode, nor I, was in any threat of being taken down by the DMCA, or any other legal power. Seriously guys, read the legalese provided by the TOR project and you'll better understand this. We don't all need to run scared because something says DMCA on it. Chill out.

I'm always very suspicious when people wish to remain "anonymous" on the internet and they assume - incorrectly - that it's their "right" to have privacy online.

I do question why people go to such lengths to try to hide their activity…

I'm surprised that Linode allow TOR nodes at all - it's not worth the hassle for them. I think their support staff were very professional in dealing with you.

@Mr Nod:

I'm always very suspicious when people wish to remain "anonymous" on the internet and they assume - incorrectly - that it's their "right" to have privacy online.

I do question why people go to such lengths to try to hide their activity…

You're right, we should question anyone who seeks privacy – as we all know the desire for privacy is a default admittance of guilt of some atrocious crime. We should round up all these people seeking this whole "privacy" thing and put them in some sort of concentration camp, or prison, or just shoot them and be done with it…

Oh wait! There are actually many 3rd world countries already do that! I highly suggest you move to one of those countries. Freedom and privacy are HUGELY over-rated.

PS. Just an idea, but you might want to read up on the 9th amendment some time. It's good reading.

@vonskippy:

@neo:

Does the law require Linode to assume every DMCA take down notice they receive is legitimate and not bogus and/or fake?
The law is whatever your lawyer can prove in court. Right or wrong has nothing to do with it.
And how is this relevant to the question I asked?

@tor_zealot:

read the legalese provided by the TOR project and you'll better understand this.

Bwahahahahahahahahahahaha.

Wake up snowflake. Words on a piece of paper are just that, words. Until a judge rules on them they don't mean squat (and even then, unless it travels up the judicial food chain, it still might not mean squat).

Go sit in a federal court session for a afternoon and see how the real world operates.

It's not LINODE's job to pay for a ruling on that pie-in-the-sky crap that TOR is spewing out.

tor_zealot, one thing I would agree about with many posters here, is that ultimately you can not expect Linode to fight this for you. What you should have done is created official response to take down notice, asking them to provide specific links to copyrighted material stored on your site, and then ask Linode to relay your response. In other words, this is between you and the morons sending take down notices, Linode is just caught in the middle.

@neo:

tor_zealot, one thing I would agree about with many posters here, is that ultimately you can not expect Linode to fight this for you. What you should have done is created official response to take down notice, asking them to provide specific links to copyrighted material stored on your site, and then ask Linode to relay your response. In other words, this is between you and the morons sending take down notices, Linode is just caught in the middle.

That's a very fair point. But where the interaction with linode primarily began to degrade was their unwillingness to see that agreeing with "principle" and allowing it's actual "technical operation" are mutually exclusive in this case. I don't care about linodes "principles," I care about what I can and cannot run via their service, in parameters provided by them to me. I was more than happy to comply with any changes that needed to be made to my exit node policy, but when they simply come back with "block all malicious/illegal traffic or shut off your TOR node" that's a simple ridiculous response. More-over telling me that I (or even they) are responsible for traffic that did not originate in their network, but was merely relayed through their network, is utterly absurd technically and legally. Through the discourse I at times probably came off as arrogant and slightly rude, but their unwillingness to assist in an actual technical rectification of their complaint was beyond frustrating.

It's quite clear that linode is at odds with their own legal and technical staff, and I'm just not convinced that either parties understand well enough the concepts at play. But since I'm no longer a customer it's really up to the rest of you to decide.

Linode offers a pretty good, solid service, but they clearly fail in many other areas.

@tor_zealot:

If it is in Linodes policy that running a Tor node is ok, Linode is accepting the total roll of the dice that some of the traffic that will comes out of it is legit, and some of it won't be.

In closing I'll just say I am terribly disappointed in how your customer and technical service representatives have chosen to blindly handle this situation. Instead of offering any assistance in how I might better adhere to impossible technical standards I have just been given copy/pasted TOS crap that didn't apply to me in the first place, and obviously made no sense to the person who found it in the first place. Total fail, guys. Game over.

I think you ought to actually read what the ToS says about Tor in particular. It's quite clearly written to be along the lines of "while we don't specifically forbid you to run a Tor exit node, you pretty much can't because the traffic from it will keep violating our terms of service all the time":

> Linode does not prohibit the use of distributed, peer to peer network services such as Tor, nor does Linode routinely monitor the network communications of customer Linodes as a normal business practice. However, customers are responsible for the contents of network traffic exiting their Linode. Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.

Simply, Linode is not the right place to host your Tor services.

@hawk7000:

Simply, Linode is not the right place to host your Tor services.

That much is clear, though that's certainly at odds with the claims of the linode technical staff in the original post, claiming "we do have other customers that successfully operate Tor exit nodes and do not generate complaints."

It would be awesome if any of these such customers could chime in with their experience… Is this true?

@tor_zealot:

That much is clear, though that's certainly at odds with the claims of the linode technical staff in the original post, claiming "we do have other customers that successfully operate Tor exit nodes and do not generate complaints."

It would be awesome if any of these such customers could chime in with their experience… Is this true?

If there are any such customers, they probably have extremely restrictive exit policies. Even if you disallow everything except port 80, your exit node can still post spam comments on other people's sites. Maybe they're using a firewall to block everything except a few specific sites? (Wikipedia would be OK, for example, because they already disallow anonymous edits from Tor IPs.) Or maybe it's just a matter of luck that they haven't generated a complaint yet.

Anyway, as you have now realized, Linode isn't a good place to run a Tor exit node. This has nothing to do with the law or morality; it is simply a matter of costs and benefits. If it takes 5 minutes to process a DMCA complaint and check if it has any merits, and if the employee who does the checking gets paid at least $60 per hour, and if you get at least 1 complaint per week, you're already costing more than the prince of a Linode 512 per month.

Also, if the content owner gets frustrated after sending a few DMCA notices and decides to sue, it can cost Linode a thousand times that (in attorney's fees) even if the lawsuit turns out to have no merit. EFF has lawyers, and they're actually looking for lawsuits to test their claims, so they can show their letter around. But most small businesses cannot afford to go anywhere near a lawsuit. The price of a Linode would go up for everyone if Linode routinely risked lawsuits, and VPS is a very competitive market. It's as simple as that. People love privacy "in principle", but how much money it's worth is a different question.

As I said in a previous comment, the only way you can safely run a Tor exit node is with your own colocated server and your own IP block. See this site for hints. FormlessNetworking runs dozens of Tor exit nodes using their own IP block. Good luck with Rackspace; I doubt that their policies are any different from Linode's when it comes to Tor exit nodes.

@hybinet:

Good luck with Rackspace; I doubt that their policies are any different from Linode's when it comes to Tor exit nodes.

It seems from a quick scout that Rackspace's policy is the same, as noted in Tor's own ISP guide. Friendly in principle, but they'll kick you to the kerb if DMCA's keep coming.

@tor_zealot:

That's a very fair point. But where the interaction with linode primarily began to degrade was their unwillingness to see that agreeing with "principle" and allowing it's actual "technical operation" are mutually exclusive in this case. I don't care about linodes "principles," I care about what I can and cannot run via their service, in parameters provided by them to me. I was more than happy to comply with any changes that needed to be made to my exit node policy, but when they simply come back with "block all malicious/illegal traffic or shut off your TOR node" that's a simple ridiculous response. More-over telling me that I (or even they) are responsible for traffic that did not originate in their network, but was merely relayed through their network, is utterly absurd technically and legally. Through the discourse I at times probably came off as arrogant and slightly rude, but their unwillingness to assist in an actual technical rectification of their complaint was beyond frustrating.

A couple of points:

a) Its an unmanaged service, $20 or even $40 a month is not going to pay for technical services for a service you are choosing to run. In simple words, its your problem to stop the offending content from going through which is causing both DCMA and abuse reports to be sent to Linode for the IP assigned to your node.

b) You, as a Tor end point, are not a "service provider". You can quote, reference, cite all day long what the Tor group put on their web site regarding the legality and legal responsibility of a Tor end-point operator, but that doesn't make it universally correct or necessarily even factual. The only opinion that is going to count is a court's opinion and that can very greatly depending on the jurisdiction.

c) Linode had no problem with you running a Tor end point until they started receiving DCMA and abuse reports filed against the IP address assigned to you. You really thought that was alright? You really expected them to ignore them? They have legal obligations under the DCMA and I would imagine the datacenters at which they are located in also have certain requirements regarding abuse.

d) Regardless of your own moral beliefs, quite bluntly, you violated the terms of service that you agreed to upon signing up for the service. Because they did not agree with you it seems you like to think they were uncooperative, unhelpful and generally a bad service provider but it seems this went on for over a week with multiple abuse reports. Many providers would have just shut you down far earlier and in truth, personally, I believe that is what Linode should have done as well based on your attitude.

e) You've already decided to leave Linode and now you're posting in their forums, after the fact, wanting to complain about Linode? Isn't that just simply trolling? Its not like you're on the second or third abuse complaint asking for configuration help with Tor.

I personally think Tor ought to be banned outright on Linode. That's not a statement against free speech or even not wanting to help individuals that are in areas where free speech is prohibited. Tor, as designed, simply provides a mechanism that is too often and too easily used for abuse and other illegal activities that I don't really support and causes way more trouble as demonstrated by this thread than the good it actually does provide.

@TygerTyger:

Tor's own ISP guide

Interesting. Here's the link if anyone else also wants to know.

@tor_zealot:

We'll certainly see. But neither linode, nor I, was in any threat of being taken down by the DMCA, or any other legal power. Seriously guys, read the legalese provided by the TOR project and you'll better understand this. We don't all need to run scared because something says DMCA on it. Chill out.

Have you ever even read the DMCA? The comments you are making lead me to believe that you have not or have quite a few misunderstandings about what it does and does not do.

From Linode Terms of Service:

> Transmission, distribution, or storage of any information, data or material in violation of United States or state regulation or law, or by the common law, is prohibited.

Case closed.

Also, the world is powered by money, and MPAA, RIAA and similar assholes have tons of it. More than enough to lobby the feds or whoever raid Linode datacenters. Which then puts all of us, Linode customers, at risk of losing our data and service.

Thanks for taking your ideological battle elsewhere.

First off, this issue did not go on over a period of weeks, but a period of several days, I did all I could to promptly put new rules in place to avoid their claimed infractions – perhaps such a short time period means I dramatically over-reacted. But no matter how trivial most people would like to think this matter is, it is at the crux of the issue of personal privacy and how our private informations is becoming increasingly more public every day.

I'm not trying to simply troll, I'm merely bringing what I believe is a very valid point to the linode customer base. I'm not trying to get everyone to cancel their service just because of my personal principles, but instead want people to simply question if linode's policies are truly well founded technically and legally, and if they truly have the respect for privacy they claim to hold in such high regard. The issue of on-line privacy is becoming an increasing fragile issue in today's world, and if every network operator simply throws up their hands in dismay when ever they receive a legal notice that may or may not be valid the internet will cease to be the open platform it is today, and become an increasingly restricted ecosystem.

Though I did not react as if the sky was falling because of a stupid DMCA notice, I in no way ignored the issue, or told them I flat out didn't care -- I personally did everything I could to adhere to their TOS, researched any and all ways to mitigate malicious and illegal traffic, promptly put such traffic filtering rules in place, and went one step further to request if I missed some networking magic that exists, and to please bring it to my attention. What's more, I never at any given point came anywhere close to violating the DMCA -- simply receiving a notice is not proof of infringement. Ultimately I wanted to believe their public statement that operating a TOR exit node was acceptable, but it very quickly became clear that the actual operation of an exit node inherently offends their "principles" and otherwise violated a vague and contradictory TOS.

If you enjoy your linode service and find it a good value I encourage you all to continue using them as your VPS provider. However, if you are passionate about internet privacy I encourage you to contact Linode with your concerns about how they handle these matters.

@tor_zealot:

I personally did everything I could to adhere to their TOS

Except disabling your tor exit node. By your admission, your tor exit node was bound to generate questionable traffic. By Linode's ToS, such traffic was unacceptable. Thus, the only solution is to stop running an exit node.

My question is: why did you not simply switch from a tor exit node to a relay? Then you could help support your beloved internet privacy, and immediately solve all problems with everyone.

@tor_zealot:

But no matter how trivial most people would like to think this matter is, it is at the crux of the issue of personal privacy and how our private informations is becoming increasingly more public every day.

Perhaps it is. But this is not the place to prove that point, not when your actions are putting every other Linode customer at risk.

@tor_zealot:

I personally did everything I could to adhere to their TOS,

No you didn't. You said earlier:

@tor_zealot:

More-over telling me that I (or even they) are responsible for traffic that did not originate in their network, but was merely relayed through their network, is utterly absurd technically and legally.

This clearly shows that you either did not read Linode TOS or don't understand it. The part from the TOS I quoted earlier includes TRANSMISSION. Operating a TOR exit node that transmits illegal content (including what appears as Wordpress hacking attempt to promote child porn) is in violation of the TOS.

Your concerns about overall privacy on the Net may be valid, but let's be honest. Human nature is what it is. Any opportunity to operate on the Net anonymously and without the risk of being caught WILL (by statistical certainty) result with abuse. Across all protocols and ports, from p2p, http, smtp, pop3, imap, you name it. And to prevent that you'd have to shut down port by port effectively rendering your node useless.

@tor_zealot:

What's more, I never at any given point came anywhere close to violating the DMCA – simply receiving a notice is not proof of infringement.

That is irrelevant. Linode HAS to respond to DMCA notices, has to inform you and has the obligation to shut down your server if the notices persist. If you think that is unfair, you're welcome to file anti-DMCA claim and even sue whoever is (wrongly) accusing you.

Which is not Linode. They're just protecting their business and doing so, they're protecting our business.

@akerl:

My question is: why did you not simply switch from a tor exit node to a relay? Then you could help support your beloved internet privacy, and immediately solve all problems with everyone.

Actually that's an awesome question that cuts nicely into the heart of the matter! Initially I just kept running it as an exit node simply because:

A.) The technical staff told me they had others that ran exit nodes on their network without complaints.

B.) There are fewer exit nodes in the US, so I wanted to help build a better geographic dispersal of exit nodes.

While changing it to a relay certainly would be a perfectly valid solution to mitigate the false-positive DMCA notices, etc. But my point about the technical operation of the TOR network would still stand – the exact same malicious / illegal traffic that they were complaining about would still be "transmitting" out my IP and through their network, they just wouldn't know as much about it.

So that's the big issue right there: "evil" traffic travels through not just the TOR network, but virtually every ISP and data center in the world, all day, every day. But in this case, instead of spending their time sending complaints to the actual people who are the real source of the traffic (the people bittorrenting House, or the retarded script kiddies), they harass me about it, as if there was something I could really do about it, as if I was in any way responsible. Instead of threatening to take my server off-line because they don't like complaints about traffic that travels through TOR, maybe they could spend more time and effort locating the real problem, or even just be willing to work with me in actually trying to build a better TOR exit node policy, as I do have fairly advanced networking knowledge. OR they could just be up front and change their TOS to read "You absolutely can't run a TOR exit node on our network because we've already submitted to strong-arm lawyers that aren't even going to sue us over this anyway."

@hybinet:

@TygerTyger:

Tor's own ISP guide
Interesting. Here's the link if anyone else also wants to know.
Here is another list.

Interestingly, they list a few US hosting providers which allow running TOR exit nodes pretty much unconditionally. This basically disproves the theory presented here that hosting provider has no choice but to comply with any DMCA take down notice, irrespective of validity. I have no experience in this matter, but I guess these hosting providers simply send some standardized "get lost" reply to DMCA take down notices after verifying these notices refer to TOR exit nodes and not some stored material. Because contrary to what most people here seem to believe, no one was ever sued for running TOR node (including exit node) or any other similar service. And if I had to guess why overzealous RIAA/MPAA lawyers never sued anyone over this, I would guess that EFF lawyers are probably right when they say this activity is completely legal under current US law (unlike hosting copyrighted material without permission of copyright owner).

So, if other US hosting providers can do it, why not Linode?

@neo:

@hybinet:

@TygerTyger:

Tor's own ISP guide
Interesting. Here's the link if anyone else also wants to know.
Here is another list.

Interestingly, they list a few US hosting providers which allow running TOR exit nodes pretty much unconditionally. This basically disproves the theory presented here that hosting provider has no choice but to comply with any DMCA take down notice, irrespective of validity. I have no experience in this matter, but I guess these hosting providers simply send some standardized "get lost" reply to DMCA take down notices after verifying these notices refer to TOR exit nodes and not some stored material. Because contrary to what most people here seem to believe, no one was ever sued for running TOR node (including exit node) or any other similar service. And if I had to guess why overzealous RIAA/MPAA lawyers never sued anyone over this, I would guess that EFF lawyers are probably right when they say this activity is completely legal under current US law (unlike hosting copyrighted material without permission of copyright owner).

So, if other US hosting providers can do it, why not Linode?

Thank you. :)

Have either one of you actually read the DMCA laws, or at the very least the Wikipedia entries regarding the subject? If you do, you should be able to answer your own questions.

@AVonGauss:

Have either one of you actually read the DMCA laws, or at the very least the Wikipedia entries regarding the subject? If you do, you should be able to answer your own questions.
Have you actually read [insert something] on this subject?

If you do, you should be able to understand my position.

See how this way of having a discussion works?

Like it?

Or, in this specific case it clearly (for the most part) spells out a provider's obligation in this situation to prevent them from becoming a target themselves.

@AVonGauss:

Or, in this specific case it clearly (for the most part) spells out a provider's obligation in this situation to prevent them from becoming a target themselves.

Linode was in no risk of being a target of legal action – your, and their, assumption was simply submitting to the FUD that the MPAA/RIAA has tried to instill in the American public, but failed to actually fully and successfully follow through on in any court system. Seriously, I've worked for an ISP and seen the exact process from beginning to end. Don't worry guys, no matter how many DMCA notices Linode gets nobody is going to break down their doors and shut off all their servers.

This may shock you, but you don't need to be guilty to be taken to court. The fact that technically, you and Linode are not liable for your tor exit traffic doesn't mean that someone who is determined enough couldn't drag Linode into court and whatnot.

@tor_zealot:

Linode was in no risk of being a target of legal action …
This is just your opinion, and I have a suspicion that you are not a lawyer. You go on to say: "… but failed to actually fully and successfully follow through on in any court system." – clearly showing that there is indeed some risk of Linode being dragged into court as the *AA and others continue with their litigious activities. When you go on to say "Don't worry guys, no matter how many DMCA notices Linode gets nobody is going to break down their doors and shut off all their servers.", you obviously haven't been following the news lately.

@tor_zealot:

I've totally canceled my account and moved all services away from the linode network
And yet you're still here blathering on.

Shoo, move along now, shoo.

@tor_zealot:

Linode was in no risk of being a target of legal action – your, and their, assumption was simply submitting to the FUD that the MPAA/RIAA has tried to instill in the American public, but failed to actually fully and successfully follow through on in any court system. Seriously, I've worked for an ISP and seen the exact process from beginning to end. Don't worry guys, no matter how many DMCA notices Linode gets nobody is going to break down their doors and shut off all their servers.

Let's set the somewhat undecided issue of copyright infringement aside… The issue of network abuse still exists (blog comment spam), which means you were certainly in violation of the ToS.

@vonskippy:

Shoo, move along now, shoo.
Yeah, let's stick a fork in this one – it's done.

Seriously, guys – I, nor linode, was responsible for torrenting anything or spaming anyone's wordpress page. Certainly this issue has been well written off by those unwilling to do the research. When ever anybody hears about somebody being taken to court for running a TOR node please let me know directly -- I would be greatly interested in hearing about how that turns out.

@tor_zealot:

Seriously, guys – I, nor linode, was responsible for torrenting anything or spaming anyone's wordpress page. Certainly this issue has been well written off by those unwilling to do the research.

Seriously, @tor_zealot, I think it has been made clear enough that the issue has nothing to do with who torrented a movie or who spammed a blog. Of course it wasn't you, we know that. But the fact of the matter is that Linode doesn't want to get involved with anybody whose IP address keeps getting mentioned in DMCA complaints, regardless of who did it. This, too, has been made plenty clear.

You have every right to disagree with Linode's policy, but Linode also has the right to refuse to do business with you. A company has the right to refuse business with anybody for any reason whatsoever. It doesn't need to be legally necessary or anything like that. If they want to kick you out because they don't like the color of your eyelashes, they can do so. Likewise, if you hate Linode because you don't like the font in the logo, you can do so.

@tor_zealot:

When ever anybody hears about somebody being taken to court for running a TOR node please let me know directly – I would be greatly interested in hearing about how that turns out.

The very fact that no clear precedent exists with respect to Tor might be considered a good reason, at least for some people, to stay clear of it altogether. Again, you might disagree. But different people and different businesses have different priorities and different standards of risk-taking, and what seems unreasonable to you might be the most natural thing to do for other people. Law is a complicated and very expensive thing. It's not unreasonable to stay far, far away from it, even if there is no chance of losing a lawsuit.

Get yourself some fucking toleration. There are thousands of hosts out there. Find a host that offers what you want. Leave alone those who don't agree with you.

@tor_zealot:

Seriously, guys – I, nor linode, was responsible for torrenting anything or spaming anyone's wordpress page. Certainly this issue has been well written off by those unwilling to do the research. When ever anybody hears about somebody being taken to court for running a TOR node please let me know directly -- I would be greatly interested in hearing about how that turns out.

No, you're just not getting it, you're trying to express your opinion as fact or as a legal opinion which it is not. Any provider, including Linode, must pass along DMCA information or become potentially liable themselves. As far as the abuse relating to child pornography, are you really trying to defend that?

You don't get it, and you're not listening, which means this is just trolling.

As far as responsibility regarding the DMCA complaints, if you really felt the conviction you are expressing in the forums you would have followed the long established procedure of responding to the DMCA requests in a normal and professional manner. Instead, you want the provider of an unmanaged service to deal with your irresponsibility and try to justify your actions. For what, $20 a month? Really?

@hybinet:

You have every right to disagree with Linode's policy, but Linode also has the right to refuse to do business with you. A company has the right to refuse business with anybody for any reason whatsoever. It doesn't need to be legally necessary or anything like that. If they want to kick you out because they don't like the color of your eyelashes, they can do so. Likewise, if you hate Linode because you don't like the font in the logo, you can do so.

Linode disagrees with their own policy! They say TOR is alright, but then harass people when it's in use. The primary issue here is not how they offended my personal principles regarding internet freedom and privacy. What I'm actually taking issue with is the fact that Linode CLAIMS one thing, then ACTS entirely opposite to that claim. They market directly to a demographic of the open source community that is most often foremost concerned with with matters of personal privacy and liberty, but back-peddle when actually faced with the matter.

To be a responsible and honest company they should either change their TOS to say you can't run a TOR node, or provide customers with acceptable parameters in which they can operate their TOR node. But spouting some bullshit about how "we have other customers that run tor nodes and that's ok" but then threatening to turn off my service when I randomly get hit with a false-positive complaint due to running a service THEY SAID I COULD is just flat out poor business practices.

Linode is welcome to set whatever policy they like and then enforce it at their own whim. But being hypocritical about their own policy is an entirely different matter that I believe their customers deserve to know about and seriously consider when they pay linode their own hard earned money.

Like I've said before – linode offers a pretty technically solid service. I was a happy customer before this, and I certainly wouldn't disagree with those who think I may have slightly over-reacted, or was maybe rude/arrogant/[insert negative adjective here]. If you like your service with Linode, by all means keep using it. But on the other hand, if you are one of those Linode customers who does actually care passionately about digital privacy and is disturbed by the implications of the lip service they pay to such matters, I highly encourage you to be critical of their policies, and possibly explore the many other VPS providers out there that show a little more informed legal competence and backbone. That's all…

@tor_zealot:

@hybinet:

You have every right to disagree with Linode's policy, but Linode also has the right to refuse to do business with you. A company has the right to refuse business with anybody for any reason whatsoever. It doesn't need to be legally necessary or anything like that. If they want to kick you out because they don't like the color of your eyelashes, they can do so. Likewise, if you hate Linode because you don't like the font in the logo, you can do so.

Linode disagrees with their own policy! They say TOR is alright, but then harass people when it's in use. The primary issue here is not how they offended my personal principles regarding internet freedom and privacy. What I'm actually taking issue with is the fact that Linode CLAIMS one thing, then ACTS entirely opposite to that claim. They market directly to a demographic of the open source community that is most often foremost concerned with with matters of personal privacy and liberty, but back-peddle when actually faced with the matter.

To be a responsible and honest company they should either change their TOS to say you can't run a TOR node, or provide customers with acceptable parameters in which they can operate their TOR node. But spouting some bullshit about how "we have other customers that run tor nodes and that's ok" but then threatening to turn off my service when I randomly get hit with a false-positive complaint due to running a service THEY SAID I COULD is just flat out poor business practices.

Linode is welcome to set whatever policy they like and then enforce it at their own whim. But being hypocritical about their own policy is an entirely different matter that I believe their customers deserve to know about and seriously consider when they pay linode their own hard earned money.

Like I've said before – linode offers a pretty technically solid service. I was a happy customer before this, and I certainly wouldn't disagree with those who think I may have slightly over-reacted, or was maybe rude/arrogant/[insert negative adjective here]. If you like your service with Linode, by all means keep using it. But on the other hand, if you are one of those Linode customers who does actually care passionately about digital privacy and is disturbed by the implications of the lip service they pay to such matters, I highly encourage you to be critical of their policies, and possibly explore the many other VPS providers out there that show a little more legal competence and backbone. That's all…

They are not hypocritical, they don't prevent any services including TOR from operating on their equipment. However, as expressly stated in their terms of services, once you violated the terms of service by allowing your node to become party to questionable content they required you to take action. It's not bullshit or any other slander you would like to throw out, you were simply unable or unwilling to prevent abuse reports from being routinely filed because YOU decided to run a TOR exit node.

You're not advocating equal rights, freedom of speech or anything even close to the same, just irresponsibility which I am personally glad they they did not accept. It should also be mentioned you decided to leave on your own, at no time did you mention they disrupted your service or took direct action against you. Personally, I think they should have shut you down based on your increasing hostile reactions based on the tickets you decided to post here.

Good luck with Rackspace, but I am personally glad you're gone.

@AVonGauss:

whine

I apologize for offending the delicate sensibilities of the portion of linode's customer base who fails to understand what a private internet proxy is, the legal responsibilities of it's operator within the bounds of technical feasibility, and the inability to control the intentions of said proxies users.

You can sleep soundly knowing as happy you are about my departure, I am equally as satisfied at disassociating myself from a community that believes hallow legal threats trumps personal privacy and liberty.

Good luck, guys. It's been a blast. :)

@tor_zealot:

@AVonGauss:

whine

I apologize for offending the delicate sensibilities of the portion of linode's customer base who fails to understand what a private internet proxy is, the legal responsibilities of it's operator within the bounds of technical feasibility, and the inability to control the intentions of said proxies users.

You can sleep soundly knowing as happy you are about my departure, I am equally as satisfied at disassociating myself from a community that believes hallow legal threats trumps personal privacy and liberty.

Good luck, guys. It's been a blast.

… and even after all the posts, you still don't get it.

@tor_zealot:

What I'm actually taking issue with is the fact that Linode CLAIMS one thing, then ACTS entirely opposite to that claim.

This is total nonsense. Now I'm sure you're just trolling and my vote goes for you to be banned.

Because your flawed logic can be easily extended to include:

• open relay MTAs. So, by your logic, Linode should explicitly prohibit SMTP servers because some people keep open relays either by mistake, ignorance or on purpose.

• IRC clients or servers. Those should be prohibited as well because some people want to control their botnets with it.

• FTP or HTTP servers. These especially, because some people may share illegal content.

• Torrent servers! Linode should ban those, no? Well, I have a torrent service and I'm happy to seed CentOS discs. I do not violate Linode TOS or any law for that matter.

So, do you see the pattern? You're blaming Linode for not explicitly prohibiting TOR while at the same time you totally (and I'd say deliberately) ignore the provisions of the TOS that put the responsibility of your traffic into your hands and prohibit illegal, unlawful content.

@tor_zealot:

Linode disagrees with their own policy! They say TOR is alright, but then harass people when it's in use.
@tor_zealot:

being hypocritical about their own policy
@Linode TOS:

Linode does not prohibit the use of distributed, peer to peer network services such as Tor ….. However ….. Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.
I still have no idea how you could misinterpret this paragraph. According to the TOS, Tor is allowed as long as it does not produce abuse complaints. Is it so difficult to understand what the conditional clause means? According to your definition of hypocrisy, it would be hypocritical for a government to say that you may drive as long as you're not drunk. They must have lied when they said you could drive! But that's absurd.

The TOS also makes it very clear that it doesn't matter who is actually responsible for copyright infringement. As soon as your Tor exit node prompts the receipt of DMCA complaints, you have to shut it down. Notice that the TOS doesn't say anything about the legality of said complaints. As soon as any DMCA complaints are received by Linode, the TOS applies to you.

Linode dealt with your case exactly the way the TOS said it would. The policy might be wrong according to some moral standard, but at least there was nothing "hypocritical" about it.

I run a Tor relay to use my spare bandwidth, but not as an exit node to avoid exactly these problems. I reccomend that you do the same. Linode's ToS and AUP are perfectly clear and not unfair in any way from my PoV. If you disagree, you should probably host elsewhere.

@Brian Puccio:

I run a Tor relay to use my spare bandwidth, but not as an exit node to avoid exactly these problems. I reccomend that you do the same. Linode's ToS and AUP are perfectly clear and not unfair in any way from my PoV. If you disagree, you should probably host elsewhere.
That's awesome. If you're not receiving complaints simply because you're lucky enough not to have "bad traffic" come out your end node, the gamble turned out well for you. On the other hand if you actually have some special way of managing your end-node that you believe is the key to avoiding complaints please share it on this thread so that other (customers that are still with linode) can continue to operate their nodes without harassment – this has been my primary request from the VERY BEGINNING. If there are such operators out there on the linode network tell me what you're doing right and what I did wrong (other than obviously be an asshole, as some would discern), because I certainly didn't just throw a base install of an ubuntu VM up there with a stock torrc file and no iptables rules (please presume that I have real professional networking and systems administration knowledge and experience, and that I'm not a total retard, or 13 years old).

Until I see such technical proof of how a node can be managed as such it still appears to me it's simply a roulette wheel gamble if your end node will generate enough complaints to warrant linode to "take action," or not, regardless of any steps taken by the operator to mitigate the "evil" traffic. This has been my entire point from the beginning -- maybe that doesn't make linode out-right hypocrites, but it certainly doesn't make them up-front and helpful.

From the general consensus it seems people believe I was entirely in the wrong and should take the traffic that comes out of any Tor exit node I run very personally, as if I generated the traffic myself, as if I could in any way stop or stem the tide. But seriously, people, I'm not a retard, so tell me what magic iptable/snort/layer5 filtering rule that's going to stop some jackass from spamming a wordpress site. Then tell me how I'm any more responsible than any other Tor relay/bridge/exit node or even big ISP network operator, such traffic was "transmitted" through. Tell me what I really did wrong other than run a Tor node and do everything I could to stop / mitigate complaints, only to have the linode continually reply with blanket-statement non sequiturs. Otherwise I just assume those that seem so personally offended at my point (as if a few DMCA notices alone were going to shut down Linode's datacenters entirely) simply don't understand both the nature of the internet, let alone privatized proxies, nor the technical and political concepts at play in running and operating the Tor network. I certainly recognize if Linode doesn't posses the pair of balls to be progressive on these matters, and is too afraid of "big bad layers" with their empty threats and deep pockets, it's well within Linode's right to stop the operation of any given piece of software -- I'm just not going to give them my money if they act accordingly (but still welcome other happy customers to continue their service).

PS. my exit node has been running on rackspace cloud for about two weeks with nary a DMCA or malicious traffic complaint. Hell of a lot longer than the 72hrs I made it on the linode network. YMMV

Did you even ready what you quoted? He said he was not running as an exit node in order to avoid the problems you had.

And the general consensus wasn't that you were in the wrong or that you should take it personally, but that you weren't doing enough to comply with the Linode ToS. Doing enough is essentially "don't run an exit node". As many told you before, Linode is in a business to sell virtual hosting, not legal protection services. Whether you believe it to be true or not, that is what you are asking them to do.

Congratulations. Don't say you weren't warned when you do receive complaints or are deactivated.

@carmp3fan:

Did you even ready what you quoted? He said he was not running as an exit node in order to avoid the problems you had.

Totally my bad, I did misread his post. Anyway, that just ties back to my point back on page 2 or so, that the same traffic is still being routed through their network, Linode just isn't getting complaints about it because that's the whole point of Tor relays (not being able to see the contents of the traffic you're passing, which technically gives you less of an ability to filter malicious traffic) – so Linode should just come right out and say: "You can't run an exit node on our network." Problem solved. But it didn't play out that way either because they don't understand the technology they're dealing with, or they're aforementioned hypocrites (as inflammatory an adjective as that may be). I wasn't looking for legal protection, and linode wasn't at real risk of legal action. If you believe otherwise I highly encourage you to research the current legal state of such matters. No party involved, other than the REAL originator of the traffic, was at fault – linode just wanted to hassel me about it, so I'm no longer a customer, and I encourage other similarly minded "internet activists" to do the same. Everyone else, go about your day, don't get upset about my opinions, and don't worry a single moment about the matter. Internet privacy will slowly fade away and it won't matter to you anyway.

@tor_zealot:

so I'm no longer a customer, and
and now it's time to stop trolling.

@OZ:

@tor_zealot:

so I'm no longer a customer, and
and now it's time to stop trolling.
Agreed.

And the winner for the Can't STFU Award goes to…..

tor_zealot

Who just like a bad Mother-in-law, doesn't know when it's time to pack her bags and go home.

@OZ:

@tor_zealot:

so I'm no longer a customer, and
and now it's time to stop trolling.
I'm sorry that you feel a continued discussion qualifies as trolling. My best advice to you is to not read the thread, or anything that offends you. Unless I misunderstood these are public forums, this sub-forum in particular being devoted to customer testimonials, which I certainly have.

Furthermore I find the discussion of this issue a particularly interesting matter, a poignant one to the open source community (who linode markets to), and a few people on here have brought up some really great points on both sides of the coin that I enjoy furthering intelligent discourse. If this is not your intention I suggest perhaps you are "trolling."

I'm not trolling, or at least not trying to; I'm not just generating posts by quoting things from page 2 just to keep the thread at the top of the page. If nobody else has anything to say I assume the thread will slowly drift down the page and be forever forgotten. But you certainly won't see me responding to anyone unless I feel they have at least a somewhat valid point to make that I find interesting. I hope that's alright with everyone – otherwise you can message an admin to have my account disabled because you feel I've been abusive in some way. It's great how these forum systems work.

Actually I'm surprised the thread broke more than a page, I figured it would be ignored. :)

These are examples of what I consider to be trolling posts (posts unrelated to subject of this forum and this thread, designed to provoke flame war):

@OZ:

@tor_zealot:

so I'm no longer a customer, and
and now it's time to stop trolling.

@carmp3fan:

@OZ:

@tor_zealot:

so I'm no longer a customer, and
and now it's time to stop trolling.
Agreed.

@vonskippy:

And the winner for the Can't STFU Award goes to…..

tor_zealot

Who just like a bad Mother-in-law, doesn't know when it's time to pack her bags and go home.

@neo:

These are examples of what I consider to be trolling posts (posts unrelated to subject of this forum and this thread, designed to provoke flame war):

and what would you call your post then? :roll:

Yes, I must have been trolling for agreeing that this thread should die.

@neo

Next time take the blue pill.

I too worry that the actions of a zealot defending a principle will negatively affect my service. I am sympathetic to the pragmatic position Linode has taken. Although this thread appears to have been beaten to death, there might be one worthy observation:

One apparent point of widespread agreement between many posters and indeed, Linode managerment is this:

We are supportive of the notion of protecting privacy, and thus the running of Tor "in theory." But in practice we are not. Like having one's cake and eating it.

Well, talk is cheap.

@xcosi2:

We are supportive of the notion of protecting privacy, and thus the running of Tor "in theory." But in practice we are not. Like having one's cake and eating it.

Well, talk is cheap.

More like "We don't have anything against Tor as itself, but we explicitly forbid any malicious and illegal traffic. So if you are able to magically make your Tor note relay only traffic that's not illegal (in our country of operaton) and not malicious, you're welcome to use it. Otherwise, tough luck for ya.".

As a practical matter, this incident demonstrates that one may not run a Tor exit node on Linode. Maybe Linode should reexamine any statement to the contrary because it is demonstrably disingenuous in light of recent events. Tor, by its nature, will support nefarious activities, just as a toll road will support the transport of stolen property. But we typically would not require the owner of a toll road to inspect the content of every passing vehicle or hold them responsible for illegal commerce. We do value privacy enough sometimes to pay a price for it. I did not read the DMCA legal text closely, but understood it to be analogous. I trust that I will be disabused of any misconceptions. There are certainly legal parallels to the operation of the PSTN: Carriers don't manage content. Wiretaps require court orders. Well, they did at one time in the past - but I digress.

So this is a double-edged sword; any way you handle it, you risk blood:

If Linode wishes to avoid hassles by caving to mild pressure on one side, it might find itself setting a precedent from which we assume that it considers itself responsible for such filtering (and raising such expectations in its customer base) and thus liable for future failures to police traffic. So given the inherent nature of Tor, can we not infer in this context that they are negligent in allowing its use? But if they prohibit it, what else is on the list? Torrent? SMTP? NNTP? IRC? Might they be better served by leaving law enforcement to official law enforcers and cooperating with such agencies when courts require it, but otherwise keeping at an arms length from specific issues? I know, the anonymity is the rub, but the parallels still apply.

Also, consider the specific complaints. To wit, traffic supporting an illegitimate purpose has come out of the Tor network. We consider it impossible to regulate the purposes for which Tor is used. Therefore, isn't the complainant's accusation tantamount to demanding that Linode cooperate in shutting down the Tor network? You can support anonymity in principle and practice, or you can oppose it. But if you want to be neutral…

It might be naive to think that a Linode practice of "just make it go away" is sustainable indefinitely. So Linode finds itself in a tough place, and that's business, cupcake. Does Linode really want to be doing the job of the courts and the police? I wouldn't want to. Ideally, Linode would be "hands off" and our intrepid Tor operator would be assuming responsibility for dealing with the complaints associated with the IP he controls. It's an "unmanaged" service, right? Or is it only unmanaged when it's convenient (or expedient) to be unmanaged?

The applicable guidelines would seem to be found in the Privacy Policy, Section 3(1):

Linode does not disclose customer information to other third parties except where required under applicable state and federal laws for purposes of investigation of criminal complaints, or where required by court order.

Will Linode support me if I become the target of bogus accusations? It's a legitimate question, regardless of the particulars of this recent incident. It goes right to the heart of the question of the day regarding the advisability of using cloud services.

Maybe a tougher stance in terms of adhering to legal procedures and standing with customers might serve Linode's long-term interests better.

@xcosi2:

Maybe a tougher stance in terms of adhering to legal procedures and standing with customers might serve Linode's long-term interests better.

Reasonably written and accurate.

The problem is Linode is stuck in the middle, and either choice they make, comply or dispute, costs them time (which is money) and money (which is money).

The legal system in America, is heavily biased to the rich. Fair and just are just buzz words, rich and powerful are the superior hand in court.

Even a neutral stance by Linode could cost a small fortune, a cost that will either be passed on to all their clients, or cause them to go out of business.

In either instance, I don't care about somebody elses "privacy" enough to jeopardize my VPS vendor of choice. I don't use Linode because they are the Champion of Freedom (or justice or privacy), I use them because they provide a good VPS service at a good price, period.

Political battles are just that, and fighting them inside Linode's business model is neither efficient (you don't have control) and pretty much unreasonable (it's their livelihood you're gambling with).

@rsk:

@xcosi2:

We are supportive of the notion of protecting privacy, and thus the running of Tor "in theory." But in practice we are not. Like having one's cake and eating it.

Well, talk is cheap.
More like "We don't have anything against Tor as itself, but we explicitly forbid any malicious and illegal traffic. So if you are able to magically make your Tor note relay only traffic that's not illegal (in our country of operaton) and not malicious, you're welcome to use it. Otherwise, tough luck for ya.".
Seems accurate to me…

Anyway, I thought I'd poke my nose into this thread (hi, by the way) because a couple years ago when I was with Slicehost, I had pretty much the same experience as the original poster, and they seem to have (or had) similar policies as Linode with respect to Tor. My experience would suggest that a fairly restrictive exit policy can do a lot to cut down on the chance of a Tor node generating a DMCA notice, since I got my notice about a day after starting up my Tor node, but after implementing a restrictive exit policy I've been running it for two years without incident. I wrote a few blog posts at the time that might be useful information for people who are into this sort of thing.

@diazona:

I wrote a few blog posts at the time that might be useful information for people who are into this sort of thing.

In the third post you wrote:
> ExitPolicy accept *:21-23,accept *:53,accept *:80,accept *:110,accept *:143,accept *:443,accept *:992-993,accept *:995,reject :
To a first approximation that's a pretty good policy. I doubt many torrent systems will use those well-known-ports (it is technically possible, but I just can't make myself think this'll ever be wide-spread) so this policy should allow for "good" anonymous communication while blocking torrents. It won't prevent blog-comment-spam, but this is a good start.

Thanks for posting that.

Yeah, that was basically my thought process as well. And like I said, it seems to work pretty well in practice. Good to know the information is useful :D

Many users use common ports for BitTorrent to evade ISP throttling. 1723 is pretty common, since it's PPTP's port (for control anyhow)

@rsk:

@xcosi2:

We are supportive of the notion of protecting privacy, and thus the running of Tor "in theory." But in practice we are not. Like having one's cake and eating it.

Well, talk is cheap.

More like "We don't have anything against Tor as itself, but we explicitly forbid any malicious and illegal traffic. So if you are able to magically make your Tor note relay only traffic that's not illegal (in our country of operaton) and not malicious, you're welcome to use it. Otherwise, tough luck for ya.".
If this was the position of Linode I would agree with it completely. But it is not. If you read what Linode support repeatedly said, the position is very different: we will allow you to do whatever you want as long as we don't receive complaints claiming that what you are doing is illegal.

@neo:

@rsk:

More like "We don't have anything against Tor as itself, but we explicitly forbid any malicious and illegal traffic. So if you are able to magically make your Tor note relay only traffic that's not illegal (in our country of operaton) and not malicious, you're welcome to use it. Otherwise, tough luck for ya.".
If this was the position of Linode I would agree with it completely. But it is not. If you read what Linode support repeatedly said, the position is very different: we will allow you to do whatever you want as long as we don't receive complaints claiming that what you are doing is illegal.
"You can do what ToS allow; when we NOTICE you are breaking them, we'll act.". "Noticing" may be due to a complaint, may be due to investigation who and why chokes a network device with a six-digit number of connections, may be you yourself admitting it on the forums…

@rsk:

"You can do what ToS allow; when we NOTICE you are breaking them, we'll act.". "Noticing" may be due to a complaint, may be due to investigation who and why chokes a network device with a six-digit number of connections, may be you yourself admitting it on the forums…
Linode TOS is the whole problem:
> Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.
In other words, Linode will cancel services if you continue doing something which "prompts the receipt of abuse complaints", not if you "continue to do something illegal". I am not suggesting Linode doesn't have a right to include whatever they want into TOS agreement. I am suggesting this paragraph in Linode TOS agreement is unreasonable and ultimatly not in the best interest of either Linode clients or Linode itself.

@neo:

I am suggesting this paragraph in Linode TOS agreement is unreasonable and ultimatly not in the best interest of either Linode clients or Linode itself.

How is that? The Linode TOS are, I'm sure, crafted by Linode's lawyers to protect Linode. Linode shouldn't be put in the position to play detective and determine if the complaint is valid. Linode appears to pass on the full complaint information to their client. If the complaint is not valid and the client is not doing anything illegal, they (the client) needs to call up their lawyer and have them respond to have the complaints stopped. If the client can't afford a lawyer, they may want to rethink what types of activities they perform on their node (e.g. running a TOR exit node).

If Linode has to get involved in every complaint, beyond forwarding it to the client, Linode's costs go up. If Linode's costs go up, guess who has to pay for it?

@neo:

> Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.
In other words, Linode will cancel services if you continue doing something which "prompts the receipt of abuse complaints", not if you "continue to do something illegal". I am not suggesting Linode doesn't have a right to include whatever they want into TOS agreement. I am suggesting this paragraph in Linode TOS agreement is unreasonable and ultimatly not in the best interest of either Linode clients or Linode itself.

You can argue that clients may prefer that linode fight all their legal battles for them, sure, but how is that policy not in the best interest of linode itself?

Let me boil it down for you. when you get complaints, linode staff have to pass them on. That takes time and therefore money. get more than a couple and linode isn't making money providing you service anymore. If it gets to that point, why would they keep you around as a customer? They're running a VPS business, not a legal charity.

I read as far as your username and gave up on the fact that I knew it was going to be a pointless argument.

@neo:

In other words, Linode will cancel services if you continue doing something which "prompts the receipt of abuse complaints", not if you "continue to do something illegal".

Why didn't you quote the whole paragraph? Here, I'll do it and I'll highlight the parts that explain the "prompts" part:

> Linode does not prohibit the use of distributed, peer to peer network services such as Tor, nor does Linode routinely monitor the network communications of customer Linodes as a normal business practice. However, customers are responsible for the contents of network traffic exiting their Linode. Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.

It means Linode can't know what you're doing unless:

1. They receive a complaint

2. They monitor your service, which probably means deep packet inspection because port number does not prove anything.

And they're not going to monitor because it is pointless, technically very difficult unless you're in business of monitoring traffic and would probably open a privacy violation pandora's box somewhere and somehow, if they did.

So yes, they rely on complaints to act upon. And no, don't twist the words, the TOS prohibits you from doing anything illegal, period.

@glg:

You can argue that clients may prefer that linode fight all their legal battles for them, sure, but how is that policy not in the best interest of linode itself?
Clearly Linode has to look at validity of complaints at least to some standard, otherwise anyone would be able to bring down anyone else's site just by repeatedly sending Linode bogus complains.

And the argument related to this particular case (running TOR node) is that over so many years of operation not a single person or hosting provider was ever sued over running TOR node (including exit nodes). Most probably because this activity is completely legal under current US law, as many prominent lawyers conclude.

Other US hosting providers support running TOR exit nodes. They probably choose to send some standard "get lost" replies to complains related to TOR nodes. And, as I said, none of them (or their customers) was ever sued for running a TOR node (including exit nodes) over many years of operation. If others can do it, why not Linode?

@neo:

Other US hosting providers support running TOR exit nodes.

Then go away. Linode has stated their policy, and that it will not change.

If you want a host that has a ToS other than Linode's, use a different host.

Goodbye, and good riddance.

Now lets let this thread die.

@akerl:

@neo:

Other US hosting providers support running TOR exit nodes.

Then go away. Linode has stated their policy, and that it will not change.

If you want a host that has a ToS other than Linode's, use a different host.

Goodbye, and good riddance.

Now lets let this thread die.
I don't run TOR node and I don't intend to run it. I am having a discussion with other Linode customers in Linode support forum about an issue related to Linode service. If you have no interest in this discussion you are more than welcome to ignore it.

@akerl:

Now lets let this thread die.

agreed. pretty pointless arguing with this kid

@bjl:

@neo:

I am suggesting this paragraph in Linode TOS agreement is unreasonable and ultimatly not in the best interest of either Linode clients or Linode itself.

How is that? The Linode TOS are, I'm sure, crafted by Linode's lawyers to protect Linode. Linode shouldn't be put in the position to play detective and determine if the complaint is valid. Linode appears to pass on the full complaint information to their client. If the complaint is not valid and the client is not doing anything illegal, they (the client) needs to call up their lawyer and have them respond to have the complaints stopped. If the client can't afford a lawyer, they may want to rethink what types of activities they perform on their node (e.g. running a TOR exit node).

If Linode has to get involved in every complaint, beyond forwarding it to the client, Linode's costs go up. If Linode's costs go up, guess who has to pay for it?
Clearly Linode has to look at validity of complaints at least to some standard, otherwise anyone would be able to bring down anyone else's site just by repeatedly sending Linode bogus complains.

@Azathoth:

@neo:

In other words, Linode will cancel services if you continue doing something which "prompts the receipt of abuse complaints", not if you "continue to do something illegal".

Why didn't you quote the whole paragraph? Here, I'll do it and I'll highlight the parts that explain the "prompts" part:

> Linode does not prohibit the use of distributed, peer to peer network services such as Tor, nor does Linode routinely monitor the network communications of customer Linodes as a normal business practice. However, customers are responsible for the contents of network traffic exiting their Linode. Any usage that prompts the receipt of abuse complaints pertaining to violation of United States and/or international copyright law must be promptly discontinued to avoid service cancellation for violation of these terms.

It means Linode can't know what you're doing unless:

1. They receive a complaint

2. They monitor your service, which probably means deep packet inspection because port number does not prove anything.

And they're not going to monitor because it is pointless, technically very difficult unless you're in business of monitoring traffic and would probably open a privacy violation pandora's box somewhere and somehow, if they did.

So yes, they rely on complaints to act upon. And no, don't twist the words, the TOS prohibits you from doing anything illegal, period.
I don't see how the other text in paragraph changes the meaning of the part I quoted. I never suggested Linode should monitor traffic, nor I suggested it should ignore complaints. I suggested it is wrong to treat continued "receipt of abuse complaints" by itself as grounds for termination, unless Linode looked into those complaints at least to some standard and assessed complaints to likely be valid. And Linode probably already does that, otherwise anyone would be able to bring down anyone else's site just by repeatedly sending Linode bogus complaints. So the question is: should Linode start treating complaints about TOR exit nodes as bogus, like other US hosting providers already do?

@neo:

So the question is: should Linode start treating complaints about TOR exit nodes as bogus, like other US hosting providers already do?
What makes you think these complaints are bogus? Running a TOR exit node can cause actual malicious or illegal traffic to exit the Linode instance. Complaints would be bogus if this traffic did not actually exit the Linode.

@Zr40:

@neo:

So the question is: should Linode start treating complaints about TOR exit nodes as bogus, like other US hosting providers already do?
What makes you think these complaints are bogus? Running a TOR exit node can cause actual malicious or illegal traffic to exit the Linode instance. Complaints would be bogus if this traffic did not actually exit the Linode.
The complaint in case of TOR exit node is bogus because according to many prominent lawyers running TOR exit node (with any kind of exit traffic) is completely legal under current US law. This opinion is also strongly supported by the fact that no person or hosting provider was ever sued for running TOR node (including exit node) in many years of operation.

No competent lawyer will say such a claim is bogus until such a claim has been tested in court. At best they'll provide an opinion that they think it is bogus (or so my friendly lawyer tells me:-)).

I feel that a competent prosecutor could easily lay a groundwork for contributory infringement; "one who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another."

The defense would have to argue that it didn't know, but given multiple warnings from the service provider that the exit node had been used to transit infringing traffic then this would be a weak defence; the defendant would have known their resource was being used to assist in copyright infringement, which would also take care of the "safe harbor" provision of the DMCA.

The Sony Betamax defence (other legitimate uses) is also weak, since sites have been taken down in the past or had rulings made against them; the prosecution must merely show that the majority of traffic flowing through the exit node was infringing traffic and that legitimate uses were negligible. Given the size of a typical torrent, that shouldn't be hard!

If I was running linode then I'd not want to take the risk. As a customer of linode I don't want them to take the risk. I believe linode's position is prudent and correct.

I don't know about you, but I am not a lawyer, and I think it would be beyond naive for me to discuss specifics of possible legal arguments. I know that many prominent lawyers say in their opinion TOR exit nodes are completely legal under current US law. I also know no one was ever sued for running TOR exit node over many years of operation.

There is always a risk, regardless of what one chooses to do or not to do. Is the risk in this case grave enough to go the path of alienating (and losing business of) a few customers? Perhaps.

@neo:

many prominent lawyers say in their opinion TOR exit nodes are completely legal under current US law
"citation needed"

> Is the risk in this case grave enough to go the path of alienating (and losing business of) a few customers? Perhaps.
And gaining customers because of reduced risk of being caught up as an innocent bystander in DoS attacks, court rulings against the service provider, etc etc. Hell yes.

@neo:

The complaint in case of TOR exit node is bogus because according to many prominent lawyers running TOR exit node (with any kind of exit traffic) is completely legal under current US law.
TOR might be completely legal, but the outgoing traffic it causes might not be. There is no problem with TOR itself, but there is with the traffic. So I ask again. What makes you think the complaints about the traffic are bogus?

@sweh:

@neo:

many prominent lawyers say in their opinion TOR exit nodes are completely legal under current US law
"citation needed"
Here is TOR legal FAQ written by EFF attorneys:

https://www.torproject.org/eff/tor-legal-faq
> we believe that running a Tor node, including a Tor exit node that allows people to anonymously send and receive traffic, is lawful under U.S. law.
And here is the list of said EFF attorneys:

https://www.eff.org/about/staff

@sweh:

> Is the risk in this case grave enough to go the path of alienating (and losing business of) a few customers? Perhaps.
And gaining customers because of reduced risk of being caught up as an innocent bystander in DoS attacks, court rulings against the service provider, etc etc. Hell yes.
This is just a speculation. I might as well speculate that TOR friendly service will attract people who dislike RIAA/MPAA (probably a majority of US population), people who support privacy and anonymity on the Internet (again, quite a sizable crowd), etc., etc.

@Zr40:

@neo:

The complaint in case of TOR exit node is bogus because according to many prominent lawyers running TOR exit node (with any kind of exit traffic) is completely legal under current US law.
TOR might be completely legal, but the outgoing traffic it causes might not be. There is no problem with TOR itself, but there is with the traffic. So I ask again. What makes you think the complaints about the traffic are bogus?
I am afraid I will have to give you the same answer again. According to many prominent lawyers, running TOR exit node (with any kind of exit traffic) is completely legal under current US law. This opinion is also strongly supported by the fact that no person or hosting provider was ever sued for running TOR node (including exit node) in many years of operation.

In other words, even if some of the node exit traffic is "illegal", the node operator or his hosting provider are not legally liable (again, according to many prominent… you know the drill).

Okay, so you believe that complaints about illegal or malicious traffic are bogus if they originate from your TOR exit node.

If complaints about illegal or malicious traffic were ignored only because they originated from your TOR exit node, you would be able to get the following scenario:

1. Run a TOR exit node on your Linode.

2. You perform illegal or malicious activities yourself, on the same Linode.

3. Linode receives complaints and forwards them to you.

4. You say: "See! I run a TOR exit node!"

5. Linode says: "Oh okay, carry on."

The fact is, the illegal or malicious traffic exits from your Linode. There is nothing wrong with TOR itself, but there is with the traffic it causes.

Here's an analogy for you. There is nothing illegal about knives, but stabbing people with a knife is. Should stabbing with knives be allowed because knives are legal?

@neo:

Here is TOR legal FAQ written by EFF attorneys:

https://www.torproject.org/eff/tor-legal-faq
> we believe that running a Tor node, including a Tor exit node that allows people to anonymously send and receive traffic, is lawful under U.S. law.
And here is the list of said EFF attorneys:

https://www.eff.org/about/staff
I'll believe you when I see RIAA/MPAA lawyers agree with the EFF. I don't doubt that EFF knows what it's doing, but Tor is their pet project so there's a good chance they're biased in favor of it.

Besides, legal opinion is worthless until it has been proven in court. In common-law countries such as the U.S., law is what the judge says it is. So far, no judge has said anything about Tor. This only means that the risk is unknown; it does not mean that there is no risk. In fact, I'd feel a lot more comfortable about Tor if somebody actually got sued and won. Consider the GPL: a lot of people doubted its legal validity until a couple of cases actually went to court and won.

Nobody would have imagined that it was "illegal" (in the sense that it warrants damages in a civil suit) to serve hot coffee without a warning message until that McDonald's lawsuit came along. This is a ridiculously litigious country you live in, and it is not unreasonable for people to be cautious.

@hybinet:

@neo:

Here is TOR legal FAQ written by EFF attorneys:

https://www.torproject.org/eff/tor-legal-faq
> we believe that running a Tor node, including a Tor exit node that allows people to anonymously send and receive traffic, is lawful under U.S. law.
And here is the list of said EFF attorneys:

https://www.eff.org/about/staff
I'll believe you when I see RIAA/MPAA lawyers agree with the EFF. I don't doubt that EFF knows what it's doing, but Tor is their pet project so there's a good chance they're biased in favor of it.

Besides, legal opinion is worthless until it has been proven in court.

Exactly. The keyword from the EFF page is "believe". That belief and a dollar will get you a cup of coffee.

@hybinet:

I'll believe you when I see RIAA/MPAA lawyers agree with the EFF.
Indirectly they already have. By not filing a single lawsuit against any operator (or his hosting provider) for running a TOR exit node in many years of operation.

@neo:

@hybinet:

I'll believe you when I see RIAA/MPAA lawyers agree with the EFF.
Indirectly they already have. By not filing a single lawsuit against any operator (or his hosting provider) for running a TOR exit node in many years of operation.

Sure kid. You feel so certain about this, go start your own TOR friendly host and let us know how it goes.

@glg:

Exactly. The keyword from the EFF page is "believe". That belief and a dollar will get you a cup of coffee.
EFF employs a lot of attorneys, many with very impressive credentials. But at the end of the day, yes, any opinion anyone expresses on any subjects is "just his beliefs".

@glg:

@neo:

@hybinet:

I'll believe you when I see RIAA/MPAA lawyers agree with the EFF.
Indirectly they already have. By not filing a single lawsuit against any operator (or his hosting provider) for running a TOR exit node in many years of operation.

Sure kid. You feel so certain about this, go start your own TOR friendly host and let us know how it goes.
I have no interest in starting my own hosting provider, TOR friendly or otherwise.

May I kindly ask you to refrain from discussing me personally and keep discussion on subject, if at all possible? Thank you very much.

@Zr40:

Okay, so you believe that complaints about illegal or malicious traffic are bogus if they originate from your TOR exit node.

If complaints about illegal or malicious traffic were ignored only because they originated from your TOR exit node, you would be able to get the following scenario:

1. Run a TOR exit node on your Linode.

2. You perform illegal or malicious activities yourself, on the same Linode.

3. Linode receives complaints and forwards them to you.

4. You say: "See! I run a TOR exit node!"

5. Linode says: "Oh okay, carry on."

The fact is, the illegal or malicious traffic exits from your Linode. There is nothing wrong with TOR itself, but there is with the traffic it causes.

Here's an analogy for you. There is nothing illegal about knives, but stabbing people with a knife is. Should stabbing with knives be allowed because knives are legal?
If you perform malicious activities yourself, than you are breaking the law. If you run TOR exit node and malicious traffic comes from TOR node, than you are not breaking the law. There is no contradiction here.

Not only TOR by itself is legal (whatever you think that means), but running TOR exit node (with inevitable outcome that some of the exit traffic will be malicious) is legal too (according to… see above).

@neo:

@sweh:

@neo:

many prominent lawyers say in their opinion TOR exit nodes are completely legal under current US law
"citation needed"
Here is TOR legal FAQ written by EFF attorneys:

https://www.torproject.org/eff/tor-legal-faq
> we believe that running a Tor node, including a Tor exit node that allows people to anonymously send and receive traffic, is lawful under U.S. law.
Ah, note the word "believe". That doesn't mean it's a fact. Funny how I pointed that out earlier.

Also note that this may have the presumption that the traffic is, itself, legal. This is comment on the legality of anonymity, not of facilitating illegal activities.

Also note that the EFF has been on the losing side of many a court case. The EFF attorneys (who need not be lawyers, as it so happens) are frequently wrong. All the way back in 2005 there were questions about how good the EFF were (eg http://www.theregister.co.uk/2005/12/06 … ds_to_die/">http://www.theregister.co.uk/2005/12/06/effneedsto_die/ ). I support the ideas the EFF fight for, but they don't do a very good job and I sure as hell wouldn't trust them unless I had no other choice.

@sweh:

Ah, note the word "believe". That doesn't mean it's a fact. Funny how I pointed that out earlier.
Do you mean to suggest any opinion anyone expresses on any subject could be anything other than "just his beliefs"?

You may be right about EFF attorneys, maybe they aren't good, but I think the fact that overzealous RIAA/MPAA lawyers never sued anyone for running TOR exit node over many years of operation strongly supports opinion of EFF attorneys on this subject.

@neo:

If you perform malicious activities yourself, than you are breaking the law. If you run TOR exit node and malicious traffic comes from TOR node, than you are not breaking the law. There is no contradiction here.

Not only TOR by itself is legal (whatever you think that means), but running TOR exit node (with inevitable outcome that some of the exit traffic will be malicious) is legal too (according to… see above).

What exactly as a TOR exit node operator makes you believe you have any safe harbor protection status? That's just the civil side of the equation, for the criminal side of activities I can almost guarantee you won't be looked upon as an innocent provider.

You can argue ideology all you want, but that doesn't set aside the legal and ethical responsibilities. Think of this way, you own a property containing an abandoned building - if you don't take reasonable means to secure the property you can be liable for activities occurring on that property.

@neo:

@glg:

@neo:

Indirectly they already have. By not filing a single lawsuit against any operator (or his hosting provider) for running a TOR exit node in many years of operation.

Sure kid. You feel so certain about this, go start your own TOR friendly host and let us know how it goes.
I have no interest in starting my own hosting provider, TOR friendly or otherwise.

May I kindly ask you to refrain from discussing me personally and keep discussion on subject, if at all possible? Thank you very much.

As you've been championing TOR and indirectly the "right" to run a TOR exit node for the last 8 pages, glg's comment seems quite on topic and well placed to me.

@AVonGauss:

@neo:

If you perform malicious activities yourself, than you are breaking the law. If you run TOR exit node and malicious traffic comes from TOR node, than you are not breaking the law. There is no contradiction here.

Not only TOR by itself is legal (whatever you think that means), but running TOR exit node (with inevitable outcome that some of the exit traffic will be malicious) is legal too (according to… see above).

What exactly as a TOR exit node operator makes you believe you have any safe harbor protection status? That's just the civil side of the equation, for the criminal side of activities I can almost guarantee you won't be looked upon as an innocent provider.
Once again, combination of these two things make me (not a lawyer) believe that running TOR exit node is legal under current US law:

1) EFF lawyers say so.

2) Overzealous RIAA/MPAA lawyers never sued anyone running TOR exit node over many years of operation.

@AVonGauss:

You can argue ideology all you want, but that doesn't set aside the legal and ethical responsibilities. Think of this way, you own a property containing an abandoned building - if you don't take reasonable means to secure the property you can be liable for activities occurring on that property.
When did I argue any ideology?

@neo:

@sweh:

Ah, note the word "believe". That doesn't mean it's a fact. Funny how I pointed that out earlier.
Do you mean to suggest any opinion anyone expresses on any subject could be anything other than "just his beliefs"?

It means the statement is not a statement of fact, yet you've been pushing it as one. The EFF lawyers are not saying that it's legal to run a Tor node; they're saying they believe it is legal. Many many people have lost in court doing things they believe are legal.

@sweh:

@neo:

@sweh:

Ah, note the word "believe". That doesn't mean it's a fact. Funny how I pointed that out earlier.
Do you mean to suggest any opinion anyone expresses on any subject could be anything other than "just his beliefs"?
It means the statement is not a statement of fact, yet you've been pushing it as one. The EFF lawyers are not saying that it's legal to run a Tor node; they're saying they believe it is legal. Many many people have lost in court doing things they believe are legal.
Whenever EFF lawyers (or anyone else) state anything, they are always stating their beliefs. Adding "I believe" at the beginning of every statement one makes is factually correct but logically redundant.

@neo:

@AVonGauss:

]You can argue ideology all you want, but that doesn't set aside the legal and ethical responsibilities. Think of this way, you own a property containing an abandoned building - if you don't take reasonable means to secure the property you can be liable for activities occurring on that property.
When did I argue any ideology?

When? How about this entire thread? This thread was originally started by a former customer, under the guise of privacy protection, to whine that they were being required by Linode to provide a remedy after Linode received multiple DCMA and abuse complaints about their VPS.

Everything after that is why tor_zealot and yourself believe a person should be able to run a TOR exit node without any responsibility or consideration for traffic and how you believe a service provider should not have any problem with a user doing so. You both are attacking this from different angles, but you both are outright ignoring a service provider's legal obligations and ethical responsibilities in this situation.

@neo:

@sweh:

It means the statement is not a statement of fact, yet you've been pushing it as one. The EFF lawyers are not saying that it's legal to run a Tor node; they're saying they believe it is legal. Many many people have lost in court doing things they believe are legal.
Whenever EFF lawyers (or anyone else) state anything, they are always stating their beliefs. Adding "I believe" at the beginning of every statement one makes is factually correct but logically redundant.
Nope; that's why lawyers nearly always phrase in terms of "belief", because it is not redundant. It evokes different conclusions from the readers mind.

@neo:

running TOR exit node is legal under current US law:
OK, let's say it's legal. But web hosts are under no obligation to allow everything that is legal in their jurisdiction. For example, a nontrivial number of hosts have a blanket ban on adult content, despite the fact that most porn is perfectly legal in most of the developed world. Other hosts (including Linode's Atlanta datacenter) often block IRC, even though there's nothing illegal about IRC. Tor could be in the same category of "potential nuisances" even if it were somehow guaranteed to be legal. Ethical obligations? I don't think so, when there are plenty of other ways you can run a Tor exit node.

If I were a sysadmin working for the adult content industry, I wouldn't complain about any host for not wanting to do business with me. The same applies to Tor. Linode staff has probably seen enough of this thread by now. It's their servers, so let them decide.

@AVonGauss:

@neo:

@AVonGauss:

]You can argue ideology all you want, but that doesn't set aside the legal and ethical responsibilities. Think of this way, you own a property containing an abandoned building - if you don't take reasonable means to secure the property you can be liable for activities occurring on that property.
When did I argue any ideology?

When? How about this entire thread? This thread was originally started by a former customer, under the guise of privacy protection, to whine that they were being required by Linode to provide a remedy after Linode received multiple DCMA and abuse complaints about their VPS.

Everything after that is why tor_zealot and yourself believe a person should be able to run a TOR exit node without any responsibility or consideration for traffic and how you believe a service provider should not have any problem with a user doing so. You both are attacking this from different angles, but you both are outright ignoring a service provider's legal obligations and ethical responsibilities in this situation.
I argued that running TOR node does not seem to be illegal under current US law. I never stated my opinion of this law. For all you know I might be bitterly opposed to any laws which allow any kind of privacy and anonymity on the Internet. Assessment of law applicability and approval or disapproval of the law are two unrelated subjects.

So, once again, when did I argue any ideology?

@sweh:

It evokes different conclusions from the readers mind.
This is actually a statement I agree with. It does indeed evoke different conclusions from a lot of readers' minds. You just demonstrated this personally, so it's hard to argue with that.

Still, explicitly adding "I believe" to any statement by any person on any subject does not change semantics of the statement because any such statement is by definition an expression of opinion and so implicit "I believe" is always present.

@neo:

Still, explicitly adding "I believe" to any statement by any person on any subject does not change semantics of the statement
"semantics of the statement" ? Are you just throwing words together now?

> because any such statement is by definition an expression of opinion and so implicit "I believe" is always present.
Nope. "I've been a linode customer for 'n' years" is a statement of fact; "1+1=2" is a statement of fact; "EFF has been wrong on a number of legal arguments" is a statement of fact; "Neo believes Tor is legal" appears to be a fact based on your writings but that's just my opinion; "I believe Neo believed Tor is legal" is a matter of fact"; "Tor is legal" is an opinion.

Spot the difference.

@neo:

Whenever EFF lawyers (or anyone else) state anything, they are always stating their beliefs. Adding "I believe" at the beginning of every statement one makes is factually correct but logically redundant.

Wrong! If there was any case law to back this up, they wouldn't be saying "We believe Tor is legal" at all. They'd be saying "under current case law, Tor has been held to be legal". There is a big difference between those two statements.

The crux of EFF's belief is that a court is going to find that someone who runs a TOR relay is a service provider and therefore gets the same common carrier-level protections that the Verizon's and AT&T's and Level3's and HE's of the world get. This is a long-shot, like much of the crap EFF espouses.

Like sweh, I'm with EFF on many of their ideals, but not the way they go about it or their abysmal success rate.

@sweh:

@neo:

Still, explicitly adding "I believe" to any statement by any person on any subject does not change semantics of the statement
"semantics of the statement" ? Are you just throwing words together now?
I will replace it with a simpler word: "meaning of the statement". Better now?

@sweh:

> because any such statement is by definition an expression of opinion and so implicit "I believe" is always present.
Nope. "I've been a linode customer for 'n' years" is a statement of fact; "1+1=2" is a statement of fact; "EFF has been wrong on a number of legal arguments" is a statement of fact; "Neo believes Tor is legal" appears to be a fact based on your writings but that's just my opinion; "I believe Neo believed Tor is legal" is a matter of fact"; "Tor is legal" is an opinion.

Spot the difference.
There is no semantic (pardon the difficult word) difference. These are all expressions of opinion. There are more reasons to consider valid some of them than the others, but this doesn't make them any less an expression of opinion.

@glg:

@neo:

Whenever EFF lawyers (or anyone else) state anything, they are always stating their beliefs. Adding "I believe" at the beginning of every statement one makes is factually correct but logically redundant.
Wrong! If there was any case law to back this up, they wouldn't be saying "We believe Tor is legal" at all. They'd be saying "under current case law, Tor has been held to be legal". There is a big difference between those two statements.
The two statements you are comparing are very different indeed, but these aren't the statements I was comparing, so I don't see how this contradicts anything I said.

Worth noting is that there is a very very big difference between "running Tor" and "running Tor as an exit node and becoming the source IP address for arbitrary packets." Tor itself is neutral, like eating a sandwich.

There's also a big difference between "illegal" and "in violation of Terms of Service." Internet abuse mitigation is generally a finger-pointing hierarchy, where Linode's providers point to Linode, Linode points to you, and you hopefully make it stop. Repeated finger-pointing on the same issue without positive results gets noticed by the levels above, and the trick to Internet survival is to not be noticed by the Network Abuse Department.

Furthermore, there are very specific procedures for handling various things. Copyright infringement has the DMCA, which is what it is. Criminally illegal stuff goes through its process, with investigations and charges and courtrooms and all that (and THIS is where you're going to want a really good lawyer). Network abuse, like unsolicited bulk e-mail, denial of service attacks, perpetuating annoying forum threads, etc., is entirely different.

In short, it can be as "legal" as apple pie and still be a perfectly valid reason for a provider to show you the door.

@hoopycat:

Tor itself is neutral, like eating a sandwich.
Bad analogies are like leaky screwdrivers.

> This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.

…

ICE later returned the hard drives, warning Mr. King that "this could happen again."
Whole story on the EFF site.

So, do you think tor_zealot will come back to this thread and apologize to all the other linode customers he placed in reckless jeopardy?

Scott Phillips

![](http://tctechcrunch2011.files.wordpress … again1.jpg">http://tctechcrunch2011.files.wordpress.com/2009/07/notthisshit_again1.jpg" />

> After EFF sent a letter, however, ICE confirmed that it hadn't retained any data from the computer and that Mr. King is no longer a person of interest in the investigation.

@vonskippy:

@hoopycat:

Tor itself is neutral, like eating a sandwich.
Bad analogies are like leaky screwdrivers.

I'm sorry, I come from slashdot; can you give me a car analogy?

@neo:

> After EFF sent a letter, however, ICE confirmed that it hadn't retained any data from the computer and that Mr. King is no longer a person of interest in the investigation.

But. They. Took. Away. The. Disks. For. A. Time.

Now imagine this happening in a datacenter… what will they take? A single RAID shelf (40 VPSes)? Whole rack of machines (hundreds of VPSes)? All the disks in the Linode-rented section (tens of thousands of VPSes)?

If you want to risk pissing off the law (even if "undeservedly" as you claim), by running a TOR exit, sure, do it, and suffer the results.

But you have no right to endanger innocent neighbors on the host / in the datacenter.

IMO, a way to run a "safe" TOR node would involve a full packet / protocol inspection, limiting it to HTTP (or HTTPS with a MITM re-cryption so you can inspect), AND detection of spam/exploit/etc HTTP requests (limit in number, detect common attack patterns and known exploit calls).

If you're so very dedicated to help the poor oppressed people in totalitarian countries, who oh-so-need the TOR for "freedom", you'll sure find time to take the effort of doing this.

Otherwise, don't be a kid playing with grenades.

@rsk:

If you want to risk pissing off the law (even if "undeservedly" as you claim), by running a TOR exit, sure, do it, and suffer the results.
You are risking pissing off the law by running a web server. There have been cases when law enforcement (wrongfully) raided homes of people who weren't running much more than a web server. By your logic, this is reason enough for Linode to prohibit running web servers.

I agree the risk is higher if you run TOR exit node. But other US hosting providers have been allowing TOR exit nodes for years without a single incident, probably because they have procedures in place to handle any violation notices properly.

Procedures which might require them to increase their prices to handle the claims. If it's a choice between higher prices and TOR exits allowed vs. no price increase and TOR exits banned…I know what I'm picking.

@neo:

I agree the risk is higher if you run TOR exit node. But other US hosting providers have been allowing TOR exit nodes for years without a single incident, probably because they have procedures in place to handle any violation notices properly.

So why not GO THERE instead of torturing us here?

Gawd, this is getting tedious. How many times do you need to repeat the same arguments?

PRO : There's nothing illegal about Tor exit nodes (or at least that's what EFF says); therefore the risk of criminal prosecution or other adverse consequences is negligible. Therefore, every host should allow Tor exit nodes.

CON : It's still a hassle for Linode to handle the extra DMCA notices, which might cause prices to increase. Also, Tor exit nodes might increase the chance of server seizures and other inconveniences. You'll need to find a host that is willing to take the risk.

CRITICISM of Linode : They said Tor exit nodes were OK, and then hassled me when I actually ran an exit node. Now they're telling me I can run an exit node only if I prevent all abuse, which is virtually impossible. Liars! Hypocrites!

DEFENSE of Linode : This policy might still be more reasonable than a blanket ban on Tor exit nodes. With strict firewalls and close monitoring, it may be possible to run an exit node without running up against Linode's TOS.

Does anybody have anything new to say? If not, stop bumping this thread. Please.

bump

@glg:

bump

thump

@glg:

@neo:

I agree the risk is higher if you run TOR exit node. But other US hosting providers have been allowing TOR exit nodes for years without a single incident, probably because they have procedures in place to handle any violation notices properly.
So why not GO THERE instead of torturing us here?
As I already said:

@neo:

I don't run TOR node and I don't intend to run it. I am having a discussion with other Linode customers in Linode support forum about an issue related to Linode service. If you have no interest in this discussion you are more than welcome to ignore it.

As somebody who's planning to setup a linode in the next few weeks I've read through most of this thread and I'm happy to see that linode offer the level of customer service I'm expecting, they remained polite and professional throughout.

I spent quite a bit of time reading lots of threads (and of course the ToS) before even considering signing up for a linode or joining this forum and I got the the impression their AUP can be summed up by "Do whatever you want as long as it's legal and doesn't create extra work for us" which I think is fair enough. Having to deal with abuse reports and DMCA takedown notices certainly creates more work and doing anything that's obviously going to attract these then taking the "just ignore them" attitude to them doesn't strike me as reasonable.

Tor is a nice idea in theory, just like world peace, but it only works if people don't abuse it which I suspect is what it's mainly used for. I've had a look around the Tor network, checked out some Onion sites and most of them seem to be dedicated to drugs (such as the infamous silk road), the assasins market place (which I doubt has ever really been used), links to what claims to be child porn (which I'm obviously not going to follow), blowing stuff up, piracy, wikileak mirrors and some pages about how important privacy is.

If you want a host that'll ignore abuse emails, DMCA takedown notices, DDoS attacks (to a lesser extent) and let you do whatever you want go to one of the many providers that promote such services.

From what I can see, linode are a business who care about their customers, but they're still here to make money, they're not a political movement and they're doing what's in the interest for the majority of their customers. I doubt many people care what nodes they share a server with as long as those other nodes don't bring the server or provider unwanted attention that could jeopardise their own node.

I'm glad there's people running Tor servers, relays, exit nodes etc. I'm glad there's still people out there who run and support anonymous servers, but I'm not naive enough to think they're just being used to give voices to oppressed people or to allow whistle blowers to act in confidence and because of that I'd rather not share a server or a network with them as they do attract a lot of unwanted attention.

Hi TIA568B, welcome to Linode forum.

Linode technical support is excellent, every time I have an issue I am surprised how fast they answer support tickets and how competent support personnel are.

Regarding TOR exit nodes: ignoring abuse complaints would indeed be a very bad idea for any reputable hosting provider, especially a US based provider like Linode. But there are other US based hosting providers which support TOR exit nodes, and I don't think they are doing this by ignoring abuse complaints. What they probably do is send out standardized reply after they establish the complaint is related to TOR exit node. And judging by the fact that not a single operator or his hosting provider was ever sued for running TOR exit node over many years of operation, this strategy works well enough.

Also, I don't agree that TOR "would only work if people don't abuse it". You could say pretty much the same thing about Internet as a whole, and yet I think you would agree that overall Internet works pretty well despite enormous amount of abuse.

I was about to set up a Tor node on my linode but thought of checking the forums first. Good thing I did that.

Now I'm giving up on that idea, or at least for the time being till(if) I learn how to handle all these problems specially the legal ones.