There is an 18-year-old record (updated in 2008!) about TekSavvy in Canada. The internet was different place back then. This info wouldn’t even relevant anymore as TekSavvy has since taken a business-centric approach in the interest of survival.
This list is fluffed up, without any checking for veracity. GIGO type of situation.
The life of the owner of archive.is is directly threatened by the people they are ineffectively attacking back, so I'm not sure I can really blame them.
The turfing with this topic is strong and needs to be called out. Reliable sources are crucial now more than ever. We cannot tolerate and promote botnets once they are uncovered.
archive.org outright removes large numbers of pages, including political content; archive.is has edited a handful of pages to redact the doxxing of the archive.is owners.
The editing they do in self preservation is understandable, and far less wrong than having to kowtow to political pressure and private influence; archive.org is great, but unreliable in ways that archive.is et al are not. They're both very useful, in complementary ways.
I even think what archive.is did to their detractor was understandable - in poor taste, definitely black hat, don't do stuff like that, immature as hell, but hey, I get the human impulse that led to the bad decision, and I'm not gonna base whether I use the site or not on that.
Thank you for sharing this, I was previously unaware of this table. While I don't plan on running a Tor node on any VPS or residential ISP, an option to do so signals that they value their customers. I will cross reference this table when picking out my next VPS at the very least.
Not to mention, why on earth would I ever operate a TOR relay or exit node on my home internet connection? Maybe if I could guarantee that it could only be used by journalists or political dissidents, but everything else? No.
I don't need the authorities at my door every few weeks wondering why some of the most deplorable internet traffic of all time is coming from my house.
I agree with the concept. I should not be liable for the actions of others. If someone does something nefarious using my exit node (or the free wifi at my coffee shop) then that shouldn't be my responsibility.
After all, I have no way of knowing what they're up to. It may be good or it may be bad; I can't know. (I suppose I can set up a router to discard packets with the RFC 3514 evil bit set, as a show of good faith, but...)
So I think the risk should be low, but that's just, like, my opinion, man. My opinion doesn't mean that the risk is in fact low.
Has the risk of running an exit node ever been tested in court? Many people, myself included, simply can't afford to have that kind of experience even if we're reasonably sure that it will end up OK.
Yes, many times. Once you explain what a Tor exit node is, you can't be convicted of downloading CP or whatever the anonymous user did, because you quite plausibly didn't do it. However, a verdict of innocence only happens after your life was already ruined by the process of getting to that point...
Some countries like Germany have strict liability, where you must pay a fine for any copyright infringement that happens on your connection unless you register yourself as an ISP yourself. If you're not sure, consult a lawyer to make sure you're not in one of those places.
I appreciate the correction. It's been so long since I've looked at tor that I guess I forgot that relay nodes were a thing and conflated the two terms. Or maybe the coffee hadn't started working yet.
So with the correction, I agree completely: Running relay node (a thing that deals only with indecipherably-encrypted anonymized data) is not a meaningful risk.
IP addresses of relays are still known in the network, and IP reputation firms may flag your IP as potentially suspicious. This may or may not cause issues when dealing with orgs that filter based on "known bad IP address" lists. I've had it happen before, where everything was fine until a few days after running a tor relay (not an exit node, just a relay) everything suddenly wanted more verifications I was not a bot, some paid video services started blocking me, and a few other issues. Stopped running the node and later things cleared up.
>"If someone does something nefarious using my exit node (or the free wifi at my coffee shop) then that shouldn't be my responsibility.
Without even getting into the intricacies and ethics of pooling and providing Spartacus communal anonimty. Wouldn't lending tools that are used for a crime being an accessory, or an accomplice, or at least aiding and abetting?
It's even a bit ridiculous, "If someone does something nefarious with my gun, that's not my responsibility" Yes? Yes it is? Maybe that line is used for something more borderline, but that's definitely your responsibility, if you are allowed to do that at all it's only because of the difficulties of legal procedures and the pressumption of innocence, but that doesn't mean that it's ok to redistribute CSAM and leaked data.
It's murky AF, which is why I asked about precedent after stating [and justifying] my own opinion.
Intent has a lot to do with liability.
My intent with my hypothetical coffee shop is not to provide a dark corner for people to do illegal things online; it is instead my intent for smiling patrons to have a free slice of Internet to go with their not-free cup of coffee. It's just a service that I provide, along with a restroom and a place for people to gather. My options for monitoring it are limited, but if I do notice someone doing stuff that's NFG (whether on the internet or in person), then I'll turn off the taps and tell them to leave. They won't be my customer anymore.
That's not so dissimilar to my ISP's intent when they sell me a month of internet access at home. Their monitoring options are very similar: Observation is difficult (brought to you by NordVPN and https), but if they notice something that is definitely nefarious then I'm likely to be getting a sternly-written letter and/or disconnected.
Most people are generally good -- and most coffee shops (around me, anyway) have free wifi.
The precedent here is that it seems to work, and that we don't have a long and storied history of imprisoning owners of coffee shops and ISP networks.
---
Now, if a person were to hang up a sign on the front their coffee shop that says "FREE WIFI! GET YOUR CSAM HERE!" then that's... that's a rather different kind of intent, and in a fair and just world it wouldn't be too long before the person who hung up that sign would behind bars.
I think the hosts that Tor recommends against because there are already so many nodes hosted on them like OVH and Hetzner are perfectly happy with their (quite good) reputations.
I've run a personal mailserver from one of the "Don't use these ASN/Companies because there are already too many tor nodes" VPS hosts for 14 years (and going). They've had excellent service, I never had a problem with my neighbors on the shared hardware, and my mail deliverability rate has been on par with other services. Just one data point for you.
Infomaniak is listed in the France section but it's a swiss company.
There is an 18-year-old record (updated in 2008!) about TekSavvy in Canada. The internet was different place back then. This info wouldn’t even relevant anymore as TekSavvy has since taken a business-centric approach in the interest of survival.
This list is fluffed up, without any checking for veracity. GIGO type of situation.
If you have trouble accessing the site: https://archive.is/MbT8n
I would recommend the Wayback machine archive instead: https://web.archive.org/web/20260306172113/https://community...
Given that archive.is is known to DDOS and alter archives (See all the recent HN posts about them)
The life of the owner of archive.is is directly threatened by the people they are ineffectively attacking back, so I'm not sure I can really blame them.
The turfing with this topic is strong and needs to be called out. Reliable sources are crucial now more than ever. We cannot tolerate and promote botnets once they are uncovered.
I'm perfectly happy to continue using archive.is for so long as it remains functional.
archive.org outright removes large numbers of pages, including political content; archive.is has edited a handful of pages to redact the doxxing of the archive.is owners.
The editing they do in self preservation is understandable, and far less wrong than having to kowtow to political pressure and private influence; archive.org is great, but unreliable in ways that archive.is et al are not. They're both very useful, in complementary ways.
I even think what archive.is did to their detractor was understandable - in poor taste, definitely black hat, don't do stuff like that, immature as hell, but hey, I get the human impulse that led to the bad decision, and I'm not gonna base whether I use the site or not on that.
Or: http://xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2i...
What the fuck is this url
.onion, aka a TOR internal URL. They look like this.
If I ever get a .onion (everyone should have an onion probably) I'll also register the same domain "dot net, it's dot com" just for the lols.
Documentation: https://support.torproject.org/about-tor/onion-services/what...
There are also many web sites that provide an onion address in addition to their clearnet address. For example, the BBC: https://www.bbc.com/news/technology-50150981
And onion urls are a sha hash of i think the private key of the site
They contain the full key now which is why they are longer. Apparently it was necessary to fix the vulnerabilities in the previous version.
Public key obviously, not private.
It's an onion link (TOR).
thanks for rocking our archive site!
Thank you for sharing this, I was previously unaware of this table. While I don't plan on running a Tor node on any VPS or residential ISP, an option to do so signals that they value their customers. I will cross reference this table when picking out my next VPS at the very least.
If you are on the other team, this is also a good list if you want to avoid bad neighbors.
Hosts that don't ban tor nodes probably don't have a great reputation.
Not to mention, why on earth would I ever operate a TOR relay or exit node on my home internet connection? Maybe if I could guarantee that it could only be used by journalists or political dissidents, but everything else? No.
I don't need the authorities at my door every few weeks wondering why some of the most deplorable internet traffic of all time is coming from my house.
Relay nodes don't pose much risk and help mask/blend your own Tor traffic.
Yeah, I've run a relay node without issues for a couple years.
I agree with the concept. I should not be liable for the actions of others. If someone does something nefarious using my exit node (or the free wifi at my coffee shop) then that shouldn't be my responsibility.
After all, I have no way of knowing what they're up to. It may be good or it may be bad; I can't know. (I suppose I can set up a router to discard packets with the RFC 3514 evil bit set, as a show of good faith, but...)
So I think the risk should be low, but that's just, like, my opinion, man. My opinion doesn't mean that the risk is in fact low.
Has the risk of running an exit node ever been tested in court? Many people, myself included, simply can't afford to have that kind of experience even if we're reasonably sure that it will end up OK.
Yes, many times. Once you explain what a Tor exit node is, you can't be convicted of downloading CP or whatever the anonymous user did, because you quite plausibly didn't do it. However, a verdict of innocence only happens after your life was already ruined by the process of getting to that point...
Some countries like Germany have strict liability, where you must pay a fine for any copyright infringement that happens on your connection unless you register yourself as an ISP yourself. If you're not sure, consult a lawyer to make sure you're not in one of those places.
Parent comment was talking about relay nodes, not exit nodes. The risk of running a relay node is essentially zero in a free country.
I appreciate the correction. It's been so long since I've looked at tor that I guess I forgot that relay nodes were a thing and conflated the two terms. Or maybe the coffee hadn't started working yet.
So with the correction, I agree completely: Running relay node (a thing that deals only with indecipherably-encrypted anonymized data) is not a meaningful risk.
IP addresses of relays are still known in the network, and IP reputation firms may flag your IP as potentially suspicious. This may or may not cause issues when dealing with orgs that filter based on "known bad IP address" lists. I've had it happen before, where everything was fine until a few days after running a tor relay (not an exit node, just a relay) everything suddenly wanted more verifications I was not a bot, some paid video services started blocking me, and a few other issues. Stopped running the node and later things cleared up.
>"If someone does something nefarious using my exit node (or the free wifi at my coffee shop) then that shouldn't be my responsibility.
Without even getting into the intricacies and ethics of pooling and providing Spartacus communal anonimty. Wouldn't lending tools that are used for a crime being an accessory, or an accomplice, or at least aiding and abetting?
It's even a bit ridiculous, "If someone does something nefarious with my gun, that's not my responsibility" Yes? Yes it is? Maybe that line is used for something more borderline, but that's definitely your responsibility, if you are allowed to do that at all it's only because of the difficulties of legal procedures and the pressumption of innocence, but that doesn't mean that it's ok to redistribute CSAM and leaked data.
It's murky AF, which is why I asked about precedent after stating [and justifying] my own opinion.
Intent has a lot to do with liability.
My intent with my hypothetical coffee shop is not to provide a dark corner for people to do illegal things online; it is instead my intent for smiling patrons to have a free slice of Internet to go with their not-free cup of coffee. It's just a service that I provide, along with a restroom and a place for people to gather. My options for monitoring it are limited, but if I do notice someone doing stuff that's NFG (whether on the internet or in person), then I'll turn off the taps and tell them to leave. They won't be my customer anymore.
That's not so dissimilar to my ISP's intent when they sell me a month of internet access at home. Their monitoring options are very similar: Observation is difficult (brought to you by NordVPN and https), but if they notice something that is definitely nefarious then I'm likely to be getting a sternly-written letter and/or disconnected.
Most people are generally good -- and most coffee shops (around me, anyway) have free wifi.
The precedent here is that it seems to work, and that we don't have a long and storied history of imprisoning owners of coffee shops and ISP networks.
---
Now, if a person were to hang up a sign on the front their coffee shop that says "FREE WIFI! GET YOUR CSAM HERE!" then that's... that's a rather different kind of intent, and in a fair and just world it wouldn't be too long before the person who hung up that sign would behind bars.
Why is your responsibility for things you didn't do? Providing a road that a bad person drives on is not a crime.
I think the hosts that Tor recommends against because there are already so many nodes hosted on them like OVH and Hetzner are perfectly happy with their (quite good) reputations.
I've run a personal mailserver from one of the "Don't use these ASN/Companies because there are already too many tor nodes" VPS hosts for 14 years (and going). They've had excellent service, I never had a problem with my neighbors on the shared hardware, and my mail deliverability rate has been on par with other services. Just one data point for you.
I see Comcast but no Verizon?
Try it, and report whether you got banned. Much of this list was built by trial and error.
How is Verizon when it comes to Tor?