Jump to content
Not connected, Your IP: 3.81.28.94
6501166996442015

ANSWERED Stop running Tor servers behind AirVPN

Recommended Posts

The Tor infrastructure allows relays to locate the IP of other Tor relays and Tor exit nodes, and along with ports to connect to. But if the exit node is actually an AirVPN server, then the person that is running the Tor exit node must have the connection ports forwarded, and AirVPN has that in their database. No need to scan ports or monitor traffic.

 

Exactly!

 

Kind regards

Share this post


Link to post

 

We are evaluating whether to send a private notification to all AirVPN users that are running a Tor exit node behind one of our servers with a link to this topic.

 

 

 

Instead of sending a PM to the people running Tor exit nodes (which may 'scare' people thinking Air monitors everything which is not the case), why don't you simply email all AirVPN users instead?  An end of the year email that talks about what has changed at AirVPN over the last year, what will happen in 2015, and of course requesting users not run Tor exit nodes?

Share this post


Link to post

Hello!

 

Our apologies, we fixed a little bug in our TOR detection system. Now ipleak.net reports correctly if an IP address is associated to a Tor Exit (exit versus 8.8.8.8).

 

Take for example Pallas, the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175

 

We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that.

 

As of now, just connected, Eddie chose Riguel.

 

ipleak shows:

TOR Exit Node: yes.png Yes

If you don't want to do anything, it's your choice (one that I think could be avoided by simply reserving some servers for TOR), I kindly ask that Eddie includes an option to avoid servers which are TOR exit nodes. I have better use for my time than to chase servers not prone to giving me trouble on half the websites I navigate to. Thank you.

Share this post


Link to post

Some torrent site(s) block TOR, therefore they also block these VPN-servers who are used by someone as TOR exit node too

Share this post


Link to post

I also have to add that selecting about 1/3 of the servers to allow TOR exit nodes but dis-allowing TOR on the other 2/3 would seem like a nice compromise for customers.  Let me add that I do use TOR all the time (even making this post).  I am not running a relay but simply using TOR over VPN, which of course doesn't  apply to this thread.  However; as a general TOR user we need to keep lots of relays available in the TOR system.  I do fully understand both sides of this discussion.  I have often been subjected to the "banning" of access while using TOR.  Its so frustrating!

 

I don't know what the appropriate percentage of servers would be for running relays here.  Since there are 60 servers would say 12-15 be a good number?  Other VPN providers I use restrict some use in certain places, while running wide open in others.  Again, there are two sides to this discussion.  One of the providers blocks P2P in America but allows wide open everywhere else.  Its not a restrictive as it sounds and it keeps thing running smoothly system wide.

 

My two cents.

Share this post


Link to post

I could have easily just edited my previous post.  After reflecting on this issue I sort of would like to reverse my opinion.  I know Air and I share the notion of Net Neutrality and reserving some of the servers actions would in fact compromise that mission.  Its easy to get angry at the banning and blocking, but then you have to properly direct your frustration.

 

A perfect solution would be 100% of internet users are on TOR, and those banning TOR IP's can just go out of business!!  Now there is a plan!!!

Share this post


Link to post

We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that.

 

Maybe people forwarding ports should be required to use a different set of IPs.

 

IP 1:

Out only (default)

 

IP 2:

In only (for port forwarders)

 

IP 3:

In/Out (for port forwarders)

 

Then on the Forwarded Ports control panel there can be a setting to use IP 1+2 or IP 3 since there are pros & cons to either setup.

 

For advanced routing such as using IP 1+2 or 3 depending on hostname, you could add options for that in the control panel too.

 

Or if possible, connect everyone to three 10.x.x.x IPs which are partially numbered to determine which is IP 1/2/3, so advanced routing can be done client side & lessen the amount of information put in a central database.

Share this post


Link to post

Hello!

 

Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.

 

Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.

It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.

 

If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.

If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.

If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.

 

For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".

 

Kind regards

AirVPN Staff

 

 

I completely support and agree with this statement.

 

I can imagine that it is annoying getting blocked all the time by web services on the net because some vpn servers are marked as tor exit nodes. But in my opinion it is not really a solution to ban tor exit nodes behind vpn servers or even reserve a few vpn server for tor exit nodes. We should not discourage people running tor exit nodes, just because some web services or sites blocking tor traffic do not understand the concept of privacy, net neutrality or freedom.

 

In my opinion, banning certain protocols is always the first step to dictatorship and repression and we have definitely to make clear that this is not the right way. I value AirVPN for their firm stand on this.

 

 

 

Hello!

 

Our apologies, we fixed a little bug in our TOR detection system. Now ipleak.net reports correctly if an IP address is associated to a Tor Exit (exit versus 8.8.8.8).

 

Take for example Pallas, the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175

 

We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that.

 

As of now, just connected, Eddie chose Riguel.

 

ipleak shows:

TOR Exit Node: yes.png Yes

If you don't want to do anything, it's your choice (one that I think could be avoided by simply reserving some servers for TOR), I kindly ask that Eddie includes an option to avoid servers which are TOR exit nodes. I have better use for my time than to chase servers not prone to giving me trouble on half the websites I navigate to. Thank you.

 

This sounds like a good compromise - to add some functionality to Eddie allowing users to avoid vpn servers marked as tor exit nodes.

Share this post


Link to post

This sounds like a good compromise - to add some functionality to Eddie allowing users to avoid vpn servers marked as tor exit nodes.

 

"Choice is freedom." I agree with you. Disabled by default, and when you need it, use it.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

...

This sounds like a good compromise - to add some functionality to Eddie allowing users to avoid vpn servers marked as tor exit nodes.

 

Some people use the OpenVPN client as it comes - no "Eddie".

 

As I mentioned above, a while back I suggested that AirVPN indicate on the status page (I meant where all servers are listed) whether a VPN server is being used as a Tor exit node:

 

https://airvpn.org/t...status-display/

 

Share this post


Link to post

I think we should create an e-mail letter to send to the admins of blocked sites... We could ask AirVPN staff to talk to them instead but sometimes it may take a little longer than we want to and if it's sent by members, it will probably have more weight on their decision to unban TOR exit nodes.

 

This e-mail letter would have blank spots, which we'd fill with the site's name in question and our name.. We should raise concerns for privacy and mention that we'll not be using their site unless they unblock.

 

So, can anyone write such a letter and post it here?

Share this post


Link to post

I think we should create an e-mail letter to send to the admins of blocked sites... We could ask AirVPN staff to talk to them instead but sometimes it may take a little longer than we want to and if it's sent by members, it will probably have more weight on their decision to unban TOR exit nodes.

 

This e-mail letter would have blank spots, which we'd fill with the site's name in question and our name.. We should raise concerns for privacy and mention that we'll not be using their site unless they unblock.

 

So, can anyone write such a letter and post it here?

 

If I were such an admin, I'd ignore you. Or at least I'd write you that it's not my problem because I know why I'm blocking users like you. There are always bad apples and I'm trying to defend my network against them even if you say you aren't one.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Unfortunately, emails won't help, I agree with giganerd.

Most admins just use 3d party scripts, that parse Tor related IPs from the Tor directory, and unless they have a good reason,

they won't bother "unbanning" you.

 

Having said that, I think that we can just ask Staff to monitor it from time to time,

and sending notifications to those users.

Like here:

 

http://torstatus.blutmagie.de/router_detail.php?FP=a88f390b157628cc4bc135a10f02da1149f005cd

 

Air user with ports 6318,6319 currently making "Nekkar" look like a Tor node.

 

There should be a way to compromise between the neutrality Air provides, and the annoying captchas on every site because of a few individuals.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

There should be a way to compromise between the neutrality Air provides, and the annoying captchas on every site because of a few individuals.

 

This. It's a service and one which I choose to actually use my PC. I really don't understand why the needs of a few should cause annoying behaviour for the majority. Nobody is asking that AirVPN bans TOR from all of their machines. On the other hand, facing really annoying stuff and asking for a solution, it's disheartening to be told "it's the world's fault, let's wait for the whole world to change their collective mind, meanwhile suck it up".

 

To the staff: you say you know who's using TOR. I don't care *who* is using it. But I would like some numbers as part of the discussion. What percentage of users is doing it (by the way, if I understand things clearly, it's not enough to be using it to mark a server as an exit node, you need to setup a relay for it, right?)?

Share this post


Link to post

 

There should be a way to compromise between the neutrality Air provides, and the annoying captchas on every site because of a few individuals.

 

This. It's a service and one which I choose to actually use my PC. I really don't understand why the needs of a few should cause annoying behaviour for the majority. Nobody is asking that AirVPN bans TOR from all of their machines. On the other hand, facing really annoying stuff and asking for a solution, it's disheartening to be told "it's the world's fault, let's wait for the whole world to change their collective mind, meanwhile suck it up".

 

To the staff: you say you know who's using TOR. I don't care *who* is using it. But I would like some numbers as part of the discussion. What percentage of users is doing it (by the way, if I understand things clearly, it's not enough to be using it to mark a server as an exit node, you need to setup a relay for it, right?)?

 

Hello!

 

We will not disclose any data. We are anyway working on an effective solution which will make everybody happy, including protocol discriminators and Net Neutrality purists. If everything goes well, we will be able to apply the solution in a matter of few days.

 

Kind regards

Share this post


Link to post

Thanks. I want to stress that my asking for numbers was just trying to judge if limiting TOR relays on certain servers was doable or not.

 

I hate to sound like I do in this conversation. I despise the companies that discriminate against TOR. On the other hand I am victim of their abuses and still need to work, browse, etc....

Share this post


Link to post

I despise the companies that discriminate against TOR

 

Better look out for reasons and try to understand them. The least are disrupting access to TOR just because they hate everything about it.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Stop using Tor exit nodes     

do696.png

 

 

BAKA~~

do5zY.jpg

 

 

Please mighty AirVPN Staff kick this guy out.

 

Hmm. There are good and bad sites with posting such information publicly..

But it proves that everyone can partially expose TOR exit relay operators and urge them to stop doing so. We shouldn't start contacting them directly, we could just focus on exposing their background data to the public, hoping they will concede one day.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Approximately 5 days ago, I sent an email to the operator of the propagando relay with a link to this thread, and he seems to have shut it down. Hopefully the AirVPN server he was using will be removed from lists of known Tor exit nodes soon.

Share this post


Link to post

Approximately 5 days ago, I sent an email to the operator of the propagando relay with a link to this thread, and he seems to have shut it down. Hopefully the AirVPN server he was using will be removed from lists of known Tor exit nodes soon.

 

Are there contact buttons to do so?


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

 

Approximately 5 days ago, I sent an email to the operator of the propagando relay with a link to this thread, and he seems to have shut it down. Hopefully the AirVPN server he was using will be removed from lists of known Tor exit nodes soon.

 

Are there contact buttons to do so?

 

Contact info is often listed on https://atlas.torproject.org

Share this post


Link to post
Guest

 

 

There should be a way to compromise between the neutrality Air provides, and the annoying captchas on every site because of a few individuals.

 

This. It's a service and one which I choose to actually use my PC. I really don't understand why the needs of a few should cause annoying behaviour for the majority. Nobody is asking that AirVPN bans TOR from all of their machines. On the other hand, facing really annoying stuff and asking for a solution, it's disheartening to be told "it's the world's fault, let's wait for the whole world to change their collective mind, meanwhile suck it up".

 

To the staff: you say you know who's using TOR. I don't care *who* is using it. But I would like some numbers as part of the discussion. What percentage of users is doing it (by the way, if I understand things clearly, it's not enough to be using it to mark a server as an exit node, you need to setup a relay for it, right?)?

 

Hello!

 

We will not disclose any data. We are anyway working on an effective solution which will make everybody happy, including protocol discriminators and Net Neutrality purists. If everything goes well, we will be able to apply the solution in a matter of few days.

 

Kind regards

Any updates on this?

Share this post


Link to post

I'm interested also in knowing in you found out a way to avoid those issues.

As of now thetvdb and trakt.tv also blocked traffic coming from AirVPN servers (at least for both GB Nunki and Germany Tauri...)

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...