Jump to content


Photo

Stop running Tor servers behind AirVPN


  • Please log in to reply
66 replies to this topic

#1 6501166996442015

6501166996442015

    Advanced Member

  • Members
  • PipPipPip
  • 58 posts

Posted 01 October 2014 - 04:02 AM

By using Tor behind an AirVPN node, you are blacklisting dozens of websites for no reason. IRC servers such as Freenode have been blocked, and now even imgur is blocked from uploading because it thinks its Tor. Heze is a good server and its one of only two on the West Coast, so please stop running Tor behind AirVPN nodes.



#2 giganerd

giganerd

    I shall have no title

  • Members
  • PipPipPip
  • 2562 posts
  • LocationGermany

Posted 01 October 2014 - 09:30 AM

Yes, it's annoying.

 

I know your thinking, unknown TOR exit runners, you want to help the TOR network by providing one more exit node, because kind of I am afraid of possible legal consequences running a TOR exit node over my ISP line but now I'm behind a VPN and I want to help; it's okay so far.

 

But it's not okay to not take into consideration that some of us use services and websites which constantly try to prevent TOR exit IPs from viewing them (not limited to TOR, some try to block all anonymizer services). A TOR server will be listed on a TOR exit servers list even after you shut it down and as long as it's there we suffer from blocks. Blocks we are trying to circumvent; that's what a proxy service is good for, right?

 

In addition, AirVPN run two exits themselves. Given the bandwidth of these servers (100 MBit/s) I don't think your contribution is a great gain in overall TOR performance as your internet connection is most probably not that fast and not that stable (I assume you use your internet to watch Netflix, play games online and the like, creating traffic which lowers performance of the node).

 

Third, you expose AirVPN and yourself to attacks from the internet by those who want to literally destroy TOR. Attacks on AirVPN's servers will cause line problems, line problems harm the user's experience.

You as a TOR exit runner (although behind a VPN) expose yourself to attacks, too: It's not the AirVPN server who gets infected because a vulnerability in the TOR software is being abused; it's your computer. Your computer gets infected, and it's most probably your personal computer with your personal information on it. Your antivirus software is just a bunch of algorithms, too, it's not supposed to detect 100% of vulnerabilites in software and prevent their abuse. And: It's you who will be marked an extremist.

 

If you think it's easy these days to help TOR you are mistaken. Maybe installation and setup is easy, to preserve your own security by running this piece of software sadly is not. So, before you start that TOR software again, think twice. Thank you.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs helps us read your thread.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

Instead of writing me a personal mail, consider contacting me via XMPP at gigan3rd@xmpp.airvpn.org or join the lounge@conference.xmpp.airvpn.org. I might read the mail too late whereas I'm always available on XMPP ;)


#3 CultureVulture

CultureVulture

    Advanced Member

  • Members
  • PipPipPip
  • 145 posts

Posted 01 October 2014 - 09:25 PM

Yes; perfect. Thanks, giganerd.

#4 NaDre

NaDre

    Advanced Member

  • Members
  • PipPipPip
  • 420 posts

Posted 01 October 2014 - 10:02 PM

+1
 
Completely agree. Running a Tor exit node over AirVPN does harm, not good.
 
Edit:
 
There is another thread here complaining about Captchas from Cloudflare. A quick internet scan shows that there is lots of mention about Cloudflare presenting a Captcha to IP-s that are (or have recently been) Tor exit nodes:
 
https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
http://tor.stackexchange.com/questions/599/cloudflares-captcha-screen-insurmountable
http://www.reddit.com/r/TOR/comments/1osgo9/cloudflare_sites_block_tor_captcha_broken_too/
 
A while back I suggested that AirVPN indicate on the status page (I meant where all servers are listed) whether a VPN server is being used as a Tor exit node:
 
https://airvpn.org/topic/10116-indicate-if-tor-exit-node-in-status-display/
 
That way folks could avoid "tainted" servers. And would give some idea of the extent of the problem. At one point it did seem to show this when looking at an individual server's status (though not in the list). But now it does not seem to do that?

 

Edit 3:

 

The links about Wikipedia's policies regarding access via Tor in the link above appear to be dead. These may be helpful if anyone is curious:

 

http://en.wikipedia.org/wiki/Wikipedia:Advice_to_users_using_Tor

http://www.mediawiki.org/wiki/Extension:TorBlock

https://onionoo.torproject.org/

 

Edit 2:
 
I realized later that servers that are/have been Tor exit nodes were indicated on IPLeak, not the Status page:
 
https://airvpn.org/topic/11946-tor-exit-node-without-using-tor/
https://airvpn.org/topic/11411-tor-exit-node-is-set-automatically-after-april-2014-airvpn-major-system-update-but-only-under-linux/



#5 knighthawk

knighthawk

    Advanced Member

  • Members
  • PipPipPip
  • 114 posts

Posted 02 October 2014 - 12:23 AM

Completely Agree!  Just wanted to add my small voice to train of those requesting people who are doing such re-think what they are doing and stop, far more harm than any good is being done.



#6 McLoEa

McLoEa

    Advanced Member

  • Members
  • PipPipPip
  • 216 posts

Posted 06 October 2014 - 09:50 PM

Maybe we/Air could have a few dedicated Tor exit nodes and then others that would not support Tor and it would be the choice of the individual wether or not to look in on those nodes?



#7 tranquivox69

tranquivox69

    Advanced Member

  • Members
  • PipPipPip
  • 57 posts

Posted 28 November 2014 - 11:25 PM

Yes, please, this. I use ipleak.net to check when I connect if I connect through a server that's used as a TOR exit point. I had to go through five connections, today, to find a "free" server...

 

It's kind of annoying, really.

 

Edit: had to restart my machine. Needed to try 7 servers before reaching one that ipleak.net didn't report as a TOR exit point. Now, there's whole services that are unreachable due to this. I beg you of finding a solution, dedicated servers for people interested in TOR would be great. The current situation is... the opposite.

 

Thanks.



#8 rickjames

rickjames

    Advanced Member

  • Members
  • PipPipPip
  • 358 posts

Posted 01 December 2014 - 04:15 PM

All 5 of the new NL servers are now considered exit nodes... Grrrr...

#9 Artful Dodger

Artful Dodger

    Advanced Member

  • Members
  • PipPipPip
  • 47 posts

Posted 01 December 2014 - 04:47 PM

I have to agree with McLoEa, have a few servers which people can use with Tor and the rest blocked for Tor.



#10 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 01 December 2014 - 09:28 PM

I think people who do this are not doing it on purpose, they probably got their Tor client misconfigured, and/or they did not bother to read the forums prior doing that.

Maybe a small section could be added to some official Air's page, that while it's not forbidden by ToS, it is very harmful for regular browsing for other users, and you should avoid doing that...


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#11 tranquivox69

tranquivox69

    Advanced Member

  • Members
  • PipPipPip
  • 57 posts

Posted 02 December 2014 - 06:11 PM

Quite honestly, while I think it's commendable that AirVPN allows TOR to be used, I don't think leaving stuff up to users would be the right way to go.

 

Freedom is great, but it should stop when it limits other people's freedom. I fully agree with the decision of having TOR usable here, I just think that should be an option reserved on some servers, but not all.

 

Since yesterday, I've been trying different servers. Of the Netherlands ones, ELEVEN are TOR exit nodes. I'm now on one that is not and I don't know about the remaining nine. More than half of Netherlands servers see their usability impaired due to unchecked TOR usage. I can't be happy about this, honestly.

 

At the very least, have Eddie show which servers are being used as TOR exit nodes. Going by trial and error, while looking for a "good" server, is a royal pain in the ass.



#12 stupidcats

stupidcats

    Advanced Member

  • Members
  • PipPipPip
  • 50 posts

Posted 02 December 2014 - 06:48 PM

I have to agree with McLoEa, have a few servers which people can use with Tor and the rest blocked for Tor.

 

I doubt AirVPN will do this... They are very serious about "As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses."...

 

 

 

Quite honestly, while I think it's commendable that AirVPN allows TOR to be used, I don't think leaving stuff up to users would be the right way to go.

 

Freedom is great, but it should stop when it limits other people's freedom. I fully agree with the decision of having TOR usable here, I just think that should be an option reserved on some servers, but not all.

 

Since yesterday, I've been trying different servers. Of the Netherlands ones, ELEVEN are TOR exit nodes. I'm now on one that is not and I don't know about the remaining nine. More than half of Netherlands servers see their usability impaired due to unchecked TOR usage. I can't be happy about this, honestly.

 

At the very least, have Eddie show which servers are being used as TOR exit nodes. Going by trial and error, while looking for a "good" server, is a royal pain in the ass.

 

I support the decision of showing which servers are being used as TOR exit nodes in the Eddie client... Honestly, I'd also like to see TOR blocked for some servers but I doubt that will happen... We need to ask something though:

 

If they block TOR on some servers, what will they block next? They either don't block anything or they might start blocking here or there. I don't know, it would be nice to hear the opinion of AirVPN about this issue.

 

 

PS: Why am I placed in a moderator queue?



#13 tranquivox69

tranquivox69

    Advanced Member

  • Members
  • PipPipPip
  • 57 posts

Posted 03 December 2014 - 03:48 PM

It's not a matter of disallowing the service. But the clear thing, to me, it's that TOR is needed for serious stuff. And frankly, stuff that probably doesn't need tons of bandwidth.

 

AirVPN has many servers, they could easily reserve 4 of them (number made up out of thin air) for TOR usage, for people that really need to take all safety measures available... and leave the rest for people that just want a good and private VPN server that doesn't impair their navigation.



#14 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7601 posts

Posted 03 December 2014 - 11:54 PM

Hello!

 

It may happen that some VPN servers are used to insert spam in forums, are categorized as proxy servers by services like MaxMind and it may happen that a Tor exit node is used behind a VPN server.

 

Currently no VPN server is considered a Tor exit node. It's a highly dynamical list. A flag which identifies VPN servers which are in that moment used to run a Tor exit node behind them would not be very significant, given the fact that now none of our servers is categorized as a Tor exit node. If this flag were used to identify a server with any of the aforementioned issues, many servers would be flagged but in practice they would have no important malfunction.

 

Before proceeding, it is necessary to understand the frequency of problems occurrences. We kindly ask you to continue to warn us, reporting the exact reason of the problem. Have a look at the following message as an example.

 

Even if we don't provide feedback on every and each case, we are monitoring the situation you warned us about.

 

Kind regards



#15 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7601 posts

Posted 03 December 2014 - 11:59 PM

Case study: Currently (04/12/2014 00:49) users on Riguel cannot edit Wikipedia.

The Riguel exit IP is 95.211.186.118.

MaxMind - https://www.maxmind.com/en/home
considers that IP address as Anonymous Proxy.

whatismyipaddress.com - http://whatismyipaddress.com/geolocation-providers
uses MaxMind database.

Wikipedia has its own project to detect proxy.
http://en.wikipedia.org/wiki/Wikipedia:WikiProject_on_open_proxies

We entered the Riguel exit IP in the unblock requests area, and this message has been displayed:

Thank you for submitting a proxy-check request. Please note that whatismyipaddress.com lists many IPs as 'confirmed proxy server' even when they are not, therefore please provide additional evidence (behavioral and/or technical) if you are submitting an IP to be checked based on whatismyipaddress.com results.




Conclusion: Wikipedia prevents Riguel users to edit articles only because MaxMind considers Riguel as a proxy. No Tor or other reason in this case.

 

Kind regards



#16 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7601 posts

Posted 04 December 2014 - 12:17 AM

Hello!

 

Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.

 

Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.

It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.

 

If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.

If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.

If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.

 

For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".

 

Kind regards

AirVPN Staff



#17 rickjames

rickjames

    Advanced Member

  • Members
  • PipPipPip
  • 358 posts

Posted 04 December 2014 - 03:00 AM

I think the question is why so many servers are showing up as tor exit nodes on ipleak.net. Is that data inaccurate or the result of stale data in a caching system?

#18 stupidcats

stupidcats

    Advanced Member

  • Members
  • PipPipPip
  • 50 posts

Posted 04 December 2014 - 06:56 AM

Hello!

 

Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.

 

Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.

It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.

 

If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.

If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.

If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.

 

For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".

 

Kind regards

AirVPN Staff

 

And this is why AirVPN is THE Vpn.



#19 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7601 posts

Posted 04 December 2014 - 10:52 AM

I think the question is why so many servers are showing up as tor exit nodes on ipleak.net. Is that data inaccurate or the result of stale data in a caching system?

 

Hello,

 

although many ipleak.net data are cached over time, Tor detection is always in real time. Currently (at the time of this writing) there are no servers marked as Tor exit nodes. We are monitoring when a server is marked as Tor exit node for further investigation.

 

Kind regards



#20 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2214 posts

Posted 04 December 2014 - 11:43 AM

Unfortunately, some exit IPs are still marked as Tor exits.

One of them is Pallas, for example.

 

https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.8.8.8&port=

http://prefix.mahyudd.in/blocklist/TOR

 

The IP 37.48.80.175, as well as some other NL servers, appear there.

 

Therefore, services that implement blocks according to such lists, will treat those Air servers as Tor exits.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 15293 - BW: 56684 Mbit/sYour IP: 54.166.181.58Guest Access.