Jump to content
Not connected, Your IP: 3.14.142.3
6501166996442015

ANSWERED Stop running Tor servers behind AirVPN

Recommended Posts

By using Tor behind an AirVPN node, you are blacklisting dozens of websites for no reason. IRC servers such as Freenode have been blocked, and now even imgur is blocked from uploading because it thinks its Tor. Heze is a good server and its one of only two on the West Coast, so please stop running Tor behind AirVPN nodes.

Share this post


Link to post

Yes, it's annoying.

 

I know your thinking, unknown TOR exit runners, you want to help the TOR network by providing one more exit node, because kind of I am afraid of possible legal consequences running a TOR exit node over my ISP line but now I'm behind a VPN and I want to help; it's okay so far.

 

But it's not okay to not take into consideration that some of us use services and websites which constantly try to prevent TOR exit IPs from viewing them (not limited to TOR, some try to block all anonymizer services). A TOR server will be listed on a TOR exit servers list even after you shut it down and as long as it's there we suffer from blocks. Blocks we are trying to circumvent; that's what a proxy service is good for, right?

 

In addition, AirVPN run two exits themselves. Given the bandwidth of these servers (100 MBit/s) I don't think your contribution is a great gain in overall TOR performance as your internet connection is most probably not that fast and not that stable (I assume you use your internet to watch Netflix, play games online and the like, creating traffic which lowers performance of the node).

 

Third, you expose AirVPN and yourself to attacks from the internet by those who want to literally destroy TOR. Attacks on AirVPN's servers will cause line problems, line problems harm the user's experience.

You as a TOR exit runner (although behind a VPN) expose yourself to attacks, too: It's not the AirVPN server who gets infected because a vulnerability in the TOR software is being abused; it's your computer. Your computer gets infected, and it's most probably your personal computer with your personal information on it. Your antivirus software is just a bunch of algorithms, too, it's not supposed to detect 100% of vulnerabilites in software and prevent their abuse. And: It's you who will be marked an extremist.

 

If you think it's easy these days to help TOR you are mistaken. Maybe installation and setup is easy, to preserve your own security by running this piece of software sadly is not. So, before you start that TOR software again, think twice. Thank you.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

+1
 
Completely agree. Running a Tor exit node over AirVPN does harm, not good.
 
Edit:
 
There is another thread here complaining about Captchas from Cloudflare. A quick internet scan shows that there is lots of mention about Cloudflare presenting a Captcha to IP-s that are (or have recently been) Tor exit nodes:
 
https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlockingTor
http://tor.stackexchange.com/questions/599/cloudflares-captcha-screen-insurmountable
http://www.reddit.com/r/TOR/comments/1osgo9/cloudflare_sites_block_tor_captcha_broken_too/
 
A while back I suggested that AirVPN indicate on the status page (I meant where all servers are listed) whether a VPN server is being used as a Tor exit node:
 
https://airvpn.org/topic/10116-indicate-if-tor-exit-node-in-status-display/
 
That way folks could avoid "tainted" servers. And would give some idea of the extent of the problem. At one point it did seem to show this when looking at an individual server's status (though not in the list). But now it does not seem to do that?

 

Edit 3:

 

The links about Wikipedia's policies regarding access via Tor in the link above appear to be dead. These may be helpful if anyone is curious:

 

http://en.wikipedia.org/wiki/Wikipedia:Advice_to_users_using_Tor

http://www.mediawiki.org/wiki/Extension:TorBlock

https://onionoo.torproject.org/

 

Edit 2:
 
I realized later that servers that are/have been Tor exit nodes were indicated on IPLeak, not the Status page:
 
https://airvpn.org/topic/11946-tor-exit-node-without-using-tor/
https://airvpn.org/topic/11411-tor-exit-node-is-set-automatically-after-april-2014-airvpn-major-system-update-but-only-under-linux/

Share this post


Link to post

Completely Agree!  Just wanted to add my small voice to train of those requesting people who are doing such re-think what they are doing and stop, far more harm than any good is being done.

Share this post


Link to post

Maybe we/Air could have a few dedicated Tor exit nodes and then others that would not support Tor and it would be the choice of the individual wether or not to look in on those nodes?

Share this post


Link to post

Yes, please, this. I use ipleak.net to check when I connect if I connect through a server that's used as a TOR exit point. I had to go through five connections, today, to find a "free" server...

 

It's kind of annoying, really.

 

Edit: had to restart my machine. Needed to try 7 servers before reaching one that ipleak.net didn't report as a TOR exit point. Now, there's whole services that are unreachable due to this. I beg you of finding a solution, dedicated servers for people interested in TOR would be great. The current situation is... the opposite.

 

Thanks.

Share this post


Link to post

I think people who do this are not doing it on purpose, they probably got their Tor client misconfigured, and/or they did not bother to read the forums prior doing that.

Maybe a small section could be added to some official Air's page, that while it's not forbidden by ToS, it is very harmful for regular browsing for other users, and you should avoid doing that...


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Quite honestly, while I think it's commendable that AirVPN allows TOR to be used, I don't think leaving stuff up to users would be the right way to go.

 

Freedom is great, but it should stop when it limits other people's freedom. I fully agree with the decision of having TOR usable here, I just think that should be an option reserved on some servers, but not all.

 

Since yesterday, I've been trying different servers. Of the Netherlands ones, ELEVEN are TOR exit nodes. I'm now on one that is not and I don't know about the remaining nine. More than half of Netherlands servers see their usability impaired due to unchecked TOR usage. I can't be happy about this, honestly.

 

At the very least, have Eddie show which servers are being used as TOR exit nodes. Going by trial and error, while looking for a "good" server, is a royal pain in the ass.

Share this post


Link to post

I have to agree with McLoEa, have a few servers which people can use with Tor and the rest blocked for Tor.

 

I doubt AirVPN will do this... They are very serious about "As usual no traffic limits, no logs, no discrimination on protocols and hardened security against various attacks with separate entry and exit-IP addresses."...

 

 

 

Quite honestly, while I think it's commendable that AirVPN allows TOR to be used, I don't think leaving stuff up to users would be the right way to go.

 

Freedom is great, but it should stop when it limits other people's freedom. I fully agree with the decision of having TOR usable here, I just think that should be an option reserved on some servers, but not all.

 

Since yesterday, I've been trying different servers. Of the Netherlands ones, ELEVEN are TOR exit nodes. I'm now on one that is not and I don't know about the remaining nine. More than half of Netherlands servers see their usability impaired due to unchecked TOR usage. I can't be happy about this, honestly.

 

At the very least, have Eddie show which servers are being used as TOR exit nodes. Going by trial and error, while looking for a "good" server, is a royal pain in the ass.

 

I support the decision of showing which servers are being used as TOR exit nodes in the Eddie client... Honestly, I'd also like to see TOR blocked for some servers but I doubt that will happen... We need to ask something though:

 

If they block TOR on some servers, what will they block next? They either don't block anything or they might start blocking here or there. I don't know, it would be nice to hear the opinion of AirVPN about this issue.

 

 

PS: Why am I placed in a moderator queue?

Share this post


Link to post

It's not a matter of disallowing the service. But the clear thing, to me, it's that TOR is needed for serious stuff. And frankly, stuff that probably doesn't need tons of bandwidth.

 

AirVPN has many servers, they could easily reserve 4 of them (number made up out of thin air) for TOR usage, for people that really need to take all safety measures available... and leave the rest for people that just want a good and private VPN server that doesn't impair their navigation.

Share this post


Link to post

Hello!

 

It may happen that some VPN servers are used to insert spam in forums, are categorized as proxy servers by services like MaxMind and it may happen that a Tor exit node is used behind a VPN server.

 

Currently no VPN server is considered a Tor exit node. It's a highly dynamical list. A flag which identifies VPN servers which are in that moment used to run a Tor exit node behind them would not be very significant, given the fact that now none of our servers is categorized as a Tor exit node. If this flag were used to identify a server with any of the aforementioned issues, many servers would be flagged but in practice they would have no important malfunction.

 

Before proceeding, it is necessary to understand the frequency of problems occurrences. We kindly ask you to continue to warn us, reporting the exact reason of the problem. Have a look at the following message as an example.

 

Even if we don't provide feedback on every and each case, we are monitoring the situation you warned us about.

 

Kind regards

Share this post


Link to post

Case study: Currently (04/12/2014 00:49) users on Riguel cannot edit Wikipedia.

The Riguel exit IP is 95.211.186.118.

MaxMind - https://www.maxmind.com/en/home
considers that IP address as Anonymous Proxy.

whatismyipaddress.com - http://whatismyipaddress.com/geolocation-providers
uses MaxMind database.

Wikipedia has its own project to detect proxy.
http://en.wikipedia.org/wiki/Wikipedia:WikiProject_on_open_proxies

We entered the Riguel exit IP in the unblock requests area, and this message has been displayed:

Thank you for submitting a proxy-check request. Please note that whatismyipaddress.com lists many IPs as 'confirmed proxy server' even when they are not, therefore please provide additional evidence (behavioral and/or technical) if you are submitting an IP to be checked based on whatismyipaddress.com results.




Conclusion: Wikipedia prevents Riguel users to edit articles only because MaxMind considers Riguel as a proxy. No Tor or other reason in this case.

 

Kind regards

Share this post


Link to post

Hello!

 

Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.

 

Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.

It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.

 

If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.

If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.

If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.

 

For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".

 

Kind regards

AirVPN Staff

Share this post


Link to post

I think the question is why so many servers are showing up as tor exit nodes on ipleak.net. Is that data inaccurate or the result of stale data in a caching system?

Share this post


Link to post

Hello!

 

Some additional considerations on the whole discussion. It seems somehow paradoxical that some of our customers explicitly ask for Net Neutrality violation when they look exactly for a service capable to respect Net Neutrality with no discriminations against any protocol. As soon as Net Neutrality respect brings inconveniences created by third-parties, we are somehow invited to send such respect into the trashcan. We tend to think that it would be more appropriate and honest to focus energy and protests against those services whose administrators actively contribute to destroy the open Internet, with Tor indiscriminate bans, huge blacklists which block millions of IP addresses just because they are 'used as NAT' or because they are used to operate dedicated servers. It seems unquestionable that the concept behind such actions is an Internet where end-to-end principle and privacy are deemed as negative features to be fought.

 

Remember our philosophy and mission: banning a server of ours because it's a source of problems appears as a very questionable action.

It is the same error that some services do with Tor: to hit someone, they ban innocent users who love their privacy or who are forced to use Tor to bypass censorship in their country.

 

If our servers or a Tor node are performing vulnerability scan, service needs to fix the vulnerability, not blame who caught it red handed.

If our servers or a Tor node are wasting a service resource, service operators need to learn how to configure well their systems.

If a service can't afford a method to manage spam, it should close the discussion system, it would be better for all.

 

For all of the above, AirVPN will never violate Net Neutrality, and so we'll never commit any action to help "incompetent services".

 

Kind regards

AirVPN Staff

 

And this is why AirVPN is THE Vpn.

Share this post


Link to post

I think the question is why so many servers are showing up as tor exit nodes on ipleak.net. Is that data inaccurate or the result of stale data in a caching system?

 

Hello,

 

although many ipleak.net data are cached over time, Tor detection is always in real time. Currently (at the time of this writing) there are no servers marked as Tor exit nodes. We are monitoring when a server is marked as Tor exit node for further investigation.

 

Kind regards

Share this post


Link to post

Unfortunately, some exit IPs are still marked as Tor exits.

One of them is Pallas, for example.

 

https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=8.8.8.8&port=

http://prefix.mahyudd.in/blocklist/TOR

 

The IP 37.48.80.175, as well as some other NL servers, appear there.

 

Therefore, services that implement blocks according to such lists, will treat those Air servers as Tor exits.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

 

I think the question is why so many servers are showing up as tor exit nodes on ipleak.net. Is that data inaccurate or the result of stale data in a caching system?

 

Hello,

 

although many ipleak.net data are cached over time, Tor detection is always in real time. Currently (at the time of this writing) there are no servers marked as Tor exit nodes. We are monitoring when a server is marked as Tor exit node for further investigation.

 

Kind regards

 

Thank you for the fast response. I just wasn't sure if the tor exit data was being pulled from a similar database to MaxMind.

Share this post


Link to post

Hello!
 
Our apologies, we fixed a little bug in our TOR detection system. Now ipleak.net reports correctly if an IP address is associated to a Tor Exit (exit versus 8.8.8.8).

Take for example Pallas, the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175

We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that.

We remind you that AirVPN already powers two Relays and funds TorServers.net (1000 EUR every other month) to power an Exit node.

Note: it's disappointing that TorServers.net has our Exit node down at the moment. We are investigating about this, and also thinking about the option to run ourselves one or more Tor Exit node.
 
We are evaluating whether to send a private notification to all AirVPN users that are running a Tor exit node behind one of our servers with a link to this topic.
 
Kind regards

Share this post


Link to post
Posted ... (edited)

We are evaluating whether to send a private notification to all AirVPN users that are running a Tor exit node behind one of our servers with a link to this topic.

 

Explain it first because if I were such a user the first thing I would think is: "How did they know? Did they monitor my traffic?". Tricky thing.

On the TOR enter page I'd just note (bold, red, 18pt text for example) that running a TOR exit relay is considered more harmful than helpful by the community. Less risky.

 

Oh, just noticed, it's already there. Good.

Edited ... by giganerd

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

I hope my messages haven't been misinterpreted. I merely stated that TOR use shouldn't, probably, be of interest for many customers. Since you say you know how many are actually doing it (don't know how, might be interesting to explain), you definitely have a clear idea about the numbers involved.

 

There are currently 3,946 users using AirVPN. Say 5% of them is using TOR. Say 10%. If that is the case, my proposal would be to just dedicate a number of servers to that. Your service to them would be unaffected, your service to the rest of your users would be unaffected. If TOR use over VPN became somehow a necessity for the majority of your users, you would always be able to switch "on" more servers, as need be.

 

I've never considered or proposed to ban TOR usage from AirVPN, just asked about thinking about providing a specific number of servers that are dedicated to that. So as to "free" the others. I know it's stupid that some sites block traffic from TOR. I despise it as much as you do. But people are using your service now. And this is a fight that could take years before things change.

 

Thanks for your detailed answers, whatever your decisions.

Share this post


Link to post

...

Since you say you know how many are actually doing it (don't know how, might be interesting to explain)

...

 

They did explain above, albeit very briefly:

 

...

the information about the relay is public: https://atlas.torproject.org/#search/37.48.80.175

 

We inevitably know which AirVPN users are, because they forward the ORPort and DirPort to do that.

...

 

The Tor infrastructure allows relays to locate the IP of other Tor relays and Tor exit nodes, and along with ports to connect to. But if the exit node is actually an AirVPN server, then the person that is running the Tor exit node must have the connection ports forwarded, and AirVPN has that in their database. No need to scan ports or monitor traffic.

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...