I have received an e-mail some days ago asking for some opinions about my experience on running a Tor exit node on Aruba (ArubaCloud). I took the occasion to write a detailed answer which is an account of what I have experienced. Since it fits perfectly with the idea of sharing tips for Tor operators I think it is worth posting it here. I also plan to translate in Italian very soon.
TL;DR
Let me get right to the point, if you do not speak/write fluent Italian and you are not reachable at an Italian phone number I do not advise you to host your exit node with Aruba. Furthermore, they will ask your for your Italian fiscal code and I honestly do not know if and how they will handle non-Italian customers. Still, if you want to experiment with this let’s talk!
The full story
In setting up my node, I have closely followed the tips from the blog post “Tips for Running an Exit Node“.
ArubaCloud – https://cloud.it – is a service by Aruba S.p.A., which is the entry-level company in Italy for hosting, servers and the like: they used to have ads on national TV in Italy at prime time. Their basic services are quite cheap but let’s say that opinions on their quality vary.
I have chosen Aruba exactly because they are the largest and most known Italian provider of hosting/VPSes (I do not have hard numbers, though) with the idea that: “If it works on Aruba, it will work everywhere and everybody in Italy will be able to do it.”. I also though that in the worst case they would shut the node down on sight and I would have lost some time and a few euros. Furthermore, I did not want to run an exit node hosted in some other country because I could be subjecting myself to some other jurisdiction and to some laws that I do not know. This is not to say that I know the law concerning network telecommunications in Italy in full (or in part), the point is that as an Italian citizen I am already subjected to Italian law and I saw no reason to complicate the matter further.
First of all I have reviewed all the legal documents (contract, SLAs, ToS) that they provide on their website, it goes without saying that everything is in Italian and the base reference is the Italian law. My recalling is that when you subscribe to their service it is kind of assumed that your are Italian and they will ask you for information like your Italian fiscal code (“codice fiscale“) or VAT number if you create a company account. They will also ask you for your phone number.
There is no specific mention of Tor in their contract and terms of service but they basically say that you are responsible for any service you offer through the server, for everything that happens to the machine and goes through the machine and they can terminate it at any time if there is something that they consider a problem and you are not reacting to it.
After subscribing, I have bought some credit, i.e. you pay in advance for all services, and with it I activated a VPS: “small” package – 4.99 EUR/month with 2TB/month bandwidth cap. Fun fact: they will give you 5 euros in credit if you tweet/share on social networks the link to their website, up to 15 euros. So, they have de facto financed 3 months of operations of the node. Thanks Aruba for actively supporting Tor! :-D
After buying the server – and prior to setting the node up – I have sent them a ticket through their support system (to which their are contractually obligated to respond) telling them that I had the intention to use the server as a Tor exit node. In the answer they stated that running Tor does not violate their policy; however, as per the contract, if any violation or anomalous behavior was detected then they would terminate the service. In the following days I activated the server and wrote them another email specifying that I was going to use that machine (specifying the IP) and asking them for SWIP reassignment (see again the Tor blog post for details).
Since they saw that I was serious, they went as far as replying me and asking me for a phone call/meeting with one of their higher-level employees. In the call the employee stated many times what their contract said and reminded me countless times that I was responsible for everything that happened to the server or that went through it. I told them that I was very well aware of what I was doing and what their contract said. There was also the classical “FUD moment” where this employee said that “Tor is only used for illegal purposes”.
I must admit that the FUD was not completely lost on me, so I decided to start running the node as a middle relay for the start. I did so without any problem whatsoever for around a month, then I switched it to an exit node. Then more fun ensued :-).
Aruba has a very aggressive policy regarding abuse handling. Basically, they handle everything directly and all times they receive a complaint they will:
- send you an email saying that they have received a complaint involving your server
- call you on the phone multiple times, until they are able to talk with you
In both occasions they will repeatedly say that unless you take action in the following 72 hours they are going to terminate your service as per their contract.
In the first weeks I have been on the phone with them several times, explaining them what Tor is and why I was doing this thing of running an exit node. I joked with friends that at that rate I would very soon know all their call-center operators by name.
I was repeatedly told that all responsibility for what went through my server was mine as per their contract for VPSes. So, in one of the calls I started asked them again if it was possible to obtain a SWIP reassignment, arguing that it would make things easier for them and for me. I also sent another ticket and they put me in contact (always by phone) with one of their technical staff, I believe he was one of their network engineers. He told me that they do SWIP reassignments only as a “dedicated network” service where you basically buy a subnet of 16 IP addresses. This service is sold only in combination with dedicated physical servers, with prices that are obviously much higher than VPSes. He was very helpful and much more sympathetic to the idea of running an exit node and needing to handle complaints directly, alas we agreed that there was not much that either of us could do to solve that particular problem.
In the end I can not handle abuse complaints directly, this is also applied without exception to the cases where they are receiving automatic abuse complaints. In particular the typical process for managing complaints goes like this:
- Aruba sends me a generic email saying that they received a complaint/abuse notice and I have to take some sort of action in the following 72 hours otherwise they will block my service. This email does not contain any useful information to track or understand the problem.
- If I do not reply immediately they will try to contact me on the phone.
- I usually reply with the (Italian version of the) standard answer, explaining that:
- I run a Tor exit node and thus I have zero knowledge of what traffic is going through the server
- I ask for additional information about the specific complaint, pointing out that there was none in the initial email
- They usually reply forwarding the original complaint
- I reply with a more dedicated answer and usually the case is closed.
So far, I received:
- two instances of spambots trying to brute-force login credentials on WordPress installations covered by a network-protection service WebIron. WebIron has been hassling Tor operators for quite some time now – there are multiple threads on the tor-relay mailing list (see A, B, C). Alas they do not seem to be at all interested in implementing the proper and suggested ways to handle Tor traffic, instead they just keep flooding ISPs with complaints and ask operators to exclude some IP ranges from the exit policies. In the end, I decided to block a particular exit IP range, in accordance to the experience of other Tor operators that I have read from the mailing list.
- a false positive saying that my server was part of a criminal botnet that was dismantled by a Europol operation back in February 2015. Since the server was activated in September 2015 I explained that it could not be my server and no further action was needed.
Given this, I have to say that after the initial period (say, 4 weeks) where I had to speak with Aruba support at least once per week, the situation is now quiet and it has been several weeks that I have received no complaints. The major hurdles came from handling the reports from WebIron.
In summary, I am spending 4.99 EUR/month for a 1 GB RAM, 2 TB/month data, “small” package VPS that is running as exit node and serving 1.4 MB/s on average (last 3 months). It wasn’t completely easy at the beginning, but I would factor in also my own inexperience as a Tor operator. Despite the initial hurdles, the overall hassle has been remarkably reasonable in hindsight, at least compared to what I was expecting.
My idea of Aruba is that they have “zero complaints” policy, so they will do everything they can to keep their servers outside of any sorts of blacklist and they will pass on you even the slightest problems. They have a large number of call-center operators to accomplish this goal. They also kind of assume that you are Italian and they will be able to talk with you.
I do not know if anybody which is not an Italian citizen (i.e. somebody who has an Italian fiscal code), has not an Italian phone number and it is not able to speak Italian well enough would be able to run a node, in the sense of not having it shut down after the first complaint. I also do not know what really happens if you ignore them or if you are unable to talk with them at all, but this approach does not seem advisable to me. This may be an interesting experiment to run if you are up to it, contact me if you want to consider it.
Pingback: Gestire un nodo di uscita Tor su Aruba (ArubaCloud): un resoconto dettagliato | balist.es