Hi all,
I've been running a Tor exit node on my new server for 16 days. Today I received my second automated DMCA infringement notice from HBO. I sent them the boilerplate you see at the bottom of the message both times. My colo provider Hurricane Electric understands Tor, which is awesome. I don't think it'll be an issue, so I'm happy with this. I'm wondering if anyone receives a large number of DMCA infringement notices and whether there was a resolution. It would certainly make my life a little bit more difficult to send more than one of these per week. When I got my first letter I was pushing 5 Mbps (megabits) and now I'm pushing 9 Mbps. I've set the RelayBandwidthRate to 5120 KB which should give a max rate of 41 Mbps. If infringement notices increases linearly with traffic, this could become an issue.
I'm happy to share the infringement notices if anyone is interested.
I followed a few of the tips from https://blog.torproject.org/running-exit-node , I got a separate IP address and I reduced the exit policy. I plan to update the reverse dns. I don't feel like reducing the exit policy does anything because BitTorrent was designed to run on any high port. Also, reducing the exit policy blocks researchers who are doing port scans and header grabbing over Tor. That's a point of contention for me because I know legitimate researchers use Tor for that purpose. Does anyone have any data or anecdotes on how exit policy affects malicious use of Tor vs legitimate use of Tor?
Btw, my server is 216.218.134.12. I'm running a patched version of tor 0.2.3.25 which fixes a few bugs I found in buffer events. See https://trac.torproject.org/projects/tor/ticket/7788 for more info. Uptime is now 6 days, 13 days without a crash.
Thanks, Javantea
-------------------
Dear Andrew Martin:
The IP address in question is a Tor exit node. https://www.torproject.org/overview.html
There is little we can do to trace this matter further. As can be seen from the overview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 2500 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops.
This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. See https://www.torproject.org/about/torusers.html.en for more info.
Unfortunately, some people misuse the network. However, compared to the rate of legitimate use (the IP address in question processes approximately 11 megabits of traffic per second), abuse complaints are rare. https://www.torproject.org/docs/faq-abuse.html.en
This is the second e-mail from you that I am replying to. The only thing that has changed is that I have increased the bandwidth to 9 megabits per second.
If you have further questions, feel free to contact me at ------------
Sincerely, -----------
I think you have probably gotten unlucky here in all honesty given the traffic you are pushing over there and having an issue so early on don't take it as an indication of expected rates either, I use the recommended reduced exit policy on both of my relays on is 20Mbit capacity and has been running about 6 months, I've yet to receive anything in the way of DMCA or abuse complaints about that one as yet, the newest one is a large relay which has actually been running just one day less than your one over there, however it's sitting on a 1Gbps connection and as of today averaging on the order of around 219.40 Mbit/s (110Mbit each direction) having transferred 16.45TiB, in the two weeks since it was first activated, the rate has been rising most of that time such that 1.87TiB of that transfer was yesturday, 2.21TiB is the estimate for today. I'm so glad it's unmetered xD.
You can see the traffic stats for it on the relay info page at http://torexit2.mttjocy.co.uk/ I hope that helps at least to settle some of your concerns that it might scale linearly, were it to do so then this bandwidth would be producing them at rate approximately 20 times more frequently or around 40 per 16 days ~2.5 letters a day which is significantly higher than the 0 actually received.
So it's either unfortunate luck on your part of they are doing a lot more careful checking before sending their random notes out than they appear to be and figured out that I'm not the type to scare easy if they even had a case let alone when they are blowing smoke. But I would highly doubt that unless they are burning a few hundred doing a detailed background check that would actually pick up something like minor civil settlements before sending any notices it's not something you would find on a casual google, and if they *were* doing that yet apparently still not coming up with the simple idea of err type the IP address into google and don't waste your time and money when it comes back saying it's a tor exit node well that would be going beyond stupid to be fair.
On 12/03/13 07:41, jvoss@altsci.com wrote:
Hi all,
I've been running a Tor exit node on my new server for 16 days. Today I received my second automated DMCA infringement notice from HBO. I sent them the boilerplate you see at the bottom of the message both times. My colo provider Hurricane Electric understands Tor, which is awesome. I don't think it'll be an issue, so I'm happy with this. I'm wondering if anyone receives a large number of DMCA infringement notices and whether there was a resolution. It would certainly make my life a little bit more difficult to send more than one of these per week. When I got my first letter I was pushing 5 Mbps (megabits) and now I'm pushing 9 Mbps. I've set the RelayBandwidthRate to 5120 KB which should give a max rate of 41 Mbps. If infringement notices increases linearly with traffic, this could become an issue.
I'm happy to share the infringement notices if anyone is interested.
I followed a few of the tips from https://blog.torproject.org/running-exit-node , I got a separate IP address and I reduced the exit policy. I plan to update the reverse dns. I don't feel like reducing the exit policy does anything because BitTorrent was designed to run on any high port. Also, reducing the exit policy blocks researchers who are doing port scans and header grabbing over Tor. That's a point of contention for me because I know legitimate researchers use Tor for that purpose. Does anyone have any data or anecdotes on how exit policy affects malicious use of Tor vs legitimate use of Tor?
Btw, my server is 216.218.134.12. I'm running a patched version of tor 0.2.3.25 which fixes a few bugs I found in buffer events. See https://trac.torproject.org/projects/tor/ticket/7788 for more info. Uptime is now 6 days, 13 days without a crash.
Thanks, Javantea
Dear Andrew Martin:
The IP address in question is a Tor exit node. https://www.torproject.org/overview.html
There is little we can do to trace this matter further. As can be seen from the overview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 2500 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops.
This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. See https://www.torproject.org/about/torusers.html.en for more info.
Unfortunately, some people misuse the network. However, compared to the rate of legitimate use (the IP address in question processes approximately 11 megabits of traffic per second), abuse complaints are rare. https://www.torproject.org/docs/faq-abuse.html.en
This is the second e-mail from you that I am replying to. The only thing that has changed is that I have increased the bandwidth to 9 megabits per second.
If you have further questions, feel free to contact me at
Sincerely,
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Relevant?
"Often referred to as copyright trolling, speculative invoicing involves sending hundreds or thousands of demand letters alleging copyright infringement and seeking thousands of dollars in compensation. Those cases rarely — if ever — go to court as the intent is simply to scare enough people into settling in order to generate a profit."
http://yro.slashdot.org/story/13/03/12/1449244/canadian-file-sharing-plainti...
On Tuesday, March 12, 2013 9:31am, "Matt Joyce" toradmin@mttjocy.co.uk said:
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays I think you have probably gotten unlucky here in all honesty given the traffic you are pushing over there and having an issue so early on don't take it as an indication of expected rates either, I use the recommended reduced exit policy on both of my relays on is 20Mbit capacity and has been running about 6 months, I've yet to receive anything in the way of DMCA or abuse complaints about that one as yet, the newest one is a large relay which has actually been running just one day less than your one over there, however it's sitting on a 1Gbps connection and as of today averaging on the order of around 219.40 Mbit/s (110Mbit each direction) having transferred 16.45TiB, in the two weeks since it was first activated, the rate has been rising most of that time such that 1.87TiB of that transfer was yesturday, 2.21TiB is the estimate for today. I'm so glad it's unmetered xD.
You can see the traffic stats for it on the relay info page at http://torexit2.mttjocy.co.uk/ I hope that helps at least to settle some of your concerns that it might scale linearly, were it to do so then this bandwidth would be producing them at rate approximately 20 times more frequently or around 40 per 16 days ~2.5 letters a day which is significantly higher than the 0 actually received.
So it's either unfortunate luck on your part of they are doing a lot more careful checking before sending their random notes out than they appear to be and figured out that I'm not the type to scare easy if they even had a case let alone when they are blowing smoke. But I would highly doubt that unless they are burning a few hundred doing a detailed background check that would actually pick up something like minor civil settlements before sending any notices it's not something you would find on a casual google, and if they *were* doing that yet apparently still not coming up with the simple idea of err type the IP address into google and don't waste your time and money when it comes back saying it's a tor exit node well that would be going beyond stupid to be fair.
On 12/03/13 07:41, jvoss@altsci.com wrote:
Hi all,
I've been running a Tor exit node on my new server for 16 days. Today I received my second automated DMCA infringement notice from HBO. I sent them the boilerplate you see at the bottom of the message both times. My colo provider Hurricane Electric understands Tor, which is awesome. I don't think it'll be an issue, so I'm happy with this. I'm wondering if anyone receives a large number of DMCA infringement notices and whether there was a resolution. It would certainly make my life a little bit more difficult to send more than one of these per week. When I got my first letter I was pushing 5 Mbps (megabits) and now I'm pushing 9 Mbps. I've set the RelayBandwidthRate to 5120 KB which should give a max rate of 41 Mbps. If infringement notices increases linearly with traffic, this could become an issue.
I'm happy to share the infringement notices if anyone is interested.
I followed a few of the tips from https://blog.torproject.org/running-exit-node , I got a separate IP address and I reduced the exit policy. I plan to update the reverse dns. I don't feel like reducing the exit policy does anything because BitTorrent was designed to run on any high port. Also, reducing the exit policy blocks researchers who are doing port scans and header grabbing over Tor. That's a point of contention for me because I know legitimate researchers use Tor for that purpose. Does anyone have any data or anecdotes on how exit policy affects malicious use of Tor vs legitimate use of Tor?
Btw, my server is 216.218.134.12. I'm running a patched version of tor 0.2.3.25 which fixes a few bugs I found in buffer events. See https://trac.torproject.org/projects/tor/ticket/7788 for more info. Uptime is now 6 days, 13 days without a crash.
Thanks, Javantea
Dear Andrew Martin:
The IP address in question is a Tor exit node. https://www.torproject.org/overview.html
There is little we can do to trace this matter further. As can be seen from the overview page, the Tor network is designed to make tracing of users impossible. The Tor network is run by some 2500 volunteers who use the free software provided by the Tor Project to run Tor routers. Client connections are routed through multiple relays, and are multiplexed together on the connections between relays. The system does not record logs of client connections or previous hops.
This is because the Tor network is a censorship resistance, privacy, and anonymity system used by whistle blowers, journalists, Chinese dissidents skirting the Great Firewall, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. See https://www.torproject.org/about/torusers.html.en for more info.
Unfortunately, some people misuse the network. However, compared to the rate of legitimate use (the IP address in question processes approximately 11 megabits of traffic per second), abuse complaints are rare. https://www.torproject.org/docs/faq-abuse.html.en
This is the second e-mail from you that I am replying to. The only thing that has changed is that I have increased the bandwidth to 9 megabits per second.
If you have further questions, feel free to contact me at
Sincerely,
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 12.03.2013 08:41, jvoss@altsci.com wrote:
I'm wondering if anyone receives a large number of DMCA infringement notices and whether there was a resolution.
We do. Given that none of the regular DMCA complaint companies were interested in following up on our reply, we now auto-reply to DMCA complaints coming from a bunch of known addresses.
For some older details and a procmail recipe see https://www.torservers.net/wiki/abuse/dmca
On Tue, Mar 12, 2013 at 09:07:09PM +0100, Moritz Bartl wrote:
On 12.03.2013 08:41, jvoss@altsci.com wrote:
I'm wondering if anyone receives a large number of DMCA infringement notices and whether there was a resolution.
We do. Given that none of the regular DMCA complaint companies were interested in following up on our reply, we now auto-reply to DMCA complaints coming from a bunch of known addresses.
For some older details and a procmail recipe see https://www.torservers.net/wiki/abuse/dmca
In theory, it's also the case that you don't have to answer them at all. The DMCA takedown requests are sent in error, since they refer to 512(c) and it's actually 512(a) that applies in your case. So the template that Wendy wrote originally was to help you explain to your ISP why this isn't a problem. If your ISP is ok with it, then you could in theory just bitbucket them all.
So in that case, there's no *legal* need to reply to the original spammer at all. But it may still be a good idea practically, depending on what you think they will do if they spam for a while and nobody sends them the requested extortion money.
--Roger
On 12.03.2013 22:52, Roger Dingledine wrote:
In theory, it's also the case that you don't have to answer them at all. The DMCA takedown requests are sent in error, since they refer to 512(c) and it's actually 512(a) that applies in your case.
"Modern" DMCA infringement notices don't refer to any particular law, or request only a "takedown".
Example from copyright-compliance.com/Irdeto:
"[...] Therefore, this letter is an official notification to effect removal of the detected infringement listed in the below report. The Berne Convention for the Protection of Literary and Artistic Works, the Universal Copyright Convention, as well as bilateral treaties with other countries allow for protection of client's copyrighted work even beyond U.S. borders. The below documentation specifies the exact location of the infringement.
We hereby request that you immediately remove or block access to the infringing material, as specified in the copyright laws, and insure the user refrains from using or sharing with others unauthorized materials in the future. [...]"
I agree that we probably don't have to reply at all, but it just feels better, and most ISPs want us to "react".
On 13/03/13 02:20, Moritz Bartl wrote:
On 12.03.2013 22:52, Roger Dingledine wrote:
In theory, it's also the case that you don't have to answer them at all. The DMCA takedown requests are sent in error, since they refer to 512(c) and it's actually 512(a) that applies in your case.
"Modern" DMCA infringement notices don't refer to any particular law, or request only a "takedown".
Example from copyright-compliance.com/Irdeto:
"[...] Therefore, this letter is an official notification to effect removal of the detected infringement listed in the below report. The Berne Convention for the Protection of Literary and Artistic Works, the Universal Copyright Convention, as well as bilateral treaties with other countries allow for protection of client's copyrighted work even beyond U.S. borders. The below documentation specifies the exact location of the infringement.
We hereby request that you immediately remove or block access to the infringing material, as specified in the copyright laws, and insure the user refrains from using or sharing with others unauthorized materials in the future. [...]"
I agree that we probably don't have to reply at all, but it just feels better, and most ISPs want us to "react".
There is probably value in replying even if only because it shows your provider that you have it covered and you arn't going to become a potential liability, especially in the event of a more serious issue occurring. It's just a little reassurance for them in my mind and it doesn't really take a huge amount of time to pick up the relevant boilerplate response and fire it off.
I always used to find it kinda amusing when a community site I ran once would sometimes get these letters because someone had posted something they shouldn't have, but the whole thing of sending a legal notice citing US law to ref supposed content on an NL server controlled by a UK based entity with no connection to the US. The DMCA is a US domestic law which is in fact utterly irrelevant for a site neither controlled by a US citizen nor hosted in the US, Berne and the Treaties would be the relevant ones then. I wonder was the mail cited here sent with ref a non US relay? Though there can be value in treating it as if it applied in the event one ever did try to take legal action under the law which does, being able to demonstrate that you met that legal standard regardless.
I'd suspect that if you can demonstrate that you have taken the time to reply to a notice demanding action citing a law that you were never bound by and in so doing met the legal standard under said law is not going to do any harm and may go toward making you look conscientious and reasonable with a plaintiff who at best was simply lazy in their legal research at worst are being intentionally vexatious and just looking for a stick to beat you with. Courts rarely appreciate such wasting of their time because organizations with the resources to retain legal advice conduct lacklustre research or because litigants are being vexatious.
I've yet to receive one related to tor but have run sites with user content before and always used to amaze me the number of notices that simply do not comply with one or more of the provisions of Title II 3(A)(i-vi) in one or more ways, even to the extent I had one company send a notice on behalf of "our clients" for all of "our clients" copyrighted works, note the identity of these clients was not given nor even a representative list of the works and not signed. I thought it rather generous of me that they got a whole one sentence reply to the effect of when they delivered a notice complying with the provisions of 3(A) specifically (i), (ii), (iii), (v) and (vi) all of which they failed at, about the only one they managed to get right was (iv) and then probably only because it's pretty much impossible to send an email with no return address. I wonder how many people have received a notice that was actually physically or digitally signed ie compliant with 3(A)(i) text bellow? Until the relay recently I've not had anything up that might generate such a notice in a few years so no idea if they got better at this.
(i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
As best my understanding of law is that would be satisfied by a signature of the rights holder or the agent but one or the other would be required not none, that said if that was the sole provision violated I'd be inclined to reply requesting a new notice complying with the above just to avoid issues with an attempt to suggest it substantially complied and the service provider had not contacted the sender of the notice. It just seems ironic to me that this whole law was created mostly due to copyright industry lobbying and yet these companies with all their law legal advisers can't even supply a legally effective notice. I for one never recieved a corrected notice after replying to state that I would take action only upon receiving a valid notification (They were in the past something I could have taken action on valid ones that actually pointed to something that actually existed on the site that is).
One thing I was never sure of is if "electronic signature" referred to what that term actually means in the real world ie PGP/x509 or similar or does it include an image file consisting of a mere scan *copy* of a physical signature in congressland? Wouldn't be the first time a technical term with literal meaning was used in an utterly different way in a piece of legislation after all.
tor-relays@lists.torproject.org
-
jvoss@altsci.com -
Matt Joyce -
Moritz Bartl -
Roger Dingledine -
Steve Snyder