Advice needed - Shutting Down

Support Relay Operator
1

Greetings - We are looking for some advice.

We are shutting down our TOR relays (middle and Exits) for the foreseeable future. The reasons are private and not related to the community or TOR. In doing so, we’d like to turn things off responsibly.

The way we work is our VM provider knows we run exit relays and they communicate this to anyone inquiring about potential abuse (including law enforcement), we host a notice page on our relays explaining what TOR is and how it works, and we have an abuse email account that both the VM provider and the hosted page refers anyone to. From this account, we always respond with a complete summary and run-down of TOR to anyone that inquires. This has worked very well for everyone involved.

Now that we are shutting things down, we want to address some concerns.

  1. Once the VMs are off, the IPs will be used by someone else. What happens if abuse is found to be linked to an IP from the time we were running our Exit relays? It will be possible to link the IP to the TOR exit or VM provider, but no way to be informed of the abuse email account. We would prefer to not have subpoenas issued and have things escalate for something that is easily addressed.

  2. We’d like to not need to monitor the abuse email account anymore. We are going to be stepping away and the need to check email is not on the “to do” list. A potential solution is to set up an auto-reply with the pre-canned response we always send to people explaining TOR (what it is, how it works). That way, anyone that happens to find their way to the abuse email will at least get the answers we would have given them.

  3. VM Backups - The provider does not have a good way to give us back-ups of the VMs and they will be delete upon cancellation. Currently, if we needed to, we could prove that we truly have no data that enforcement wants. Once the VMs are gone, we no longer can prove it. Is this a problem worth worrying about?

Is there anything else we should consider doing? We have told our provider we are going offline, so they will be able to help us out for the near-term.

Thank you for the help!

2

Hi,

One thing that could solve many of your concerns would be to stop the VMs a month before the expiration date.

Thanks for your contribution.

3

Thank you for your help in the past, and for your effort to step down responsibly!

IANAL, but I’ll give my 2 cents…

  1. Once the VMs are off, the IPs will be used by someone else.

Probably, the best approach is phasing out rather than just shutting down.

The most important thing I would do is shutting down the relays, but keeping the servers up for a while, serving a notice page updated to state clearly that, and when, the relays were shut off. I’m not sure how long you should keep it up, though.

Also, if your provider is willing to help you could suggest them to keep the IPs you used at rest for a few months before renting them out to someone else. This should prevent inquiries reaching the wrong people.

  1. We’d like to not need to monitor the abuse email account anymore. […] A potential solution is to set up an auto-reply

An auto-reply is surely better than nothing. I would state clearly there, too, that and when the relays were shut down.

However, I recommend that you do keep monitoring the email for a while, just in case law enforcements try to reach you. If they receive no answer they may get very upset and cause you more trouble than having to check your emails once a week.

  1. […] Currently, if we needed to, we could prove that we truly have no data that enforcement wants. Once the VMs are gone, we no longer can prove it.

I think whether it is a problem or not depends on who asks for data, and how you can prevent it depends on how you can prove now that you have no data. I hope that other exit operators will provide more details.

Anyway, I guess a copy of the contract with your provider, and a statement from them if they are willing to provide it, could help to proof that you had no data to begin with, and that even if you did, you wouldn’t have been able to keep them.

4

Thank you for replying! It’s much appreciated!

  1. We have shutdown the relays as of December 27th and updated the notice page. We didn’t put the date, which is a great suggestion that we’ll do. So thank you! Your point about working with the provider to keep the IPs unused for a bit is also great.
  2. Yeah, the email account is tricky. Auto-reply is definitely something we will implement. Hm, we’ll have to think more on this.
  3. I’m not sure how they would even be able to provide a statement like that. They don’t know what is on our VMs. I’m not sure if there is some sort of utility that can make an in place copy/image of a linux VM…