Block websites via DNS on Exit Node

Hello, I have a different question, not a technical issue but a legal one. Unfortunately, no one could answer the question correctly in the context. Currently, I operate two exit nodes and I want to expand. Therefore, I would like to block DNS requests to websites that are clearly used for copyright infringement, by redirecting them to 127.0.0.1 via DNS. This means that the user would simply need to refresh to get a new exit node that is not mine. I will not restrict access to sites like YouTube, Twitter, or others, but at most 15 websites in order to avoid legal consequences. I know that technically I’m not obliged to do so, but since there hasn’t been a clear ruling in Germany, I don’t want to be the one who receives a legal warning. I can handle regular abuse emails and understand the importance of Tor. So, my actual question is, will my exit nodes be flagged if I do this? Thank you in advance. (I cannot block these websites by IP because they often use Cloudflare.) I kindly request that you refrain from making irrelevant comments, as I consider this to be a serious matter. It doesn’t matter to me if you don’t do it in your situation; I simply want to know for my own situation. I would be very grateful for any information.

I want to make it clear that I don’t have a general fear of lawsuits, but I also want to show that I actively oppose copyright violations. I would even be willing to accept a lawsuit if I were forced to block WikiLeaks, but my intention is to reduce abuse requests related to copyright.

Have a Nice Day.
Alex. :slight_smile:

As far as i know you are not allowed to do DNS hijacking because this measure will be against the scope of ToR. Who are you to tell ppl what sites to enter or not.

This were my two cents. Still don’t count my answer, there are others more entitled to give an answer. @NTH

That’s a great way to get the “BadExit” flag.

@SirNeo not sure why I’m mentioned in this, I’m for sure not the most qualified one on this topic, but I’ll give it a try anyway :wink: .

@Alexander “Relevant" part of my comment:
As far as I’m aware, censoring your exit relays could indeed be a reason for a BadExit flag.

“Irrelevant” part of my comment:
And indeed this is a serious matter. On a more principle level I don’t think it’s a great idea to censor Tor by running blocklists on your DNS resolver[1]. The primary purpose of Tor is to circumvent censorship. The way I view it you wouldn’t run Google Analytics on your site if you wanted to protect your users/visitors from corporate and commercial tracking. And similarly you wouldn’t use Tor for censoring the internet[1].

Based on your post I’ll assume you are based in Germany, but this applies to most countries in the European Union really.

  1. First of all visiting the type of website you refer to isn’t illegal in Germany. Depending on the specific data directly downloading and/or uploading the data may be illegal for citizens of Germany, but merely visiting a website is something else entirely.
  2. But even if it was illegal in Germany, then it still wouldn’t be illegal to visit those sites from other countries. Tor is a international network with access to the world wide web, not a censored German version of the world wide web.
  3. As far as I am aware, your national copyright act applies to official providers (and not Tor operators). This means you don’t have to adhere to court ordered blocks that apply to ISP’s. But someone with more experience with the German situation could probably give a better answer in this regard.

So in short I think it’s not beneficial to run censored exit relays. Guard/middle relays might be more useful then.

Slightly offtopic: despite this, I feel you have a valid concern about legal steps taken by either a government, a data protection authority, some copyright representative body or some foundation to troll Tor operators. that is not really mitigated within the Tor community right now. I think a lot of people (and maybe TPO) are willing to help with time/advise and financially when something like this should happen to a Tor operator. But as far as I know it’s not really made explicit, let alone guaranteed. This might scare off smaller operators that don’t have limited liability legal structures to safeguard them as natural persons. This might be something to talk about some more with operators maybe? The peace of mind that such a ‘safety net’ would bring might convince more people to run exit relays as well.

[1] To give a bit more nuance as a side note: I feel it’s proportional to (temporarily) block IP addresses, ASN’s and/or domains when you are either under a attack/being hacked or when your infrastructure is actively being used for large scale attacks/hacks. I don’t think anyone at the Tor Project would object to this, but please chime in if this is the case @TPO.

1 Like

hey, first of all thanks for your long answer

I also believe that many people would personally host exit nodes if there were a clear regulation, but as far as I understand my legal situation, it would only take a decision overnight that tor exit node admins are also network operators and I would be responsible for everything what happens and is very deterrent is that you do not know 100% if you will really be supported in a legal dispute.

What you also have to understand is that most of the nodes are run by e.v. clubs that are not liable with their private assets, but it’s also bad if 4 clubs operate all German exit nodes.

I’m trying to find a way to be able to prove that I’m personally against something like this and can also prove it, but I would never falsify user data.

Thank you :slight_smile:

1 Like

What’s an e.v club?

An “e.V.” (eingetragener Verein) is a registered association in Germany. It is a legal entity formed by a group of individuals who come together for a nonprofit purpose. The members generally have limited liability, meaning they are not personally responsible for the association’s debts.

1 Like