I know that Linode has had its share of problems recently, but it’s a service I won’t be leaving any time soon.

In July of 2014, as part of the Electronic Frontier Foundation’s Tor Challenge I decided to build a Tor node. Not only did I decide to build a Tor node, I decided to build an exit node. Running an exit node means that instead of passing traffic to another node on the Tor network, my node will be where Tor traffic exits the network, so it’ll be my IP address that any end-points see as the source of traffic.

When I decided to run an exit node, I was using Comcast as my ISP—running a Tor exit node is definitely against Comcast’s Terms of Service (TOS). By this point, I had been using Linode for many years to host a bunch of personal web projects, and I had no complaints. On a whim I perused the Linode TOS:

Linode does not prohibit the use of distributed, peer to peer network services such as Tor, nor does Linode routinely monitor the network communications of customer Linodes as a normal business practice.

So with that, I created intothetylerzone (because naming things is hard). It’s a fast (1MB/s), stable, exit node supporting exits on a number of ports:

ExitPolicy accept *:22  # ssh
ExitPolicy accept *:465 # smtps (SMTP over SSL)
ExitPolicy accept *:993 # imaps (IMAP over SSL)
ExitPolicy accept *:994 # ircs (IRC over SSL)
ExitPolicy accept *:995 # pop3s (POP3 over SSL)
ExitPolicy accept *:5222 # xmpp
ExitPolicy accept *:6660-6697 # allow irc ports, very widely
ExitPolicy accept *:443 # http is dead
ExitPolicy accept *:80 # but not *that* dead
ExitPolicy reject *:* # no other exits allowed

My Tor exit node is sometimes abused. There are fewer abuse-reports than I would have expected—I probably get 1 report every 3 or 4 months. I just handled an abuse report today from Linode (heavily edited):

We have received a report of malicious activity originating from your Linode. It appears that your Linode is being used to scan hosts. We ask that you investigate this matter as soon as you are able.

There was a follow-up message on the ticket with the specific IPs that were being scanned. I blocked any exit to those targeted IPs in my /etc/tor/torrc and replied to the ticket (most of this language comes from the operator-tools exit notice html):

This router is part of the Tor Anonymity Network, which is dedicated to providing people with anonymity who need it most: average computer users. This router IP should be generating no other traffic.

While Tor is not designed for malicious computer users, it is inevitable that some may use the network for malicious ends. In the mind of this operator, the social need for easily accessible censorship-resistant anonymous communication trumps the risk. Tor sees use by many important segments of the population, including whistle blowers, journalists, Chinese dissidents skirting the Great Firewall and oppressive censorship, abuse victims, stalker targets, the US military, and law enforcement, just to name a few.

I’ve updated my /etc/tor/torrc to include all ports on the destination IP:

ExitPolicy reject [targeted-ip]:*

I’ve also restarted the tor service. The destination IP should no longer receive any traffic from this machine.

Not 5 minutes later this reply came:


Thank you for your response. At this time, it looks like we can consider this case resolved. We will continue to monitor for additional complaints and let you know should we receive more.

I’ve set this ticket to close automatically in 48 hours, so there’s no need to respond since this case is now resolved.

Let us know if there’s anything else we can do for you, and we’ll be happy to help.

<3 Linode.

Without Linode I would be unable to host a stable and fast node. Linode supports online freedom, so I support Linode.