Tor Wacky Times and the NSA

gAtO rEaD – that Tor (The Deep Dark Web) is now all messed up by the NSA, FBI and LEO so all you bad guys using the Tor network better watch out, or should they???fed_links_01

Aug 5 the FBI snakes in Freedom Hosting and put a number of websites out of business in the Dark Web. They let the flames go out that they caught a bunch of Pedophile sites with that bust, but it does not seem so.

The Attack on the Dark Net Took Down a Lot More Than Child Porn – – gAtO contribute to this article–

fed_usCitizenship_01Aug 19 – Millions of Tor Clients start to go up in numbers. What’s this all about, we get a bunch of Tor clients just hanging around doing nothing in Tor. Some say it’s a Bot-net or something like that. Then it growns 4, 5  million Tor users and the last week or so it starts to go down again. So what is all this about all these Tor Clients and the Tor- Botnet?fed_rent_a_hacker01

Oct 3– Silk Road get’s taken down, Oh the FBI had a copy of the Silk Road servers back in June just before the AUG 5 take down of FH by the FBI. So the Feds had Silk Road all this time and this is all they can do, can’t even get a few Bitcoin wallets- what a cluster fˆ%k—//fed_cc-paypal_01

Now you got NSA saying that Tor is cracked and the bad guys cannot use it. They claim that they can hack Tor anytime and anywhere with documents that a summer student left on how to hack the Tor network back in 2006. By the Way – most of these hacks do not work in Tor, maybe on a regular network but not on the Tor network.fed_hit_man_01

So now gAtO goes in search of Tor sites and a lot of sites went down by hook or crook —BUT someone has started to replace these Tor Hidden Websites in the Tor Network – But something is FuNnY – all these sites us the same web templates –

So now you can take a walk down memory lane and see all the older Tor-Websites have gone away and new ones have magicly re-appear.

fed_apple4bitcoin_01Now if this was the only place were this has happens OK sure, but at other Tor- Wiki Tor Link sites you will see the same thing – Commercial sites are all FuNnY and all the non-commercial Tor-websites are Tango Down.

So now Tor goes round and round but nobody knows what the heck is going on- In the Tor network – The Deep Dark Web run by Criminals or the FBI – you can answer these questions yourself by visiting the site –trust but Verify– ((not me))– gAtO oUt

fed_counterfiet_euro_50 fed_counterfiet_usd_01 fed_links_01 fed_mobile_steal_store_01 fed_uk_guns_01














Silk Road down – Tor still OK

Silkroad Seized Coins Addresses are identifiers which you use to send bitcoins to another person.


I found what I was after – this is all the Bitcoin Wallet Address from Silk Road that the FBI has –

caveat – check your wallet number if it’s not listed then your wallet is still cool and the funds available  –MaYbE!!!

UPDATE: notice that SILK ROAD account is still paying out all this money to France, Germany all over the UE – 500 BTC – 100 -BTC at a time WoW – Someone is making off with all the money from the SR account-

Unspent Outputs 1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX – 

 gAtO sEe- the fact is that as always GREED is what got SilkRoad Tango Down. I been getting lot’s of slack about Tor and all that but sorry, it’s as safe as you make it. Tor gives you an edge and if you really need the privacy and do your research on Tor, you too can communicate anonymous FACT not fiction -// 

Now the Bitcoin aspect of this take down is what is really cool. This take down now makes BTC more legit since they can’t say yeah it all criminals using Bitcoins, na, na, na, – I saw the first few 1 million dollars BTC transaction the other day – but still “Bitcoin Buying and Selling is a pain the A$$” my new Bitcoin book coming out in a next months just in time for the holiday seasons – gAtO oUt


On 10/04/2013 02:21 AM, Roger Dingledine wrote:

 OK, I just read the Maryland complaint. It’s obvious what happened.

 An FBI undercover agent contacted him, wanting to sell large quantities

of cocaine. He found a buyer, and delegated the details to his employee.

Said employee had full admin access to his servers.

His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover

FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said

employee, and arrested him on receipt. Said employee soon told the FBI

all that he knew.

So now the FBI had access to the servers. There’s no reason to suspect

that they needed to compromise Tor to gain access, or for anything else.

There’s more drama about the murder for hire stuff, but it’s irrelevant.


Tor Bot Net realm=bitcoin-mining-proxy

update -: Here is the poop – Skynet is bitcoin c&c and the Tor Zombies are Bitcoin miners- Here is the Botnets – :– -so I ran my crawler on them and got this little hit on all the Skynet were Bitcoin c&c Server

qdzjxwujdtxrjkrz.onion Skynet -realm=”bitcoin-mining-proxy” -HTTP/1.1 401 Unauthorized

URL of the Site — : http://qdzjxwujdtxrjkrz.onion
HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm=”bitcoin-mining-proxy” Content-Type: text/plain Transfer-Encoding: chunked Date: Wed, 11 Sep 2013 16:16:57 GMT Proxy-Connection: keep-alive Sorry, I don’t know you.

on all the Skynet I get this realm – bit coin-mining-proxy- this is a secret hidden service that only if you have the right authorization in your torrc file the Tor website will reject you – So all the botnets have the right authorization name- pretty sweet setup I say- now 3million Tor Botnets turning Bitcoins – no wonder these zombies are real quite in Tor- got them-

Large botnet cause of recent Tor network overload –

gAto sEe- ever since Aug 19, 2013 Tor has been getting a lot of users. First 1 million, then 2 million then over 3.5 NEW million Tor users in the last 25 days. So what is happening in Tor world is that they are going crazy, Tor relay operators have reported what looks like they are dDoS-ig their own relays sometimes. Lots of circuits built and broken and this has put a big strain on Tor.

Worst still these new 3.5 Million Tor users are just sitting idle and the Tor network is freaking out. To get a hidden service connection is almost impossible but I can still use Tor to use the clear-web with no problems. Thu Tor I can see my site- uscyberlabs and any other non-Tor site and it loads pretty fast. When I try the hidden Wiki – NO-GO

If I keep at it I will finally find a Tor-website- like my own that works and it loads.

my new toy in Tor- Secure Encrypted Tor Messaging website – http://tpgewiccpecsbajt.onion/ – so I know Tor is still working.

Tor Bot-Net –How to handle millions of new Tor clients – problem is messing with everyone.

Conspiracy theory

  • Left over FBI bonnet – from the Freedom Host Raid around Aug 5
  • Russian Bot-net
  • Some Tor Experiment gone -lOcO – NOT gAtO, at least this time.. mEoW
  • Was August 19 the starting date to run en masse from the NSA’s PRISM project?
  • Were European internet users downloading the latest American cable TV series via Tor only, thus overcoming blockades of sites like the Pirate Bay by European ISPs?
  • So some thought a botnet abusing the Tor network to hide its command and control server must be the reason of the sudden increase of Tor users.
  • The Mevade malware family downloaded a Tor component, possibly as a backup mechanism for its C&C communications.
  • TrendLabs says- “The actors themselves, however, have been a bit less careful about hiding their identities. They operate from Kharkov, Ukraine and Israel and have been active since at least 2010. One of the main actors is known as “Scorpion”. Another actor uses the nickname “Dekadent”. Together, they are part of a well organized and probably well financed cybercrime gang.”

The Tor network is overloaded – but they still have no idea what is going on in Tor and how to stop it and/or control it. So were do we go from here in Tor. I got my box working and some other tor websites may need to think about the version they use until we get this Tor-Bot net under control in Tor -gATO oUt

Client- Sep 09 09:56:05.868 [Notice] Tor v0.2.3.25

Server Tor v0.2.3.25 – on Linux – http://tpgewiccpecsbajt.onion/  – Testing my new site in Tor and I noticed


Stopping Pedophile websites in Tor

gAtO-nOtEs– Stopping Pedophile websites in Tor 4 LE

Dark web drugs site Silk Road knocked offline by hacker –

From the IEEE report about “Trawling for Hidden Service” they explain as any network person knows that it take little more overhead to make a Tor connection than a regular Internet connection. (SSL-connections) That Tor-Relay will have to work harder and as more and more connections are made, Just like a DdoS attack but with a simple crawler we can bring down any Tor-Website from communicating with any new clients. The Tor-network has no load balance.

So a simple crawler looking for URL’s doing it’s work to gather information for a Tor search engine- Like I have – could accidentally play havoc on a Tor-websites -entry-relay —even silk road // no way pedro // so if we use enough of these crawlers we can stop people from getting to the website and they will have no clients.

Example for Law Enforcement:

Natural Spanking Website is Tor website- They have over 13,000 URL on their website – so that’s 13,000 pages of pedophile crap.  If we launch 8 crawlers from different places to crawl this site’s 13,000 pages again and again and again – all at the same time coming from different directions. Tor has no load balance so the websites Guard-relays cannot keep all these connections up. The (-combine crawlers coming all at the same time-from all over the world ) will prevent new clients accessing the site. The site will be un-reachable. You know what Amazon ec2 VPS server would be a great choice for this test.

If we do this for about 2-3 weeks – the word will go out that the site is down – The site will have to deploy and advertise new URL’S. if we also plan a campaign of propaganda news-feeds about that website and spread it on Twitter and get all the groups that hate pedophiles (anonymous and other groups). We can bring down any pedophile site this way.

But that’s a lot of work for any Law enforcement agency, but maybe not.01_29_tdp_xx

IEEE 2013 -Trawling for Tor- Hidden Service –

From this paper we find new ways to go after the websites and find the IP and geo-location, we can take over the entry-guard-relays and get statistics and usage and maybe clients of the website.

  •  We have a way to get Tor-Websites stats- we have a method to measure the popularity of any hidden service without the consent of the hidden service operator.
  • We will work on this way of stopping a Tor-website form operating -We show how connectivity to selected hidden services can be denied by impersonating all of their responsible hidden services directories.
  • We will demonstrate a technique that allows one to harvest hidden service descriptors (and thus get a global picture of all hidden services in Tor) in approximately 2 days using only a modest amount of resources.
  • We show how to reveal the guard nodes of a Tor hidden service.
  • Harvest all known Tor-hiddens service-websites.
  • We propose a large-scale opportunistic deanonymization attack, capable of revealing IP addresses of a significant fraction of Tor’s hidden services over a one year period of time.

Of course going after a website like this is only allowed by Law Enforcement – gAtO oUt

Tor friendly ISP

gAtO FoUnD this- an wanted to share- When you work with Tor servers you need a good ISP behind you – my last ISP inMotion just locked out my site and email and file access – unless I upgraded – This was because of Tor- traffic to my site. So if your site get users from Tor– do NOT us InMotion they SUCK-tor_2013

We are in the process of deploying Tor-OR-relays to help the Tor-network and help us in our research. No we will not run exit-relays – too many problems-/ but it would be nice since the government loves exitNodes so they can monitor traffic. Washington, DC area loves Tor – ummmmm wonder why.    Biggest Tor-relay Growth Tor Usage Washington-DC 

This page aims to list community experiences with Tor and various Internet Service Providers (ISPs) around the world. Some ISPs are Tor-friendly, some are not. Some are competent and clueful about Tor or about security in general. Let us know!

Be sure to provide useful information like how much bandwidth you pushed, whether you thought the deal was cheap or expensive, how hard you had to work to make them understand what’s going on, how long your server has been running, and whether you’d recommend them to others. Also include dates. — gAtO oUt

Good experiences


  •  Amazon Web Services (AWS) (hosting) allows customers to run any type of Tor servers provided abuse complaints are handled in a timely manner. It makes sense why  Tor Cloud is run off of AWS.
  •  Axigy is a superb Tor hoster. Handles abuse perfectly. Ask for custom quote.
  •  Blacklotus allows Tor exits and has (quote management) “pretty liberal abuse handling policies”
  •  Binary CPU allows Tor nodes. I got a promotional unmetered package and been hosting an exit relay since January 2012. – December 2012: Sadly everything has come to an end, I guess. Binary CPU has discontinued their VPS services so there goes my fast exit node 😦
  • Low cost and “good” bandwidth limit. Section 5.2 of their  Acceptable Use Policy state that any Tor services is fine as long as your (the user) personal information is registered to the IP you have in the ARIN database (SWIP). This requires the user to purchase at least an IPv4 /29 (6 IPs). (IPv6 only relay _could_ not require to purchase that. Answer is pending with an open ticket at
  •  ChunkHost Good bandwidth, great uptime, excellent support, all around excellent VPS provider. However they questionable policies about TOR. They received one DMCA notice and despite the standard response, tell me VPS will be disable with one more notification. Still working this out. -hRB Jan/2012
  •  Team Cinipac Team Cinipac “allow on all server locations services like Tor/VPN/I2P because we are supporting projects who safe the privacy like wikileaks, Tor etc. We stand behind our customer and abuse will be forwarded to you to take action. If you have problems, need help etc. just only contact our Abuse/Law Department they will help you in this case. We do not provide any kind of information to third parties. Our company locate in Panama and we ignore court orders from other countries, because we think privacy is an human right.”
  •  Cyberonic is now on the COVAD backbone, so you should be able to get service from them anywhere you could get other COVAD-based service. They offer 6.0m/768kbps at $59/month, w/ a static IP. Can’t recall ever having downtime due to them and their TOS only restrict Email relay servers (and that’s probably only enforced if you have complaints). All other servers ok. If you sign up, tell ’em brianwc sent you and I think I get a free month. — BrianC
  • is a Tor-friendly ISP that already has a 20Mbit Tor Exit Node hosted there. Their services are a bit pricey, but they have excellent peering, and offer a “Cheap-Net” option to give you bandwidth at a little less than half of their listed prices (~$20/Mbit).
  •  Evolucix is a low cost VPS provider. They offer TUN/TAP extensions on top of OpenVZ to provide VPN capabilities. They are fine with bridges and relays but due to the US regulations running exit nodes can be tricky. Great service from my experience.
  •  HostGator allowed Tor on VPS and Dedicated at least last year (2011), however you might want to check if this policy still applies. Their phone and live chat support is on 24/7. Hosted an exit relay for a couple of months. I discontinued my VPS because of the heavy price (still a great host though).
  • RoadRunner (TimeWarner) (USA): Very reliable service. Been running web server on 80 for several years. IP changes when cable modem reset (almost never for me). No ports blocked (that I know of). No BW limits, only speed caps. I’ve got 5Mbps down/384kbps up. Definitely recommend. Running Tor since Jan 06. — MichaelAnsel
  •  Softlayer allows for customized WHOIS, reverse DNS from their portal, and they are an utility provider. They have dedicated servers and cloud instances (Hourly or monthly billed). They come with 3,000 GB bandwidth standard, if you get a dedicated box. You can pick Dallas, Seattle, Washington D.C., and San Jose for server locations. By the end of the year (2011), you will also be able to run nodes in Europe and Asia as well. You may remember these guys: merged with SoftLayer in late 2010.
  •  Speakeasy (merged with  Covad and  Megapath in 2010) allows users to run arbitrary servers without port or traffic volume restrictions. Static IP addresses are offered without question or complaint.
  •  Slicehost/Rackspace (a hosting provider, not an ISP) allows running Tor on their servers, but if anybody downloads copyrighted material illegally through Tor, that’s a ToS violation. I had an issue with a DMCA (copyright violation) notice triggered by Tor activity exiting through my server, and I had to agree to block the port on which the material was downloaded for them to let me continue running the exit relay. Setting an ExitPolicy that only allows certain ports is probably smart if you don’t want to get into trouble. Otherwise, the service is great; each server gets guaranteed 10 Mbps, and the network has never been down in the 6 months I’ve been a customer. Plans start at US $20/month, reasonably cheap as these things go. Update: 3 March 2010: Approach with caution. I’d love to move my exit node to Slicehost, but after trading several e-mails with a Greg in technical support, I could not get a straight answer about whether Tor complies with the company’s AUP. Greg’s response when pushed: “Again, we do not recommend this service to be run on our platform. If you have any other questions, please let us know.” — EricB
  •  Sh3lls says their dedicated servers can be used for anything legal, as long as the customer handles abuse they’re fine
  •  Tailored VPS has a  blog post about hosting Tor relays so I assumed they allow hosting one. Been their member since late January 2012. Good experience so far. -> I can confirm they are quite tor-tolerant (even exit nodes). They ask you to deal with the abuse letters they forward you, and may ask to add an exit policy to the “victim”‘s IP as a precaution. Not the cheapest, but they play nice with Tor relays.
  •  VPS6.NET Tor initially allowed. Been hosting for an exit a couple of days there (also very nice support team!). – December 2012: They are now more strict about Tor. Middle nodes should be fine. However, if planning to host an exit, you might want to check if your desired exit policy is fine with them.
  • Windows VPS provider who allows to install Tor on their VPS Servers. I’m their customer for few months and ask them to install Tor and get positive answer. They allow to install all applications which are legal and don’t abuse others. Also when you make order you will get dedicated IP address. Also their support is full managed who always help to solve your problem’s and issue’s.
  •  ServerAxis Low-cost VPS provider offering both metered and un-metered (100Mb/s) plans. I’ve been a customer since mid-2012 and have run a bridge node the entire time without incident. The infrastructure seems solid, I’ve had no downtime. Low-end metered plans come with 1TB/mo data transfer allocation and $0.01/GB after that. Their AUP does not explicitly disallow Tor.


  •  EDIS GmbH (Hosting) allows Tor Exits and other nodes on dedicated servers (not virtual), Abuse will be forwarded. – please contact me personally (william A/T before setting it up so i can mark the account in our backend as proxy/VPN (which means we forward the abuse and dont bother reading it + giving more time to react to it). IP will be nullrouted at Incoming DDoS. Please block common Torrent ports (since we dont want to deal with copyright abuse which is *VERY* annoying in Austria), IRC allowed. Client data will only be forwarded at subpoena from an Austrian court (or acknowledged from an Austrian court if it is foreign). *torexit* or similar reverse DNS can be forced at our discretion (unlikely). SWIP of IPs possible (25EUR onetime for a 4 IP subnet on your data + 1,5EUR per IP per month). (william, 12/2011)
  •  InterneX GmbH (Hosting) seems not to care about Tor nodes, likely mainly because their upstream/IP provider does not (see next ISP, UPC). Rather cheap VPS but openVZ based with low limits on connections. (william, 12/2011)
  •  UPC Austria GmbH (ISP) does not care what their customers do at all (unless you have a business connection), Cheap 100Mbit (down) 10Mbit (Up) connections (59EUR with VAT). (william, 12/2011)
  •  Silver Server GmbH Forwards abuse. Hosts already some big exit/entry nodes which seem to have no problems. Very expensive traffic. (william, 12/2011)
  •  Tele2 Austria GmbH Forwards abuse at business connections, good quality traffic, does not like “proxys” on private lines. Cheap synchronous (SDSL) connections. (william, 12/2011)
  •  A1 (former Telekom Austria) Does not like Abuse (in any form) at all. Seems to give out customer data at alleged abuse. Not recommended but cheap. (william, 12/2011)
  •  xpirio GmbH in general rather relaxed at all services, but better get in touch with their (very understanding) support when you expect abuse. (william, 12/2011)


  •  netcup GmbH allows hosting and does not restrict any TOR services at all but everybody should be aware that there can be huge legal consequences if laws are broken. I received this statement from the CEO Mr. Dipl.Ing. Felix Preuss today via mail (goose, 07.11.11)

Me and a friend hosted TOR both on our own netcup server a year ago, and the consequences were fatal! They wanted more than 350 EUR for a special effort (disable my and my friends server). We responded with the official EFF statement about TOR. No response from netcup. 1. dun, 2. dun. We went to a lawyer. He wrote them. No response from netcup. 1. collection agency, 2. collection agency. Lawyer responded to them and to netcup. No response from netcup. Finally they gave up. But they NEVER responded to any action me or my friend took. I wouldn’t recommend netcup as a TOR friendly provider. NEVER!

I also had a _terrible_ experience with netcup:


The service in it self was not very good. Being artificially limited to 400KB/s is extremely bad, especially when bandwidth was supposedly ‘free’.


Inability to cancel something via the internet that I was able to order via the internet. How can I legally enter an agreement over the internet but not exit an agreement? That is ludicrous.

  •  Weesly is very liberal and allows hosting Tor in any kind. Statement in German: “Bei mir kann man alles machen was nicht gegen das deutsche Recht verstößt”, in English: “With me you can do anything that does not violates German laws” (q23p, 10.06.11)

Note that you should let them know about your intention when ordering a server or in advance. (ch, 06/2013)

  • Although its located in the Netherlands, Germans could try Leaseweb. They’re hosting more than one *big* Tor-server and are quite tolerant. (anonym, 4/2010)
  • EUServ seems to be a good ISP for Tor (see what they think  here). They have a bad support, but if you know how to maintain your server, this ISP is a good choice. —JensKubieziel? (
  • (DE) has generous traffic limits (there are contracts including 1TB/Mo) and behaves as I’d expect it from good partners. Some BSA-notice regarding Torrents arrived, they informed me and told me to stop this “illegal activities” and said, after reading and (at least it seems so) understanding my reply explaining Tor with “ok, we won’t interfere, your problem”.
  • HostEurope: “generell schränken wir die Nutzung nur bei IRC-Diensten ein. TOR-Server können grundsätzlich betrieben werden. Allerdings müssen wir eventuell auftretende Beschwerden dennoch an Sie weiterleiten. Vor allem wenn der Server als Exit-Node fungiert ist es wahrscheinlich dass Beschwerden eingehen werden.” I’ve had a contradicting answer a few days later: “Leider müssen wir Ihnen mitteilen, dass wir aufgrund interner Richtlinien das Hosting für Ihre gewünschten Zwecke ablehnen müssen.”


I had a positive answer again (regarding running TOR on a VPS): “TOR services are allowed, as long as the load on the host system is not getting too big.” (1/2012) (but note that numtcpsock are set very low (550) on their VPS)

  • offers cheap and reliable Virtuals Servers with 2GB HDD-space and liberal policies. The cheapest VPS is around 8 Euros. Not useful for high traffic nodes, they limit heavily after 5TB
  •  Afterburst (formerly Fanatical VPS) provides unmetered VPS on 1000mbps line. Fair usage applies. Quoting Nick from the team: “Yes hosting tor relays is allowed, however depending on the VPS you choose you’ll probably want to enforce a speed limit”. The Micro package fair usage is 1-2mbit a second which I gladly honor. Been hosting an exit relay since November 2011.
  • I’ve asked their support and I got a negative answer (4/2012): “We used to allow Tor on our nodes, but unfortunately we have had some issues with our datacenter (Hetzner) in terms of AUP and such. Sorry but we cannot allow anything tor-related anymore.”
  • That’s sad but understandable. This policy likely means “no new Tor relays”. I had some problems with abuse this month (5/2012), and they said it’s fine for now but if they see too much abuse they would ask me to switch to a non-exit node. Still counts as a good experience as Nick seems to be very understanding of Tor.
  • No longer allows exits at all. Middle relays are fine.
  • Tried to sign up for VPS for non tor related purpose, was informed that when doing a “fraud check”, they found my email associated with Tor. I asked for a refund.
  •  Server4You (Germany, part of  Intergenia AG) hasn’t complained about a Tor server (running on a non-virtual server) pushing 300GB/month for more than two years. They only block incoming port 6667. They are hosting more than a dozen Tor servers. — SvenNeuhaus (2008/01)

Server4You limits on virtual servers are ridiculous, actually. numtcpsock 288, tcpsndbuf/tcprcvbuf 3598712, lots of failcnt. Can’t use them with Tor. [2010/02]

I’ve asked Server4You support and they state servers with complaints about Tor will be canceled immediately (see the quote in the “Bad Experience” section)

United Kingdom

  • has nothing against Tor nodes in principle, but warned that they’d asked me to stop if a large number of abuse reports were received. My fast/stable exit node’s been running there for three months now with no hassle.
  •  Gigatux has graciously allowed me to run a Tor relay for over a year and a half with no problems. They actually run their own relay named ‘gigatux’. Customer support has been very good as well, and they have helped me handle two abuse complaints admirably. They also offer servers in the US, Germany, and Israel. -Blackpaw
  •  Bitfolk allows Tor exits and relays. They are very knowledgable and understand Tor and its uses. They are hot on spam and abuse so advise changing the default exit (good idea in the UK anyhow). Any DMCA notices received were simply forwarded on without agro.


  • TeliaSonera Finland: Largest ISP in Finland. I’ve been running Tor node on 8/1 ADSL with semipermanent IP address (changes rarely). ISP has not interfered in anyway. They block only port 25. In the future TSF may activate “black lists” based on DSN (sorry effort to “fight kiddied porn). 60+ kBps continuosly. — JussiSavola


  •  1984Hosting Has no problems with Tor, asked directly and was told they are fine with them. Fairly cheap as well. –Maquis196
  •  FlokiNET Privacy Hoster – TOR Nodes are welcome


  •  Prometeus Middle relays are fine, exits are forbidden by TOS. “A relay only Tor node or similar software which only allows traffic to other nodes is OK. For example, Freenet is allowed.”


  • John Brooks  runs a 2TB node at  LeaseWeb. He would recommend them for running a relay. — JensKubieziel.  In a mail to Tor-talk, a LeaseWeb employee (Alex de Joode) offered his help to sort out complaints regarding Tor.
  •  Ecatel explicitly allows Tor exit nodes and forwards abuse/DCMA, but their network isn’t the most stable. You need to email them for a custom offer. They also accept UKash/CashU.
  •  Netrouting has no problems with Tor
  •  DirectVPS has no problems with Tor
  •  Versio has no problems with Tor
  •  NForce has no problems with Tor


  • NextGentel (Norway): Allows Tor-servers. Assists Norwegian secret police in doing total surveillance of customers they torture for sharing their opinion without warrant or even a reason.


  • TeliaSonera is also big in Sweden and deliver where other ISPs can’t (They were previously the state monopoly, which they still are, but they now pretend it’s free competition while they still own all the fiber). Blocks port 25 for all customers. Does not bother Tor-server operators.
  •  PRQ has no problems with Tor exits and abuse forwarding, but at a heavy price…


  •  TekSavvy has a server-friendly Internet Use Policy (e.g., running a Tor relay) and has taken a stand in favor of net neutrality. (2008-12)


  • With  Tuš Hosting we had really good experience running a 5 MB/s full-exit Tor on a dedicated server on colocation. They said that they care just that we pay our bills and they just simply forward DMCA notices to us to handle (or ignore) them and forward police to our home doors to question us. I really recommend them and if anybody wants to put another Tor node/server there I am willing to help. Mitar (mitar@…)


New Zealand and Australia

  • Quite open to the proposition when approached. Have servers in N.Z.; Sydney; London; and Dallas. Locations may vary, but quite happy with the specific Oz/NZ query. No co-lo, but root access. “You can run anything you like, as long as it’s legal.” The moving goal-posts of legality are the only concern here.

Bad experience


  • Running Tor was fine until Undernet mailed a complaint which falsely claimed Tor was somehow a “botnet”. This made a  very rude person at Ezzi send a mail which falsely claimed the Tor servers were hacked and “It appears whoever caused this hacked the servers by brute forcing SSH logins and uploading a fake httpd binary and launching it.”. This person kept on insisting the servers were hacked after being politely informed that Undernet had confused Tor traffic with a “botnet” and that the servers where not compromised in any way, so it’s kind of hard to tell if the person was troublesome because the person did not understand what Tor is or if this person at Ezzi generally just imagines things and think they are part of reality. But it is clear that most ezzi customers  become ex-customers after meeting this known-to-be-rude tech.
  •  LayeredTech are a server hosting company located in Texas. I ran a server for six months without any issues, but then someone used the Tor server to exploit a PHP vulnerability. Explaining the goals of Tor to LayeredTech resulted in it being made clear that I was responsible for any and all abuse through my IP address. Shortly after this they ordered me to shutdown Tor. — Steve_Crook
  •  SONIC.NET of Santa Rosa, CA have terms of service that would apparently be Tor-friendly; but this thread,15272743 includes comments by SONIC.NET’s CEO that don’t sound particularly friendly or open to the idea of running an exit node.
  •  Linode will require you to shut down an exit node if it receives repeated abuse complaints. Non-exit relays are allowed.
  •  Tektonic will suspend your VPS with no prior notice if you run “any proxy”. They used to tolerate Tor if you didn’t run an exit node but they are now apparently auditing the VPSs for processes named Tor. They did however restore the VPS very promptly after I promised to uninstall Tor and Privoxy.
  • Comcast’s  Acceptable Use Policy for residential customers says no servers or proxies under “Technical Restrictions” (2009-08-10 tip from Scott Bennett).
  • (Softlayer) allows Tor exits, abuse needs to be addressed within 24 hours. Despite this “policy”, my experience was bad. They were very understanding at first when the exit was just made and got about 5 DMCA notices, and replied explaining Tor. A few days later, I got forwarded about 30 DMCAs, and few from Spamcop (even though common mail ports were blocked); as usual, I replied that it’s entirely because of Tor, and that I have no pirated content or viruses on my box. Apparently they got fed up with the constant DMCAs, and replied with “More will need to be done to block this. We will not tolerate open abuse of our network (DMCAs and SPAM via a “Tor Exit Node”). This type of service is prone to abuse and tarnishes not only our reputation but your reputation with us. If action is not taken to help prevent this going forward we will be forced to block access to the server”. At this point, I set it as a “middleman” instead of an exit, in hopes that it would stop the flow of DMCA notices. Nope, they disabled the interface. I have at this point stopped Tor on the 100tb box, and do not know what to do now. There is no way at all to block all P2P, and 100tb refuses to acknowledge this. They make claims “Tor is ALL RIGHT on 100tb boxes!”, but then go and screw you over when you get DMCA notices (it’s a when, not an if. Running a Tor exit WILL produce DMCA notices). I highly suggest avoiding these people at 100tb/Hosting Services, Inc./midphase if you are seriously considering running a stable Tor exit. We had a server there for 6 months, but then they told us Softlayer as DC doesn’t allow it any longer. (
  •  M5 Hosting does not explicitly forbid Tor in their AUP, but after operating an exit node for 3 weeks and receiving three DMCA complaints, their abuse department communicated, “Whereas Tor exit nodes facilitate unaccountable actions by anonymous users and those actions regularly expose [M5] to undue risk as well as oversight costs and unknowable legal expenses, Tor exit nodes will not be permitted on M5’s network” because “just responding to the abuse complaints costs [them] money and it costs money to [their] upstream providers and increase[s] [their] risks of incurring legal defense expenses” and ordered the Tor exit node to be shut down.
  •  FDCservers allows Tor, and customers to react to abuse within 24 hours before taking further steps. Be cautious if operating an exit node, for the boilerplate abuse responses are “not acceptable” per their Network Security Administrator. He sited the AUP/TOS and stated I have “the full responsibility for the content hosted and passing through the server. So if you cannot track or take actions against reported abuse issues you should terminate or restrict specific service” (which was a single exploitable php script probe).
  •  Santrex (1) Santrex gave me a poor experience, no abuse was forwarded, and my server was suspended without prior notice. (2) Santrex suspended the vps running an exit Tor node after 1 day telling me that torrenting was not allowed and I was abusing the service. No warning was given. They kept billing my credit card even after having the vps service suspended. (July 2011) (3) Santrex threatened to disconnect my dedicated machine after the second abuse complaint from an exit node. (In their Denver colo, at least, they appear to be subletting from, mentioned above.) (Nov 2011)
  • Abuse department says Tor violates AUP and should not be run. Also said they had had Tor nodes run before on VPSes and it had caused performance degradation for other VPSes. 6/27/2011
  •  Mediacom Within one week of running an exit node on their residential service, my account was suspended due to DMCA requests. No requests were forwarded to me. No amount of reasoning/explaination/screaming at them would get them to restore service.
  • Altough they weren’t against Tor exit nodes themselves at first, they run a three strikes policy about abuse complaints from “their datacenter”, meaning they themselves could get their machines kicked off. Running a non-exit relay should be fine.
  •  Chicago VPS First claimed I could host a node as long as I dealt with abuse reports. Then I got an automated abuse mail and I handled it with a proper reply. Then I got a rude threat they would terminate my VPS if this happened again. Not recommended unless you want a host that runs its hands up screaming on every abuse report they get. This abuse mail did not even state the web address this supposed spam/abuse happened but they fully bought it.
  • Tor not allowed.
  •  5ITE Hosting Solutions Tor not allowed. Supposedly forbidden by TOS/AUP even though not directly mentioned
  •  DigitalOcean Tor was allowed, then they stealth changed the ToS after their KVM network stack was failing. Tor will get grandfathered status (Unlimited Bandwidth) removed, and they weren’t exactly keen to warn.
  • I’ve ordered their service, but they sent me my password only after 4 days, after I ordered another service already. I asked them to cancel my order and refund – but they just deleted my account, gave me no refund and they do not reply to my mails.
  •  owned by Tor not allowed. Even middle nodes violate their TOS/AUP.

Phobos’ research

ISP Name Allowed IRC? Allowed Proxies? Allowed Tor?
 CI Host N Y Y N Y Y
 Host Voice N N N
 Super Servers N N N
 Vericenter N Y Y
 Dedicated Now] N Y Y
 Soft Layer Y Y Y
 Tek Tonic N N N
 Unixshell N N N
 Verizon FiOS N N N


  • Unixshell/Tektonic are the same company. They nullroute you on the first abuse complaint. Middleman nodes are ok, but the abuse dept requests “SafeLogging 0” set in your torrc and wants full access to your logs on demand.
  • Verizon FiOS officially does not allow any incoming traffic, they reserve the right to disconnect you at any time for violation of this policy. Users have run middleman nodes without any incidents from VZ. Exit nodes with abuse problems have resulted in legal threats and disconnection threats, but no disconnection as of yet.


  • The german ISP dogado ended up killing the Tor server process and blocking the OR-port on my vServer. — d00b
  • The german ISP EuServ / ISPro — they just broke the contract, switching our Server off. — padeluun
  •  Manitu forbids any anonymisation techniques in their AGBs –qbi (gamambel: I have asked and they made me an offer for 100mbit dedi at 1500 euro)
  •  OVH (German ISP) offers root server with a high bandwidth (up to 5.000 kB/s). They changed their AGB and cancel “problematic” contracts very fast. — qbi
  • The german ISP shut down h07onion due to gross incompetence. Look at for more details.
  • “I have recently checked  manitu because they advertise with internet without censorship and data retention. Unfortunately they explicitly forbid providing anonymization services in their  general terms and conditions. On inquiry they have justified this restriction with the enormous bandwidth consumption and the impossibility to achieve fair combined costing in this case. For the same reason they forbid running mirrors of public data such as open source software. So I believe their argument is no pretense.” — Alex, Dec 01 2009 via email.
  • The german provider suspended one vserver running a Tor exit node, analyzed stuff, and charged 192€ for processing _one_ dmca-notice. – ari
  • “Leider unterstützen wir keine Tor Exits. Sofern diese in unserem Netzwerk sind gab es vermutlich noch keine Vorfälle.”
  •  Strato writes in their  AGB “Abschnitt III: Sonderregeln für dedizierte und virtuelle Server … 1.1 Eine Nutzung der Server zur Bereitstellung folgender Dienste ist ausgeschlossen: … Anonymisierungsdienste, z.B. Tor, JAP, Proxyserver”
  • Running a tor relay node with 256 kB/s bandwidth and 600gb traffic limit configured in tor I was moved to a high traffic node after about 8 days or 400 GB traffic usage, at which point the average bandwidth dropped to less than 50 kB/s. I was not notified of this changed but its clearly noticable via vnstat -d and a different cpu usage pattern on the new server (as in 100% _all_ the time).
  • I’ve asked the  Server4You support about Tor and they stated “TOR Dienste sind bei uns ebenfalls aufgrund der rechtlichen Graulage nicht gerne gesehen und werden bei Abuse Aufkommen direkt gekündigt.” (March 2011). In April 2012 they turned off my server because “Tor ist illegal in Deutschland” (“Tor is illegal in Germany”, according to their support).
  •  Hetzner has some Tor Exits, but they send an abuse request for each BayTSP request, and you have to respond each. Now (today, 05.09.2011) they disconnected my Tor IP, because someone did a netscan on a /23 via Tor. They requested a statement via mail / fax now, which I sent, but didn’t get a response yet. –morphium
    • Same thing (disconnect b/c of netscan) happened to me sometime around March 2011 . Connection restored after a few hours (Fax & Phone call “plz look at it right away”). Stopped me from having an exit there. :/ — Fusselwurm
  •  Alvotech doesn’t allow Tor exit nodes: “unfortunately we had several problems in the past with tor exit nodes (police stuff, ddos, lawyers etc.), so we don’t wish it in our network”. — Nyr


  • The french hosting company (member of  iliad) suspended without warning a bunch a machines that were running Tor after the police came down about creditcard fraud. (Also, any kind of relay is explicitely forbidden in their term of service.)
  •  Gandi VPS will give one warning and then delete your account if you run a Tor node on their VPS system. Don’t try this if you have any domains registered with that account as well, it’s difficult to get them back.
  • OVH / Kimsufi suspended and restarted into FTP only mode claiming “hack” even when running as relay, Contacted OVH to explain Tor got the following reply: Actually we don’t like TOR on our network, as either a relay or an exit node. You can check our T&C. (Indeed, any kind of relay is explicitely forbidden in their term of service, however, I have a few servers there which are relays on non-standard port, never had a complain.)



  • Rogers has a no-servers clause in the TOS for their home internet service. If you are running an exit node and receive DMCA notices, you will have no legal recourse except to cancel service. (2008-03)


  • Perspektiv bredband supposedly allows for running Tor nodes, but will disable your account due to spam.

United Kingdom

  • I have asked and  Swiftway doesn’t want Tor exits on their network.
  •  Memset do not allow Tor servers under their (rather vague) AUP.
  •  UK Dedicated aka informed me that I couldn’t continue to run my Tor relay or in anyway effect, conduct or facilitate any activity involving: IRC or anonymous proxy services.
  • I asked  OVH/Kimsufi about their policies regarding Tor exit nodes and was told that an exit node is classed as an open proxy which is against the TOS. I replied that I’ll be running it in bridge mode then. No feedback on that so far. –Maquis196
  •  123-reg found out I was running an Exit Node (received a notice regarding filesharing, someone downloading torrents using my Exit). I was asked to shut it down. I complied and asked if i could run a Relay node. They said no as that would violate their AUP. — September 2012, vandal2


  • avoid! they say it’s against Italian law to have a Tor relay, asked which law, they said to contact a lawyer. (atrent: do you need a more articulate explanation? I’m the one who had the bad experience, I have all the emails exchanged and I can translate them)
  • well… it’s not an ISP but nonetheless since it’s the connectivity provider of italian universities we should mention that they do NOT allow exit nodes on their net (I had one, they obliged me to tear it down)


  •  Domenca has crazy prices (10 EUR/Mbit/s + 300 EUR/U for dedicated server per month) and they require not just to respond to all complaints in one working day, but also to prevent them in the future. Just replying with explanation that it is an anonymous service and there is no way to prevent this, is not enough for them. So it seems impossible to really host Tor exit node there. Mitar (mitar@…)


  •  PCextreme does not allow hosting of a Tor relay node on their VPS. (Tue, 31 Jan 2012)
  •  Seedmonster does not list Tor as being against their TOS, but they suspended a major tor node because of 4 web forum spam reports on a 1gbps exit. They will try to work with you, but their upstream provider is zero tolerance, so when it comes down to it, they will not back Tor exits. (Update:) They agreed to let it keep running after the exit policy was modified, but then came back a week later and said Tor had to be disabled completely. Three complaints were received out of approx. 10TB of traffic.


  •  Shinjiru is not allowing Tor since their new  policy (feb 2012), Even if all the exit ports are blocked, and even as relay : they are u-turning completely . (In the past they even  donated a server to the Tor project); traffic is expensive though


  •  Smile blocks any traffic, by redirecting to statis web page with message about that user is possibly providing access to third party. It does not like many simultaneous outbound HTTP-connections.


“TOR is not allowed to be ran on our containers. This is the reason why the process gets killer every minute. The reason why we do not allow TOR, is because over time we have seen that it consumes way too much CPU time, so we have decided not to allow it on our VPS. ”

  •  SolNet does not list Tor as being against their TOS, but they will ask you to shut it down if they receive complains via abuse (Fri, 15 Feb 2013).

Czech Republic

  •  NQhost They don’t allow running relays of any kind:

“We don’t allow to use our servers for tor exit nodes and/or relays”


  •  0x2A Refuses Tor traffic.

Tor Websites over 1/3 TANGO DOWN

gAtO bEeN- doing some work on his Tor- search engine and finding Tor-websites IP but other are doing the same thing and publishes the news-

I guess the news is getting out and people are bringing their Tor-hidden service-websites are going DOWN. Not by my work – I wish – but by a simple little report -:tor-revealing_guard_nodes

IEEE 2013 just put out a report: Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

yes kiddies wee can find your Tor-Website and find the IP and get the geo-location and track you down. The worst part now others know and Tor-websites are being taken down by their own administrators  so they can do countermeasures and not be caught.

2013-05-29 we had 16,000 Tor websites

2013-06-04 we have 3,517 Tor Websites

Application Server Details
Cache Last Updated (Local Server Time): 2013-05-29 23:19:07 MET
Last Update Cycle Processing Time (Seconds): 645
Current Cache Expire Time (Seconds): 300
Number of Routers In Cache: 3582
Number of Descriptors In Cache: 16099
Approximate Page Generation Time (Seconds): 0.1987
Application Server Details
Cache Last Updated (Local Server Time): 2013-06-04 02:11:43 MET
Last Update Cycle Processing Time (Seconds): 553
Current Cache Expire Time (Seconds): 300
Number of Routers In Cache: 3599
Number of Descriptors In Cache: 5817
Approximate Page Generation Time (Seconds): 0.01

So what happened to all the Tor-hidden serve-websites? All I care about is that my work now backed up by this reports shows we are on the right track and we can do what we say we can do and that is to bring down pedophiles websites down in the Tor-network.

The Tor-network is great but these monsters are making Tor a bad place to work and do legit business. Let’s hope other get the message that we are hunting you down even in Tor cowards- gAtO oUt

Tor Tells It’s Secrets

gAtO pLaYiNg with words in Tor We just simply counted the number of times a word appeared in our search engine by pages- this is something every search engine does but what it gave us was a picture of what Tor really is. It’s not all crime and ugly but information is number one in Tor. Exactly what it’s supposed to be. Tor was created to share information from the table below we see lot’s of stuff inside Tor.output

Tor word data points: We put this report together to see what our word count occurrence was, in our crawled data so far. The chart below gives an interesting picture of the Tor data points that it generates.

We are finding that these are the best categories to put our websites into. The words by site occurrence speaks volumes to understand trends in Tor.  For example it shows i2p network in Tor 2 notices above drugs in Tor. Because i2p is fast being intwined with Tor to get better anonymity.

  • These are real data point based on 3/27/2013-4/3/2013 – this is a live report from our crawls.
  • As we crawl and add more data our picture will change as to the landscape of Tor. 
  • Bitcoins is the fourth most popular word – currency in the Dark Web is number 1  

Word Num. Occurrences
blog 1014
wiki 985
anonymous 966
bitcoin 837
sex 530
gun 492
market 458
I2P 400
software 372
drugs 365
child 353
pedo 321
hacking 314
weapon 221
politic 209
books 157
exploit 118
anarchism 105
porno 88
baby 87
CP 83
fraud 76
piracy 69


  • Bitcoins are above SEX tell us volumes in that bit coins are the normal exchange currency in Tor.
  • Fraud and piracy are the lowest were we would except it to be much higher, People trust more in Tor.

This map does tell us that crime is everywhere in Tor at a more alarming rate than we though.

We are doing the same in the e-mail we found in Tor. In the email table is a place where we can get a better picture of emails in the Tor network. Not all of them go to as we thought. As mentioned more i2p and connections with other anonymous networks seems to be a trend, as the growth rate of Tor users increase so is the technical base and more sophisticated users will come on board.

Hope this gives you a better picture of Tor. -gAtO oUt