It’s no secret that most VPS hosts disallow Tor exit relays and many prohibit any Tor traffic whatsoever. Yes, a few hosts allow these, but conditionally. For instance, RamNode permits only non-exit relays, while others, like OVH and Gigahost, allow exit relays, but only if you purchase a dedicated server.
However, a select group of VPS hosts allow Tor exit relays. As a small mom-and-pop provider, Fourplex has chosen to allow Tor exit relays. Before we explain our rationale, let’s briefly cover how Tor works:
What is Tor?
Tor is an anonymity network originally developed by the U.S. Naval Research Laboratory. It routes traffic between three randomly selected volunteer-run servers called “relays.” Traffic is routed through three hops to prevent traffic correlation. This keeps data private, as relays handle multiple users at once, encrypting the traffic.
There are approximately 7,000 relays in the Tor network. This includes servers run by well-known universities such as MIT, NYU, and Carnegie Mellon. Theoretically, anyone with a server and an unfiltered connection, whether via a college network, a VPS, or a home Gigabit fiber connection, can start a relay. Anyone. In fact, the more diverse the relay operators are, the more private Tor becomes, serving as a lifeline for freedom of speech and information.
Types of Tor Relays
Tor has four types of relays:
- Guard: Serves as the entry point for a Tor client.
- Middle: Forwards Tor traffic between other volunteer-run relays.
- Exit: The final relay that connects a Tor user to the public internet (websites).
- Bridge: An unlisted guard relay used by Tor clients in censored regions. A client has to choose to use a bridge if they want to avoid firewalls.
Interestingly, a non-bridge guard relay can also function as a middle relay, and an exit relay can serve as both a guard and middle relay. Bridges, however, are exclusive; they are usually paired with “pluggable transports” to obfuscate the fact that the traffic is Tor-related at all.
While Middle and Guard relays are the most common, Exit relays are becoming increasingly popular to host in recent years because they make Tor faster and they can be used as a guard and a middle relay. But most importantly, there was a shortage of Tor exit relays in the past, severely limiting Tor’s bandwidth, and Tor supporters want to invest in the speed of the network.
Why do our rivals disallow Tor exit relays?
There’s a perception of “abuse”
There is a widespread misconception that Tor is primarily used for illegal activities. It is not. Yet, this view was amplified by sensationalist media coverage in the mid-2010s, and it even found its way in Netflix and Disney features, all of which focused heavily on the negative aspects of the Tor network.
In 2015, the FBI claimed that 80% of Tor’s traffic was related to CSAM (Child Sexual Abuse Material). And the truth? Tor developers and researchers have established that “onion services” (the “dark web”) account for only 2-3% of the total Tor traffic. This is an unremarkable number, given that 42% of the general web traffic is from bots and AI crawlers, where plenty of CSAM content exists.
Despite this, many hosts implement blanket bans out of caution (or is it ignorance?). Yes, because of the strong anonymity Tor provides, abuse does happen. Yet, savvy cybercriminals prefer to hide traffic outside of Tor (as seen in sophisticated malware like “Snake”), since a list of Tor relays is published by the Tor Project where they can be blocked. It is the less sophisticated actors that often use Tor.
As a host, I sometimes receive these complaints from system administrators of networks. However, the reality is definitely not as bad as the media suggests. If you configure Tor correctly, abuse reports are not very frequent and are, at most, a minor inconvenience and can be resolved with a simple email response to the offending network.
Historical raids
In the early 2010s, when Tor was relatively new, raids on the homes of exit relay operators, and datacenters with the offending servers were common. This frightened many hosts, particularly those without large legal teams. Consequently, most people ran only middle relays to avoid any legal issues.
Why do we, at Fourplex, allow Tor exit relays?
The landscape has changed significantly since the early 2010s. While some of our competitors hold on to their old fears, we believe we have strong operational and ethical reasons for allowing exit relays.
Abuse is manageable
Contrary to popular belief, the volume of abuse complaints we receive regarding Tor exit relays is very low. In fact, we receive substantially more non-Tor abuse complaints, which arise from customers with malicious intent or from cyberattacks. We are stricter on Port 25 (email) usage, yet that port still generates more abuse reports than Tor.
Tor includes a feature called an “exit policy,” which allows an administrator to choose which TCP ports to allow. At Fourplex, we require an exit policy that permits only DNS and HTTP/HTTPS traffic. This requirement substantially reduces abuse, despite us hosting 42 exit relays. It also blocks BitTorrent traffic which is often used for piracy.
Raids are now uncommon
Today, the likelihood of an exit relay being raided is virtually nil, provided the operator isn’t using the relay as a cover for their own malicious activity. Law enforcement agencies have largely learned that raiding exit relays yields no evidence for criminal investigations.
After all, we are like internet transit providers (Lumen, Cogent) or couriers (UPS, FedEx). Exit operators are simply a conduit for the traffic, not its originators.
The political environment
Most importantly, in the current global socio-political climate, tools like Tor are essential. Regardless of your political stance, we believe the ethical choice is to support privacy infrastructure and allow freedom of speech and information.
Organizations and individuals across the entire political spectrum use Tor to protect themselves, from mainstream journalists at The New York Times and ProPublica to controversial forums.
Tor is a tool. It is sometimes used for criminal activity, yes, but so is Bitcoin, which has since gone mainstream. Encryption is used by every modern website; if we banned encryption because criminals used it, crime would actually increase because data theft could not be subverted.
As an analogy, let’s say we have a train station that is essential for transport. Random nefarious activity should not paralyze the entire transport system in the name of “safety.” Instead, checks and balances must be put in place to make sure these services operate as securely as possible. The same applies to Tor.
Conclusion
In disallowing exit relays, our rivals have chosen risk avoidance as a prerogative. But I believe that their blanket bans are often based on a misunderstanding of how Tor operates, considering most hosts don’t have relay operator experience. I have been operating Tor relays for 11+ years now, and believe our policy aligns better with the technological and political reality of the modern internet, and is an ethical imperative in today’s global geopolitical environment.