While I love what Mysterium is trying to do. I don’t think they meet their due diligence of informing node operators of the risks involved.
I was looking for any information and it’s not readily available. Somewhere kind of buried they link to this page for guidelines of measures to take to protect yourself.
Link: Tips for Running an Exit Node in a Distributed Network - dVPN Alliance
What can I do to protect myself as an Exit Node Runner in a distributed network?
In order to start the information sharing we have tried to collect good practices, advices for node runners, so they could stay safe and protected, when running a node:
1. Consider where you are running your node
There are several ways in which you can ensure that you are running a node safely. Here are a list of suggestions, they are by no means comprehensive:
- Make sure that running a node in your jurisdiction is legal
- Set up a separate company (this could even be a non-profit) to run the node (it could potentially grow to an actual business)
- Use a colocation data center
- Ask for a separate IP address for your node from ISP.
2. Separate your traffic from encrypted traffic flowing through your node
- Ensure that you do not run your own internet traffic through the same IP address on which you are running your node.
- Ask if your Internet Service Provider (ISP) allows you to run a node, and inform them of your plans to run a node in a distributed network. Not all ISPs look positively at node running activities. For a comprehensive list of ISP sentinment towards node runners have a look at https://wiki.vuze.com/w/Bad_ISPs or GoodBadISPs · Wiki · Legacy / Trac · GitLab. If your ISP isn’t on the list, here is a template email you can send to educate them on the function of node running in preserving human rights in a digital environment.
- Avoid keeping any sensitive or personal information on the computer hosting your node.
3. Register your IP address
Be as transparent as possible about the fact that you’re running an exit node. Register your IP address with the Regional Internet registry (depending on your country, for example: ARIN, RIPE NCC, APNIC etc.). Doing this can help you to get any claims against you dismissed much faster.
4. Understand your rights, and your risks
Each jurisdiction has its own views on the legality of node running. Many western countries have regulations that exclude communication service providers from liability. Please add your country’s regulations to this list:
- USA: DMCA 512;
- Germany: TMG 8 and 15.
- Netherlands: Artikel 6:196c BW
- Austria: ECG 13
- Sweden: 16-19 2002:562
We encourage you to share your experiences and local regulations regarding node running. It is important in order to push policy such that node runners cannot be held liable for traffic that passes through exit nodes.
You can always seek help and additional information from organizations fighting for internet freedom, such as Electronic Frontier Foundation or EDRi (or its national members, the list can be found here: Organisations Archive - European Digital Rights (EDRi)).
5. Be smart and critical if you receive a cease and desist claim
When running a node you might get attention from law enforcement or private litigants with “cease and desist” claims that you have breached intellectual property rights of a third party.
You should be aware that in some countries law firms send such claims without actually representing the owner of the intellectual property rights. They do so in the hopes of getting a settlement without going to court.
In the event of receiving a cease and desist claim, always inform any claimant that you are running a node and ask for proof that the claimant has the actual rights to represent the company he is claiming to be representative of. Also check the jurisdiction from which you are receiving the claim.
Answer any abuse complaints within a reasonable time span and be polite and professional. You can find drafts of possible answers at the following link: [link].
In a spirit of educating society about the importance of internet freedom we encourage you to send any claims you get to us at [address] and to the Lumen database (https://lumendatabase.org/), which collects and analyzes cease and desist letters concerning online content.
You can find a lot of helpful information on how to defend your rights at their site: DMCA Safe Harbor :: Topics :: Lumen.
6. Do not log traffic going through your node
Do not log the traffic, which is going through your node. Not only does it give additional proof for you to show that you are acting only as a relay for information passing through your node, but also it protects the confidentiality of the user, using your node. Finally, traffic analysis can defeat your ability to show that you did not know what content is passing through your node and you might be held responsible for that content.
You are sending people out on the internet using your IP. Traffic from your end point to the sites they visit might not be encrypted. The sites or at least the IP addresses connected to are always visible. You can be expected to know what is going on on your connection based on that. Basically you are taking on all the responsibilities of running a VPN. The guidelines they point to are in direct contradiction to running a node on your own private ISP connection. Yet it is promoted as a simple setup that everyone can run on their home connection.
In short… this is nothing like running a storage node. Both privacy and security of your systems and network are at significantly higher risk and this post reads to me like it’s up to you to resolve those risks. I really believe in their cause, but this goes way too far for me. @ACarneiro please read this over and decide for yourself.