github/tor-guard-relay
1
1
Fork 0
mirror of https://github.com/r3bo0tbx1/tor-guard-relay.git synced 2026-04-06 00:32:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
911a44eef4abd4a916add8198c43bf60b8714c08
tor-guard-relay/docs/LEGAL.md
rE-Bo0t.bx1 95165aae95 feat: v1.1 repository restructuring 
Reorganize into professional directory structure:
- Add 6 comprehensive documentation files
- Update Dependabot configuration
- Update README for better navigation
- Create docs/, templates/, tools/, .github/ structure

See RESTRUCTURING-SUMMARY.md for complete details.

BREAKING CHANGES: None - fully backward compatible
2025-11-05 21:28:10 +08:00

19 KiB
Raw Blame History

⚖️ Legal & Compliance Guide - Tor Relay Operators

Country-specific legal considerations, liability notes, and best practices for operating a Tor relay.

Table of Contents

⚠️ DISCLAIMER

This guide is informational only and does not constitute legal advice. Laws vary by country, jurisdiction, and change frequently. Operating a Tor relay may carry legal risks depending on your location and political context. Consult a local attorney if you have concerns about your specific situation.

Global Overview

Why This Guide?

Tor relay operation is generally legal, but specific laws vary:

  • 🟢 Safe in most democracies - USA, EU, Canada, Australia explicitly protect relay operation
  • 🟡 Gray area in some countries - Context and purpose matter; legal status uncertain
  • 🔴 Risky in authoritarian regimes - May be criminalized or heavily restricted

General Principles

Core truths:

  1. Relay operators don't control traffic content - Tor automatically routes through multiple relays
  2. Guard relays are safest - Never see onion addresses or hidden service traffic
  3. Exit relays are highest risk - See destination traffic; can face legal liability
  4. Bridge relays are intermediate - Help censored users; moderate legal risk

This project runs guard relays by default (not exit relays) for safety.

Legal Frameworks

International Standards

United Nations

The UN recognizes internet privacy as a human right:

  • UN Resolution 68/167 - "Right to Privacy in the Digital Age"
  • Affirms: Individuals have the right to privacy online
  • Applies to: All member nations (193 countries)

Impact: International legal backing for privacy tools

European Union

The EU has strong privacy protections:

  • GDPR - General Data Protection Regulation
  • Article 8 - Right to respect for private life
  • E-Privacy Directive - Protects electronic communications

For relay operators: Legal to operate; can claim legitimate privacy interest

Internet Standards

  • RFC 7230 - Defines HTTP as transparent proxy protocol
  • Tor Design: Follows networking standards; is a legitimate internet protocol

By Country/Region

🟢 Generally Safe (Explicit Protection)

United States

Status: Legal to run relay
Legal basis: First Amendment protections, ECPA Safe Harbor provisions

Key points:

  • Tor relay operation is explicitly legal
  • Tor Project is funded by US government agencies (State Department, DARPA)
  • Case law supports anonymity technology
  • EFF Legal guide: https://www.eff.org/tor-legal

Special note: Running an exit relay from US may expose you to DMCA claims (third-party copyright infringement complaints). This project (guard relay) avoids this.

Recommendation: Safe to operate guard relay

European Union (General)

Status: Legal to run relay
Legal basis: GDPR, Article 8, E-Privacy Directive

Key points:

  • GDPR explicitly permits privacy-enhancing technologies
  • EU courts have upheld right to anonymity
  • Running relay is considered "legitimate interest"
  • Recital 49 of GDPR specifically mentions encryption and anonymity

By country notes:

  • Germany: Explicit legal protection for relay operators
  • France: Legal but may face pressure; EFF has resources
  • Netherlands: Explicitly permitted under Dutch law
  • UK: Legal post-Brexit under British privacy law
  • Spain: Legally protected; courts supportive

Recommendation: Safe to operate guard relay

Canada

Status: Legal to run relay
Legal basis: Canadian Charter of Rights and Freedoms (Section 7 - privacy)

Key points:

  • Charter protects right to privacy and security
  • Canadian courts have ruled favorably on encryption
  • Running Tor relay falls under privacy rights
  • No laws specifically criminalizing relay operation

Recommendation: Safe to operate guard relay

Australia

Status: Legal to run relay
Legal basis: Implied constitutional right to privacy

Key points:

  • No law explicitly prohibits relay operation
  • Australian communications privacy protected
  • Courts have upheld privacy rights
  • Assistance and Access Act doesn't criminalize tools

Note: Government may investigate unusual network activity; cooperation may be required, but operation itself isn't illegal.

Recommendation: Safe to operate guard relay

Japan

Status: Legal to run relay
Legal basis: Article 21 (freedom of expression), privacy laws

Key points:

  • Japan has strong privacy laws
  • No law criminalizes relay operation
  • Generally supportive of privacy tools
  • Anime industry even jokes about Tor in official materials

Recommendation: Safe to operate guard relay

🟡 Gray Area (Legal but Cautious)

Brazil

Status: Unclear; legally risky but not explicit ban
Legal basis: Brazilian Civil Constitution (Article 5 - privacy rights)

Key points:

  • No explicit law against relay operation
  • Government is taking stronger internet surveillance stance
  • May face pressure from authorities
  • Some local hostility to anonymity tools
  • Best practice: contact lawyer first

Recommendation: ⚠️ Consult local lawyer; moderate risk for guard relay

Mexico

Status: Unclear; politically sensitive
Legal basis: Constitution Article 6 (free speech, though weak)

Key points:

  • No explicit ban on Tor relay
  • Weak rule of law; government very active in surveillance
  • Operating relay could trigger unwanted attention
  • Context matters: government vs. criminal investigation focus
  • Best practice: avoid drawing attention

Recommendation: ⚠️ High risk; consult lawyer; not recommended without legal counsel

India

Status: Unclear; politically sensitive
Legal basis: Constitution Article 19 (free speech, though restricted)

Key points:

  • Tor isn't specifically banned
  • Government increasingly hostile to encryption
  • Telecom Regulatory Authority may investigate
  • Operating relay could trigger surveillance
  • Citizenship Amendment Act and other laws increasing restrictions
  • Best practice: know local laws; be careful

Recommendation: ⚠️ Risky; consult local lawyer; consider risks carefully

Russia

Status: Risky; government hostile to Tor
Legal basis: Russian law is authoritarian; Tor operations frowned upon

Key points:

  • Tor isn't explicitly illegal
  • Roskomnadzor (communications regulator) actively blocks Tor
  • Operating relay could trigger investigation
  • Government takes dim view of anonymity tools
  • Best practice: don't attract attention
  • VPN and proxy services are targeted

Recommendation: 🔴 High risk; not recommended without security awareness

🔴 Dangerous (Legal Risk, Authoritarian Context)

China

Status: Dangerous; effectively illegal
Legal basis: Chinese law effectively criminalizes unauthorized networks

Key points:

  • Tor network is routinely blocked
  • Operating relay would use circumvention (also illegal)
  • Government actively prosecutes "unauthorized internet services"
  • Human rights lawyers have faced prosecution for similar tools
  • Best practice: don't operate Tor relay in China
  • Even bridge operation is risky

Recommendation: 🔴 NOT SAFE; do not operate

Iran

Status: Dangerous; hostile to circumvention
Legal basis: Islamic Revolutionary Court rulings on "hostile networks"

Key points:

  • Tor is blocked and circumvention is criminalized
  • Operating relay would violate cybercrimes laws
  • Government prosecutes for helping people circumvent censorship
  • Political prisoners have been detained for tech-related offenses
  • Best practice: avoid entirely

Recommendation: 🔴 NOT SAFE; do not operate

Saudi Arabia

Status: Dangerous; cybercrime laws applied aggressively
Legal basis: Saudi Cybercrime Law (2007)

Key points:

  • Anonymity tools viewed as suspicious
  • Cybercrime law penalties include imprisonment
  • Operating relay could be prosecuted as "assisting crime"
  • Government aggressively monitors networks
  • Best practice: don't operate

Recommendation: 🔴 NOT SAFE; do not operate

Pakistan

Status: Dangerous; government hostile
Legal basis: Pakistan Telecom Authority (PTA) regulations

Key points:

  • Tor access routinely blocked by PTA
  • Operating circumvention tools is risky
  • Cybercrime Ordinance broadly interpreted
  • Government has prosecuted for tech activism
  • Best practice: consult lawyer; very careful

Recommendation: 🔴 High risk; not recommended

Regional Summary Table

Region Guard Relay Exit Relay Notes
🇺🇸 USA Safe ⚠️ Risky DMCA claims possible
🇪🇺 EU Safe Safe GDPR protection
🇨🇦 Canada Safe Safe Charter protection
🇦🇺 Australia Safe ⚠️ Gray May require support
🇯🇵 Japan Safe Safe Privacy protections
🇧🇷 Brazil ⚠️ Gray 🔴 High Consult lawyer
🇮🇳 India ⚠️ Gray 🔴 High Growing hostility
🇷🇺 Russia ⚠️ Gray 🔴 Very High Blocked network
🇨🇳 China 🔴 No 🔴 No Criminalized
🇮🇷 Iran 🔴 No 🔴 No Blocked + hostile

Relay Type Differences

Guard Relay (Recommended)

What: Entry node for Tor users
Legal Risk: Minimal

Why safest:

  • Never sees destination addresses
  • Never sees onion site content
  • Cannot be traced to user's real destination
  • Simply transmits encrypted packets
  • Cannot identify what users are doing

Legal basis:

  • In most countries, relay operation itself is legal
  • No content visibility = no copyright/hosting liability
  • Act of relaying is neutral infrastructure

Recommendation: This project's default choice

Exit Relay

What: Final node before traffic reaches destination
Legal Risk: High

Why risky:

  • Sees destination traffic in unencrypted form
  • Can be held liable for illegal content routed through
  • Exit IP appears as source to destination servers
  • May receive DMCA, abuse complaints, law enforcement requests

Legal liability:

  • If child exploitation detected, may have reporting obligations
  • Copyright holders send DMCA notices to exit IP
  • Law enforcement may investigate for criminal traffic

Recommendation: Not recommended unless you understand risks

Bridge Relay

What: Hidden relay for censored users
Legal Risk: Moderate

Why moderate:

  • Helps people circumvent censorship
  • Governments may view negatively
  • Users are typically circumventing censorship, not committing crimes
  • Legal status depends on local government attitude

Recommendation: ⚠️ Safe in democracies, risky in autocracies

Liability & Protection

What You Are Responsible For

As a relay operator, you are responsible for:

  1. Understanding local laws - Know your jurisdiction's position
  2. ISP compliance - Follow your ISP's terms of service
  3. Configuration safety - Don't run exit relay if unsure
  4. Responding to legal requests - Cooperate with law enforcement (if legally required)

What You Are NOT Responsible For

You cannot be held liable for:

  1. Content routed through your relay - Just like postal service isn't liable for mail contents
  2. What users do with Tor - You don't control usage
  3. Third-party crimes - Tor itself isn't illegal
  4. User misconduct - You don't monitor or enforce user behavior

Legal basis: Common carrier protection (applies in most democracies)

Legal Protections

United States

Safe Harbor Provisions:

  • 47 U.S.C. § 230 - Platform immunity (applies to infrastructure)
  • First Amendment - Protects right to operate anonymity tools
  • EFF Case Law - Multiple favorable precedents

Takeaway: Relay operation has explicit legal protection

European Union

GDPR Protections:

  • Article 8 - Right to privacy
  • Recital 49 - Explicitly permits anonymity and encryption
  • Case law: Multiple EU courts have upheld relay operation

Takeaway: Operating relay is recognized legitimate interest

Best Practices

Legal Safeguards

Before operating relay:

  1. Know your laws - Research your country's specific laws
  2. Check ISP terms - Some ISPs prohibit relay operation
  3. Consult lawyer if unsure - Especially outside democracies
  4. Document intent - Record why you're running relay (humanitarian/research)
  5. Keep configuration clean - Run guard relay, not exit relay

During Operation

  1. Respond to queries - ISPs may ask questions; respond honestly
  2. Monitor legal landscape - Subscribe to EFF updates
  3. Document changes - Keep configuration history
  4. Use contact info - Provide accurate contact information in relay config
  5. Maintain logs - For your own defense; logs usually don't identify users

Configuration Recommendations

# Use real contact info (helps with abuse handling)
Nickname YourRelayName
ContactInfo your-email@example.com <0xPGP_FINGERPRINT>

# DO NOT run exit relay unless you know what you're doing
ExitRelay 0
ExitPolicy reject *:*

# Log properly for your own records
Log notice file /var/log/tor/notices.log

Abuse Handling

If You Receive an Abuse Complaint

Step 1: Don't Panic

  • Abuse complaints are normal for relay operators
  • Most are routine and don't require action
  • You're not liable for content routed through

Step 2: Verify the Complaint

  • Confirm it's actually from your relay
  • Check source IP matches your ORPort
  • Review Tor Metrics for your fingerprint

Step 3: Understand Tor's Role

  • Explain Tor routing to complainant
  • Your relay doesn't control traffic destination
  • You only transmit encrypted packets

Step 4: Respond Professionally

  • Use EFF response template (see below)
  • Keep response factual and brief
  • Don't admit wrongdoing
  • Provide Tor Project resources

Step 5: Document Everything

  • Save complaint emails
  • Record your responses
  • Keep for potential legal defense

Example Response (DMCA Notice)

EFF Template for Copyright Claims:

Thank you for your complaint regarding [your relay IP].

Our network operates a Tor relay node. Tor is a legitimate anonymity 
network used by journalists, activists, and privacy advocates worldwide.

As a relay operator, we:
- Do not control traffic routing
- Cannot identify content being transmitted
- Transmit encrypted packets without inspection
- Are not responsible for third-party use

Per USC 17 § 512(a), network operators cannot be held liable for 
transient communication of copyrighted material not originated by us.

For more information:
- Tor Project: https://www.torproject.org
- EFF Legal FAQ: https://www.eff.org/tor-legal
- Common Carrier Doctrine: [relevant case citation]

Best regards,
[Your Name]

If Law Enforcement Contacts You

General principles:

  1. Don't panic - Tor operation isn't criminal in most countries
  2. Stay calm - Cooperation is usually required anyway
  3. Know your rights - You may have attorney-client privilege
  4. Ask for specifics - What are they investigating?
  5. Consult lawyer - If you're uncertain, get legal counsel

What to expect:

  • They may request logs (which rarely identify users in Tor relays)
  • They may ask about your relay's purpose
  • They may seek information about users (which you don't have)
  • Most Tor inquiries are routine, not investigations

What you can legitimately say:

"I operate a Tor guard relay as part of internet infrastructure. 
The relay is configured to not see user traffic destinations or 
onion service activity. I maintain logs of my own operations but 
cannot identify users or their activity."

Legal Resources

Organizations

Reading

  • EFF's "Tor Legal FAQ" - Comprehensive Q&A
  • Tor Project's "Relay Guide" - Operator best practices
  • UN Resolution 68/167 - International privacy rights

If You Need Help

  1. EFF Threat Lab - https://www.eff.org/contact
  2. Access Now Helpline - https://www.accessnow.org/help
  3. Local ACLU chapter (USA) - https://www.aclu.org
  4. Privacy International (International) - https://privacy.international

Quick Decision Tree

Do you want to run a Tor relay?

├─ Are you in a democracy with strong rule of law?
│  ├─ YES → Continue to next question
│  └─ NO → Research your country's laws carefully; consult lawyer
│
├─ Will you run a guard relay (not exit)?
│  ├─ YES → Likely legal; check ISP terms
│  └─ NO (exit relay planned) → High risk; understand liability
│
├─ Do you understand Tor's purpose?
│  ├─ YES → Proceed
│  └─ NO → Read Tor Project documentation first
│
├─ Have you checked your ISP's terms?
│  ├─ YES, allowed → Deploy relay
│  ├─ YES, prohibited → Choose different ISP or don't operate
│  └─ UNCLEAR → Contact ISP first
│
└─ Deploy responsibly ✅

Summary

Operating a Tor guard relay is generally legal in:

  • All democracies with rule of law
  • EU countries
  • Most developed nations

Operating is risky or illegal in:

  • ⚠️ Countries with government censorship
  • ⚠️ Authoritarian regimes
  • 🔴 Countries actively blocking Tor

This project's stance:

  • We recommend guard relays (not exit relays) to minimize legal risk
  • We encourage consulting local laws and lawyers
  • We believe internet privacy is a human right
  • We support operators in safe jurisdictions

Remember: This is informational guidance, not legal advice. Consult a local attorney if you have specific legal concerns.

Support

Reference in New Issue View Git Blame Copy Permalink