NixNet
/
NixNet
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

various

Browse Source
master
Amolith 4 years ago
parent dce4ddfed9
commit d61e937965
Signed by: Amolith
GPG Key ID: 51FD40936DB0065B
17 changed files with 638 additions and 18 deletions
Show Stats Download Patch File Download Diff File

2
_posts/2019-02-05-dns-and-root-certificates-what-you-need-to-know.md
Unescape Escape View File

@ -101,7 +101,7 @@ If you do not know how to, don't install it in the first place. While we trust o
### 5.2 Live Demo
Here is the link: [https-interception.info.tm](http://https-interception.info.tm/)
Here is the link: **<website down and link deleted>**
- Set the provided DNS resolver
- Install the provided root certificate

61
_posts/2019-07-20-blocking-ads-on-mobile-and-desktop.md
Unescape Escape View File

@ -0,0 +1,61 @@
---
layout: post
title: Blocking ads on mobile and desktop
subtitle: Locally getting rid of ads on most&trade; platforms
description: A semi-quick and easy guide on getting rid of ads on most&trade; platforms (browsers, Android, & iOS)
cover: /assets/posts/adblock.png
date: 2019-07-20 19:09 -0400
---
# Forward
The more I interact with people who don't care about ads, the more I feel like I need to do something about it. To be quite honest, ads annoy the hell out of me and I can't stand them when I'm listening to audio (podcasts are an exception as long as they aren't **too** intrusive), browsing the web, or watching videos. It's a major inconvenience on both mobile and desktop so this article is aimed at the "normal" user and will cover how to block ads on (*hopefully*) all major platforms. I don't use iOS so I can't test the methods listed nor do I plan to do too much research into it.
For quick navigation, if you're simply looking for uBlock Origin configuration tips, just jump to the [heading](#ublock-origin-configuration)
# Desktop
The biggest one here is in your browser. In my *personal* opinion, any derivative of Chromium or Chrome isn't *really* worth talking about when it comes to ads because they're an advertising company before anything else and that's one of their main goals. I recommend [Firefox](https://www.mozilla.org/firefox/). It's fast, it's private, it's open source, and Mozilla isn't a company whose sole purpose is serving personalised ads. That said, I still recognise the fact that Chrome dominates the browser market. As such, I'll address it as well.
## Firefox
For general browsing, I recommend [uBlock Origin](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/). It's fast and lightweight yet very powerful and comprehensive. If you want to go a step further and have the ability to really *curate* your web experience, I recommend using [uMatrix](https://addons.mozilla.org/en-US/firefox/addon/umatrix/) *in addition to* uBlock Origin. It's harder to get used to the workflow and it takes quite a bit of time to develop a good setup but, once you do, it's phenomenal. Check the bottom section for my [configuration](#ublock-origin-configuration) recommendations!
## Chrome
Same as with Firefox, I recommend [uBlock Origin](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) and [uMatrix](https://chrome.google.com/webstore/detail/umatrix/ogfcmafjalglgifnmanfmnieipoejdcf) together. Check the bottom for my [configuration](#ublock-origin-configuration) recommendations!
## Safari
Again, I recommend Firefox. If you're stuck on Safari, however, [uBlock Origin](https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3) is available as an extension there as well. There's some general information about who develops it on the main [GitHub repo](https://github.com/gorhill/uBlock#safari-macos). For instructions on installing it, read the related [wiki page](https://github.com/el1t/uBlock-Safari/wiki/Installation-and-Updates). If you do use it over Better (below), check the last section for my uBO [configuration](#ublock-origin-configuration) recommendations.
You can also use [Better](https://better.fyi/) from [Aral Balkan](https://mastodon.ar.al/@aral). This is probably the . . . *Better* 😏 choice as Safari is known to disable uBlock Origin because it's "too heavy". I don't use macOS or iOS so I don't have any personal experience. I got some suggestions from other people, went through them, and chose two of the better ones.
A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app/apple-store/id1047223162), a free adblocker. I'll update this once she reaches a verdict.
# Mobile
Phones are typically more limited than desktops so blocking ads here is a bit more difficult. In the past, the Firefox Android app had support for extensions but, starting with version 70, that will be no more. Other than that, the only decent way is to use VPN or DNS techniques. I prefer Android but I know iOS is also popular so I tried to find some solutions for it as well.
## Android
### Rooted phones
If you have a rooted phone, [AdAway](https://adaway.org/) is 100% the way to go. It blocks ads not just in your browser but in every app as well. You can also define custom blocklists like the one I have at [/hosts.txt](/hosts.txt). Tap the <i class="fa fa-bars"></i> menu in the top right then `Hosts sources`. In the box, type `nixnet.xyz/hosts.txt`. Go back to the homescreen, enable/refresh, reboot, then enjoy ad-free Android!
### Non-rooted phones
If you **don't** have a rooted phone, try [Nebulo](https://smokescreen.app/). If you use F-Droid (which I also highly recommend), the repo is at `fdroid.frostnerd.com`. The source code for the app can be found on their [GitLab](https://git.frostnerd.com/PublicAndroidApps/smokescreen) instance as well. Nebulo is an app that lets you use DNS-over-TLS and DNS-over-HTTPS on Android. To actually block ads with it, there are a few steps you have to go through first. If you use F-Droid (recommended), follow that guide. If you stick to Google Play, follow that guide.
#### F-Droid
In F-Droid, go to Settings > My Apps > Repositories then click the `+` button. Type `fdroid.frostnerd.com` in the box then `ADD`. Wait for your repos to update then search for `Nebulo` and install!
Open the app, open the <i class="fa fa-bars"></i> menu in the top right, tap DNS Rules, enable AdAway, CoinBlockerList, and Energized Basic, tap the <i class="fa fa-refresh"></i> icon, then toggle DNS Rules in the top right. Go back to the homescreen, tap the <i class="fa fa-server"></i> icon, pick which server you want to use (I recommend [mine](/dns/) or [UncensoredDNS](https://blog.uncensoreddns.org/)). Finally, tap start! You shouldn't see ads in any apps now!
You *can* just use `fdroid.frostnerd.com` but I recommend using the link with the fingerprint for additional security:
`https://fdroid.frostnerd.com/fdroid/repo?fingerprint=74BB580F263EC89E15C207298DEC861B5069517550FE0F1D852F16FA611D2D26`
There's actually a simpler way to add hosts and it works in both the F-Droid and Google Play versions. The section below details that.
#### Google Play
Google doesn't like apps that block ads (being an advertising company and all). As such, the Play Store version doesn't have blocklists included by default; you'll have to add them manually. I have my own hosts file at [/hosts.txt](/hosts.txt) that you can use. All you have to do is follow everything in the second paragraph of the F-Droid section except you'll tap the <i class="fa fa-plus"></i> icon instead of enabling the host sources. For the name, type something like NixNet lists. In the URL entry field, type `https://nixnet.xyz/hosts.txt`. Tap the add button, tap the <i class="fa fa-refresh"></i> icon, then follow the rest of the F-Droid section.
## iOS
As I mentioned above, [Better](https://better.fyi) is what I would use if I was on iOS or macOS. I've heard good things about it from people and I think Aral is a trustworthy guy.
A close friend of mine is currently testing [AdGuard](https://apps.apple.com/app/apple-store/id1047223162), a free adblocker. I'll update this once she reaches a verdict.
# uBlock Origin Configuration
In my opinion, uBO is one of the most powerful adblocking tools there is. It has sane defaults for the new user, the settings are easy to understand nad navigate through, and there are many advanced features for people who know what they're doing. **Protip:** if there's an add on a page that you don't want to see, click the extension icon, then the <i class="fa fa-eyedropper"></i> icon, then find the element you want removed, click it, then click `Create`. That will hide the element in the future 👍
Personally, I recommend enabling the majority of the filter lists. I have all the Built-in lists enabled, Ads, Privacy, Malware domains, Annoyances, and Multipurpose. I've also added my own [hosts file](/hosts.txt) (generated with [`hblock`](https://github.com/hectorm/hblock)) in the custom section. Other than enabling additional lists, my setup is the same as default!

107
_posts/2019-07-20-setting-dns-on-mobile-and-desktop.md
Unescape Escape View File

@ -0,0 +1,107 @@
---
layout: post
title: Setting DoT on mobile and desktop
subtitle: Enhancing your personal privacy by setting custom DoT servers on all your devices
description: Enhancing your personal privacy by setting custom DoT servers on all your devices
cover: /assets/pages/dns.png
date: 2019-07-20 19:09 -0400
---
Changing your default DNS servers to ones that use DNS-over-TLS can do a lot to make your systems more secure and private. DNS is also a serious tool for censorship and tracking if used foolishly. Before choosing a provider, make ***sure*** you actually read their privacy policy and terms of service. There are some good recommendations [here](https://wiki.lelux.fi/dns/resolvers/) (I'm partial to UncensoredDNS) and of course I have to shill [my own](/dns/). Once you've chosen a provider, you'll need to get set up.
# Basic Information
For the *very* basics, I recommend reading sections 1 - 2 of a [previous post](/blog/dns-and-root-certificates-what-you-need-to-know/#1-what-is-dns-and-why-does-it-concern-you). It has good information and sets you up for this article.
Another useful term to know is [Anycast](https://en.wikipedia.org/wiki/Anycast). A lot of servers (including mine) have it set up so you only have to set and remember one IP address or hostname and you automatically use the server geographically nearest to you, the one with the lowest latency.
DoT stands for [DNS-over-TLS](https://en.wikipedia.org/wiki/DNS_over_TLS). It's a protocol that wraps DNS queries and responses in the [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) protocol. By default, most systems use plaintext DNS and this is very insecure. Plaintext is . . . plaintext; anyone can snoop on your connection and see what websites you're visiting. If you're using DNS-over-TLS, the only parties that know where you're going is you and the DNS server itself. This article focuses on that because it's more secure and private. DNS-over-HTTPS ([DoH](https://en.wikipedia.org/wiki/DNS_over_HTTPS)) is another option but far fewer clients support it, it's more difficult to set up, and there are far fewer DoH providers.
# Setup
Linux, Windows, and Android are all fairly simple to set up. I don't have any Apple products so I the information there likely won't be complete or particularly good. I still recommend reading it, however.
## Linux
[Unbound](https://wiki.archlinux.org/index.php/Unbound) is what I use for DNS on all of my systems. It's wonderfully easy to use and works very well. Once you've used it for a while and have built up a cache, it's much faster than third-party resolvers.
*(stolen from [here](https://wiki.lelux.fi/dns-over-tls/unbound/linux/))*
Filename: `/etc/unbound/unbound.conf`
### Debian
```
include: "/etc/unbound/unbound.conf.d/*.conf"
server:
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 198.251.90.114@853#uncensored.any.nixnet.xyz
forward-addr: 212.83.138.44@853#resolver1.lelux.fi
forward-addr: 91.239.100.100@853#anycast.censurfridns.dk
forward-addr: 185.95.218.42@853#dns.digitale-gesellschaft.ch
```
### Arch
```
include: "/etc/unbound/unbound.conf.d/*.conf"
server:
use-syslog: yes
do-daemonize: no
username: "unbound"
directory: "/etc/unbound"
# TODO: fix DNSSEC check
# trust-anchor-file: trusted-key.key
tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 198.251.90.114@853#uncensored.any.nixnet.xyz
forward-addr: 212.83.138.44@853#resolver1.lelux.fi
forward-addr: 91.239.100.100@853#anycast.censurfridns.dk
forward-addr: 185.95.218.42@853#dns.digitale-gesellschaft.ch
```
### Using Unbound as a local resolver
```bash
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf && sudo chattr +i /etc/resolv.conf
```
This sets `127.0.0.1` as your nameserver and locks the file by adding the *immutable* flag (`chattr +i`). To remove the flag and make it editable again, run `chattr -i /etc/resolv.conf`.
## Windows
I know the title is for DNS-over-TLS but, from what I've found, DoT on Windows is **incredibly** difficult and I can't find much on it. This tell you how to change your plaintext DNS configuration.
1. Open the **Control Panel**
2. Click **Network and Internet**
3. Click **Network and Sharing Center**
4. Click **Change adapter settings** in the left pane
5. Right-click the network interface connected to the internet, and select the **Properties** option
6. Select and check the **Internet Protocol Version 4 (TCP/IPv4)** option
7. Click the **Properties** button
8. Click **Use the following DNS server addresses**
9. Enter your primary and secondary DNS addresses. If you're using mine, the primary would be `198.251.90.114` and secondary would be from some other provider (such as [UncensoredDNS's](https://blog.uncensoreddns.org/dns-servers/) `91.239.100.100`)
10. Click **OK**
11. As with all things Windows, **reboot** to finish applying the changes.
## macOS
I got this tutorial from [phiffer.org](https://phiffer.org/writing/dns-over-tls-on-macos/). I don't have anything from Apple so I can't test it but a friend of mine did and said it works.
1. Use [Homebrew](https://brew.sh/) to install `knot-resolver` then set up a service so it runs on startup with `sudo brew services start knot-resolver`
2. Use your favourite text editor to modify `/usr/local/etc/kresd/config` and add this to the very end of the file: `{% raw %}policy.add(policy.all(policy.TLS_FORWARD({{'198.251.90.114', hostname='uncensored.any.dns.nixnet.xyz'}}))){% endraw %}`
3. Restart `kresd` with `sudo brew services restart knot-resolver`
4. At this point, you should check what DNS server you're currently using to make sure it actually changes. You can do that with `kdig nixnet.xyz`
5. Go to Apple **Menu** > **System Preferences** > **Advanced** > **DNS** then add `127.0.0.1`
6. Test again with `kdig nixnet.xyz`. This time, one of the last couple IP addresses you see should show up something like `127.0.0.1@53(UDP)`.
That's it!
## Android
Note that DoT is only available on Android Pie and up. For other versions, try [Nebulo](https://smokescreen.app). I go over the process of installing and using it in my last [post](/blog/blocking-ads-on-mobile-and-desktop/#non-rooted-phones). Once you've gone through that, you're pretty much good to. If you want to add additional servers tap the <i class="fa fa-server"></i> server icon, then the plus at the bottom, and add whatever IP addresses or hostnames you'd like. Mine is included by default as **NixNet Uncensored** so all you have to do is select it.
# iOS
As far as I've been able to find, you can't. I'm sorry ¯\\\_(ツ)\_/¯

9
_sass/_default.scss
Unescape Escape View File

@ -93,6 +93,7 @@ a {
}
.content {
margin-top: -20px;
word-wrap: anywhere;
}
.content .headerlink {
display: none;
@ -118,13 +119,19 @@ a {
border-bottom: 2px solid #fff;
padding-bottom: 7px;
}
.content > h3 {
font-size: 21px;
}
.content > h4 {
font-size: 19px;
}
.content a {
text-decoration: none;
font-weight: bold;
text-align: justify;
white-space: nowrap;
}
.content a::after {
.content p a::after {
content: "\f08e";
font-size: 15px;
font-family: "ForkAwesome";

12
about.html
Unescape Escape View File

@ -22,20 +22,20 @@ permalink: /about/
</center>
<div class="content">
<center>
<p>If you want to donate in crypto currencies, I accept <a href="https://bitcoin.org/en/" rel="noreferrer" target="_blank">Bitcoin</a> and <a href="https://litecoin.org/" rel="noreferrer" target="_blank">Litecoin</a> though I do prefer Litecoin because of its speed. If you do crypto on mobile, you can scan the QR codes with your preferred app or tap them to open the appropriate app. The address is also below for other methods.</p>
<p>If you want to donate in crypto currencies, I accept <a href="https://getmonero.org/" rel="noreferrer" target="_blank">Monero</a> and <a href="https://bitcoin.org/en/" rel="noreferrer" target="_blank">Bitcoin</a> though I do prefer Monero because of its privacy-by-default features. If you do crypto on mobile, you can scan the QR codes with your preferred app or tap them to open the appropriate app. The address is also below for other methods.</p>
</div>
<div class="flex-wrapper">
<div class="flex-cards">
<div class="crypto-card">
<h1><a title="Monero" href="monero:44rQhN2PwB52RZnKbez5XGXweMdDvphMhZE8CRBhrtSq1nciTxGzZEReEmkhH19EnbKk4k884PrbVd4LaT1ZMqSHCpTUEcH"><img src="/assets/xmr.png" alt="Monero QR code"></img></a></h1>
<h2>Monero</h2>
<p>44rQhN2PwB52RZnKbez5XGXweMdDvphMhZE8CRBhrtSq1nciTxGzZEReEmkhH19EnbKk4k884PrbVd4LaT1ZMqSHCpTUEcH</p>
</div>
<div class="crypto-card">
<h1><a title="Bitcoin" href="bitcoin:1Q3o8Wtji2QS566BExdcPGMk76NjJgHrcz"><img src="/assets/btc.png" alt="Bitcoin QR code"></img></a></h1>
<h2>Bitcoin</h2>
<p>1Q3o8Wtji2QS566BExdcPGMk76NjJgHrcz</p>
</div>
<div class="crypto-card">
<h1><a title="Litecoin" href="litecoin:LUUbRvipXwcf3pFAXLVJV4jYmK3uBYBJcq"><img src="/assets/ltc.png" alt="Litecoin QR code"></img></a></h1>
<h2>Litecoin</h2>
<p>LUUbRvipXwcf3pFAXLVJV4jYmK3uBYBJcq</p>
</div>
</div>
</div>
</center>

BIN
assets/pages/dns.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB

BIN
assets/posts/adblock.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

123
assets/svgs/dns.svg
Unescape Escape View File

@ -0,0 +1,123 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="600"
height="315"
viewBox="0 0 158.75 83.343752"
version="1.1"
id="svg8"
inkscape:version="0.92.4 5da689c313, 2019-01-14"
sodipodi:docname="dns.svg"
inkscape:export-filename="/home/amolith/repos/nixnet/assets/pages/dns.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96">
<defs
id="defs2">
<symbol
id="shield-alt">
<title
id="shield-alt-title">Alternate Shield</title>
<path
style="stroke-width:0.26458332"
inkscape:connector-curvature="0"
d="m 131.23333,33.866667 c 0,58.547529 -35.965868,91.187323 -58.615524,100.623153 a 12.7,12.7 0 0 1 -9.76921,0 C 34.526802,122.69073 4.2333333,86.383019 4.2333333,33.866667 A 12.7,12.7 0 0 1 12.04886,22.143508 l 50.8,-21.16666633 a 12.7,12.7 0 0 1 9.769211,0 L 123.41807,22.143508 a 12.7,12.7 0 0 1 7.81526,11.723159 z m -63.499997,84.220313 0.01746,0.009 C 92.551515,105.74285 113.39063,76.739485 114.26904,36.676012 L 67.733333,17.286023 Z"
id="path26851" />
</symbol>
<symbol
id="user-secret">
<title
id="user-secret-title">User Secret</title>
<path
style="stroke-width:0.26458332"
inkscape:connector-curvature="0"
d="m 102.87767,78.137808 5.54884,-14.565841 c 0.79164,-2.078038 -0.74321,-4.3053 -2.96703,-4.3053 H 90.061521 c 1.971146,-4.295775 3.071812,-9.074415 3.071812,-14.111023 0,-0.960702 -0.04233,-1.91135 -0.12065,-2.851679 10.461357,-2.067719 17.053987,-5.081323 17.053987,-8.437298 0,-3.509169 -7.20487,-6.644217 -18.506814,-8.714582 C 89.129658,16.472429 84.36901,7.7432958 80.78761,3.2313563 78.286769,0.08069792 73.942046,-0.90513958 70.344242,0.89402708 L 63.053119,4.5397208 a 8.4658729,8.4658729 0 0 1 -7.572904,0 L 48.189092,0.8937625 C 44.591023,-0.90513958 40.2463,0.08043333 37.745723,3.2310917 34.164323,7.7430313 29.403675,16.472165 26.973477,25.151821 15.671535,27.22245 8.4666667,30.357498 8.4666667,33.866667 c 0,3.355975 6.5926233,6.369579 17.0539833,8.437298 A 34.227029,34.227029 0 0 0 25.4,45.155644 c 0,5.036873 1.100402,9.815512 3.071283,14.111023 H 13.281554 c -2.279385,0 -3.8160852,2.330714 -2.918089,4.425685 L 16.42401,77.833537 C 6.8259854,81.460446 0,90.73224 0,101.6 v 27.51667 c 0,3.50705 2.8429479,6.35 6.35,6.35 h 105.83333 c 3.50706,0 6.35,-2.84295 6.35,-6.35 V 101.6 c 0,-10.575396 -6.46377,-19.640285 -15.65566,-23.462192 z m -54.194337,50.978862 -12.7,-50.800003 12.7,6.35 6.35,10.583333 z m 21.166667,0 L 63.5,95.25 l 6.35,-10.583333 12.7,-6.35 z M 84.343346,48.750537 c -0.0021,0.01138 -1.137444,0.854869 -1.35599,1.526911 -1.021556,3.139017 -1.858962,6.501342 -4.369329,8.826235 -2.664619,2.467769 -12.688623,5.92799 -16.932275,-6.622256 -0.750623,-2.221177 -4.087019,-2.221971 -4.837906,0 -4.488127,13.273617 -14.821694,8.576998 -16.932275,6.622256 -2.510367,-2.324629 -3.347773,-5.687218 -4.369329,-8.826235 -0.218546,-0.672042 -1.354138,-1.515533 -1.35599,-1.526911 -0.146579,-0.773906 -0.259556,-1.556808 -0.322792,-2.341562 -0.08176,-1.018117 2.666471,-0.967846 2.931055,-0.991394 6.959335,-0.615421 13.838502,-0.153194 20.643585,1.454415 0.678127,0.160337 3.056731,0.139964 3.649398,0 6.805083,-1.607608 13.68425,-2.0701 20.643585,-1.454415 0.265113,0.02355 3.012811,-0.02699 2.931054,0.991394 -0.06324,0.784754 -0.176212,1.567656 -0.322791,2.341562 z"
id="path23532" />
</symbol>
<symbol
id="ic_router_24px">
<path
style="stroke-width:1"
inkscape:connector-curvature="0"
d="M 5.3445833,1.5610417 5.55625,1.349375 C 5.1858333,0.97895833 4.7095833,0.79375 4.2333333,0.79375 c -0.47625,0 -0.9525,0.18520833 -1.3229166,0.555625 L 3.1220833,1.5610417 C 3.4395833,1.27 3.8364583,1.11125 4.2333333,1.11125 c 0.396875,0 0.79375,0.15875 1.11125,0.4497917 z m -0.238125,0.2116666 c -0.238125,-0.238125 -0.555625,-0.3704166 -0.873125,-0.3704166 -0.3175,0 -0.635,0.1322916 -0.873125,0.3704166 L 3.571875,1.984375 C 3.7570833,1.7991667 3.9952083,1.7197917 4.2333333,1.7197917 c 0.238125,0 0.47625,0.079375 0.6614584,0.2645833 z m -0.079375,1.666875 H 4.4979167 V 2.38125 H 3.96875 V 3.4395833 H 1.3229167 C 1.031875,3.4395833 0.79375,3.6777083 0.79375,3.96875 v 1.0583333 c 0,0.2910417 0.238125,0.5291667 0.5291667,0.5291667 H 5.0270833 C 5.318125,5.55625 5.55625,5.318125 5.55625,5.0270833 V 3.96875 c 0,-0.2910417 -0.238125,-0.5291667 -0.5291667,-0.5291667 z M 2.1166667,4.7625 H 1.5875 V 4.2333333 h 0.5291667 z m 0.9260416,0 H 2.5135417 V 4.2333333 h 0.5291666 z m 0.9260417,0 H 3.4395833 V 4.2333333 H 3.96875 Z"
id="path11836" />
</symbol>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.7"
inkscape:cx="301.7569"
inkscape:cy="130.61538"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
units="px"
inkscape:snap-bbox="true"
inkscape:bbox-paths="true"
inkscape:bbox-nodes="true"
inkscape:snap-bbox-edge-midpoints="true"
inkscape:snap-bbox-midpoints="true"
inkscape:object-paths="true"
inkscape:snap-intersection-paths="true"
inkscape:snap-smooth-nodes="true"
inkscape:snap-midpoints="true"
inkscape:window-width="1336"
inkscape:window-height="698"
inkscape:window-x="15"
inkscape:window-y="35"
inkscape:window-maximized="0"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" />
<metadata
id="metadata5">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(5.0862632e-6,-213.65623)">
<rect
style="opacity:1;fill:#323232;fill-opacity:1;stroke:none;stroke-width:1.84040475;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
id="rect99612"
width="158.75"
height="83.34375"
x="-5.0862632e-06"
y="213.65623"
inkscape:export-filename="/home/amolith/repos/nixnet/assets/posts/privacy.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96" />
<use
id="use101699"
transform="matrix(8.2538478,0,0,8.2538478,53.169028,227.00546)"
style="fill:#ffffff;stroke:none;stroke-width:0.1211556"
xlink:href="#ic_router_24px"
x="0"
y="0"
width="100%"
height="100%" />
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 7.1 KiB

189
assets/svgs/ublock.svg
Unescape Escape View File

@ -0,0 +1,189 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="600"
height="315"
viewBox="0 0 158.75 83.343752"
version="1.1"
id="svg8"
inkscape:version="0.92.4 5da689c313, 2019-01-14"
sodipodi:docname="ublock.svg"
inkscape:export-filename="/home/amolith/repos/nixnet/assets/posts/adblock.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96">
<defs
id="defs2">
<symbol
id="shield-alt">
<title
id="shield-alt-title">Alternate Shield</title>
<path
style="stroke-width:0.26458332"
inkscape:connector-curvature="0"
d="m 131.23333,33.866667 c 0,58.547529 -35.965868,91.187323 -58.615524,100.623153 a 12.7,12.7 0 0 1 -9.76921,0 C 34.526802,122.69073 4.2333333,86.383019 4.2333333,33.866667 A 12.7,12.7 0 0 1 12.04886,22.143508 l 50.8,-21.16666633 a 12.7,12.7 0 0 1 9.769211,0 L 123.41807,22.143508 a 12.7,12.7 0 0 1 7.81526,11.723159 z m -63.499997,84.220313 0.01746,0.009 C 92.551515,105.74285 113.39063,76.739485 114.26904,36.676012 L 67.733333,17.286023 Z"
id="path26851" />
</symbol>
<symbol
id="user-secret">
<title
id="user-secret-title">User Secret</title>
<path
style="stroke-width:0.26458332"
inkscape:connector-curvature="0"
d="m 102.87767,78.137808 5.54884,-14.565841 c 0.79164,-2.078038 -0.74321,-4.3053 -2.96703,-4.3053 H 90.061521 c 1.971146,-4.295775 3.071812,-9.074415 3.071812,-14.111023 0,-0.960702 -0.04233,-1.91135 -0.12065,-2.851679 10.461357,-2.067719 17.053987,-5.081323 17.053987,-8.437298 0,-3.509169 -7.20487,-6.644217 -18.506814,-8.714582 C 89.129658,16.472429 84.36901,7.7432958 80.78761,3.2313563 78.286769,0.08069792 73.942046,-0.90513958 70.344242,0.89402708 L 63.053119,4.5397208 a 8.4658729,8.4658729 0 0 1 -7.572904,0 L 48.189092,0.8937625 C 44.591023,-0.90513958 40.2463,0.08043333 37.745723,3.2310917 34.164323,7.7430313 29.403675,16.472165 26.973477,25.151821 15.671535,27.22245 8.4666667,30.357498 8.4666667,33.866667 c 0,3.355975 6.5926233,6.369579 17.0539833,8.437298 A 34.227029,34.227029 0 0 0 25.4,45.155644 c 0,5.036873 1.100402,9.815512 3.071283,14.111023 H 13.281554 c -2.279385,0 -3.8160852,2.330714 -2.918089,4.425685 L 16.42401,77.833537 C 6.8259854,81.460446 0,90.73224 0,101.6 v 27.51667 c 0,3.50705 2.8429479,6.35 6.35,6.35 h 105.83333 c 3.50706,0 6.35,-2.84295 6.35,-6.35 V 101.6 c 0,-10.575396 -6.46377,-19.640285 -15.65566,-23.462192 z m -54.194337,50.978862 -12.7,-50.800003 12.7,6.35 6.35,10.583333 z m 21.166667,0 L 63.5,95.25 l 6.35,-10.583333 12.7,-6.35 z M 84.343346,48.750537 c -0.0021,0.01138 -1.137444,0.854869 -1.35599,1.526911 -1.021556,3.139017 -1.858962,6.501342 -4.369329,8.826235 -2.664619,2.467769 -12.688623,5.92799 -16.932275,-6.622256 -0.750623,-2.221177 -4.087019,-2.221971 -4.837906,0 -4.488127,13.273617 -14.821694,8.576998 -16.932275,6.622256 -2.510367,-2.324629 -3.347773,-5.687218 -4.369329,-8.826235 -0.218546,-0.672042 -1.354138,-1.515533 -1.35599,-1.526911 -0.146579,-0.773906 -0.259556,-1.556808 -0.322792,-2.341562 -0.08176,-1.018117 2.666471,-0.967846 2.931055,-0.991394 6.959335,-0.615421 13.838502,-0.153194 20.643585,1.454415 0.678127,0.160337 3.056731,0.139964 3.649398,0 6.805083,-1.607608 13.68425,-2.0701 20.643585,-1.454415 0.265113,0.02355 3.012811,-0.02699 2.931054,0.991394 -0.06324,0.784754 -0.176212,1.567656 -0.322791,2.341562 z"
id="path23532" />
</symbol>
<symbol
id="ic_router_24px">
<path
style="stroke-width:1"
inkscape:connector-curvature="0"
d="M 5.3445833,1.5610417 5.55625,1.349375 C 5.1858333,0.97895833 4.7095833,0.79375 4.2333333,0.79375 c -0.47625,0 -0.9525,0.18520833 -1.3229166,0.555625 L 3.1220833,1.5610417 C 3.4395833,1.27 3.8364583,1.11125 4.2333333,1.11125 c 0.396875,0 0.79375,0.15875 1.11125,0.4497917 z m -0.238125,0.2116666 c -0.238125,-0.238125 -0.555625,-0.3704166 -0.873125,-0.3704166 -0.3175,0 -0.635,0.1322916 -0.873125,0.3704166 L 3.571875,1.984375 C 3.7570833,1.7991667 3.9952083,1.7197917 4.2333333,1.7197917 c 0.238125,0 0.47625,0.079375 0.6614584,0.2645833 z m -0.079375,1.666875 H 4.4979167 V 2.38125 H 3.96875 V 3.4395833 H 1.3229167 C 1.031875,3.4395833 0.79375,3.6777083 0.79375,3.96875 v 1.0583333 c 0,0.2910417 0.238125,0.5291667 0.5291667,0.5291667 H 5.0270833 C 5.318125,5.55625 5.55625,5.318125 5.55625,5.0270833 V 3.96875 c 0,-0.2910417 -0.238125,-0.5291667 -0.5291667,-0.5291667 z M 2.1166667,4.7625 H 1.5875 V 4.2333333 h 0.5291667 z m 0.9260416,0 H 2.5135417 V 4.2333333 h 0.5291666 z m 0.9260417,0 H 3.4395833 V 4.2333333 H 3.96875 Z"
id="path11836" />
</symbol>
<linearGradient
id="linearGradient6915">
<stop
style="stop-color:#600000;stop-opacity:1;"
offset="0"
id="stop6917" />
<stop
style="stop-color:#700000;stop-opacity:1;"
offset="1"
id="stop6919" />
</linearGradient>
<linearGradient
id="linearGradient6898">
<stop
id="stop6900"
offset="0"
style="stop-color:#90000f;stop-opacity:0.94117647;" />
<stop
id="stop6902"
offset="1"
style="stop-color:#800000;stop-opacity:1;" />
</linearGradient>
<linearGradient
id="linearGradient3770"
inkscape:collect="always">
<stop
id="stop3772"
offset="0"
style="stop-color:#000000;stop-opacity:1;" />
<stop
id="stop3774"
offset="1"
style="stop-color:#000000;stop-opacity:0;" />
</linearGradient>
<inkscape:path-effect
effect="spiro"
id="path-effect3995"
is_visible="true" />
<radialGradient
gradientUnits="userSpaceOnUse"
gradientTransform="matrix(1,0,0,1.2584318,0,-20.947238)"
r="22.573323"
fy="81.055197"
fx="82.145422"
cy="81.055197"
cx="82.145422"
id="radialGradient3776"
xlink:href="#linearGradient3770"
inkscape:collect="always" />
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="0.98994949"
inkscape:cx="264.13935"
inkscape:cy="141.72818"
inkscape:document-units="mm"
inkscape:current-layer="layer1"
showgrid="false"
units="px"
inkscape:snap-bbox="true"
inkscape:bbox-paths="true"
inkscape:bbox-nodes="true"
inkscape:snap-bbox-edge-midpoints="true"
inkscape:snap-bbox-midpoints="true"
inkscape:object-paths="true"
inkscape:snap-intersection-paths="true"
inkscape:snap-smooth-nodes="true"
inkscape:snap-midpoints="true"
inkscape:window-width="1336"
inkscape:window-height="698"
inkscape:window-x="15"
inkscape:window-y="35"
inkscape:window-maximized="0"
fit-margin-top="0"
fit-margin-left="0"
fit-margin-right="0"
fit-margin-bottom="0" />
<metadata
id="metadata5">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
<dc:title></dc:title>
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(5.0862632e-6,-213.65623)">
<rect
style="opacity:1;fill:#323232;fill-opacity:1;stroke:none;stroke-width:1.84040475;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
id="rect99612"
width="158.75"
height="83.34375"
x="-5.0862632e-06"
y="213.65623"
inkscape:export-filename="/home/amolith/repos/nixnet/assets/posts/privacy.png"
inkscape:export-xdpi="96"
inkscape:export-ydpi="96" />
<g
id="g96023"
transform="matrix(1.1606952,0,0,1.1606952,39.890636,-37.630023)"
style="stroke-width:0.86155266">
<path
sodipodi:nodetypes="cccccc"
inkscape:connector-curvature="0"
id="path6909"
d="m 34.017854,269.33218 c 14.816666,-8.46667 14.816666,-8.46667 14.816666,-29.63333 -6.35,0 -8.466667,0 -14.816666,-4.23334 m 0,33.86667 c -14.816667,-8.46667 -14.816667,-8.46667 -14.816667,-29.63333 6.350001,0 8.466667,0 14.816667,-4.23334"
style="fill:#ffffff;fill-opacity:1;fill-rule:nonzero;stroke:none;stroke-width:0.22795245;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<circle
r="4.2333336"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:100.21945953px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;text-align:center;letter-spacing:0px;word-spacing:0px;text-anchor:middle;display:inline;fill:#ffffff;fill-opacity:1;stroke:#323232;stroke-width:1.8236196;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
inkscape:export-filename="/home/rhill/permahome/workshop/ublock/platform/chromium/img/browsericons/path2996.png"
inkscape:export-xdpi="26.719999"
inkscape:export-ydpi="26.719999"
cx="37.192852"
cy="251.34052"
id="path2996-3" />
<path
sodipodi:nodetypes="ccccccccccc"
inkscape:connector-curvature="0"
id="path3783"
d="m 34.017853,252.39884 c 0,2.91042 -1.322917,4.23334 -4.233334,4.23334 -2.910416,0 -4.233333,-1.32292 -4.233333,-4.23334 v -6.35 h 2.116667 v 6.35 c 0,1.85209 0.264583,2.11667 2.116666,2.11667 1.852083,0 2.116667,-0.26458 2.116667,-2.11667 v -6.35 h 2.116667 z"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:73.20139313px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;fill:#323232;fill-opacity:1;stroke:#ffffff;stroke-width:0;stroke-linecap:square;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
</g>
</g>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

65
assets/svgs/xmr.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

After

Width:  |  Height:  |  Size: 35 KiB

8
assets/vendor/highlight/styles/agate.css vendored
Unescape Escape View File

@ -10,7 +10,7 @@
* #fc9b9b
* #ffa
* #fff
* #333
* #323234
* #62c8f3
* #888
*
@ -20,7 +20,7 @@
display: block;
overflow-x: auto;
padding: .5em;
background: #333;
background: #323234;
color: white;
-webkit-text-size-adjust: none;
}
@ -117,12 +117,12 @@
.hljs-deletion {
background-color: #fc9b9b;
color: #333;
color: #323234;
}
.hljs-addition {
background-color: #a2fca2;
color: #333;
color: #323234;
}
.hljs a,

BIN
assets/xmr.png
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

50
dns.md
Unescape Escape View File

@ -0,0 +1,50 @@
---
layout: page
title: DNS
description: Uncensored public DNS servers running on NixNet
subtitle: Uncensored public DNS servers
permalink: /dns/
cover: /assets/pages/dns.png
---
***NOTE:*** Adblock with [Pi-Hole](https://pi-hole.net/) is Coming Soon&trade;
# Preamble
Before going through and setting every device to use my DNS servers, I recommend you read sections 1 - 2 of a [previous post](/blog/dns-and-root-certificates-what-you-need-to-know/#1-what-is-dns-and-why-does-it-concern-you) so you actually understand what's happening and what you're doing. DNS is set up on the same servers as my [Tor exits](/tor-nodes/) so, if you're in a country that actively blocks Tor, you could run into issues unless you use the Anycast IP/hostname.
# IPs & Hostnames
For simplicity's sake, I recommend using the [Anycast](https://en.wikipedia.org/wiki/Anycast) hostname as your primary, the location normally nearest to you as secondary, and a different provider for your tertiary DNS. With Anycast, you'll automatically use the server geographically nearest (the one with the lowest latency) and it will be secured with TLS. For more technical information on Anycast, click the link above. The second Anycast IP address is for plaintext DNS (**not recommended**); everything else is DNS-over-TLS. If you don't know what those are, the next section explains a bit more.
Anycast
* `uncensored.any.dns.nixnet.xyz`
* `198.251.90.114:853` **(DoT)**
* `198.251.90.114` **(plaintext)**
Las Vegas
* `uncensored.lv1.dns.nixnet.xyz`
* `209.141.34.95:853` **(DoT)**
New York
* `uncensored.ny1.dns.nixnet.xyz`
* `199.195.251.84:853` **(DoT)**
Luxembourg
* `uncensored.lux1.dns.nixnet.xyz`
* `104.244.78.231:853` **(DoT)**
After setting them, you can test your connection with [ipleak.net](https://ipleak.net). If you have JavaScript enabled, the line below will tell you which server you'll connect to with Anycast at the moment. If you travel a lot, that server will change depending on your location.
<code id="server">This element requires JavaScript to be enabled</code>
\* Please note that your DNS-over-TLS client must support [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) (Server Name Indication).
# Recommendations
I recommend setting fallbacks with other providers (such as [Lelux.fi's](https://lelux.fi/resolver/)) in case mine are down for some reason. Redundancy is always a good thing. A friend of mine has a page with a list of [DNS resolvers](https://wiki.lelux.fi/dns/resolvers/) on it that you can peruse as well. I highly recommend DNS-over-TLS (DoT). Plaintext is . . . well . . . plaintext; anyone can snoop on your traffic. DoT is end-to-end encrypted so no one but you and the DNS server can see your queries. DNS-over-HTTPS (DoH) is just as secure but it's supported by far fewer devices and applications. It's also more difficult to set up 😅
The best thing to do, in my opinion, is set your DNS at the OS level with [Stubby](https://wiki.archlinux.org/index.php/Stubby) or [Unbound](https://wiki.archlinux.org/index.php/Unbound), for example, and not at the application level i.e. with Firefox's DoH implementation. For more information about configuring custom DNS servers on various devices, read the related [blog post](/blog/setting-dns-on-mobile-and-desktop/).
Until I get adblocking DNS set up, take a look at my post on blocking ads [locally](/blog/blocking-ads-on-mobile-and-desktop/). There are solutions for most&trade; devices and none of the guides are *particularly* difficult to implement.
<script>
fetch("https://check.any.dns.nixnet.xyz/check")
.then((response) => response.text())
.then((server) => document.getElementById("server").innerHTML = server)
</script>

7
json/cards.json
Unescape Escape View File

@ -23,6 +23,13 @@
"tor":"http://git.l4qlywnpwqsluw65ts7md3khrivpirse744un3x7mlskqauz5pyuzgqd.onion/"
},
{
"name": "DNS",
"description": "I run three DNS servers that are available for public use. They are uncensored and located in Luxembourg, Las Vegas, and New York. Adblock with Pi-Hole is Coming Soon&trade;",
"button_text": "Query!",
"link": "https://nixnet.xyz/dns/",
"tor":"http://l4qlywnpwqsluw65ts7md3khrivpirse744un3x7mlskqauz5pyuzgqd.onion/dns/"
},
{
"name": "Proxies",
"description": "At the request of some users, I proxy a few websites. These include The Tor Project's main website, their bridges directory, the EFF's Self Defense guide, and some others.",
"button_text": "Browse!",

8
privacy-policy.md
Unescape Escape View File

@ -27,6 +27,14 @@ Your web browser communicates uniquely identifying information to all websites i
**For Nextcloud:** Whatever data is collected is stored on one server in my living room and won't be shared with any third parties either. User's files are encrypted at rest so no one can hack into my server and steal them. I do have the encryption key so I *could* decrypt and view your files. I'm not going to bother with that though because I don't have any interest in looking at your personal stuff. That's your business and I won't invade your privacy.
## DNS services
In short:
* Haproxy TCP/HTTP logs are disabled. No IP addresses are collected.
* Unbound query logs are enabled (log level verbosity: 1).
* Query amounts coming specifically from the DNS-over-TLS server aren't counted.
* Website/DNS-over-HTTPS gateway's nginx logs are disabled.
There's no warranty, no uptime assurance, etc. so I recommend using multiple [resolvers](https://wiki.lelux.fi/dns/resolvers); that also improves privacy because the DNS queries are spread across multiple providers
# Exceptions
I do live in the US; one server is here and the other is in Germany. If, for whatever reason, I'm compelled by law enforcement to give up your email, IP address, or any other information, I will. *I don't want to*. As such, I do whatever I can to make sure *I don't have that information*. If I don't have it, I can't share it.

2
proxies.html
Unescape Escape View File

@ -7,7 +7,7 @@ path: /proxies/
cover: /cover.png
priority: 0.9
---
<br/>
<br />
<div class="flex-wrapper">
<div class="flex-cards">
<!-- Static cards -->

13
tor-nodes.md
Unescape Escape View File

@ -9,11 +9,15 @@ cover: /assets/pages/tor.png
# Why am I here
You're likely seeing this page because you had some issue with traffic from one of the following IP addresses:
* 209.141.34.95
* 104.244.78.231
* 199.195.251.84
The machines at those addresses are part of the [Tor Anonymity Network](https://www.torproject.org/) and dedicated to [providing privacy](https://www.torproject.org/about/overview) to the people who need it most: average computer users. Unless they've been compromised, you should be seeing no other traffic originating from them.
You can verify that they are, in fact, part of Tor by looking at the relevant pages on The Tor Project's [Relay Search](https://metrics.torproject.org/rs.html) page. I've also listed them below.
You can verify that they are, in fact, part of Tor by looking at the relevant pages on The Tor Project's [Relay Search](https://metrics.torproject.org/rs.html). I've also listed them below.
* 209.141.34.95 - [Illana](https://metrics.torproject.org/rs.html#details/7731E125924324B7405BA20E2759EE16780237E2)
* 104.244.78.231 - [Nika](https://metrics.torproject.org/rs.html#details/B135DDBA0C309640D8311575A334157EA28E3FAF)
* 199.195.251.84 - [Alina](https://metrics.torproject.org/rs.html#details/324E13FD795713BDD6E8B4DF02438742CA1FDBF1)
# Who's running this
The [exit relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#Exitrelay) that directed you here is run by Amolith (me) under NixNet, a network of sites and services available to anyone free of charge. Despite the potential legal ramifications, I decided to run them because I am *very* passionate about online privacy, anonymity, and freedom of speech. In today's society, Tor is one of the very few ways to truly achieve that and I wanted to directly help those that need it by running fast exits.
@ -26,14 +30,13 @@ As such, there is little I can do to help you track the connection further. Thes
Furthermore, these machines also serve as a carriers of email, which means that their contents are further protected under the ECPA. [18 USC 2707](http://www.law.cornell.edu/uscode/text/18/2707) explicitly allows for civil remedies ($1000/account **plus** legal fees) in the event of a seizure executed without good faith or probable cause (it should be clear at this point that traffic originating from the IPs listed above should not constitute probable cause to seize the machine). Similar considerations exist for 1st amendment content on this machine.
# You're violating DMCA!
If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA [safe harbor](http://www.law.cornell.edu/uscode/text/17/512) provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please consult EFF's [prepared response](https://www.torproject.org/eff/tor-dmca-response) for more information on this matter.
If you are a representative of a company who feels that this router is being used to violate the DMCA, please be aware that this machine does not host or contain any illegal content. Also be aware that network infrastructure maintainers are not liable for the type of content that passes over their equipment, in accordance with DMCA [safe harbor](http://www.law.cornell.edu/uscode/text/17/512) provisions. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please review the EFF's [prepared response](https://www.torproject.org/eff/tor-dmca-response) for more information on this matter.
For more information, please consult the following documentation:
For general information, please consult the following documentation:
1. [Tor Overview](https://www.torproject.org/about/overview)
2. [Tor Abuse FAQ](https://www.torproject.org/docs/faq-abuse)
3. [Tor Legal FAQ](https://www.torproject.org/eff/tor-legal-faq)
# I still have an issue
That being said, if you still have a complaint about these routers, you may [contact me](/contact). If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however. Common P2P ports are already blocked.
That being said, if you still have a complaint about these routers, you may [contact me](/contact). If complaints are related to a particular service that is being abused, I will consider removing that service from my exit policy, which would prevent my router from allowing that traffic to exit through it. I can only do this on an IP+destination port basis, however.
You also have the option of blocking this IP address and others on the Tor network if you so desire. The Tor project provides a [web service](https://check.torproject.org/cgi-bin/TorBulkExitList.py) to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a specified IP:port combination, and an official [DNSRBL](https://www.torproject.org/tordnsel/dist/) is also available to determine if a given IP address is actually a Tor exit server. Please be considerate when using these options. It would be unfortunate to deny all Tor users access to your site indefinitely simply because of a few bad apples.

Write Preview
Loading…
Cancel
Save