NOTE: This FAQ is for informational purposes only and does not constitute legal advice.
Our aim is to provide a general description of the legal issues surrounding Tor in the United States.
Different factual situations and different legal jurisdictions will result in different answers to a number of questions.
Therefore, please do not act on this information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction.
Also, if you received this document from anywhere besides the EFF web site or https://community.torproject.org/relay/community-resources/eff-tor-legal-faq, it may be out of date. Follow the link to get the latest version.
Got a DMCA notice? Check out our sample response letter!
Has anyone ever been sued or prosecuted for running Tor?
Although we are not aware of an individual being sued, prosecuted, or convicted for running a Tor relay, law enforcement in the United States and other countries has occasionally mistakenly investigated individuals running a Tor relay.
We believe that running a Tor relay, including an exit relay that allows people to anonymously send and receive traffic, is legal under U.S. law. Law enforcement, however, often misunderstands how Tor works and has occasionally attributed illegal traffic on the network as originating from a Tor exit relay.
This has resulted in police suspecting Tor relay operators of crimes and sometimes seizing computer equipment, including Tor relays.
For example, in 2016 Seattle police mistakenly raided the home of a privacy activist operating a Tor exit relay.
And Russian authorities wrongfully arrested math instructor and Tor relay operator Dmitry Bogatov, though they later cleared him of charges.
Should I use Tor or encourage the use of Tor for illegal purposes?
No. Tor has been developed to be a tool for free expression, privacy, and human rights. It is not a tool designed or intended to be used to break the law, either by Tor users or Tor relay operators.
Can EFF promise that I won't get in trouble for running a Tor relay?
No. All new technologies create legal uncertainties, and Tor is no exception.
We cannot guarantee that you will never face any legal liability as a result of running a Tor relay.
However, EFF believes so strongly that those running Tor relays shouldn't be liable for traffic that passes through the relay that we're running our own middle relay.
Will EFF represent me if I get in trouble for running a Tor relay?
Maybe. While EFF cannot promise legal representation for all Tor relay operators, it will assist relay operators in assessing the situation and will try to locate qualified legal counsel when necessary.
Inquiries to EFF for the purpose of securing legal representation or referrals should be directed to our intake coordinator by sending an email to info at eff.org.
Such inquiries will be kept confidential subject to the limits of the attorney/client privilege.
Note that although EFF cannot practice law outside of the United States, it will still try to assist non-U.S. relay operators in finding local representation.
How should I deal with a police visit/raid/interrogation?
If you are detained and questioned by police, you have a right to request to speak with an attorney before and during any questioning.
It is best to say "I want my attorney and I choose to remain silent" and then refuse questioning until you have a chance to talk to a lawyer.
However, if you do decide to waive your right to the assistance of counsel and answer questions without an attorney present, be sure to tell the truth.
Lying to law enforcement may lead to more trouble than for whatever it was they wanted to talk to you about in the first place.
Does U.S. law provide any protections for the Tor network against civil lawsuits?
Yes. A federal law, 47 U.S.C. § 230 (often called Section 230), provides legal immunity for online intermediaries that host or republish speech.
Though there are important exceptions for certain criminal and intellectual property-based claims, Section 230’s immunity protects online services, such as the Tor network, against a range of laws that might otherwise be used to hold them legally responsible for what others say and do.
Another federal law, 17 U.S.C. § 512(a), part of the Digital Millennium Copyright Act, provides a legal safe harbor against copyright infringement claims based on material that is simply transmitted without modification, as a Tor relay does.
Should I contact the Tor developers when I have legal questions about Tor or to inform them if I suspect Tor is being used for illegal purposes?
No. Tor's developers are available to answer technical questions, but they are not lawyers and cannot give legal advice. Nor do they have any ability to prevent illegal activity that may occur through Tor relays.
Furthermore, your communications with Tor's developers are not protected by any legal privilege, so law enforcement or civil litigants could subpoena and obtain any information you give to them.
You can contact email@example.com if you face a specific legal issue. We will try to assist you, but given EFF's small size, we cannot guarantee that we can help everyone.
Do Tor's core developers make any promises about the trustworthiness or reliability of Tor relays that are listed in their directory?
No. Although the developers attempt to verify that Tor relays listed in the directory maintained by the core developers are stable and have adequate bandwidth, neither they nor EFF can guarantee the personal trustworthiness or reliability of the individuals who run those relays.
Tor's core developers further reserve the right to refuse a Tor relay operator's request to be listed in their directory or to remove any relay from their directory for any reason.
Exit relays raise special concerns because the traffic that exits from them can be traced back to the relay's IP address.
While we believe that running an exit relay is legal, it is practically impossible to stop the use of an exit relay for illegal activity.
That may attract the attention of private litigants or law enforcement.
An exit relay may forward traffic that is considered unlawful, and that traffic may be attributed to the operator of a relay.
Indeed, police have mistakenly attributed traffic from an exit relay as coming from the relay’s operator.
If you are not willing to deal with that risk, a bridge or middle relay may be a better fit for you.
These relays do not directly forward traffic to the Internet and so can't be easily mistaken for the origin of allegedly unlawful content.
The Tor Project's blog has some excellent recommendations for running an exit with as little risk as possible. We suggest that you review their advice before setting up an exit relay.
Should I run an exit relay from my home?
No, this is risky and not recommended.
If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will mistakenly attribute that traffic as originating from your home.
This could result in law enforcement raiding your home, seizing your computer, and suspecting you of criminal activity.
For that reason, it's best not to run your exit relay in your home or using your home Internet connection.
Given those risks, you should instead consider running your exit relay in a commercial facility that is supportive of Tor. Have a separate IP address for your exit relay, and don't route your own traffic through it.
Of course, you should avoid keeping any sensitive or personal information on the computer hosting your exit relay, and you never should use that machine for any illegal purpose.
If you do decide to run an exit relay from your home despite these risks, please review Tor’s recommendations, including telling your ISP and obtaining a separate IP address for the exit relay.
Should I tell my ISP that I'm running an exit relay?
Yes. Make sure you have a Tor-friendly ISP that knows you're running an exit relay and supports you in that goal.
This will help ensure that your Internet access isn't cut off due to abuse complaints.
The Tor community maintains a list of ISPs that are particularly Tor-savvy, as well as ones that aren't.
Is it a good idea to let others know that I'm running an exit relay?
Yes. Be as transparent as possible about the fact that you're running an exit relay.
If your exit traffic draws the attention of the government or disgruntled private party, you want them to figure out quickly and easily that you are part of the Tor network and not responsible for the content.
This could mean the difference between having your computer seized by law enforcement and being left alone.
The Tor Project suggests the following ways to let others know that you're running an exit relay:
- Set up a reverse DNS name for the IP address that makes clear that the computer is an exit relay.
- Set up a notice like this to explain that you're running an exit relay that's part of the Tor network.
- If possible, get an ARIN registration for your exit relay that displays contact information for you, not your ISP.
This way, you'll receive any abuse complaints and can respond to them directly. Otherwise, try to ensure that your ISP forwards abuse complaints that it receives to you.
Should I snoop on the plaintext traffic that exits through my Tor relay?
No. You may be technically capable of modifying the Tor source code or installing additional software to monitor or log plaintext that exits your relay.
However, Tor relay operators in the United States can possibly create civil and even criminal liability for themselves under state or federal wiretap laws if they monitor, log, or disclose Tor users' communications, while non-U.S. operators may be subject to similar laws.
Do not examine anyone's communications without first talking to a lawyer.
If I receive a subpoena or other information request from law enforcement or anyone else related to my Tor relay, what should I do?
Educate them about Tor. In most instances, properly configured Tor relays will have no useful data for inquiring parties, and you should feel free to educate them on this point.
To the extent you do maintain logs, however, you should not disclose them to any third party without first consulting a lawyer.
In the United States, the data may be protected by the Electronic Communications Privacy Act, and relay operators outside of the United States may be subject to similar data protection laws.
You may receive legal inquiries where you are prohibited by law from telling anyone about the request. We believe that, at least in the United States, such gag orders do not prevent you from talking to a lawyer, including calling a lawyer to find representation.
Inquiries to EFF for the purpose of securing legal representation should be directed to our intake coordinator (info at eff.org).
Such inquiries will be kept confidential subject to the limits of the attorney/client privilege.
For more information about responding to abuse complaints and other inquiries, check out the Tor Abuse FAQ and the collection of abuse response templates on the Tor Project's website.
For information on what to do if law enforcement seeks access to your digital devices, check out EFF's Know Your Rights guide.
My ISP, university, etc. just sent me a DMCA notice. What should I do?
EFF has written a short template to help you write a response to your ISP, university, etc., to let them know about the details of the Digital Millennium Copyright Act's safe harbor, and how Tor fits in.
Note that template only refers to U.S. jurisdictions, and is intended only to address copyright complaints that are based on a relay of allegedly infringing material through the Tor node.
If you like, you should consider submitting a copy of your notice to the Lumen Database. The email address for submissions is firstname.lastname@example.org.
This will help us recognize trends and issues that the lawyers might want to focus on.
Lumen encourages submissions from people outside the United States too.
EFF believes that Tor relays should be protected from copyright liability for the acts of their users because a Tor relay operator can raise an immunity defense under Section 512 of DMCA as well as defenses under copyright's secondary liability doctrines.
However, no court has yet addressed these issues in the context of Tor itself.
If you are uncomfortable with this uncertainty, you may consider using a reduced exit policy (such as the default policy suggested by the Tor Project) to try to minimize traffic types that are often targeted in copyright complaints.
If you are a Tor relay operator willing to stand up and help set a clear legal precedent establishing that merely running a relay does not create copyright liability for either operators or their bandwidth providers, EFF is interested in hearing from you.