dVPN Node Academy

Safety Advice for Node Hosts

Nothing on this page, or on this website as a whole, should be considered legal advice.

While we strive to be as helpful as possible, Sentinel is an open, permissionless marketplace and node hosts are ultimately responsible for their own operations.

Like any distributed peer-to-peer network, the community generally recommends taking some basic precautions when hosting Sentinel dVPN exit nodes.

The measures we advise in this resource are optional, and there aren't necessarily any hazards if they're not implemented. It should also be made very clear before we begin that there have been no recorded incidents of Sentinel Node hosts getting into any legal trouble in the eight-year existence of the blockchain.

At very worst, there have been a small handful of individuals who have received warnings from their internet service or cloud server providers due to torrenting activity. Such incidents stem from exit node hosts, who are facilitators for traffic, often being confused with "end users" due to activity taking place under the node's IP address.

Basic Safety Practices

1.) Know the Rules in Your Jurisdiction

The biggest obstacle in compiling a guide like the one you're now reading is the variance in laws, rules, and regulations across national borders. It's imperative that you do your own research on the legality of operating dVPN Nodes in your specific country of residence, as we cannot possibly hope to cover all of them here.

Since we must generalize a bit for the sake of brevity: Most western (European and North American) nations exempt communications service providers from liability for the activity of their users. Hosting dVPN Nodes by itself will also not run afoul of the law anywhere besides countries with explicitly authoritarian governments, such as Russia, China, or Iran.

We should take a step back here and reiterate once again that this guide is not explicitly intended to protect you from law enforcement, as the vast majority of Sentinel's hosts across the world are not violating local laws and aren't in any danger of legal action. The primary focus here is minimizing or eliminating the chance that your node hosting experience will be burdened by nuisance emails from non-state entities such as ISPs and cloud providers.

Following the advice in the next section about not hosting on your home network will also be enough to insulate you from the issue of national laws; especially hosting nodes abroad via cloud providers.

2.) Hosting on Your Home Network is Not Recommended

Outsourcing your nodes to cloud providers or Akash Network vastly reduces the chances of any issues (like the ones with torrents mentioned in the guide's introduction) occurring.

This mostly applies to hosts in countries where anti-piracy/torrenting rules are actively enforced by ISPs, such as the United States. There is also no risk of connected peers compromising your personal devices or network.

Nonetheless, insulating your personal IP address from the web activity of external dVPN peers is a fundamentally sound practice.

Many participants in the node network do host at home; however these are usually seasoned operators with strong backgrounds in blockchain and peer-to-peer network infrastructure who have advanced measures in place to reduce risk.

These often include:

Informing their ISP that they are running an exit node in a distributed network.
Requesting a separate IP address for the device hosting their node.
Registering their node operations as a business to reduce personal liability.
Registering their IP address with the internet registry in their jurisdiction (i.e. ARIN, RIPE NCC, APNIC), as transparency can be protection against any claims of illicit activity.

As a rule of thumb, when it comes to protecting yourself while hosting residential nodes it's usually best to be as transparent as possible with the authorities—however contradictory or ironic it may seem for a privacy-oriented project.

💡

Both the Tor Project and popular BitTorrent client Vuze maintain lists which track the sentiment of common ISPs towards peer-to-peer exit nodes.

The dVPN Alliance website has an email template which can be sent to ISPs which explains what exit node hosting is and its role in preserving human rights.

Firewall Configuration

For the sake of safety, network contributors hosting dVPN Nodes on their home connections are advised to adopt Tor Exit Node rules for their firewalls.

Though these tweaks are critical for residential nodes, hosts with data center nodes should also consider implementing them in order to optimize their setups.

Blocking SMTP-related ports (eg. 25, 110, 143, 465, 587, 993, 995), common malware C2 addresses (such as Bumblebee or Triada), and doing your best to suppress BitTorrent traffic can also significantly reduce the likelihood of encountering nuisances like abuse reports.

It's nearly impossible to entirely prevent torrenting activity, but blocking well-known public trackers (which are usually the ones under surveillance by DMCA agents) should be enough to nullify any risks it might pose to you.

Of course, any advice related to torrents in this section is only pertinent if your node is hosted in a country where anti-piracy laws are actively enforced.

3.) Cloud Providers

Should you host your node on the cloud, which is the recommended route, Sentinel Docs recommends against choosing highly-saturated providers such as AWS, Azure, or DigitalOcean, as they may not be whitelisted. It's also inadvisable from a purely business point of view, as common providers usually host in countries which already have hundreds of nodes, such as the United States and Germany.

While it's recommended for all hosts, we especially advise joining the dVPN Node Network Telegram group if you're planning to host a variety of nodes across the world. Members there (especially Syahpian Loi) often share incredible deals on VPSs located in a wide variety of countries, including rather exotic ones which may only have a handful of existing nodes.

When signing up with a cloud provider, it's best to avoid using your legal name when possible. If you want to avoid providing personal payment information, you can also find a provider that accepts digital assets like Bitcoin and Monero using this helpful website.

As we touched upon in the previous section, if you're hosting more than ten nodes (regardless of whether they're residential or cloud) it's advisable to register your operation as an official business in order to reduce or eliminate personal liability.

What To Do if You're Contacted

If you do happen to receive a notice from an entity such as an ISP, cloud provider, or law firm about activity which occurred on your node, the most important thing to do is stay calm. In the vast majority of jurisdictions, you've done nothing illicit or illegal. It can be intimidating to receive a warning or cease-and-desist, but there's rarely any real threat of anything happening to you.

If the Notice is a Warning from an ISP (or Other Service Provider)

There are three paths you can choose, depending on your locality and risk tolerance:

Ignore it: ISP and cloud service provider warnings about torrenting and piracy are commonplace and rarely amount to anything in most countries and jurisdictions.
Shut down your node (and ignore it): In stricter circumstances, ISPs and cloud providers will provide multiple warnings before taking any action—and that action will probably not go beyond cancelling your service. In cases such as these, there's no imminent threat to you, but it's probably a good idea to stop hosting a node from that IP.
Inform the party in question that you are the host of a VPN exit node in a distributed network: If you want to stand your ground (or are in a position where you must respond to the notice) you should politely make the party in question aware that you are an intermediary service provider and not an "end user."

If the Notice in Question is a Cease and Desist

Respond to any notices or claims in a timely manner, and be polite and professional. The dVPN Alliance website also hosts useful email templates for these situations.
Inform the party in question that you are the host of a VPN exit node in a distributed network.
Ask for proof that the claimant has the actual rights to represent the company or content they are contacting you about. Also check the jurisdiction you are receiving the claim or notice from.
- In many cases law firms send these notices without actually being appointed representatives in the hope of coercing people into a settlement without going to trial.

🗽

If any additional assistance is needed, contact advocacy organizations such as the Electronic Frontier Foundation (EFF) or European Digital Rights (EDRi). We also encourage you to share your experience with the Sentinel community or public at-large, and submit the claim itself to the Lumen Database. Coercive tactics and bullying thrive on silence, and making your voice heard can help change how exit node hosts are treated in the future.

Sources & Acknowledgements

Much of this information comes from a guide published by the dVPN Alliance, a now-defunct organisation formed by Sentinel and Mysterium earlier this decade.
- https://dvpnalliance.org/exit-node
Sentinel Docs was also an invaluable reference for this guide.
Firewall configuration advice courtesy of Teneke from the Sentinel node community.
Cloud provider signup advice courtesy of freQniK from MathNodes, lead developer of Meile dVPN.

Return to the Main Page, or click the button below to continue to the next module.

Node Resources