-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This Canary was updated on 1st Janury 2026 01/01/2026. I am in sole possession of my keys. I have not been ordered to give / given any user data or logs. IP addresses will be held for a maximum of a month. Logs without IP addresses may be saved indefinitely for statistics. The only person that has been given access to managing the servers to access such files is only me. I am ran under different providers who may apply their own logging above me. Current providers are hetzner (DE), netcup (DE), vodafone (UK), EE (UK). Terms and conditions: don't use my services in any way that violates German and British law. Other than that, I don't care. I have messages below that I don't believe really deserve their own blog posts and / or they seem important and relevant to being in a canary so I note them down here. ******************************************************************************************************************** 1st January 2026 01/01/2026: For the time being, I will be blocking any outgoing connections from my hetzner server to 64.65.1.0/24 (AS36849 - 1st Amendment Encrypted Openness LLC) which will impact the tor relay I operate on that server. This is due to this being the third or fourth time I've received a robot auto detection netscan abuse report. I had my IP locked before as you can see in message dated 26th December. Until hetzner lowers their robot sensitivity or 1st Amendment Encrypted Openness fixes whatever is causing this for the people with tor relays on hetzner, I will have the restriction for my server in place. I know this can have a potential impact on user anonymity which is why I thought it was important to write down here. If this concerns you, you may be more concerned that many others running servers on hetzner are doing the same. I don't have much of a choice in this action but I will be transparent as I am currently. I will add a new message when this blocking has been disabled. Below are links to the tor-relays mailing list conversations but copied to the tor project forum. If you want to be more in, subscribe to the mailing lists. https://forum.torproject.org/t/tor-relays-abuse-report-from-relays-in-family-7eaac49a7840d33b62fa276429f3b03c92aa9327/20693 https://forum.torproject.org/t/tor-relays-re-netscan-hetzner/21029 https://forum.torproject.org/t/tor-relays-re-netscan-hetzner/21033 https://forum.torproject.org/t/tor-relays-hetzner-netscan-false-positives/21038 https://forum.torproject.org/t/tor-relays-re-netscan-hetzner/21034 https://forum.torproject.org/t/tor-relays-re-abuse-report-from-relays-in-family-7eaac49a7840d33b62fa276429f3b03c92aa9327/21030 Below is a message from someone on the tor-relays mailing list explaining why they are blocking too. - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- It's very nice of you to follow up on the issue and it's much appreciated. However it's worth noting that to continue calling these abuse reports "false positives" is not going to help. Is Hetzner more sensitive to the issue? Yes. Is it false? No. So far the 1AEO team have blamed Hetzner, accused them of having insecure practices that are dangerous to TOR, asked the rest of us to appeal to Hetzner to stop their practice, etc... The one thing they haven't done is to address the fundamental issue which is basically something they're doing to cause this. We need to ask the right questions if we are trying to troubleshoot a problem and until we do, we're wasting our time. Right questions such as: Why out of over 9000 relays, only 1AEO cause these abuse reports? Until they are willing to admit the problem lies on their setup instead of blaming everyone else, this problem remains. I just got another abuse report around the new Years Eve Eastern time and had to deal with it, just like I had to deal with abuse reports on Christmas and the only thing coming from the 1AEO team is silence. One of the fundamental problems I noticed is with their BGP setup. When their server went down, this is what I got in a trceroute: traceroute 64.65.1.2 traceroute to 64.65.1.2 (64.65.1.2), 30 hops max, 60 byte packets 2 static.129.67.109.65.clients.your-server.de (65.109.67.129) 0.599 ms 0.643 ms 0.741 ms 3 core32.hel1.hetzner.com (213.239.252.181) 0.544 ms 0.484 ms core31.hel1.hetzner.com (213.239.252.177) 0.814 ms 4 core9.fra.hetzner.com (213.239.224.170) 20.228 ms 20.133 ms 20.180 ms 5 core0.fra.hetzner.com (213.239.252.17) 20.321 ms core4.fra.hetzner.com (213.239.224.177) 20.560 ms core1.fra.hetzner.com (213.239.245.125) 20.385 ms 6 core12.nbg1.hetzner.com (213.239.245.246) 23.726 ms core11.nbg1.hetzner.com (213.239.224.233) 25.419 ms 25.358 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * There are no routes to their server. You don't get IP unreachable, This literally has the same effect as scanning the whole non routable 10.1.1.1/24 block and you're flagged. Their upstream did not provide BGP routes to Europe when it took over, if it ever took over. Again, they have access to their setup and they should troubleshoot the problem and fix it, not Hetzner and not me every time I have to fill out a form to prevent my IPs from getting blocked. Hetzner's concerns are valid, the fundamental problem on 1AEO side is not. Just because Hetzner is more sensitive to the issue doesn't mean the problem is imaginary. So unfortunately I'm forced to block outgoing packets to their servers from my own relays to protect myself and I continue to do so until they openly admit the problems exist and publicly tell us the problem is fixed. I'm willing to limit my blocking only to the servers that cause this and let others pass, but unfortunately since there's no transparency on 1AEO's part and they haven't pinpointed the problem. I'll have to go with a wider ban. Cheers. - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- And below is a message from tor@appliedprivacy.net previously. Hopefully the contact at CCC will resolve on their side with just a basic whitelist for this issue on their side but who knows. - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- Hi, we just wanted to let you know that we got a Hetzner network contact yesterday here at 39C3 to try to get this issue solved at the root. We can not promise anything at this point but we will likely update this thread in a few weeks (January) about the status with Hetzner on this topic. best regards, tor@appliedprivacy.net - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- ******************************************************************************************************************** 26th December 2025 26/12/2025: Had partial outage on my hetzner server for ~11 hours starting 25th December. My hetzner server had ipv4 address locked due to an alleged netscan attack. Server hasn't been compromised. It flagged on the system due to qbittorrent looking for peers on local net when I specifically already disabled it. Until I look into it a little more, I won't be torrenting on hetzner. I was at a house party when this came on so I had to drive back early :( Part of the alleged netscan is also linked to connections to many tor relays from the same range of ipv4 addresses to 1st Amendment Encrypted Openness LLC. They own the whole section of IPs. Connecting to many at the same time looks suspicious. It came up on the tor-relay mailing list with other operators experiencing with hetzner. Not fun. https://forum.torproject.org/t/tor-relays-abuse-report-from-relays-in-family-7eaac49a7840d33b62fa276429f3b03c92aa9327/20693 https://web.archive.org/web/20251226184233/https://forum.torproject.org/t/tor-relays-abuse-report-from-relays-in-family-7eaac49a7840d33b62fa276429f3b03c92aa9327/20693 For the people that manage the projects I support and also the end customers, if you would like more information regarding this event, please contact me preferably at my main email address which can be found on my homepage. Please encrypt emails with PGP. Due to my privacy policy (in regard to server logs), I can't provide any proper server logs (showing information which could identify individuals). I can provide other general information. ******************************************************************************************************************** 1st December 2025 01/12/2025: I have received 4 CSAM abuse reports from my main server provider hetzner over the last week. They were uploaded onto the privatebin instance. For the nonces out there: get some help or jump off a bridge. That shit isn't welcome on my servers. I have been in comms with the BKA and the metropolitan police so that they are aware I also operate the onion and i2p addresses. This is just to create a clear line of communication from them to me so I can take down this shit quicker. People just upload through proxies anyways. For all the good users, there have to be a few dickheads. For those that are curious of what one of these emails look like, I have one below. Sections that are marked "[REDACTED]" are by me. - - - - - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- Dear Mr Diyar Ciftci, We have received information about Child Sexual Abuse Material (CSAM) on your server: - - - - - - ----- https://privatebin.diyarciftci.xyz/[REDACTED] - - - - - - ----- Please remove the content within the next 1 (one!) hour. If you do not remove the content within the next hour, we will lock the IP. Important: Please leave [AbuseID:[REDACTED]] unchanged in the subject line when replying directly to this report. Kind regards Abuse Team Hetzner Online GmbH Industriestr. 25 91710 Gunzenhausen / Germany Tel: +49 9831 5050 Fax: +49 9831 5053 www.hetzner.com Register Court: Registergericht Ansbach, HRB 6089 CEO: Martin Hetzner, Stephan Konvickova, Günther Müller You have the option of making an appeal against a negative decision. To do that, please reply directly to this ticket. If this is the Abuse Team’s final decision, you can also make a complaint by writing to info@hetzner.com. The European Commission also provides a platform that you can use as a platform for online dispute resolution (ODR) at http://ec.europa.eu/consumers/odr. We are neither willing nor required to participate in a dispute resolution process before a consumer arbitration board. For the purposes of this communication, we may save some of your personal data. For information on our data privacy policy, please see: www.hetzner.com/privacy-policy-notice - - - - - ----------------------------------------------------------------------------------------------------------------------------------------------------------------- ******************************************************************************************************************** -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAvTsx8GkJXO2cNWSBtVhgZ84cgIFAmlW59UACgkQBtVhgZ84 cgIuvQ/+Nh9vI+D732bfMPJL/jYRQ5tCMUjMjoYlM17yv/GBOoELwXtLnf94VyN8 M0r1AHP0XZFuVNwFsb7/VggOb6gNK2hnKynpRbSLJVec8aa3nUWPeJUBdUX/PO1m uekuA/6AqguQ7HyDOJgq82duxlqYuufHC5ndct5Yb6qOQX/SJ+xo29+J9IZAGPcZ 16tfbOKRe7DkqsyYTF+amLDXy4OeFaPSYWDhk+dy20yJ5Y1tOS5s2qYlrO1hC7Uv rSoCY7L/3QdqZbO1Et/w3SRvnG58CF0GX+FTUWjM/AT5+0rOhlztg0qj7N7ZLsx9 pulASMxbDWiD09LqxV7V09hN/xivS9+i1ksqY2yjSE7R0tvF9ZeR6Ttzwl/eygtx or9bX1RmLypGzf2GfpBYqq7Yx+v5rW9l9e4a7e/g9fRvu5xkfUgsmqQHslEXsvAf BdQIv3f0/Qa5YQ51JhSfFrhz+boHcNype5lHbQy9jl3b0YLVLGjCRBqJWBxEWQHw 8H+e4MvWzilAwB/mzn/xGwGkOrCfSP2i+UjnN0Sm9OohknzTRMgzaiycmX49xIdb Md8NMZ7OqdjQ+1bcovyGV8u6xgqSIwGOyjU1FbFfGGMY+fn5sjdK+WT08KSFe9G0 9pfaH2YBfudejzqLfKs3WZEICGYOWXh01NIQYxd5CEsffO3dMk0= =U3bm -----END PGP SIGNATURE-----