There are some providers who "buy" their blacklists from other companies that specialize in that. They essentially get a list of X IP Addresses / Subnets and they blindly block them. Providers compete to generate the "largest blocklist" with "the most bad guys", and therefore end up adding any IP Address they can find. Tor has been used by criminals at least once, therefore any address related to it must be bad, right?

Neustar is one of those providers and they obviously don't want to talk to anyone.

I'm not sure who Amazon Video uses, but they also block relays, not just exit nodes.

CDN's tend to block Tor. A lot of the Web is stood up behind one CDN or another. Cloudflare is the one that sticks out to me. But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.

So my thought is you probably ran into CDN's of various ilk, likely wasn't your ISP.

For the record, a fair number of large public universities run Tor relays and exits (my lab ran four relays and an exit when I was a grad student), and they seem to be doing okay; we were kind of our "own ISP" but what that really means is you lease everything from the local ISP and get to provision a large sub-block of "their" addresses as you see fit, which in our case was Comcast. I think we had a grand total of one DMCA complaint and no other issues. But it didn't hurt we did have a law school to call on if anything went south (which it didn't).

> But then again, a lot of people do use Tor to do stupid shit like DDoS or run C&C for botnets.

Misinformed at best: you wouldn't want to DDoS anything over Tor, because 1) the nature of the protocol means that the target receives less data than you are sending; 2) any botnet worth worrying over has much more bandwidth available than Tor's exit bandwidth.

Regarding botnet C&C, the picture is more complicated but 1) there has been a very high-profile case of a botnet using Tor to hide it's C&C activities; “surprisingly”, it's very easy to spot when a significant amount of all Tor clients are bots (i.e. the anonymity set is much too small to hide the botnet); 2) those do not tend to be hosted on behind CDNs.

> But it didn't hurt we did have a law school to call on if anything went south (which it didn't).

That's /very/ true: I would strongly urge anybody who considers running exit nodes to do this within a framework/organization where they can get legal assistance if it is ever needed.

That's interesting. I use VPS as my VPN, but I also run tor relay there, just because I think it's the right thing to do. I can certainly say, that I didn't notice any blocks from the web sites. I tried to run tor on my home server, but, unfortunately, my provider seems to block its traffic, so it was never able to bootstrap.