Frequently Asked Questions

The NearlyFreeSpeech.NET FAQ (*)

Login (*)

What should I do if I've lost access to the email address associated with my membership?

How do I recover my login name or reset my password?

Why can't I access your service from an IP listed as a Tor exit node by default?

The short answer is that fraudsters and thieves wrecked it for you.

While we support the notion of Tor on an ideological level, our real-world experience with Tor has consisted of extensive problems with Tor-sourced hacking attempts and an unsustainable level of Tor-sourced credit card fraud. We also encountered relentless exploitation by spammers and phishers using Tor to create throwaway accounts. (Sign up, create site, send spam, get caught, sign up, create site, send spam, get caught, sign up...)

We understand that it isn't the existence of the Tor network that makes these things possible, but it does make them easy, and when virtually all of the traffic from a certain source is malevolent, blocking that source can be the only option. Forcing people off of Tor at least long enough to confirm their membership and make an initial deposit may not be the ideal solution, but it's hard to argue with results.

For that reason, we restrict access to our member interface from IP addresses that are listed as a current Tor exit node. To lift the Tor restriction for your membership, you must already have a membership and a funded account and you must explicitly request that Tor access be allowed via our assistance request system. (All of which must be done without using the Tor network.) We choose not to allow it automatically so we can filter approvals based on the common sense of a real person, and to protect members who don't use Tor from Tor-based brute force attacks on their password. We charge a nominal fee ($1.00 -- waived for subscription members) to reflect the manual nature of the review.

If you know of a reliable way for us to distinguish a handful of good people amidst a throng of would-be criminals in an environment that's raison d'ĂȘtre is to make distinguishing people impossible, please let us know. So far, making sure we already have a relationship with the good people is the best we've come up with.

Note: if your IP is operating a Tor exit node with a policy that allows access to our system, it doesn't matter whether you are using Tor to access our system our not; if traffic originates from a Tor exit node there is no technical way to distinguish whether or not it passed through Tor. (If there was, it would seriously undermine Tor.) For example, if you are running a Tor exit node but bypassing it to access our system, the limit will still apply. Similarly, if you use a VPN service that allows its customers to run Tor exit nodes (e.g. AirVPN) your VPN server's IP may be listed as an exit node even if you are not personally running one. These are all situations that can be addressed through the approval process.

Completely separate from that, we also have concerns about reports of unscrupulous Tor exit node operators diverting TLS connections. This is a real thing; I have personally experienced a case where using a particular exit node led to TLS certificate mismatches when accessing a site where I knew no such mismatch existed. You should think carefully about passing any secure information through the Tor network.

If you are running a Tor exit node on your IP, even if you aren't using it to access us, you'll have to cut back to relay-only, and do so long enough for the change to be picked up by Tor's published server list, before you can sign up or log in. If someone else is running a Tor exit node on your IP address, you'll need to either work with them to do so or use a different IP address to access our system and request approval.

Why aren't I getting system emails (like password resets) from NearlyFreeSpeech.NET?

What is the login recovery process?

Why do I get redirected to the login page without an error message when I try to log in to your member site?

What does the error "the login information provided is not correct" mean?

What should I do if the 2-factor device used for logging in to my membership is lost or broken?

What should I do if I've forgotten what email address is associated with my membership?

What do I do if my membership was frozen due to sharing or a fraudulent transfer?