return to table of content

Another police raid in Germany

edm0nd
144 replies
21h41m

Part of the reason I sadly stopped running any exit nodes was law enforcement harassment.

I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.

The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.

The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.

Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).

The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.

Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.

I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.

zepearl
59 replies
20h30m

Is something like this unexpected? I personally never ever thought so (which is the reason why I never ever even considered running a TOR exit node).

As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

On one hand I admit that that might be the case, on the other hand even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).

In my opinion it's obvious that the current situation of solutions is in general bad: too much pressure on services that provide privacy because it's too easy for crime to misuse them :o(

Sebb767
48 replies
20h2m

As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

cm2012
24 replies
19h26m

There's enough truly bad actors out there, not everything is shades of gray. Cartels, North Korea, ISIS, etc.

lolinder
16 replies
19h1m

Yes. And running a Tor exit node means helping these people in addition to any in the morally gray area that you personally consider evil.

If you look at that and still come to the conclusion that the people you're helping are worth the cost of also helping commit atrocities, that's a decision you can make. But an occasional subpoena related to a bomb threat or similar is a good and necessary reminder of what it is that you chose to do.

_heimdall
11 replies
15h58m

This is the crux of every argument against free speech, no?

There is a fundamental trade off we have always had to make between safety and freedom. If you believe that privacy online is a freedom worth having, or if you believe one should be able to say whatever they want, you have to accept the bad with the good.

As soon as you start gating access by judging a person by what they're trying to do privately online, or what they're trying to say, you've thrown out that freedom and made it a privledge.

There's not even anything wrong with that if that's the world you would prefer to live in. Its important to know that's the tradeoff you're making though, and be prepared to accept the consequences if you one day find yourself running into new leadership that believes what you want to do online, or what you say, isn't worthy of the privilege.

dt3ft
6 replies
13h1m

Wasn’t the raid done in a democratic land? There is no gestapo in Germany in 2024, is there? Privacy is what terrorists love too. There needs to be a balance. Even guns need permits and psychological evaluation.

notarget137
4 replies
12h44m

The goverment has just revoked your speech license. Please upstain from public talking to more than three people.

newaccount74
2 replies
3h56m

I really don't get how bomb threats can be considered "speech". Like, there is no benefit to society from allowing people to make bomb threats.

raxxorraxor
1 replies
3h14m

Be more precise in your thinking. This is not about bomb threats, this is about punishing people that provide a line of communication.

It is not a new concept that defendants of freedom of speech often have to protect scoundrels too. The argument doesn't change, it always has the same pattern and principle. And yes, it is advisable to err on the side of freedom, there is enough literature here to expand on that point.

Additionally the agencies that would demand these information are prone to break the law itself. So this isn't even a discussion about doing something just or not. This is purely a discussion about how much power you want the executive to have. Or in case of Germany, the often misdirected and overworked judicative branch.

newaccount74
0 replies
2h54m

Here's a different take:

Criminals and fraudsters will abuse pretty much every technology they can get their hands on. As a consequence, every service operator needs to do their part to prevent fraud and abuse. If you offer a service anonymously and indiscriminately, your service will be overrun by crooks, and you'll end up serving criminals.

The fact that your service could be used to defend free speech does not absolve you from your duty of monitoring the use of your service. If you realise your service is used for exchanging illegal content and bomb threats, it's your duty to do something against that, or stop providing the service.

hcfman
0 replies
1h22m

The government are against free speech if you are criticising illegal things they are doing.

raxxorraxor
0 replies
8h9m

Germany certainly needs more liberty instead of raiding the home that called an official a penis.

lolinder
2 replies
15h52m

Its important to know that's the tradeoff you're making though

Exactly. This is all I'm saying.

I don't have enough knowledge of Tor to make an argument that it does more harm than good or vice versa. But I do know that a lot of people on here are just as ignorant as I am but are quick to assume that Tor must be inherently good because it protects privacy.

As I said, if you look frankly at the risks and decide that the benefits are still worth it, that's a decision I'm comfortable with you making. But that requires looking very frankly at the risks, which most seem reluctant to do in favor of high-minded abstract discussions of the merits of freedom and privacy.

This subthread spawned from someone who helped facilitate a bomb threat through an exit node they were running, and that kind of concrete harm needs to be mentioned in any discussion of the merits of Tor.

marcus_holmes
1 replies
12h5m

And someone else pointed out that the IRA used to send bombs through the mail. Yet we are not debating shutting down the Royal Mail because of that (and rightly so).

There are governments out there who kill people who criticise them, usually journalists. We need those people to continue their work. We do not want a world in which all communication is government-approved.

lolinder
0 replies
5h32m

the IRA used to send bombs through the mail. Yet we are not debating shutting down the Royal Mail because of that (and rightly so).

As I said elsewhere, at least in the US there's an entire law enforcement agency whose sole job is tracking down people who use the postal service to commit crimes and hurt other people. I'm sure there's an equivalent process in the UK. Tor is specifically designed to make that impossible.

There's really no comparison.

There are governments out there who kill people who criticise them, usually journalists. We need those people to continue their work. We do not want a world in which all communication is government-approved.

I agree, and it may well be that on the balance we come to the conclusion that Tor is worth it. All I'm asking is that we stop looking at the harms as an abstraction and the benefits as concrete.

OP facilitated a bomb threat but seems to have thought primarily about how unfair it was that law enforcement subpoenaed them rather than the complexity of the moral choice they made and its consequences.

_rm
0 replies
10h51m

This trade off concept is a popular belief but completely fictitious and dishonest.

The state is not fundamentally better than the people as a whole. They just have more focused resources.

More resources to brainwash their subjects about how their power is always such a great and wonderful thing and is only ever used for good, and definitely better than people exercising power themselves.

Oh and also much more resources to gas people to death in camps, starve them to death, blow them to bits (but always for completely good and justified reasons of course).

Complete crock of shit, it is.

ethbr1
3 replies
17h36m

I'm as much of a supporter of encryption as anyone, but I also accept that true effective encryption enables some pretty horrible things.

One of those "better look your meat in the eyes, before you murder and eat it" idealism-meets-realism moments.

On the whole, though, I think even with perfect encryption the remaining physical traces of illegality are sufficient for law enforcement purposes (granted: if more difficult).

lolinder
2 replies
17h30m

I don't think the analogies to encryption are fair because a Tor exit node is far more active in shielding criminals than the inventor of a new cryptography scheme is. The inventor merely puts out an idea that can be used for good or bad. The exit node operator is actively paying on an ongoing basis to shuttle CSAM and bomb threats.

The exit node operator is also shuttling other content, so it's not wholly evil and on the balance someone might decide it's still worth it, but it's still a much less obvious ethical call than simply designing a piece of tech.

BlarfMcFlarf
1 replies
10h29m

Someone has to pay for distribution, maintenance, and integrations of the encryption on an ongoing basis. If it was legal to write encryption but illegal to distribute it, what would be the difference from a ban? Both tor and cryptography require an ongoing effort to provide their service.

lolinder
0 replies
5h26m

I see a pretty strong difference between hosting the latest build of gpg and actually running a server that moves the bytes that cause the harm. You may not, but I do.

hsbauauvhabzb
4 replies
17h40m

‘Truly bad’ still relies on the perspective of the participant though. Parents point is that ‘bad’ is a matter of perspective, and that right or wrong, at lease some cartel/nk/isis operatives believe their actions are justified for some greater good, Palestine/Israel opinions and belief are obviously a more easy to understand perspective, but the point still stands.

eptcyka
2 replies
12h31m

NK operatives feel incredibly lucky they get to not starve. Unless they got to where they are at due to nepotism.

snapcaster
0 replies
5h45m

You don't know that, you've never been there or probably spoken to a north korean. Not saying you're wrong (i can admit i have no idea), but i'm annoyed you're swallowing narratives from warlords who have been known to lie to start wars as if it's assumed default true

hsbauauvhabzb
0 replies
11h13m

I have no idea about nk politics, but if the media continually pumps out ‘the west is the reason we’re starving, join the military today!’ then they might feel lucky to both be fed, and to be serving their country.

watwut
0 replies
8h2m

Hitler thought he is a good guy. Stalin thought he is good guy. Everyone thinks he is a good guy from the own perspective.

roenxi
0 replies
17h7m

You're naming things that are in the grey zone though. For example I can find polls [0] suggesting that North Korea is one of the least popular countries, but not strikingly different in absolute terms than someone like Russia or the USA. Internationally speaking they aren't unusually bad actors.

The problem with a "no shades of grey" stance is that in any large organised group there are going to be some good points and reasonable ideologies for why they have banded together to do what they do. They may be mistaken on important points, and it certainly may be necessary to put all empathy aside and try to ruthlessly crush them regardless of any good points they have - but in practice that approach almost always leads to terrible results compared to negotiating to emphasise the good and suppress the bad. Take ISIS - the reason we have groups like ISIS running around is generally because of a no-shades-of-grey approach taken to deal with their precursors. The US policy in the Middle East typically destabilises things (although they are hardly alone in doing that).

[0] https://en.wikipedia.org/wiki/Foreign_relations_of_North_Kor... - "Results of the 2017 BBC World Service poll. Views of North Korean Influence by country"

Peteragain
6 replies
12h25m

During The Troubles bombs were sent via the Royal Mail. Nobody blamed the post office. Indeed any infrastructure is a tool of terrorism as we rely on it (I am not going to make a list for obvious reasons). I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk. The question is whether or not the same applies to free speech - you're right there is no win-win solution, but it still might be worth it.

blitzar
2 replies
9h48m

However if you start "Peters no questions asked hand delivery service, shipping direct from Ireland to London so reliably you can set a timer by it" - and you deliver 3 bombs to politicians you might find yourself being asked a few questions.

petertodd
1 replies
8h36m

At the time that's exactly what the Royal Mail was. Requiring identification to send packages is a much more recent development. Society just accepted that bad actors could do this and solved the root problem instead.

watwut
0 replies
5h5m

Society just accepted that bad actors could do this and solved the root problem instead.

You ... do not read much about history, I guess from this.

lolinder
1 replies
5h17m

I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk.

The thing is, we absolutely don't tolerate this with infrastructure. We have entire systems in place to make sure that we can find people who use our infrastructure to kill people. The USPS has its own entire law enforcement branch whose sole job is to track down people who misuse the mail. I'm sure there are processes in the UK for the same.

With our infrastructure there's some non-zero amount of abuse that we acknowledge we won't be able to prevent in order to make everything work without infinite enforcement cost, but we don't just close our eyes to the abuse and not even try to do anything about it at all.

The difference between the post office and Tor is that Tor is very specifically designed to make tracking a sender of a bomb threat impossible. State-run postal services at least try to have an audit trail for what they send.

atemerev
0 replies
2h13m

Well, many (if not most) exit nodes are ran by three-letter agencies, so at least there is some infrastructure in place.

_ph_
0 replies
3h33m

There are quite a bit of differences here. The mail services transport physical goods, and the whole path can be tracked. Every letter or parcel is registered by the postal office where it was submitted to for transport. And usually there is quite some physical evidence with everything you do mail.

nkrisc
4 replies
19h32m

You have to ask yourself if the good is worth the harm.

AnthonyMouse
3 replies
17h55m

But the math on that looks like this.

The "really bad" people have no conscience. No qualms about compromising the device of some innocent victim and then using that as their "exit node" if Tor wasn't available. So if Tor doesn't exist, that's what they do, and that's worse. Because not only do the bad guys still get to be anonymous, now the owner of the compromised system takes the blame. Which is more likely to be someone less able than you to articulate what happened, and who has to claim they were hacked with perhaps scant evidence rather than being able to point to their IP address on the public list of Tor exit nodes. They also might not be in a country with due process. So what you're doing there isn't helping the bad guys, it's saving some of their innocent victims from being unjustly punished.

Meanwhile the "good guys" who use Tor do have a conscience, so they wouldn't do that to an innocent third party, and then without Tor they have nothing. So you'd be helping them too.

qsdf38100
2 replies
11h57m

We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Come on, Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false. You’re mostly enabling all sorts of criminal activities, from benign to major. Hosting a tor exit nod doesn’t make you a hero, quite the opposite actually.

Ferret7446
0 replies
9h18m

I would use that argument if I were an oppressive government that was troubled by journalists using Tor to expose me. It's only 1% right? Think of the children.

Quoth Fidel Castro: ¿Armas para qué? (What do you need guns for?)

Guess what he did after he took the people's guns

AnthonyMouse
0 replies
11h4m

We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Locks aren't for the really bad people, who are in fact going to break down the door. They prevent crimes of convenience.

But Tor is the lock, and the crimes of convenience would be e.g. mass surveillance of the population, in the event that ordinary people don't have it. So it's not clear what you're arguing here. That everyone should use Tor?

Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false.

Start here:

https://news.ycombinator.com/item?id=41507790

Add to this, the illegal stuff isn't accessed via exit nodes, which link into the ordinary internet. Those things use hidden services, which are internal to the network and don't use exit nodes.

But let's even explore the premise. Suppose a lot of the traffic is people trading in illegal materials. Well, that's not really a big problem; people do that stuff via several other existing channels and the societal cost of each instance of someone buying pot over the internet isn't very high. Whereas the societal benefit of one single whistleblower is massive. These things can change the lives of millions of people. So even if it's 99% contraband, the remaining 1% is ten million times as valuable.

lolinder
2 replies
18h42m

In the end, this really comes down to whether you value freedom or state protection more

If we're talking about the decision to actually run an exit node, I disagree with this breakdown of the ethics. I can value freedom more than state protection in the abstract while at the same time not feeling that helping support freedom in Russia and China and Iran is worth the cost of simultaneously helping to shield perpetrators of violence closer to home.

In most people's ethical frameworks choosing not to run a Tor node does not make me culpable for the actions of a state suppressing its people, but choosing to run one does make me at least somewhat complicit in shielding the perp of a bomb threat.

saikia81
1 replies
8h5m

how is this different from running a postal service? would you be against that?

lolinder
0 replies
5h33m

The USPS has an embedded law enforcement agency [0] whose full time job is to track down people who are using the postal service to commit crimes. Tor is very specifically designed to make an equivalent impossible.

[0] https://en.m.wikipedia.org/wiki/United_States_Postal_Inspect...

II2II
2 replies
18h46m

depending on which side of the Israel/Palestine conflict you are on

Here's the thing: I am not on either side of that conflict, or likely any other conflict you could use as an example. There are atrocities committed by both sides. There are victims on both sides. You could argue over who committed the worse atrocities or over who is the biggest victim until your face turns blue, it isn't going to end the cycle of violence as long as there are people facilitating that violence.

And no, I am not naive. I know there are people out there who care nothing about causes beyond their own self interest and who care nothing about their victims. I realize that these people are impossible to combat without the innocent coming in harms way. Yet the moment we fail to be ashamed of the harm we cause in the name of the cause, the moment we fail to acknowledge who is being harmed in the name of the cause, is the moment we become no better than them.

szundi
0 replies
16h44m

Oh just because you are not affected yet, you might be in the future, most probably if no one is there to help against people with obscene power and they start to easily win

Ferret7446
0 replies
9h23m

Here's a better example then. Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?

Lots of horrible dictators have used rhetoric like yours to rationalize/facilitate their actions.

The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.

You have to pick a stance and live with the harm that comes out of it (yes, whichever stance you pick, will cause harm).

zepearl
0 replies
18h40m

In the end, this really comes down to whether you value freedom or state protection more...

This is again a forced binary "and/or"-decision, without anything inbetween.

It doesn't have to be like that - both can coexist, if both terms are not extreme.

(disclosure: my post is not related in any way to Israel nor Palestine and I'm personally not linked in/directly to anything related to Israel nor Palestine and this post is not related to the current conflict)

tzs
0 replies
17h26m

Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

Stepping back though neither side in that conflict needs Tor. They both have numerous supporters in other countries where that support is legal. They can send and receive information through trusted outside supporters including some outside governments. They just need secure communication channels to a few representatives among those supporters rather than something is general as Tor.

totetsu
0 replies
17h18m

In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

I want to argue for freedom, on the grounds that most people know whats best for themselves better than others, so on balance there should be more people using that freedom for good, but then most people are busy, and not as motivated or knowledgable of how to use that freedom as the malicious actors are.. so is that even freedom in the end?

nox101
0 replies
10h37m

I don't think that dicotomy is quite right. bad actors can take away my freedoms (for example if they steal my bank account I'm no longer financially free as I'd have no money)

I don't know the correct balance. maybe it's just an impossible problem. I just don't think the two sides are freedom vs state protection.

User23
0 replies
17h50m

Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

The problem is when you choose to involve yourself in nation-state conflicts they’re just not going to care about your protestations of neutrality and freedom. They’re just going to see you aiding their enemy.

john_the_writer
3 replies
19h32m

Agreed.. this " I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution," could be dependant on what you personally see as bad actor.

Would being gay count? In some countries it's a death sentence, so using TOR is how they avoid being thrown off a roof or stoned. Talking about anything LGB is a crime.

What about someone who wants to read 1984.. Would you be okay with them committing that crime?

paperplatter
1 replies
18h55m

Yes being gay is illegal in some countries, but those governments don't have the ability to raid a German citizen's home for it.

AnthonyMouse
0 replies
17h48m

The people who do live in those countries could, however, be using an exit node in Germany. It isn't the exit node operator who chooses who uses it.

zepearl
0 replies
18h57m

I hate the current general trend pushing a position of an either absolute "yes/no" for any theme...
raverbashing
2 replies
12h15m

I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).

Exactly

Making an analogy, I feel these people are kinda the European ideological equivalents of the "sovereign citizens" in the US (though sure, they're usually more informed)

In one way, deeply concerned about very legitimate worries of free speech and privacy. In another way, very naive about what happens in the real world or how legal process works

Expectations: "We're helping people fight dictators!11" Reality: 80% malicious usage, 10% "just a prank bro", 5% people with legitimate uses and then the rest

qsdf38100
1 replies
11h55m

Agreed, except, what is especially European about this?

raverbashing
0 replies
11h25m

The idealism and rose-tinted/"self righteous" view of the world.

"Wir schaffen das"

raxxorraxor
0 replies
8h40m

Idealism around privacy and liberty are quite important, otherwise you end up with a worse country and there is a reason for laws to usually grant people these rights.

The law failed here and it is a typical problem for Germany, that historically and still today has problems with liberties in general.

FUD doesn't mean we should do away with liberty. To say otherwise is naive idealism that requires infallible human actors in security related agencies. That is impossible.

_ph_
0 replies
3h36m

And it doesn't need to be a "really bad actor". I have been spammed by someone for years who clearly used a script to target an online service of mine. Always connecting from TOR, so banning an IP or a range wouldn't block that person.

This shows how easily TOR can be abused, even for small misdeeds.

AnthonyMouse
0 replies
18h6m

even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

Decentralization is not an excuse for negligence. Anyone working in cybercrimes should be aware that Tor exists and of what it is. The list of exit nodes is public. Harassing the operators can only be one of malice or incompetence and neither alternative is excusable.

shadowgovt
55 replies
21h29m

But flipping the script: bomb threats and Qatar conducting international espionage aren't silly things as far as the government is concerned, and if we intentionally interpose ourselves in the comms channel in a way that the attack trace stops at us, we should be expecting follow-up from a human being tasked with enforcing the law, right?

edm0nd
37 replies
21h7m

I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.

If you had visited any of my exit nodes via port 80 or 443, I had a lander on them stating that it was a Tor exit node and to please contact me if you wanted your IP to be blacklisted from it. I also stated that there was no useful information contained on this server (by design) that would be helpful for any evidence gathering or investigations. Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.

Additionally, Tor exit nodes are public and all they had to do was look into my IP more than 5 seconds after finding it in logs somewhere and firing off a warrant or subpoena for it. The first two were straight up vague templated fishing expeditions. The 3rd subpoena actually came straight from the DOJ and was a lot more detailed and serious.

They should know what Tor is and know that any Tor server contains ZERO info that would be able to assist them in whatever they are attempting to investigate.

Sure, I do think such situations require follow-up but as soon as they are informed it's a Tor ip, they should know to drop any pursuit of getting evidence from it. They do not, they continue to go after you via legal means. Even though I had the EFFs help, this entire process still took months.

It's pretty stressful to be in a situation where its lil ole me VS the entire United States government who has unlimited resources, time, and money to go after you.

I am extremely blessed to have had the EFF lawyers at my defense and will forever be a life long supporter and donor to them. They really do fight for our digital rights and can help defend you in a digital equivalent of a David versus Goliath situation.

cortesoft
18 replies
20h55m

The end goal is probably to get you to do what you did, which is shut down the exit node. If they make it painful to run a Tor exit node, they make Tor harder to use.

lolinder
17 replies
20h39m

Exactly. Which is not as obviously an unethical approach as some here would think—if you are standing between law enforcement and a bomb threat, "I'm intentionally ignorant of the activities of the people that I'm shielding" is a morally dubious place to stand. The law allows law enforcement to subpoena records related to an investigation like this, and I honestly think it's fair to force Tor exit node operators to handle those subpoenas every time, even if the answer is always the same.

To have some sort of automated process in place to deflect blame allows an exit node operator to ignore the real damage their work can do. They may still decide that the good that they're doing outweighs the bad, but forcing them to see the negative consequences of shielding anyone who wants a shield has value.

courseofaction
16 replies
20h10m

Is that the horseman we're giving up our rights for today?

lolinder
15 replies
20h3m

Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?

I'm not suggesting people shouldn't be able to run a Tor exit node. I'm suggesting that people who run Tor exit nodes should occasionally have to a deal with a subpoena that says "your exit node was used by a criminal to hurt people in ${these ways} and we require any information you have to help apprehend the attacker."

I don't want to deprive anyone of the right to make a moral decision, but I do want them to feel the weight of the full import of that decision.

AnthonyMouse
12 replies
17h35m

Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?

Can you name a product or service for which this is not the case? Militaries use general purpose software to design weapons. Murderers use vehicles and transit systems. We don't expect the government to harass the makers of cutlery because they provided a product used in a mugging.

lolinder
8 replies
17h20m

I think that any creator of any tool should be faced on a regular basis with the harm that that tool causes and have to make the call on a regular basis if it's still worth it.

AnthonyMouse
7 replies
16h22m

So steel workers should get a subpoena they have no effective means to respond to on a regular basis because steel is used to make all manner of weapons and machinery that gets used by bad actors?

numpad0
2 replies
11h29m

Aside from this being a bad faith comparison - no way you actually believe that steel rods and bars can't be subject to EAR

AnthonyMouse
1 replies
11h0m

You can't justify a bad policy with a different bad policy. Trying to control access to a fungible global commodity is pointless.

numpad0
0 replies
10h29m

You've questioned existence of such "bad policy". I pointed out that there are such policies. I neither supported nor opposed them.

I won't be surprised if there were something in US criminal code with supreme court precedents that specifically dictate the government harass in timely manners the makers of cutlery used in a mugging. There _are_ always laws. _Everything_ is regulated. Most of those regulations are reasonable.

lolinder
2 replies
16h21m

This is a bad faith comparison and I'm not going to engage with it.

AnthonyMouse
1 replies
14h58m

I'm honestly not sure what distinction you're trying to draw between them. Clearly any ordinary product can be used for nefarious purposes.

The distinction some people try to draw is when a higher proportion of a product's users are nefarious, but that doesn't really work either because who uses something can change over time.

If you have a society where nobody has window blinds or locks on their doors because it's a rural area and there is no one around to invade your privacy then locks will be disproportionately used by neerdowells "with something to hide", and then busybodies will claim that anyone with nothing to hide shouldn't be concealing their private spaces and anyone selling or using any privacy technology should be pressured to stop. Which sustains the status quo through external pressure even if someone does start invading everyone's privacy.

And that's what's been happening on the internet. Surveillance is the default, Cloudflare et al block Tor users as a matter of course and that drives normal people from Tor and similar technologies even though they would otherwise benefit from its use. People are told that it's the dark web where there are criminals and they shouldn't use it -- it being Tor Browser, the thing that keeps ad networks from tracking them across the internet.

Then after dispersing the normal users who would otherwise benefit from using it, people say that it has a lot of nefarious users to justify the continued harassment of anyone who does. But that's just path dependence, and there are parties interested in leading us down the garden path to mass surveillance.

Propelloni
0 replies
10h14m

Clearly any ordinary product can be used for nefarious purposes.

Right, I could kill a person with a spoon. Still we regulate guns and not spoons, why is that?

zo1
0 replies
13h35m

You are talking into a void following this line of reasoning. There is no logical consistency in the context of a state and all the myriad of terms and concepts in its wake. That's by design and everyone that's brought up under it from a young age is taught to embrace that, as a feature. Your words are foreign invaders and every core of these smart people's beings will fight you with their ridiculously smart and well trained antibodies.

Not trying to single out the person you're responding to, but I've seen this play out many times and engaged in it previously to no effect.

shadowgovt
2 replies
14h29m

We, uh, absolutely expect the government to "harass" people operating transit systems for any and all information about a criminal using that system.

Camera feeds, ticket records... All of that is accessible via warrant. That's probably the most salient example in this context.

AnthonyMouse
1 replies
13h25m

Tor exit nodes don't have any information to identify the end user. They don't know who it is, so there is nothing to subpoena or turn over. Subjecting low-resource entities to a known-futile legal process is a form of harassment.

shadowgovt
0 replies
3h53m

It's not known-futile. A misconfigured Tor node could be storing all sorts of useful traffic data. Besides, there's also the possibility that the exit node operator themselves could be the actor; since the trail stops at them, they're under suspicion.

aspenmayer
1 replies
18h6m

If it is moral for the US government to create Tor, it is moral to use it. Sure, it may be it’s a tragedy of the commons, but there’s no individual moral accountability or responsibility for those running Tor because of things other people do or don’t do on it. That’s outside anyone’s ability to control anyway.

Nursie
0 replies
16h45m

there’s no individual moral accountability or responsibility

Of course there is. If I am deciding whether to dedicate resources, money and time to running a service which -

a) Helps dissidents in authoritarian regimes communicate freely

and

b) Enables bad actors to send threats and/or move CSAM around

Then that is absolutely a moral choice I need to make. It's not outside your control, you get to decide whether or not to provide the service.

admax88qqq
5 replies
19h34m

I don’t know. Could you imagine if you were in charge of investigating something like this and you _didnt_ check one of the computers involved just because the guy who owned the computer claimed it doesn’t have anything useful on it?

There could be logging bugs in Tor that you were unaware of, or the owner could be using Tor as a cover. It would be negligent _not_ to at least check the device logs for anything useful.

thecrash
4 replies
19h16m

By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.

The truth is that police investigations normally are restrained based on the disruption that they cause the public. Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.

They want to punish operators because the authorities are frustrated by the effectiveness of these technologies in countering the pervasive surveillance environment which the authorities take for granted.

lolinder
0 replies
15h35m

Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.

Citation needed. ISPs have entire departments dedicated to cooperating with law enforcement. Comcast has a whole portal with its own subdomain specifically for handling requests from law enforcement [0]. Cox has a page detailing exactly how to send them a subpoena [1]. These guys are clearly dealing with subpoenas just like the ones OP is describing all the time.

It only seems out of the ordinary this time because it's a random person who decided to play middle-man instead of an enormous corporation with a massive legal department.

[0] https://lrc.comcast.com/lea

[1] https://www.cox.com/aboutus/policies/law-enforcement-and-sub...

gamblor956
0 replies
16h13m

ISPs cooperate with law enforcement. Most even have dedicated staff for that.

So there's no need to seize their equipment.

bongodongobob
0 replies
16h42m

< By that logic why not also seize and do forensics on all the ISP's routers too then, just in case?

You think they don't!?

aspenmayer
0 replies
18h16m

By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.

Implying that they don’t have the capability to do this already and/or alternative means to accomplish the same thing.

https://en.wikipedia.org/wiki/Room_641A

Room 641A is a telecommunication interception facility operated by AT&T for the U.S. National Security Agency, as part of its warrantless surveillance program as authorized by the Patriot Act. The facility commenced operations in 2003 and its purpose was publicly revealed by AT&T technician Mark Klein in 2006.
luckylion
3 replies
20h55m

There's a very productive spammer that sends out spam for their shops and, on their home page, they have a big info about how they didn't send that spam, and it's just somebody else trying to ruin their reputation.

If all you'd need to deter law enforcement is to put a website up on your server and say that you don't have anything to do with anything happening on that server and that they shouldn't bother because there's nothing to see anyhow, a lot more criminals would do that. I'm sure they'd even put an actual exit node on their machines if that protected them from law enforcement.

thecrash
1 replies
19h5m

Maybe rather than a big info explaining that there's nothing to see, it could be a big info explaining that "source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.

It's like raiding the home of the mail carrier because someone got drugs in the mail. Sure, it could technically be that the mail carrier is also a drug dealer. But when it comes to the USPS, the identity of who delivered the contraband package is not a useful data point for investigating the crime, and acting otherwise is willful ignorance.

lolinder
0 replies
15h21m

"source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.

It doesn't have to be the actual origin for it to be useful—unless the software is specifically designed to avoid traces (i.e., Tor), there are often logs that will lead you to another IP address, which might lead you to another, which might eventually lead you to the source. It would be foolhardy for police investigating a bomb threat to not at least ask, given how many people they do in fact catch this way.

It's like raiding the home of the mail carrier because someone got drugs in the mail.

No, in the case of OP it's like subpoenaing the local post office and asking for everything they know about where that package came from. Which is, incidentally, quite common, except that in the US the post office is a government entity that doesn't need to be subpoenaed because it has its own law enforcement agency that should have jurisdiction over the case.

edm0nd
0 replies
20h52m

Fair enough!

shadowgovt
2 replies
21h1m

Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.

I mean, yes, I'm pretty sure "just take my word for it" is asking too much of LE.

We can always say "Come back with a warrant" but then sometimes they'll come back with a warrant.

They should know what Tor is and know that any Tor server contains ZERO info

Unless, of course, one has misconfigured it... Which could be the case. Definitely the kind of thing LEO can figure out on the other side of a seize-and-strip of the hardware. Unfortunately, I think the only way to not be a part of the story here is to not be a part of the story here... Don't proxy anonymous traffic if you don't want law enforcement asking after the anonymous traffic you proxied. Otherwise, expect the responsibility imposed upon a service provider (since you're providing a service).

Other ISPs avoid this scrutiny by going out of their way to be helpful to law enforcement.

zadokshi
0 replies
13h49m

There is no way for police to know if the traffic came through tor, or was initiated by the owner of computer/server. It seems reasonable that the police have the right to investigate. If not, anyone could run a tor node to cover up their own criminal activities. Even if you did have logs suggesting it was tor activity, should we trust someone’s claim that the logs are proof that it was someone else?

It would in fact be negligent if the police did not properly investigate the server/computer/house of the device.

edm0nd
0 replies
20h53m

Yup that's the same conclusion that I've come to for now. I got a family and stuffs now so don't want to bring any stress to them.

One day I will resume but in the future :)

fn-mote
1 replies
20h47m

That isn't the reading I would make of the situation.

Like the OP says, it's harrassment to discourage continued operation.

jacobgkau
0 replies
19h57m

I think that's what the person you replied to was saying. The purpose of the "system" of law enforcement is not what they say it is (to try and gather evidence from the server), but rather is what the system does (get people to shut down exit nodes because of the hassle).

BLKNSLVR
1 replies
18h48m

I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.

That's my experience too from actually having my house raided. I had two kids in bed at the time, and the police didn't even know to expect kids in the house (both kids were over 11 years old, had birth certificates, had lived in that house all their lives and attend local schools and are darn fine students).

They didn't know. It's mind boggling to me that they could get a raid warrant without having done even the most basic (below even basic) investigation.

My opinion of police investigative competence took a 99% hit as a result.

It's a lesson my kids won't forget either.

hcfman
0 replies
1h13m

The raid no doubt was carried out by the police. They just what they are told to do by an organisation that is higher up. No one will get reasons. Maybe the chief of police. But only a limited amount so he can claim plausible deniability.

The dirty people behind all this are in the way they run the investigations. And what way is that ? Well it’s the “organised crime investigations”. The Netherlands pushed the RIEC way of working here to Germany and Belgium. Look it up. Euriec.

The whole way of working is to do dirty tricks in an unaccountable way.

gary_0
13 replies
20h49m

Yes, but they should be able to investigate without placing an undue burden on exit node operators (or regular people with a compromised device that was used as a proxy). Unfortunately it's hard not to be cynical and assume that these kinds of overreactions (and worse) are going to continue. But in my opinion, any society where policing is convenient for the police is a horrible place to live. (Is it really such a radical concept that law enforcement should be focused on protecting the innocent, not punishing the guilty?)

lolinder
12 replies
20h33m

but they should be able to investigate without placing an undue burden on exit node operators

Is the burden undue?

A Tor exit node operator has made the ethical judgment call that they're doing more good than harm. That might be a reasonable position to take, but I don't think it's unreasonable for us to expect an operator to face up to exactly what it is that they are doing. I'm fully on board with any bomb threats (as just one example) leading to a subpoena on the exit node operator who shielded the threat actor, even if the answer is the same every time.

Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

gary_0
7 replies
20h9m

I can think of very few cases where the possibility of your home being raided by heavily armed police officers, and your property seized, is appropriate if it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

It is fair that running an exit node might be inconvenient, maybe even to the point where consulting a lawyer is advisable, but I think we should draw a hard line at direct threats to an innocent person's liberty, livelihood, and physical safety. That kind of fear is definitely an "undue burden".

lolinder
4 replies
19h37m

Yes, I can agree that an armed raid or the threat thereof is definitely an undue burden.

it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

I do not view software as amoral. It's a tool, and like any tool it is an extension of myself. Software that I run is acting on my behalf, and what my software is designed to do is something that I should be held morally accountable for.

I'm not sure when the hacker ethos came to mean that "just running software" absolved you from having to account for the damage your software causes, but if that's what the hacker ethos is about then yes, you can count me out.

gary_0
3 replies
19h17m

My point was that running any kind of software should not come with a presumption of guilt. But in the eyes of the establishment, it often does; see: Aaron Swartz, or how pressing F12 might be illegal[0], or many other such cases. A "hacker" should not have any sympathy for this kind of draconian knee-jerking.

[0] https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-...

lolinder
2 replies
19h12m

should not come with a presumption of guilt

Where is the presumption of guilt? A threat of violence was traced to their IP and they were served a subpoena to provide information that might lead to finding the threat actor before they actually hurt anyone. No one even accused OP of a crime, much less presumed their guilt.

gary_0
1 replies
18h44m

I don't mean in the judicial sense, I mean in terms of how they are treated by law enforcement.

lolinder
0 replies
18h34m

Again: where is the presumption of guilt in OP's case? They got subpoenaed, they enlisted help to respond, life went on.

Their lawyers warned them to prepare as though a raid would occur, but that's the lawyers' job: to prepare their clients for the worst just in case.

shadowgovt
0 replies
3h49m

(Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

When computing became predominantly online, hackers inherited a moral dimension: the need to consider whether they are doing harm to others via what they do with the shared global network.

It's a different story when you're cobbling scraps together in your basement, and it's a different story when you're primarily phone phreaking "the man," as it were.

goodpoint
0 replies
10h12m

Hacker News is hacker like a hot dog is a dog

Hizonner
1 replies
19h33m

law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

That's not what subpoenas are for, and it would be a really stupid waste of time and resources. If you really want to do that, just send them an email.

lolinder
0 replies
19h16m

An email can be filtered, doing that with a subpoena would be... silly.

a really stupid waste of time and resources

Subpoenas are used all the time in cases where they're not expected to be inherently useful for acquiring information. If law enforcement is going to take 10x as long to find the perp because you hid them, I don't see a problem with them sharing that burden with you a bit—there are externalities here that should be internalized.

ruthmarx
0 replies
14h3m

Is the burden undue?

Yes.

A Tor exit node operator has made the ethical judgment call that they're doing more good than harm.

They are. Absolutely. It's not really a question.

Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

No, that's just harassment.

dgfitz
0 replies
19h36m

Scenario: LEOs knock on your door and take everything connected to the internet. Why? Your home was running an exit node. Who? Your 12 year old.

Yeah yeah “parents should know” but given the rash of shootings by young people, fuck that argument.

treebeard901
1 replies
21h6m

The danger is that the Government could just make all this up to specifically target nodes they do not control.

The exit nodes have been known to be the weakest part of the tor design. It has been a logical theory for a while that all exit nodes are visible to the U.S. Govt.

This is just one way they can leave a system like Tor up for their uses and also make sure anything domestically is fully visible to them.

impossiblefork
0 replies
21h3m

What about timing attacks though, things like governments controlling things coming and going into routers and the internet as a whole?

Surely that's worse than the exit nodes?

The way I see it, the right approach is some kind of continuous communication where messages end up in fixed slots, where if no message would have gone, there'd have been a randomly generated message.

creer
0 replies
16h38m

we should be expecting follow-up from a human being tasked with enforcing the law, right?

That's very nice but until tor exit nodes are illegal, such police action is purely a harassment effort, right?

One thing that struck me, years ago, is that the people running these actions (recipient of a death threat or police) are far more concerned with the fact that "someone enabled this", rather than the fact that someone was angry enough at them to issue a death threat. They had no visible concern about that wannabe murderer, apparently spending no effort trying to identify THEM. They just wanted retribution against the exit node operator. It was totally doing something for the sake of doing something, zero concern about solving any root problem. They had seemingly zero concern that their safety was a risk (I mean, from eventual action stronger than a death threat.)

They also had zero awareness that anonymous email had allowed this ennemy to be revealed before any physical violence.

ajross
6 replies
20h55m

The 1st [subpoena] was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.

...

I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.

This really doesn't strike you as cognitive dissonance? I mean, yes, I get it, it's easy to construct a scenario where you're "helping people". But you're also "helping" people engage in terrorism and identity theft in exactly the same way.

Surely that deserves at least a little thought and moral calculus, no? You're not making a first principles argument about fundamental rights or anything, you're saying you run exits because it's "helping". Well, shouldn't it help more than it hurts?

loa_in_
3 replies
20h39m

Doesn't running a post office help people communicate coded messages about nefarious things? Doesn't running a telephone network help people do the same? What about cellular hardware providers and maintainers?

krisoft
1 replies
19h52m

They do. But all of the above bend over backwards to help law enforcement.

post office help people communicate coded messages about nefarious thing

The US postal service scans and stores the outside of every envelope and package they handle. Law enforcement agencies can query this metadata.

https://en.m.wikipedia.org/wiki/Mail_Isolation_Control_and_T...

Doesn't running a telephone network help people do the same?

They do, but they are not only share the metadata with law enforcement, but also let them wiretap. (Often they require a warrant for this, but that is not a hard burden for a LEO.) And this capability is not some aftertought, but deeply integrated into their tech stack.

WarOnPrivacy
0 replies
19h15m

But all of the above bend over backwards to help law enforcement.

We prefer they assist LEO operating under court order, instead.

ajross
0 replies
20h26m

Tor isn't a post office or telephone network. We have post offices and telephone networks. Tor also isn't a replacement for a web browser or internet, we have those too.

Tor's feature isn't "communication" in the abstract, it's anonymity. And yes, that can be used for good or for evil. But the upthread comment was saying how nice it was to run an exit node because it was "helping people". And to the extent that's true, I think correct thinking demands you also account for the harm.

And let's be clear: Tor is definitely harmful. Almost all Tor traffic is some degree of nefarious. The tiny handful of dissidents are drowned in a sea of phishing and contraband.

jacobsenscott
1 replies
20h8m

You don't need tor for terrorism or identity theft, and it probably isn't widely used in those circles. There are easier ways. But plenty of people use tor to avoid what amount to terrorist govenments and regimes.

beart
0 replies
18h30m

This statement is made without basis. What percentage of tor traffic is used for terrorism, identity theft, or people avoiding persecution?

I'm not going to make a value judgment on the use of tor, but I do think it's important to be honest about how it may be used.

Hizonner
5 replies
21h32m

I actually think that Tor should deemphasize exit nodes and trying to provide access to the clearnet, in favor of better hidden services.

Nearly every major site ends up either totally blocking anything that comes from a Tor relay, or applying massive numbers of weird CAPTCHAs and restrictions, so it's getting to be basically unusable anyway.

costco
1 replies
17h7m

The new Cloudflare captcha has changed this and it's a lot better now. There's no more Recaptcha hell. I read the Ben Collier book about Tor recently and in his interviews he found that some Tor contributors actually feel the opposite, because they feel the negative attention that the "dark web" mythology brought on has been bad for Tor. According to the book the archetypal Tor user is someone in a censorship heavy country like Iran visiting facebook.com or nytimes.com, so they don't get much out of hidden services.

saagarjha
0 replies
14h5m

I don't even use Tor (this is literally stock Safari) and Cloudflare will not let me through as of last week or so.

genpfault
0 replies
21h11m

I actually think that Tor should deemphasize exit nodes and trying to provide access to the clearnet, in favor of better hidden services.

Isn't that I2P[1]?

[1]: https://en.wikipedia.org/wiki/I2P

beefnugs
0 replies
20h13m

There really is a fundamental difference between : secure end to end messages of willing participants. VS arbitrary anything-illegal from someone else's public ip.

amy-petrik-214
0 replies
17h30m

This gets back to AnthonyMouse's argument (above) that

(1) TOR exit node operators are buffers to protect people from being hacked. A hacker would more easily use TOR than need the effort to runa scan for vulnerable routers, root one, and hop between various routers.

Which implies

(2) if TOR had no exit nodes and/or clearnet service blocked TOR ranges, hackers will just resort to hacking routers / other systems / botnets to make their own proxy. Now the block doesn't work, someone(s) got hacked, TOR is gone.

Basically TOR as a "containment" system. Seems to me that would be preferable for law enforcement, particularly because some state actors (https://www.infosecinstitute.com/resources/general-security/...) are putting great effort into unmasking TOR, making it a great honeypot. Ironic that Germany prosecuted a German exit node when they were the same ones investing heavily in unmasking it!

snakeyjake
4 replies
19h53m

I ran an exit node back 2007-2008 ish after learning about Tor at a conference.

I stopped running an exit node when I looked at the traffic flowing through it. I even sslstripped it back when that was much easier.

No freedom fighters. No oppressed journalists. No free speech.

Only porn and scams.

Running a Tor exit node for freedom is like burning a village to save it or enriching your own uranium to solve the energy crisis.

There's gotta be an answer, but this ain't it.

rcbdev
0 replies
13h17m

Just because most stuff is botspam, that doesn't mean it's not worth it for the occasional Snowden or Panama Papers - those would have been next to impossible to safely execute without Tor.

jfengel
0 replies
18h2m

They were sending this in cleartext?

atemerev
0 replies
2h9m

Enriching own uranium is an interesting project. I prefer nuclear simulations, but same vibes.

ErikBjare
0 replies
3h43m

Makes sense that's where the bulk of the volume is, not much different from the internet at large. Freedom fighters and oppressed journalists are exceedingly rare, but they do use Tor.

I wonder what you expected?

qup
2 replies
19h41m

Why don't lawyers just do this stuff? Then minor legal threats are not a concern.

Alternatively, why don't we become lawyers, too?

tonygiorgio
0 replies
18h29m

At the end of the day, lawyers are human too, with lives and families.

They would know the full extent of the inconveniences regarding home raids and device seizures for long periods of time. This would disrupt their lives, work, and probably affect their ability to serve their clients’ legal troubles.

At the very least, I’m thankful for the efforts of the EFF and others that do know the law and help. But I’d imagine there’s a good case for separations of concerns here. Stay out of the legal troubles yourself so you can help others that do get caught up in it. One degree away.

seb1204
0 replies
4h59m

My sarcastic self would say because lawyers became lawyers to earn good money and have social standing. Not to be benevolent to society.

beaglesss
2 replies
21h33m

Wouldn't the true exit node be the ISP as you are one clear node behind them? How many ISP execs get raided by SWAT teams?

q3k
0 replies
4h39m

In jurisdictions whose ISP laws I'm familiar with, ISPs have a special protection granted: they don't get raided because they're seen as an infrastructure provider, but only as long as they can point to a customer responsible for some given traffic when served a court order.

edm0nd
0 replies
21h29m

Yes the IP was just a DO vps I setup to be a Tor exit.

That's why they requested my personal account information, billing info, IPs that I logged into DO with, all of that.

If not interrupted by me getting the help of the amazing EFF lawyers, the next step after getting my personal information, could have been to raid my home and seize all my electronics. I work from home and would have been greatly disrupted and not been able to work without my computers and etc. Then I'd have to wait months/years to be found innocent and then get all of my electronics back + spend thousands on lawyers.

During all of this, the EFF lawyers straight up told me to prepare my home as if it were to be raided and encrypt all my devices.

Thankfully it did not come to that.

oefrha
1 replies
17h48m

I’m surprised DO allows Tor exit nodes. No wonder their IP reputation is trash the time I tried to set up my mail server there.

https://docs.digitalocean.com/products/droplets/details/poli...:

We do not specifically disallow Tor exit nodes, but as the account holder, you are responsible for all the traffic going through your Droplet (including traffic that an exit node may generate), and we do prohibit some of the traffic types that may go through a typical Tor exit node.

If you are unable to stop prohibited traffic like torrents, spam, SSH probes, botnets, and DDoS attacks, running a Tor exit node may lead to us suspending or terminating your account. We send you an email in the event of a violation of our Terms of Service, and you must address these issues as soon as possible.

Running Tor exit node without abuse? How is that possible? Since they didn’t shut you down after three abuses serious enough to get law enforcement involved, I guess they don’t really give a shit about abuse after all.

ErikBjare
0 replies
3h42m

Restrictive exit policies

tzs
0 replies
17h41m

I was going to run an exit node when I first learned about Tor, but realized that the cool positive use cases I was imagining it would help with could be effectively done in other ways. In some cases those other ways might not be as easy, but there would be enough resources available to the people involved to get the job done.

It seemed likely that it would be the horrible use cases it would benefit the most.

Balancing an increase in the efficiency of doing good things that could already by done other ways against greatly benefiting horrible use cases made it so that I could not morally justify it.

batch12
0 replies
20h1m

Situations like this are the main reason I shuttered the torwhois.com service. The barely zero gain wasn't worth the risk, sadly.

Manuel_D
74 replies
21h44m

I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities. Like drug sales and CSE media. If a government goes on Tor, downloads such material they'll easily see the exit node as the last hop in the chain. It's a clear-cut case that the exit node operator facilitated illegal activity.

My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.

Would be happy to hear from someone who is more knowledgeable in this area.

Hizonner
38 replies
21h42m

I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities.

How do ISPs operate legally? Every single thing that's ever been done over a Tor relay has crossed multiple ISPs.

tensor
20 replies
21h39m

ISPs cooperate with law enforcement and often happily give out the information for people doing illegal things on their networks. I realize that operators of Tor exit nodes likely can't help track people on the Tor exit nodes, but I doubt law enforcement cares, they just see it as "not helping" while they see ISPs as "helping."

varenc
16 replies
21h32m

The core question here is w whether law enforcement actually believes, incorrectly, that the exit node operators are being intentionally unhelpful, or if they understand that due to Tor’s design the exit node operators have no valuable information but the police continue to raid them anyway as a scare tactic.

aniviacat
10 replies
20h55m

The core question here is w whether law enforcement actually believes, incorrectly, that the exit node operators are being intentionally unhelpful

They could keep logs, but they choose not to. They are intentionally unhelpful.

The reason they aren't keeping logs is not for the privacy of others.

If I run an exit node, I know I am not reading the logs to garner personal information of others. And unless someone hacks my server and goes through the logs, which is extremely unlikely, noone else will read the logs either.

The only one reading the logs would be law enforcement.

By not keeping logs, you are intentionally hindering law enforcement.

alasdair_
6 replies
19h57m

By not keeping logs, you are intentionally hindering law enforcement.

This is why I keep a diary indicating every single person I've ever interacted with, along with the date, time and place. It's a pain to do so and it takes up a lot of storage space and it makes people wary about interacting with me but I'd certainly never want to hinder law enforcement.

numpad0
2 replies
11h25m

This is why you enable location history for Google Maps. It had genuinely saved few honest people from false accusations.

dmichulke
1 replies
8h13m

I'm stuck.

Please add /s or the links or both.

numpad0
0 replies
4h30m

Telescreen works both ways. That could come in handy if you truly have nothing to hide, or I suppose if what you are hiding must be within His tolerances.

  Chalmers sent a copy of his timeline to Premier Park Ltd, the company that charged him with  the crimes, and the defendant was able to prove his innocence. The charges against him were dropped.[1] 

  the lawyer met with the detective in order to show him screenshots of McCoy’s Google location history, including data recorded by RunKeeper. The maps showed months of bike rides past the burglarized home, NBC News reports.[2]
1: https://www.phonearena.com/news/google-maps-keeps-user-from-...

2: https://news.sophos.com/en-us/2020/03/10/google-data-puts-in...

3: https://www.youtube.com/watch?v=d-7o9xYp7eE

gretch
1 replies
18h56m

It's a pain to do so and it takes up a lot of storage space

The perspective is that in order for these actions to be ethical, you must log the traffic, or you should not bother setting up the node. It's irresponsible to setup the node (which takes some amount of effort) but not do the precautionary part which makes it ethical.

You can believe otherwise if you'd like, but this is an ethical framework applied to many other parts of our society and it's the thing that sets you apart from the ISPs, and generally it's the thing accepted by the public at large.

throwai
0 replies
11h33m

I'd like to make the argument that "we" believe otherwise.

It is legal to keep some logs for a limited amount of time if you run an IT service in Germany, mostly for the purpose of keeping the service running properly. If you have that data, you can give it to LE when they request it.

The thing accepted by the public at large is often codified within a country's laws. German laws generally do not require you to store logs if you are an ISP. Storing them for too long can even be unlawful. There is no so called Vorratsdatenspeicherung anymore, and it is a recurring topic of political debate. So at least in Germany, the public view on storing data is more complex, and people don't believe not storing data or reducing the amount of data stored is clearly immoral when running IT services. https://de.wikipedia.org/wiki/Datenvermeidung_und_Datenspars...

On another note, if LE requests you to log specific access patterns in advance, you might have to do it. If your ISP services are really big (lots of users), you might even have to provide some sort of interface for LE. IMO and under certain interpretations of the involved laws, the German state could ask every single node operator in Germany to log everything, but the political backlash would be quite high.

aniviacat
0 replies
19h12m

Unless I'm misunderstanding your comment, you are arguing in bad faith.

It is not a "pain" to set up logging. Most non-tor proxies implement logging. It would be a completely reasonable task for the tor project to implement logging by default.

No one would be any more "wary" to interact with your tor node. Trusting your node not to log would be foolish anyway. So whether you make known that you are logging, or whether you claim not to log (but might secretly do anyway) doesn't make much of a difference.

The storage space a log takes up is negligible (unless you keep logs for unreasonably long times) on anything but the smallest systems. And since running a tor node takes quite a bit of processing power, you won't be running your node on a system that can't handle a few megabytes of logs.

afh1
1 replies
19h43m

Law enforcement is also about going after whistleblowers, journalists, or, in most countries, just ordinary citizens the current people in power don't like, even if no crime was committed.

aniviacat
0 replies
19h19m

You seem to have misinterpreted my comment.

I was not making any moral judgement on people operating tor nodes.

I was simply stating that you are, in fact, hindering law enforcement if you set up a non-logging proxy for the purposes of hindering law enforcement.

Whether that's a good or a bad thing is up to you to decide. Clearly many people think it's a good thing; good enough to go through the efforts of setting up a proxy.

sealeck
0 replies
17h47m

They could keep logs, but they choose not to. They are intentionally unhelpful.

Some tech companies have extremely sophisticated observability which dumps huge volumes data about the internal state of a program. Some companies have very limited observability beyond maybe logging "we just served a request". Your argument suggests that companies who don't have the extensive logs of the former are being intentionally unhelpful?

There are lots of reasons to not keep logs – lack of storage space, additional economic cost of doing so, slower response times due to overhead of observability, etc.

gwd
4 replies
20h43m

incorrectly, that the exit node operators are being intentionally unhelpful

I mean, exit node operators are being intentionally unhelpful? They're intentionally helping people who don't want to be tracked. "I don't want to give you the papers" and "I can't give you the papers because I burned them so that I couldn't give them to anybody" are equivalent morally; the only difference is that the latter is irreversible.

There are good reasons to not want to be tracked, but there are also bad reasons to not want to be tracked. Exit node operators have chosen to help both. Police on the whole tend not to be the kinds of people who understand the "good reasons not to want to be tracked" thing.

cesarb
3 replies
20h6m

"I don't want to give you the papers" and "I can't give you the papers because I burned them so that I couldn't give them to anybody" are equivalent morally; the only difference is that the latter is irreversible.

There are other differences. One is after the fact, the other is a decision made before the fact; one is specific (rejecting that request in particular), the other is general (all requests of that type are guaranteed to be affected equally).

It's the same with, for instance, email retention policies. We accept that old messages are irrevocably deleted after X days, even when we require them to be produced once requested if they still exist.

gwd
2 replies
19h48m

It's the same with, for instance, email retention policies.

Indeed it is. The intention and moral purpose of email deletion policies is to reduce the risk of embarrassing or incriminating emails being turned up as part of a lawsuit or investigation -- in other words, to be unhelpful.

The legal justification for being unhelpful in both cases is that "this is just policy, we're treating everyone the same". That doesn't change the fact that in both cases the intent was to be unhelpful to investigators.

gavindean90
0 replies
13h9m

What if I just want to delete old information because it’s just noise now. My intent is to reduce my operational burden.

I have long retention policies for things and life cycles for others. Information shouldn’t be permanently available to me if it’s not relevant or it’s a waste of resources.

abc88889
0 replies
19h16m

Could it not be that you don't want such emails exposed if you were hacked? Why does it have to be only law enforcement that you're hiding them from?

Hizonner
2 replies
21h36m

Courts, and even law enforcement, are actually smart enough to know that they have to enforce the laws as written and that they can't just act on their feels. At least most of the time. In many places.

hnbad
0 replies
10h30m

FWIW this is more of a concern if you expect the case to go to court. In the US most "criminals" accept plea bargains without a court ever seeing the case. So statistically you can likely "act on your feels" as long as the suspect does not think they can prove you wrong in a court of law (whether it's because they're guilty, because they don't fully understand the law or because they can't afford the time and money involved in a court process).

beaglesss
0 replies
21h27m

They can't say they're breaking the law but as long as they don't admit to wrongdoing they can accomplish the goal of picking up pretty much anyone for something..

It's best to assume the government is a hostile, rabid actor who will seize any reachable assets and your freedom at any point they wish and proceed accordingly.

Manuel_D
16 replies
21h41m

How do ISPs operate legally?

I described exactly that in my second paragraph.

Hizonner
10 replies
21h38m

Tor relay operators are, as a rule, entirely willing to give law enforcement all the information they have about connections that have gone through their relays. They simply don't have any. And there's no legal requirement for them to have any.

... or at least there never was in the past. The new wave of stupid and extremely broad "duty of care" laws that try to apply to the design of any and every communication service may change that. But it hasn't been litigated anywhere.

Manuel_D
7 replies
21h24m

Whether or not the exit node operators retained logs is besides the point. These exit nodes are facilitating illegal activities, and it's trivial to prove. How do they not get arrested?

It sounds like Germany extends some sort of carrier protection to Tor exit node operators. E.g. if someone organizes a drug deal over the phone, Verizon is not liable. But Verizon does have to meet some minimum standards of records keeping and law enforcement assistance (wire tapping).

lokar
4 replies
20h55m

Lots of people and organizations facilitate crime. That’s not generally the legal standard. They typically must be proved to done so intentionally (or with reckless disregard)

numpad0
3 replies
20h38m

No, it is. There are more often specific laws that exempt platformers of liabilities on condition that they keep logs and cooperate with LE.

Perhaps the most famous example is DMCA: [Google] is exempt from liabilities for hosting pirated movies on [YouTube] by US laws, on condition that it's not actively involved with it and fully robotic with takedowns.

golergka
2 replies
19h51m

If a criminal rode on a bus to place of the crime, is the bus driver automatically liable? Bus company? Is his phone company liable because he talked about his crimes on the phone?

numpad0
0 replies
12h17m

IANAL, but "legally"? Bus companies has code of conduct posted on the wall at their depot for its users to read and agree, or state law regulating public transportation, and it always says using it for crimes is against the law. Those clauses let drivers and companies frame themselves as victims to escape prosecutions, unless there's going to be gross negligence or sorts that override them.

It's not like courts treat popular businesses like buses and ISPs as sceneries just by gut feeling. There are always laws.

betaby
0 replies
16h56m

No. But legal system treats 'on the Internet' in a more harshly way.

codedokode
1 replies
20h54m

Does iMessage or WhatsApp has wire tapping feature? Are they "facilitating illegal activities"?

Manuel_D
0 replies
20h42m

If a government investigator joins a WhatsApp channel where loads of people are sharing CSE, WhatsApp will help the government find the people responsible. WhatsApp encrypts the content of the data, but they retain message logs and do cooperate with law enforcement. Presumably the same for iMessage.

This largely conforms with how the first telecoms received immunity for abuse of their services. They retain logs and assist the government with investigations, and in exchange they are shielded from liability. WhatsApp and iMessage would probably cooperate to the same extent, minus wire-tapping messages in transit (because they can't). That's vastly greater cooperation than a tor exit node operator that retains no logs.s

bawolff
1 replies
21h30m

The original post mentioned facilitation, which from what i understand is when you assist comitting a crime but have no secific knowledge of the crime.

I imagine for tor, the reason is that there are also good uses for tor. However i dont think "i intentionally know nothing" works as a defence in general.

Ianal

Hizonner
0 replies
21h16m

I was answering something about assistance to law enforcement, which isn't the same issue as facilitation of crime.

"Facilitation" as an offense in itself is one of those things that tends to be a real thing, but varies a lot depending on the jurisdiction. In most places, most of the time, you're only going to get in trouble for facilitating crime if your service is especially set up to be unusually useful for crime. You're especially vulnerable if you specifically designed it for crime. If those things apply, then knowing it's being used for crime (but not necessarily on which specific occasions) can make it worse for you. Give or take, depending on where you live.

In the past, Tor nodes, even exit nodes, have mostly gotten a pass, at least in countries where most of them are located. They get raided all the time, but largely as cases of mistaken identity. That's probably because most Tor traffic has historically probably been people trying to hide from ad tracking or people worried about their perfectly legal activities being spied on. So it's hard to say the service is really aimed at illegal activity.

Things are tightening up worldwide, in statute and probably in case law, mostly because of Tor and other services possibly being swept in by standards primarily aimed at social media. We may start seeing Tor nodes targeted because Tor is now considered "too adapted to legal activity", or even because node operators are "not doing enough to prevent" illegal activity (including redesigning the system if necessary).

But until fairly recently that's been more what you'd expect to see in North Korea than what you'd expect to see in Germany (or the US).

RobRivera
4 replies
21h32m

What law mandates forced compliance outside subpoenas?

RobRivera
2 replies
20h39m

Both the communication acts of 34 and 96(?) Do not require software operators to legally do what LEO tells them to do without subpoena.

Manuel_D
1 replies
20h32m

The question was about ISPs.

RobRivera
0 replies
14m

You are quite literally telling me what question I asked.

How do you expect further fruitful dialogue?

ponorin
22 replies
21h38m

Exit node applies only to traffic that goes into a clearnet. You could to illegal stuff, but only tor users have protection and website owners are liable to raids should they allow illegal stuff to happen on their platforms.

With Tor Hidden Service there's no exit node as such since traffic terminates inside the Tor network. The networking route is doubly anonymized so both the server and the client can't track each other down.

Manuel_D
21 replies
21h34m

Perhaps I'm not understanding something. I'm imagining this scenario:

1. Bob is running a Tor exit node.

2. Charlie is a government official investigating illegal content (use your imagination)

3. Charlie downloads illegal content via Tor

4. This content is sent to Charlie from Bob's exit node.

5. Charlie observes that Bob's exit node sent him illegal content.

I understand that even if Bob is raided and his computer searched, they cannot find the website hosting the illegal content. But Charlie would know that Bob helped deliver the illegal content. Tor Hidden Service does not anonymize the exit node from the client.

Vecr
10 replies
21h26m

Hidden service connections don't go through exit nodes. In theory it's two back-to-back Tor connection that meet somewhere in the network, but you can also think of it (possibly more correctly) as a six-hop Tor connection to an exit node that is only used to directly connect to the backend server. If set up right this prevents government sniffing at all points.

Manuel_D
9 replies
21h18m

The final recipient is going to be able to decrypt the content, right? Regardless of "hidden service connection" or "exit nodes". Charlie is the final recipient and will be able to decrypt the content and know that it's illegal content.

Is there some mechanism that prevents Charlie from knowing who sent the content to him? Fundamentally, you can't stop the government from sniffing at the endpoint. Because they're not really "sniffing" they're just requesting content like any normal Tor user.

Hizonner
8 replies
21h13m

Is there some mechanism that prevents Charlie from knowing who sent the content to him?

That is, in fact, the whole point of Tor. In the hidden service case, neither end can identify the other.

Manuel_D
7 replies
21h8m

Sorry, in case I wasn't clear, I'm not talking about identifying the site hosting the content. I'm talking about the second-to-last hop in the traffic. My understanding is that Tor obfuscates traffic by sending through several hops, each one decrypting a layer of traffic (hence the "onion" network). So we have:

Host -> Node 1 -> Node 2 -> .... -> Bob -> Charlie.

Charlie doesn't know where the Host is. But Charlie does know that Bob sent him illegal content. Or is that final link, from Bob to Charlie, also obfuscated somehow? If so, how did OP get raided by police if he's supposed to be hidden?

Hizonner
6 replies
20h28m

OK, so there are basically three cases:

1. Charlie is running a client and downloads something. In which case Bob is an entrance node, not an exit node, but it's essentially the same thing. Charlie does know that the next hop is Bob. Depending on whether the ultimate destination is a hidden service or on the clearnet, Charlie may or may not know who's running that service.

2. Charlie is running a hidden service, and somebody uploads something. Charlie knows that it came via Bob, but doesn't know where it came from.

3. Charlie is running a regular clearnet Web server, and somebody uploads something to Charlie via Bob's exit node. Again Charlie sees that the traffic comes from Bob.

In the first two cases, Charlie has to be actually running the Tor software, and knowingly using Tor. So Charlie also knows that (a) Bob is just a relay, (b) Bob doesn't actually host the content, (c) Bob doesn't handle more than a packet or two of the content at a time, and deletes those as soon as they've been relayed, (d) Bob doesn't know, and can't find out, what the content actually is, (e) Bob doesn't know, and can't find out, where the content originally came from, and (f) Bob is really unlikely to keep any record of the whole connection after the session is over, which means probably no more than 10 minutes or so.

If that's enough to go after Bob, then it's enough to go after Bob... but historically it hasn't been. Bob can reasonably claim not only that he doesn't know what that particular traffic was, but that, although he knows there's probably some illegal traffic, most of the traffic he relays is probably legal.

In the third case, it looks to Charlie like Bob is the ultimate user. Unless Charlie does some investigation, Charlie may go raid Bob. But Charlie should then find out all that other stuff.

I think the most common actual case is that Charlie is running a honey pot, either as a hidden service or on the clearnet, and somebody gets the content from Charlie via Bob. But the same basic ideas apply.

The main issue isn't that Charlie doesn't know what the content is, but that Bob doesn't.

[Oh, and on edit, just to be clear: In the first two cases, that "packet or two" that Bob may ephemerally buffer is encrypted so that Bob can't read it, nor can any other relay. In the third case, where Charlie is a clearnet service, the end user is usually still using TLS, so Bob still can't read it. And none of the non-exit relays can read it no matter what.]

Manuel_D
5 replies
20h16m

So Charlie also knows that (a) Bob is just a relay, (b) Bob doesn't actually host the content, (c) Bob doesn't handle more than a packet or two of the content at a time, and deletes those as soon as they've been relayed, (d) Bob doesn't know, and can't find out, what the content actually is, (e) Bob doesn't know, and can't find out, where the content originally came from, and (f) Bob is really unlikely to keep any record of the whole connection after the session is over, which means probably no more than 10 minutes or so.?

But at the end of the day Charlie, the government agent, is catching Bob in the act of delivering illegal content.

Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

It sounds like Germany is treating Tor operators as common carriers, and not holding them liable for content they delivery. They're being quite generous in that regard, in most countries the node operators are probably not met with such leniency.

cesarb
1 replies
19h55m

Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

I, recently, bought a computer mouse from an online shop. The courier who brought me the package had no idea it contained a computer mouse. It might have been listed on the manifest outside the package, but even then, the courier had no way of knowing whether that was true without opening the package.

So, yes, I do think that defense can keep the courier out of prison.

Manuel_D
0 replies
19h47m

Reality demonstrates otherwise: plenty of drug mules are in prison because the jury didn't buy into this defense.

alasdair_
1 replies
19h47m

Imagine a government agent buys drugs on the dark web and arrests the courier. The courier protests, "I didn't know it was drugs, I didn't ask what was in the package". Do you think that defense is going to keep the courier out of prison?

Well, yes, otherwise FedEx and UPS would quickly go out of business.

Manuel_D
0 replies
19h41m

FexEx and UPS receive immunity as carriers in exchange for several things. Minimum standards around recordkeeping and knowing their customers is one. Assisting the government with law enforcement (tracking down customers, scanning packages, etc.) is another.

Juries aren't stupid, they're not going to buy it when the courier says, "I just saw this online ad for deliveries on the dark web. Sure, it paid way more than normal delivery jobs but that's not cause for suspicion, right?"

And that's exactly what a tor node is doing: delivering content from the dark web. As far as I'm concerned, Germany is being very generous in its decision to let these operators continue to operate despite knowing full well that they are enabling criminal activity.

Hizonner
0 replies
19h38m

Do you think that defense is going to keep the courier out of prison?

Yes. That happens every day.

It sounds like Germany is treating Tor operators as common carriers,

That's probably because they basically are common carriers. And the service isn't particularly designed for illegal activity, even it can be useful for that. It's especially not designed for activities that tend to be illegal in the "free world".

in most countries the node operators are probably not met with such leniency.

The Tor network has been running for about 20 years. There are on the order of thousands of relays. Unlike users, relay operators aren't anonymous; there's a public list of their IP addresses. The relays are all over most of Europe, especially Western Europe, and the Americas, especially the US and Canada, with a not-insignificant number of them in other countries.

So far as I know, nobody's ever been arrested, let alone convicted, for running a Tor relay. If they have, it's been in the sort of country where you also get arrested for running a newspaper. That may change soon, but it's still the case so far. Oh, and a good chunk of the funding for development (but not relay operation) comes from the US government.

You say "leniency", I say "not being an authoritarian hellhole".

varenc
8 replies
21h29m

Your mixing up general Tor use vs Tor hidden services. With hidden services there’s not really an exit node because the traffic never exits the Tor network.

Charlie could only see the machine in the final step of requesting the illegal content it Charlie was hosting the hidden service themselves. These requests can come from many different Tor operators not just exit nodes.

Manuel_D
7 replies
21h3m

To be clear, Bob is not the host of the illegal content. Bob is just the second-to-last hop before the content reaches the end destination (Charlie). My understanding of the tor network is that it obfuscates traffic across many hops. The path content takes from the host to Charlie:

Host -> Node 1 -> Node 2 -> ... Bob -> Charlie

this obfuscates the Host from Charlie. But Charlie knows that Bob sent him illegal content. Yes, Bob didn't host the content. The host is obfuscated. But Bob is still delivering illegal content and Charlie knows it.

fn-mote
5 replies
17h42m

Bob is still delivering illegal content and Charlie knows it

Does BOB know they are delivering illegal content?

No... is it even possible to send unencrypted traffic by Tor? If it's even possible, Charlie must be the only person in the world doing it.

Manuel_D
4 replies
16h20m

Does BOB know they are delivering illegal content?

He does when Charlie knocks on his door and informs him that he delivered CSE to him. Ignorance of the fact that one is breaking the law is rarely accepted as a defense. Carriers usually get this protection when when meet some standards of safeguards and cooperation with law enforcement.

Zak
3 replies
15h20m

Ignorance of the law is not generally accepted as a legal defense, but ignorance of facts is. Most crimes involve a mental state of knowledge or intent with respect to the wrongdoing, and an exit node operator does not know what users are accessing.

Taking the wrong jacket by mistake is not theft, and operating the exit node through which someone downloads CSAM is not criminal possession of CSAM or knowing facilitation thereof.

Manuel_D
2 replies
12h55m

Do you think drug mules get off scot-free when they say "I didn't know what was in that package"?

Zak
1 replies
12h45m

If the prosecutor can't convince the jury that they did know, yes.

That rarely happens in practice because prosecutors are usually pretty good at their jobs, and tend not to bring cases they can't prove.

Manuel_D
0 replies
2h23m

The prosecutor doesn't need to definitively prove that the mule knew he was transporting drugs. Only that a reasonable person should have known.

Back to our Tor example: if you've been repeatedly told by the government that your node is being used for illegal activity, it's hard to plead ignorance.

aniviacat
0 replies
20h43m

Exit nodes are not the nodes that are directly facing tor users. Those nodes are called "Guard Relays".

Guard Relays usually don't have these issues, since you have to be somewhat technical to actively probe relays by requesting content through tor. And technical people know there isn't any point to rading an operator's home.

rtkwe
0 replies
17h37m

Because it's not illegal to do that and if they're accessing hidden services they know they're accessing it via TOR and aren't directly connected to the illegal host. The most common reason exit nodes get raided is because they're the exit for some illegal user and appear as the source of the illegal activity.

bawolff
6 replies
21h33m

IANAL, but i imagine it comes down to how many legit purposes tor has vs the illegal ones.

I have no idea where the line is, but like we dont charge art supply stores with facilitating forgery, so some amount of bad usage is clearly acceptable.

RobRivera
5 replies
21h30m

Well the great thing about U.S.C is that you don't have to imagine, you can read the docs.

Measure of purposes, 'legit or otherwise', is not a law for anything ever.

bawolff
4 replies
21h23m

Fun fact, usc does not apply to germany where the article is about.

But regardless, in both systems i am very certain your purpose ("intent") matters a lot. (Details depend on the specific crime in question)

beaglesss
2 replies
21h11m

All sorts of foreigners have been extradited for supposedly violating USC despite never stepping foot in America. They could argue the node operator facilitated money laundering that touched a US bank, that they conspired with a US person, a US CSAM victims likeness went through the node, etc etc.

USC has extraterritorial power about everywhere but NK, Russia, and Iran either formally or through influence.

bawolff
1 replies
20h5m

Normally extradition requires the activity to be a crime in both juridsictions.

ruthmarx
0 replies
13h23m

Not when the US asks.

RobRivera
0 replies
20h46m

Forest for the trees, compadre.

:%s/USC/law/g

I distinctly believe you do not care to better understand the reality and the nuance, however.

codexb
1 replies
20h7m

You can make the same argument for developers of encryption. There are legitimate reasons for privacy. The fact that criminals want privacy, too, doesn't mean privacy should be illegal.

mminer237
0 replies
18h23m

The difference is that with Tor you are physically downloading CSAM and forwarding it on to the offender. With encryption you're just providing tools for them to hide material.

RobRivera
1 replies
21h36m

it's a clear-cut case that the exit node operator facilitated illegal activity.

If someone leveraged your employment services to commit crime, would you consider yourself having facilitated illegal activity?

Manuel_D
0 replies
20h59m

My past employers have had to scramble to prevent things like hackers using their service for C&C, malware distribution, etc. Companies usually have to meet some minimum standard to enjoy immunity from liability for abuse of their services. Telecoms need to retain logs, know the identity of their customers, and assist with government wiretapping for example.

Zak
0 replies
15h26m

It operates legally because there isn't a law against it in the jurisdiction in which it operates.

What part are you surprised isn't forbidden? The part where it accepts connections anonymously? The part where data is encrypted in transit?

Exit node operators, like telecoms can be required to tell law enforcement everything they know about a user. The difference is they don't know anything of value.

o999
10 replies
20h34m

Interestingly enough, there are multiple exit nodes in Russia, as far as I know, law enforcements aren't taking them down

xkjyeah
5 replies
18h53m

Isn't that scarier, knowing that you're using a state-sanctioned exit node?

BLKNSLVR
2 replies
15h3m

In parallel with gea0's comment, using a Russian state-sanctioned exit node would make tracing efforts difficult-to-impossible for western government / law enforcement.

u8080
1 replies
4h59m

Could you explain what "state-sanctioned" means here?

BLKNSLVR
0 replies
4h29m

Whatever xkjyeah meant when he said it.

Likely run by Russian intelligence services or their catspaws and therefore heavily monitored and logged.

US intelligence likely run their own tor nodes as well.

gea0
0 replies
17h14m

Regarding exit nodes, you have to assume the worst anyways, so it should not change much.

acheong08
0 replies
14h25m

If I was Russian, sure. I think it’s best to always use exit nodes/proxies in geopolitically opposed countries to prevent collaboration between states. E.g. use western VPNs while in China, use Russian/Chinese tunnels in the west.

bauruine
2 replies
12h0m

Most (all?) of them aren't in Russia. I run half of the "Russian" exits and they are in Norway they just use Russian IPs.

tessierashpool9
0 replies
10h53m

how about a Show HN?

o999
0 replies
8h26m

That sounds like a good way to run exit nodes without getting your home raided

alexey-salmin
0 replies
12h22m

Dmitry Bogatov had spent 5 months in detention center and 6 more months under a house arrest on terrorism charges for running an exit node.

This was 2017 however and I'm surprised too that crackdown on other exit nodes didn't follow.

walrus01
6 replies
21h45m

Historical:

"Why you need balls of steel to operate a tor exit node"

http://web.archive.org/web/20100414224255/http://calumog.wor...

The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.

tptacek
3 replies
21h36m

Has that ever happened to a Tor node operator? If it hasn't, what's the closest incident to a Tor node operator you're aware of where it has?

numpad0
0 replies
20h49m

Many European countries have standing police armed forces, closer to army national guards than blue shirted civilian police. They're for suppressing resistance forces and revolutionary uprisings, and they tend to fill roles of FBI too. I think that contributes more to normalization of MP5 ninjas fast roping down through your chimney for Internet crimes in Europe than law enforcement over-militarization had done.

chucksmash
0 replies
21h32m

As a parent of very young children I have an extensive network of friends and contacts in my neighbourhood who also have children. As we know the subject of paedophilia is not one that can be debated with any rationality at all in the UK. It is surrounded by hysteria. I was terrified that people would find out that my computer had been taken because of that – ‘no smoke without fire’.
hwbehrens
5 replies
20h25m

There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.

This is not why.

As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.

This is why. It's basically a textbook example of a chilling effect.

gea0
4 replies
16h55m

No, that's not (necessarily) it.

It only takes one person in LE to request to investigate this IP, and a single judge that isn't entirely convinced that it will be worthless to try to sign it off.

If parts of the state wanted to harass operators systematically or organize to discourage TOR, they could do much worse.

creer
1 replies
16h26m

The one person in LE is assisted by specialists (you know, if they really care to be.)

tessierashpool9
0 replies
10h59m

and the judge and the state attorney involved are controlled by the state's justice department which is run by politicians. yes, in germany the judiciary system is not politically independent ...

https://www.transparency.de/aktuelles/detail/article/eugh-ur...

tessierashpool9
0 replies
10h56m

If parts of the state wanted to harass operators systematically or organize to discourage TOR, they could do much worse.

it is beginning to get much worse ...

freilanzer
0 replies
9h43m

Most judges don't really read what they sign if it comes from LE, I am convinced.

BLKNSLVR
5 replies
16h28m

Just the use of Tor, in Australia* at least, raises a law enforcement red flag (edit: not enough to justify a raid on its own, but a data point in that direction).

So I was specifically told by a detective.

*Australia has laws that requires ISPs to keep metadata for at least two years.

Gigachad
2 replies
15h51m

Might be a point of interest but not a very strong one. We all used Tor in high school to play flash games on the school network. It's not like they bust down your door because you connected to Tor.

pushupentry1219
0 replies
15h33m

Yeah. However, (and this applies to the parent comment as well), running a Tor exit node is entirely different to just "using Tor"

BLKNSLVR
0 replies
15h34m

(I've added a note to my comment above)

Yes, my intention was to say that it'll get their attention, but as a single data point won't justify a raid.

The detective said it to me as part of the conversation in which I was told I could collect my seized equipment, and it was said in a way that implied they thought I was still "guilty" despite the fact they found nothing incriminating in the multiple terabytes of data they seized.

The other (laughable) 'red flag data points' the detective mentioned were:

- The usage of virtual machines

- Having downloaded items from MEGA

Incredibly low bars for suspicion if you ask me, but then I know a bare minimum about technology...

incompatible
1 replies
13h30m

If I remember correctly, it was assured when the data retention requirement was set up that URLs wouldn't be collected. How would the cops even know somebody was using Tor?

BLKNSLVR
0 replies
4h12m

Is that what George was trying to say?

https://youtu.be/Hw1ryLGs2ws

I believe URLs are captured where it's possible for them to be captured.

trhway
4 replies
19h23m

I wonder if it makes sense to register a company/nonprofit and run exits under that umbrella instead of as an individual. Also to preemptively send all the reg. info - office address, phone, exits’ IPs, etc - to local and federal LE.

rtkwe
2 replies
17h34m

Some exit nodes have tried that and they still randomly catch raids or warrants from law enforcement who don't bother to check or don't care to.

BLKNSLVR
1 replies
16h18m

But if that gets the business premises raided, rather than the homes of the operators, then that's at least a partial win.

But that requires the (likely non-trivial) expense of a business premises for likely the sole purpose of running exit nodes.

rtkwe
0 replies
5h25m

If the law doesn't understand what TOR is they're also likely to grab a warrant for the sole owners house too for a computer crimes case under the theory they're also using their home computer in some way for the crime.

dewey
0 replies
11h35m

That's what many operators are doing already.

motohagiography
4 replies
21h26m

perhaps an unpopular view as Tor has been a great legal canary and a useful privacy service, but it has also been a substitute for organizing.

if you use Tor you already know what's going on. onion routing didn't save anyone from anything in 20 years. the evils Tor enabled often seem to trace back to the very states and establishments who manage and tolerate them. drug cartels run several of the governments Tor ostensibly protects users from, and human trafficking is within a degree of most western establishments in every direction, from "NGOs" to intelligence operations to the sex trade.

if you want privacy, tech is an inferior solution. make nations that protect it.

jrflowers
2 replies
21h4m

make nations that protect it

What nations have you made?

motohagiography
1 replies
16h21m

Specifically? Mine. I did public sector work to ensure that dozens of government projects serving millions of people were made to respect the privacy and freedom of the people they served.

there's quite a list and tbh, I can probably afford the humility.

jrflowers
0 replies
15h52m

There is chasm between “a nation that protects privacy” and “a government that I’ve done good work in”. The former is a nice-sounding rhetorical ideal, but if you do not care to name one that exists I’m not sure what is accomplished by conflating the two other than a sort of non sequitur self-congratulation in the comments of a thread about the tor project.

jancsika
0 replies
14h18m

but it has also been a substitute for organizing

Hard to imagine even a single would-be organizer who got side-quested into zealously advocating for Tor.

On the other hand-- easy to imagine many digital utopianists who on principle don't organize in the sense you mean, and some of them zealously advocating for Tor.

marcodiego
4 replies
19h39m

I think I have a solution: countries (governments) could publish lists of forbidden addresses; you could be allowed to safely run you Tor exit node as long as those addresses are blocked. Of course, not ideal, but could make a lot of people more willing to run exit nodes.

It wouldn't fix the "someone used my exit node to send a bomb treat" case though.

Legend2440
3 replies
18h33m

This is counter to the entire idea of Tor, which exists to allow people to bypass government censorship.

null0pointer
1 replies
12h56m

That use case still works. You only need one exit node in one jurisdiction where the site you want to visit isn’t blocked. Surely an exit node operator in country A can’t be prosecuted for allowing access to a site on country B’s blacklist.

dewey
0 replies
11h36m

Surely an exit node operator in country A can’t be prosecuted for allowing access to a site on country B’s blacklist.

There's many cases where ISPs are ordered to block piracy and streaming sites that are in another country.

lolinder
0 replies
18h4m

Does it have to be a binary? Why not make it possible for people who want to support dissidents in Iran to host them without also supporting violent criminals in their home country?

The tech is probably impossible, but I'm not seeing a moral case against it.

steelframe
2 replies
19h36m

I knew someone who ran a Tor exit node from his research lab workstation at Brigham Young University (BYU), a conservative religious school with an extreme institutional phobia of porn. He ended up in a "special interview" with his graduate advisor. I don't know if he fully groked at the time just how close he came to getting expelled.

frakkingcylons
0 replies
19h23m

Yeah BYU's rules are pretty strict. I don't think I would run an exit node using property from the same university that requires a waiver just to have a beard: https://honorcode.byu.edu/beard-waivers

Hizonner
0 replies
19h31m

... which might have estranged him from the church, which would have been a good thing. Win all around...

walrus01
1 replies
21h36m

From the point of view of a less-than-technical law enforcement person writing a affidavit in support to get a search warrant, abusive traffic from a tor exit node is indistinguishable from a person who is physically at a specific street address/premises with a laptop or computer engaged in the activity.

They're going to assume until proven otherwise (by first confiscating all your electronics and sending them to a digital forensics lab to analyze them for 6-12 months) that some person who is physically present at that exact location is engaged in CSAM/CP or malicious/illegal activity.

bawolff
0 replies
21h15m

I mean, there is a public list of all tor nodes in the world so it is pretty distinguishable in that sense.

Presumably still worth checking out in case a criminal is running a tor node as cover, but at the same time it seems unlikely someone is both technical enough to run a tor node but also doesn't bother covering their tracks.

raxxorraxor
1 replies
11h47m

Despite strong privacy laws, Germany isn't a dependable country that could protect it.

Raids on homes for trivialities are common place, there is basically no legal protection against that. This shows a state that is a bit overwhelmed with its primary affairs and the country itself is not a dependable partner for protection of basic rights.

freilanzer
0 replies
9h41m

Call a politician a "cock" on Twitter and your home gets raided and every device gets confiscated for months if you're lucky - forever, if you're unlucky. The only difference between Germany and illegitimate police states is the frequency and the degree with which these things happen. Otherwise, as a normal person you have little protection from police here.

game_the0ry
1 replies
17h54m

Europeans, what are your governments doing?

I am sorry for what your governments are about to do you, bc you will likely go through a very difficult time in the near future. Now, its Tor and Telegram - soon, every opinion you have shared will likely be scrutinized and used against you.

Good luck, European people. I am hoping the best for you.

raxxorraxor
0 replies
7h56m

Regarding quite a few concerns, it is the old continent. Also demographically and a lot of our policies stem from fears.

It won't be a continent that will be regarded as a bastion of civil liberties in the future with their current course.

Ironically, through that they also make everything less safe.

seu
0 replies
12h41m

There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.

No. Their objective is to intimidate individuals, exhaust them, which leads to...

As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes. That is a risk I am just no longer willing to take anymore.

Which is totally understandable.

pelasaco
0 replies
13h9m

"On Aug 16th 2024 German police considered it once again appropriate to raid the home&office at the registered address of our organization." Police doesn't decide anything, they just follow orders

numpad0
0 replies
21h10m

Yeah, German armed police wrt Internet is kind of known to be a bit like, that. They make excuses, but at the end of the day they're not the most respectful of free speech among G7 or whatever. I wouldn't be sure if Tor exit nodes are something that can lawfully(ignoring backwards ones) ran, though.

jmakov
0 replies
11h37m

So the only "legal" node operators left will be state agencies.

janandonly
0 replies
5h26m

This is why you should run a TOR node, but not an exit node.

iamnotsure
0 replies
11h33m

Eins, zwei, Polizei Drei, vier, Grenadier Fünf, sechs, alte Keks Sieben, acht, Gute Nacht

hnbad
0 replies
21h35m

I have mixed feelings about this given that the organisation's only explicit stance is being in defense of free speech, the freedom of the press and opposition to censorship. This tells me nothing about who's behind this, who's involved and what their motives or views are, which, sadly, is often more important than what an organisation claims to be about. The name is also effectively ungoogleable, leaving the thin info on their own website as the only source of information. The author of that post is a former member of the German Pirate Party who left for unclear reasons and ran as an independent on his own penny with no clear message beyond being a protest vote for people who don't want to protest vote for the far right.

On the other hand Germany does use flimsy excuses to crack down on services like Tor and that's bad.

ghransa
0 replies
21h7m

It's a tough tradeoff for society, and a lot of harm is concentrated, but in a way that's good thing - there is a way to block tor exit nodes if you need to and the defaults ports do prevent many types of abuse and since the exit nodes are public they can just be blocked for spam, clickfraud, etc. But with any duel use technology, the opposite argument would be investigations also running through TOR, or even a totalitarian state (in this case it seems non technical judicial procedure through proper channels, but that's the concern). The trouble is the routing is outside of the state control and the typical mechanism for takedowns, ultimately for the worse of the worst ultimately has a host somewhere else as tor just does the routing. Since by design the exit node wouldn't necessarily get you any further up the chain to the middle node in the connection, it would be more fruitful to chose a different investigative strategy.

gea0
0 replies
17h22m

So, LE observes:

  - This IP had malicious activity or is otherwise relevant to a (maybe complicated) case
  - It says "tor" on a landing page, or in WHOIS, or the IP is on the public list of nodes
... does "it will be 100% worthless to investigate" really follow from only this?

Some things to consider:

  - All kinds of other servers, services or proxies could also be running on or behind this IP
  - The node could be misconfigured in a variety of ways to keep forensic traces, even being a VM that is being snapshotted regularly
  - Some lunatic could be running an exit on his personal machine, but just coincidentally to the observed criminal activity
  - A high percentage of nodes is malicious, keeps logs, mines data, poisons traffic and tries opportunistic TLS stripping (those poor, naive souls clicking the warning away...)
It does NOT follow that there are no useful forensic traces to be found, not even that the traffic actually originates from the TOR network.

Not to encourage raids on node operators, but it is worthwhile to keep in mind that there could be actual reasoning behind these actions.

If you are smart about this, you can even get the relevant and obtainable info with little LE resources and without unduly harassing the operator.

aborsy
0 replies
17h9m

Is it known what percentage of Tor users use it for illegal purposes?

Even like, the majority or minority.