Slashdot Mirror
Raided For Running a Tor Exit Node
An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"
Cloud storage, and make the exit node a leech off your neighbors wifi.
Lots of money.
Look at Kim Dotcom.
If you're running Tor, or FreeNet, or anything else with the possibility of pissing off the man - be prepared for the concequences. The authorities repsonse here is pretty standard across the board.
Any Freenet nodes get raided? That's a good test for how secure the system is.
..don't panic
If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.
Ummm, don't run an exit Tor node if you aren't prepared to be sued for distributing child porn?
Run a dark net.
Give me Classic Slashdot or give me death!
"What backup plan, if any, should the average nerd have for something like this?"
Select a new exit node, duh.
Dude,
You know a lot of bad stuff could be traded through the Tor network (child porn,terrorism anyone ?).
You also know a lot of stupid people are lobbying any gov against anything remotely related to the children or ben laden.
it is to be expected that people running exit node could face charges if something bad go through their pipe.
be smart and stop your Tor node unless you want to be a freedom martyr.
I think not running TOR is about all you can do.
Of course if this is something they can prosecute you for, can they also prosecute your ISP as well?
You mean to tell me you guys don't have your cases rigged with thermite?
Not running a Tor exit node. Really, they could say that any participant of the Tor network could have been participating in distribution of illegal materials; running an exit node just lets them prove the exit node operator in particular was doing so.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
If you ship contraband via FedEx, is FedEx a criminal?
If you want real security, you should be using a network where the data never "exits" from the secure zone. And never let other people use your network blindly for their own purposes, until something like common carrier status is established for that sort of thing.
This was Austria. I can't imagine the FBI or any other local jurisdiction being that much friendlier. Even if the law is technically on your side, expect to have to lose everything defending your rights.
Not much you can do, I do not know the specs of the TOR network (not sure if communication from node to node is encrypted) but if you are running an exit node I would recommend building a linux box that has all of it's drives encrypted. Host the encryption key a USB stick that the machine requires at boot time. As soon as you hear "police open the door" destroy USB stick. This will only help you if you are at the machine when they perform the search warrant. Another possibility is that the key needs to be present at boot but can be removed. Chances are they will turn off the machine when they move it so when they boot it back up they won't have access to much.
That being said always nice to have a laptop in a safety deposit box under someone elses name that can generate a copy of key if needed.
It's hard for the average nerd, you either have to be so small and invisible that you can take off at a moment's notice, or maintain shell corporations that own all the stuff that might get taken. If you own a house, or have a family that you care about, fugetaboutit.
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
What average nerd runs a TOR exit node?
For your security, this post has been encrypted with ROT-13, twice.
I've wondered, from day one, why anyone would be crazy enough to run a TOR exit node. Why would you willing serve as the front man for someone else's unknown but likely illegal activity? It's just crazy.
Running an exit node is just begging to get arrested for child porn. I'm positively amazed that it doesn't happen a LOT more often.
This goes a bit beyond the daily use case for the "average" nerd. And what exactly do you mean by "backup plan": disaster recovery or bourne style go-bag?
If you are pissing off the man, passports to a country with no extradition would be a good idea.
If I were an American nerd, I could just argue that running the exit node is my patriotic duty. After all, the NSA wants there to be a lot of tor traffic so it can send its state secrets securely.
Here is your "backup" plan. Ditch all your computers never use the internet again because the people running the countries are retarded, insane, and looking for a good witch hunt.
It is a bad time in history to be a nerd.
I guess they should arrest all pawn shop owners as they often facilitate the fencing of stolen goods.
My backup plan is to encrypt my Tor exit node with TrueCrypt FDE. Yes, it means I have to run Windows, since FDE support is not available for Linux yet. However, the FBI has not been able to defeat TrueCrypt. They can say the traffic came from your internet connection, but they cannot prove that you viewed any of it.
sudo make me a sandwich
What backup plan, if any, should the average nerd have for something like this?
1. Don't run an exit node
2. if 1 fails, fly to Belize and live blog my evasion of the local police
You could place filtering tech on the exit node.
Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure. The standard police procedure is 'if in doubt, take everything,' because it isn't practical to train frontline officers to work out what is and isn't potentially evidence. That's why they take cell phones and games consoles. That and, as the more cynical point out, the more miserable they can make the defendent the easier it is to force a plea bargin. So they'll take all your backups too.
You can forget about getting that back, too. Even if all charges are dropped. Law enforcement is well-known all around the world for their reluctance to return siezed evidence, espicially evidence that may one day go into police auction. Even if they are willing to return it, many areas have overwhelmed forensics staff and computers can sit in the locker for months before there is an expert available to poke around and declare them free of anything incriminating.
So if you do have reason to worry about being raided - eg, you run an open wireless hotspot or exit node - then a sensible precaution is to keep backups of critical data somewhere out of reach, like a cloud store hosted overseas, or drives left with trusted friends for safekeeping. Making sure, of course, that no-one else knows - you don't want them to get raided too!
Also beware of another police policy. It varies by country, and even by state and district, but many departments are loathe to let any accused off without charge or found not guilty - it makes them look incompetent, wrongly arresting someone. So they will likely resort to the 'throw the book' approach, going through the evidence looking for any other, unrelated crimes they can find. Sure, you may not have actually launched that attack or trafficked those illegal files they raided you for - but if, in the process of investigating, they discover you've been involved in piracy or find chat logs of you talking about your drunken vandalism or theft of office supplies, or something which would be otherwise borderline illegal, they will happily add more charges - insurance in case you were innocent of the original accusations, and to pile on more pressure for a plea bargin. Prosecutors love guilty pleas - much more reliable than actually having to prove something beyond reasonable doubt.
You can encrypt, of course. But that just makes you look even more suspicious, plus in most countries now it's either an explicit crime to withhold keys from police or considered a form of withholding evidence, either of which gets you jailed anyway. Even if you legally wriggle free from that, good luck getting a jury to see it as anything other than a sign you are trying to hide evidence of whatever terrible act you are accused of.
Simply tell the prosecution / judge - "I run a TOR exit node to help preserve freedoms on the internet, especially those of people oppressed in countries like Syria and other places. If you choose to prosecute me for running a TOR exit node which, by its stated purpose and nature, is encrypted and anonymous AND which I have no control of the data flowing through it then you must also prosecute EVERY internet service provider over which the same data flowed. I do not know now, nor have I ever known, exactly what data flows over the exit node. Just like ISPs do not know what data is flowing over their networks."
DO NOTHING ELSE. Even if it makes complete sense to you (keeping an encrypted backup of all your data and computer images off-site), the prosecution will do what they can to skew that to "Why did you keep encrypted backups off-site? What are you hiding?" Fuck 'em. Don't give them any ammunition in their fear-mongering quest to rule your life. Come away clean and then lawyer up and sue the police departments, all government levels* involved, and even the prosecutor. Your aim with the lawsuits is not to get paid, it is to get all your electronics back in a timely manner if they refuse to give them back once you are cleared. Of course, if they're being dicks about it then the object is to get your equipment back and get VERY large settlements.
*Not sure how the government levels are in Austria, but here in the United States we have city government, county government, then state, then federal. Depending on who is doing the prosecution, I would start my lawsuits with that level of government and work my way down. Same with the police forces involved.
Dream as if you'll live forever.
Live as if you'll die tomorrow.
~Anonymous~
OK, I know cops don't get paid much and that buying Christmas presents is hell but I had no idea it's this bad.
If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.
Your ISP has a legally established "safe harbor" exclusion. In the U.S. you establish yourself as an ISP when you register your company with the FCC as a telecommunications provider/ISP.
Individuals running TOR exit nodes enjoy no similar protections and will be prosecuted to the fullest extent of the law. Those that are not prosecuted for the illegal act itself will be prosecuted for facilitating/aiding and abetting the criminal activity.
Lawyers, guns, and money.
If you taker packet from somebody without knowing the packet content, hide it on your person or car, then bring it discretely to somebody else, are you a criminal ? In the juridiction I know of, yes you would be seen as a complice of the crime, imagine for example that you are raided while delivering the packet and it turns out it is cocaine, good luck trying to use a defense of "but I did not knew what was inside".
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I run a tor exit node, have open wifi, use free software, and host key parties because I believe in freedom. Also (and this is a common sentiment) running a tor exit node or open wifi gives plausible deniability if the **AA throw a lawsuit at you. The secret service have interviewed (not raided) me a couple times and they've advised me to disable my open wifi. But stories like this make me rethink my stance.
bury yourself in your yard with a cardboard box above your head for air when the police come to question you because you know you're innocent!
http://betabeat.com/2012/11/murder-suspect-and-bath-salts-enthusiast-john-mcafee-claims-hes-innocent/
My God can beat up your God. Just kidding...don't take offense. I know there's no God.
If raided by the policy you need to prove that your innocent of intentionally distributing porn. They will have enough evidence to prove that porn came from your network already. Destroying stuff hurts your case that it didn't start with you. Read the story. The policy became friendly after they checked all his stuff and didn't find anything illegal. He may be able to get his stuff back after paying a fine. If he had destroyed some stuff his chance of going to prison would have encreased dramatically.
What backup plan, if any, should the average nerd have for something like this?
That depends upon what you mean by "something like this?
.
Do you mean to imply that an "average nerd" fosters possible illegal activity?
Or do you mean to imply that having a Tor node is OK?
After all I know, Austria is more like Germany in terms of laws. Which means, unlike in the US, there is no such thing as precedents.
Anyone from Austria here, who's better informed than Weber?
This situation isn't completely unheard of. It's happened a few times before. Raids by technically-clueless police forces are an occupational hazard for TOR exit node operators. It's happened in the US, too. However, this is interesting, as several very large TOR nodes are run in Austria in major datacenters. EDIS, UPC and Silver Server in particular host some well-known, stable ones. Best of luck to this guy. Has he contacted EFF Europe already?
If you host one, it should be clearly and completely separate from everything else (especially with a separate IP), it should ideally be unencrypted - all the information on there, after all, will only corroborate your defence - and it must not log.
Regardless of any risks or their probability or magnitude, we of the TOR project, and the many people whose lives are quite literally saved by TOR every day, salute you intrepid exit node maintainers. You are doing the right thing. Bravo.
https://www.torproject.org/eff/tor-legal-faq:—
Should I run an exit relay from my home?
No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection.
Instead, consider running your exit relay in a commercial facility that is supportive of Tor. Have a separate IP address for your exit relay, and don't route your own traffic through it.
Of course, you should avoid keeping any sensitive or personal information on the computer hosting your exit relay, and you never should use that machine for any illegal purpose.
lots and lots of strong magnets to wipe the whole lot! Wipe all the evidence!
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
The average Nerd is not running a Tor Exit Node. You know the possibilities when you do this, you better have a good lawyer and lots of money. Thats why I stay clear of it.
If you do anything illegal or anything that pisses off the powers that be can you really be surprised when they come calling?
Thats as stupid as walking into a airport holding a squirt gun and holding it out and then being surprised when security tackles your ass. You can reason or make things look or sound however you want in your head but if you do it in the face of those who dont like what youre doing then there will be consequences.
This guy gets whatever comes to him.
Set it up so that if a certain encrypted file isn't updated manually at certain intervals, the entire system self-immolates.
Realistically, though, I've been thinking about building inconspicuous, low-power Tor exit servers that I can dead-drop in places with open wifi. That way, exits can be operated with a minimal threat of legal ramifications for anyone (plausible deniability on the part of the wifi provider).
To that end - anybody know where I can bulk order small form factor, inexpensive low-power computers that are battery pack/solar power friendly?
An enigma, wrapped in a riddle, shrouded in bacon and cheese
> What backup plan, if any, should the average nerd have for something like this?
Don't run a TOR exit node?
This happens often in Alberta.
Back in 2008, a Large IT Company based in Calgary was afraid of what an employee knew which could cause the company from being sold to larger IT Company from Japan.
After they had him arrested on false charges and his name posted across Canada. They ensured he never worked in Information Technology since, as the owner of the company had connections to all other IT companies in Alberta.
In addition, they arranged for all of his computers including Web Servers which were used to run variou business web sites (the person had to open his own company after being arrested repeatly), to be seized. This was done under false charges of 'E-Mails' being sent to the owner of the company at that time.
While the computers and other hardware (including TVs, PS3s, Atari 2600, and VIC 20 used for HAM radio), his parents and him were handcluffed, Animal control removed two small poodles and a cat from the home.
The items were returned after more than 6 months, with most of the items broken. The broken items included missing hard drives from PS3s, cut keyboard cables, and missing case covers for Sparc Servers.
All charges were dropped a few weeks after the IT company was bought out.
Once again, why is this news?
The same thing happend to me last year in UK. I was running TOR node for just two months back in 2009. Had my all computers sized for over half year as suspicion of possesion and distribution of indecent images.
My advice: DONT RUN TOR EXIT NODES. It's not worth it. Even if you are innocent: your reputation can be destroyed. (neighbors, family, girlfriend etc).
TOR its great idea - but exit node owners are taking huge risk: even if you will be cleared you might be charged by something else instead (like possesion of unlicensed software, music etc).
Also my advice: don't be try to be a smartass. You DONT WANT to take case to court - becasue then your name will automaticly land in newspapers next day.
I beg you: dont run TOR servers in home.
I believe the term that applies here is "herp derp". How could you be silly enough to allow anonymous individuals to access the internet through your computer? You might as well go buy a pound of cocaine and put a sign on your street corner advertising a free coke party. Of course this idiot got arrested and got his gear confiscated.
A "nerd" has twenty computers?
That's not a nerd, that's someone in business of some kind.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
ISPs are able to track which client sent which packets and can provide information to law enforcement when illegal activity has taken place over their network. ISPs are also a registered business entity whose purpose is widely recognized as providing internet access to other entities who are responsible for the content they access.
FedEx is able to track who sent a package, who it was addressed to, who took delivery of the package, etc. FedEx can provide information to law enforcement when illegal substances or materials are transported through their shipping system. FedEx is also a registered business entity whose purpose is widely recognized as providing parcel transportation services to other entities who are responsible for the items they ship.
Tor is designed to be completely anonymous and provides no facilities to track who is sending data and who it's destined for. Tor operators cannot provide this information to law enforcement when illegal activity has taken place through a Tor exit node. Tor operators are, in most cases, also not registered business entities. That is why when illegal activity takes place through Tor, the exit node operator is typically the first and only one investigated.
Q: How does the local police department know that Joe Schmoe at 123 Main Street is operating a Tor exit node?
A: They don't. There is no way to tell, aside from computer forensics, whether he was directly involved in illegal activities or not. That's why raids like this happen and will continue to happen. The Tor project warns you about, and you willingly accept the risk of, legal repercussions stemming from operating a Tor exit node.
tl;dr: This isn't news.
If I'd run a Tor exit node, it wouldn't be to anonymize paedophiles, but to help people in oppressive countries avoid persecution and censorship. So can one define a selective exit policy only allowing, for example, IP addresses of mass media websites known to be blocked in China?
My exception safety is -fno-exceptions.
"What backup plan, if any, should the average nerd have for something like this?"
Encrypted backups to SDXC 1TB card(s) as they are very small, put them in small plastic waterproof/airtight containers and hide them in out of the way public places.
And as an aside do this sort of thing on an offshore COLO and communicate using a netbook running a read only distro like DSL.
I killed da wabbit -Elmer Fudd
n/t
How about this: don't do anything illegal or do anything that facilitates the illegal activity of others on the internet. Is that such a difficult concept to grasp?
The perfect, unquestionable reason to justify the right-wing death squad execution of reputation, privacy, anonymity, innocence before proven guilt...
And as all us compliant soccer moms know, at least 30% of every populace are child pron producers and consumers!
I'm surprised Orwell didn't write more about such a powerful tool.
http://lawcomic.net/guide/?p=446
If your in a group video conference with several people, and that data is being sent by way of a P2P network to each individual person; and one person has playing in the background a video of child pornography. Is each person who relayed the date guilty of distributing child pornography.
Because they want to hide their own activities.
I think it was last year of this, that it is now illegal in the U.S to us TOR as an exit-node.
I got an idea, how about we fix the law so exit nodes aren't raided!
Motherfuckers that need to be raided are the ones doing the raids.
http://falkvinge.net/2012/09/07/three-reasons-child-porn-must-be-re-legalized-in-the-coming-decade/
comparing someone else to a nazi will not make your pro-slavery stance appear reasonable by comparison. quite the opposite; it will instead show that you are a total fascist who is willing to reach to no ends in order to try to smear the people he hates the most.
Hello a friend of mine had the same problem. A post in a police forum to kill a man was the cause for beeing arrested at Sunday night at 12.00 PM.
http://news.cnet.com/8301-13739_3-9779225-46.html
hipti
OK, so if the EFF is right, it's safe for Americans to run TOR exit nodes.
What good does this do people in other countries who want to run TOR exit nodes?
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I mean, like corporations do it.
When a corporations is found guilty of selling military secrets to foreign countries, defrauding the IRS for millions, poisoning countless innocent people and kicking a puppy, the worst the get is a slap on the wrist... and maybe millionaire fines.
But you never hear of the houses of CEOs getting raided and all their personal computers and phones getting abducted because of it. Well except Kim Dotcom but we know due process doesn't apply to him. What about us? Can't we do something like that? Can't I use a corporation, or a non-profit to shield myself from ridiculous rides like this?
I mean, I understand that a government doesn't like when citizens use Tor, but why taking all his stuff? It's not like his phone was the exit node. And even if it was the case, what's the legal justification to allow them to search his phone or consoles or whatever without any evidence for it?
But... the future refused to change.
Mods like that above are reason people get what they deserved.
You have chosen free beer over freedom. Now stick with your decision.
http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses
Anyone running a "Tor exit node" is inviting this to happen. Either man up and do it, or don't.
I would at the *very least* have a separate Internet connection for a Tor exit node. I.E. if you have a cable modem, then sign up for DSL if available in your area and dedicate that exclusively to Tor. It would be better if you can create a small corporation that is solely for this purpose, and get the DSL account under that business name, and do nothing else but use that connection for Tor. I believe this would go far to protect you, as any authorities could sniff that traffic and see that it has only been used for Tor and not for anything else.
Is this a joke?
Well, in case it isn't: .. not even an over due book laying around in your house. The feds will turn your house upside down and they WILL find it...
1 - Be sure you are 101% clean
2 - Be sure your extended family is 101% clean, as they will be raided next if your raid turns up nothing.
3 - Expect to lose everything you have for months, if not years. Including your reputation, your job, your family and any finances you had... Get an attorney on retainer, might help you retain freedom during the proceedings..
4 - After the smoke clears, it was still your PC and account that allowed the a crime to be committed, so you are still liable, and most likely will go to jail. Enjoy your stay.
While its a great moral idea, in practical terms it just isn't worth the risk to run any sort of exit node for any 'dark' network.
---- Booth was a patriot ----
curiously absent from list of "serious" contingency plans.
The logical conclusion of allowing Tor is that anyone can communicate with anyone completely freely, including spreading slander, copyrighted material, terrorist planning, etc. No government is prepared to do that, so Tor exit nodes can't be legal (it seems easier to target exit nodes over relays and users). I hope people will change their mind as our society evolves, as I believe that bits can't hurt people (malicious code and commands can, but that's a separate problem)
I would name it something like
--anon-proxy-abuse-complaints-see-www.somewebpage.com--.mydomain.com
www.somewebpage.com would explain what Tor is and how to block it, and provide contact info. The cops might raid me anyway, but at least they wouldn't show up thinking I'm the pedophile/drug dealer/terrorist they're looking for.
What backup plan, if any, should the average nerd have for something like this?
Well I'd start by getting used to having your anus forcefully stretched. Martial arts would be a good idea as well. Maybe you won't end up in Federal Pound-Me-In-The-Ass Prison, but I wouldn't bank on it.
If you can stay out of jail, and assuming you don't have court orders barring you from online activity, then your best bet is to have a variety of encrypted backup in a variety of different locations around the planet. Having a secret bank account opened up under a fake identity wouldn't hurt either, rent a storage unit some place which allows you to put your own combination lock on the door and keep your backup gear there.
And yes, I'm assuming you're not actually a pervert, but that's not really relevant to getting ass-raped by reality.
Obviously both at the same time is better. =)
See you on the barricades!
All rites reversed 2010
Massive newsgroup floods by obviously mentally ill individuals.
So you run a Tor node and you have BT, child porn or nigerian spam traffic coming out of it. Did you really think law enforcement is just going to let you off the hook when you throw your hands up and say it's because you run a Tor node?