Raided For Running a Tor Exit Node

An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"

Be prepared for the concequences

[xtal]

If you're running Tor, or FreeNet, or anything else with the possibility of pissing off the man - be prepared for the concequences. The authorities repsonse here is pretty standard across the board.

Any Freenet nodes get raided? That's a good test for how secure the system is.

Re:Store your data someplace else

[Shoten]

The original question was how does a Tor-running geek prepare for a computer seizure by authorities. One answer is to backup your data to the cloud, so even after they have your computers, you can at least go buy a new beige box and keep working. That's what the GP was getting at.

Actually, the question had to do with running a Tor Exit Node...essentially, how to protect yourself in this situation.

"What backup plan, if any, should the average nerd have for something like this?"

...for an article about getting busted for running an exit node. And you can't have one, really. From a procedural perspective, that's the point. Half the intent of this kind of enforcement action is to utterly cripple the activity they suspect of taking place. If you're dealing in child porn, as was the trigger for this, they WANT to leave you without a backup plan. They deliberately do everything in their considerable power to leave you unable to send/receive/view/photoshop/make monopoly money out of the images/video/whatever. And they've had practice at it. They will take any computer you have, and demand access to any external storage you have as well. It's just like a physical search and seizure for physical evidence; the warrant covers all storage you own or have rights to, including your home, and even if you have a storage container they know about. And you can be absolutely sure that they will have watched your communications for a little while before raiding you, and would see if you're running backups to an external site. And the guy had dozens of storage devices...HP servers. Good luck backing that up to the cloud without it being incredibly obvious.

The other technical problem is this: your node will be seen as the point of origination for any traffic that goes to the Internet. You don't control that traffic, and don't have any insight into it before it arrives where you are. You're giving up control of your network, to some degree, to parties unknown with reason to hide. In some cases they have reason to hide because other people are bad, and in some cases they themselves are bad, which is why they want to hide. But you can't tell the difference without actually inspecting the content...all of it. (And if you have a way to do that reliably in a situation with no context please do let me know. I know a few VCs who will gladly fund you, because that level of automated content classification on-the-fly on a network is the holy grail of several aspects of information security.) There is no easy way to detect with any level of certainty that you are not actually involved in the activity you're facilitating without seizing your computers and validating that you're not actually running the software behind the traffic or storing the data that was sent to/from your node.

But you know what? None of that matters...because the problem is about running the exit node, not being the one with something to hide. It's not your traffic that got their attention, just the fact that you're the only person they could find who was associated with it. So your options are to take the risk, or don't be an exit node. And again, this is something the article pretty much states outright, so if you've read it, you'd know that.