Slashdot Mirror


How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

4 of 104 comments (clear)

  1. Re:A service to the community: release the text by tlhIngan · · Score: 3, Insightful

    Note the FBI asked for logs and stuff - they were assuming the IP address in question was loaned out - either they were an ISP, or maybe a VPN provider, or some other thing.

    Presumably Boing Boing owns enough IP addresses that they can dedicate it just for TOR exit nodes. And nothing else - I mean, if they had a webserver on it, they presumably they would have logs to hand over.

    If it was you or I with a leaf connection to our ISP, then most likely things will not be so easy - since they will go after the ISP, who will happily give up your information. Unless of course, you decide you want to give Comcast more money and buy a connection just to run Tor on.

    So the trick may work in the limited case where yes, it's a dedicated Tor exit node and not used for anything else. But if there's a chance it was used for personal reason or there were logs for some other service, then maybe things won't be so good.

  2. This only works for larger companies. by SuricouRaven · · Score: 4, Insightful

    It's not subpoenas that worry node operators. A company gets subpoenas. An individual gets a squad arriving to smash the door down, throw everyone in the house to the floor and confiscate anything with a battery. All done for very good reason: If a suspect had any warning they may use that time to destroy evidence. Still disruptive enough to discourage operating an exit node.

  3. Re: While it might make conspiracy nuts sad by Anonymous Coward · · Score: 3, Insightful

    And this, kiddies, is why we don't keep records any longer than we have to. Not keeping them at all is even better.

  4. Re:A service to the community: release the text by Anon-Admin · · Score: 4, Insightful

    Not true, I ran an anonymous service for years. (Long before TOR became popular)

    I was visited by the FBI and Secret Service. I was also served warrants and subpoenas.

    The truth is, there is no law requiring that you track users or maintain logs of user activity. (In the USA)

    If you respond politely that let them know that it is part of an anon service and there are no logs available, they normally drop the request.