Slashdot Mirror


How Boing Boing Handled an FBI Subpoena Over Its Tor Exit Node

An anonymous reader writes: Cory Doctorow has posted an account of what happened when tech culture blog Boing Boing got a federal subpoena over the Tor exit node the site had been running for years. They received the subpoena in June, and the FBI demanded all logs relating to the exit node: specifically, "subscriber records" and "user information" for everybody associated with the exit node's IP address. They were also asked to testify before a federal grand jury. While they were nervous at first, the story has a happy ending. Their lawyer sent a note back to the FBI agent in charge, explaining that the IP address in question was an exit node. The agent actually looked into Tor, realized no logs were available, and cancelled the request. Doctorow considers this encouraging for anyone who's thinking about opening a new exit node: "I'm not saying that everyone who gets a federal subpoena for running a Tor exit node will have this outcome, but the only Tor legal stories that rise to the public's attention are the horrific ones. Here's a counterexample: Fed asks us for our records, we say we don't have any, fed goes away."

2 of 104 comments (clear)

  1. This only works for larger companies. by SuricouRaven · · Score: 4, Insightful

    It's not subpoenas that worry node operators. A company gets subpoenas. An individual gets a squad arriving to smash the door down, throw everyone in the house to the floor and confiscate anything with a battery. All done for very good reason: If a suspect had any warning they may use that time to destroy evidence. Still disruptive enough to discourage operating an exit node.

  2. Re:A service to the community: release the text by Anon-Admin · · Score: 4, Insightful

    Not true, I ran an anonymous service for years. (Long before TOR became popular)

    I was visited by the FBI and Secret Service. I was also served warrants and subpoenas.

    The truth is, there is no law requiring that you track users or maintain logs of user activity. (In the USA)

    If you respond politely that let them know that it is part of an anon service and there are no logs available, they normally drop the request.