Forgot your password?
typodupeerror
Censorship EU Encryption Privacy The Internet Your Rights Online

Raided For Running a Tor Exit Node 325

Posted by Soulskill
from the internet-over-tor-is-a-series-of-tubers dept.
An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"
This discussion has been archived. No new comments can be posted.

Raided For Running a Tor Exit Node

Comments Filter:
  • by bobstreo (1320787) on Friday November 30, 2012 @11:55AM (#42142127)

    Cloud storage, and make the exit node a leech off your neighbors wifi.

    • by buchner.johannes (1139593) on Friday November 30, 2012 @12:05PM (#42142239) Homepage Journal

      You suggest pumping 30 terabytes of data per day through your neighbors wifi?

  • Backup Plan (Score:5, Insightful)

    by Sigvatr (1207234) on Friday November 30, 2012 @11:55AM (#42142129)
    Lots of money.
    • by schlachter (862210) on Friday November 30, 2012 @12:28PM (#42142601)

      bury yourself in your yard with a cardboard box above your head for air when the police come to question you because you know you're innocent!
      http://betabeat.com/2012/11/murder-suspect-and-bath-salts-enthusiast-john-mcafee-claims-hes-innocent/ [betabeat.com]

    • Re:Backup Plan (Score:5, Interesting)

      by MightyYar (622222) on Friday November 30, 2012 @01:27PM (#42143763)

      Instead of trying to run a TOR server yourself, and needing to defend yourself, let a charity [noisebridge.net] take care of it for you. Your money will end up being pre-tax dollars and will then go farther, and if you really want to be more hands-on you could probably volunteer.

      For EU residents, there is a tax-deductible German [torservers.net] charity of the same ilk.

  • by Anonymous Coward on Friday November 30, 2012 @11:56AM (#42142131)

    Look at Kim Dotcom.

    • by rtfa-troll (1340807) on Friday November 30, 2012 @02:46PM (#42145113)

      Look at Kim Dotcom.

      I think Kim is, a definite lesson here. What he was doing is really similar to running a Tor exit node but his attitude to it was almost guaranteed to get him into trouble. If you do plan to run one, you want to do a bunch of things differently from the way he does it. Here are some ideas, but remember that some of them might be a really bad idea in one place and a fine idea in a different one. Talk to not just a lawyer, but a lawyer who is actually working for you (more later).

      Make sure you, yourself are squeaky clean. Don't break other laws even if you disagree with them. For example, I'm deeply opposed to the media industry (RIAA & MPAA) but I don't consider it a terrible life threatening hardship to go without their products. Thus, if I actually for some sick reason or other found myself wanting to listen to Lady Gaga I would go out and buy a DRM free CD. I would rip it, however that is legal where I live so it's not a legal risk. Make sure that all your media, software etc. is 100% legal.

      Secondly; Kim seems to have been setting out to tweak the whiskers of big media. His moral case was never very strong. Make very sure that the reason that you are involved is strongly about protected free speech. Make your views clear; make sure that they are openly registered somewhere.

      Thirdly; People in Kim's organisation seem to have been caught supporting piracy and so on. You might want to see when you can identify pirating connections and block them. Nice is to show a little page telling them you identified them (e.g. from the identifiers in their traffic) and explaining why they are overloading the system. You want to be really active in blocking or even hunting down users that are invovled in things like child pornography. This is a bit difficult; merely reporting something might make you of interest; however if you are active in combatting child pornographers this makes it difficult to accuse you of supporting them.

      Forthly; Kim was trying to make a profitable service; this makes it easy to portray him as greedy sponger. Make sure you don't accept any money for your work; not even expenses.

      Fifthly; where Kim was all about personality and basically painted a big target sign on himself, consider hiding behind an association. Get together as a group of people who believe in tor, and have a leadership of people who are not actively involved in any way in the day to day running of the service (best if they have no practical knowledge of where the servers are and who owns them. )

      Having an association will also allow you to do a bunch of legal things; e.g. hiring a lawyer as a group; which would be difficult otherwise. You will be able to talk to the government as a group. If they say that what you are doing is illegal, you will be able to take them to court without any particular individual having to risk taking the stand for what they are already doing.

  • by xtal (49134) on Friday November 30, 2012 @11:58AM (#42142149)

    If you're running Tor, or FreeNet, or anything else with the possibility of pissing off the man - be prepared for the concequences. The authorities repsonse here is pretty standard across the board.

    Any Freenet nodes get raided? That's a good test for how secure the system is.

  • ISPs as well? (Score:5, Insightful)

    by grahamm (8844) <gmurray@webwayone.co.uk> on Friday November 30, 2012 @11:58AM (#42142153) Homepage

    If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.

    • Re:ISPs as well? (Score:4, Insightful)

      by Anonymous Coward on Friday November 30, 2012 @12:09PM (#42142283)

      Just like the mail service can be held responsible if they deliver a package with drugs in it? It's basically the same thing as bringing a bag full of drugs that a stranger gave you while on holidays... right?
      No.
      Common Carrier vs Doing a Favour for a Stranger.
      Totally different.

      • Re:ISPs as well? (Score:4, Interesting)

        by ZombieBraintrust (1685608) on Friday November 30, 2012 @12:25PM (#42142535)
        ISP will work with law enforcement to identify the person who sent the packet. That is why they are not prosecuted. The Tor exit node operator can not do that. The tech is designed to prevent it.
        • by hduff (570443) <hoytduff AT gmail DOT com> on Friday November 30, 2012 @12:37PM (#42142743) Homepage Journal

          ISP will work with law enforcement to identify the person who sent the packet. That is why they are not prosecuted. The Tor exit node operator can not do that. The tech is designed to prevent it.

          Well then, the Tor exit node operator can cooperate fully.

          • Deliberately making resources available to anonymous parties to do anything they like sounds like a great way to be charged with some form of criminal negligence, and probably held liable (to some degree, at least) in civil proceedings, too.

            I'm having trouble thinking of a real-world analogy for it where you wouldn't be held responsible for that, in fact.

            • Re:ISPs as well? (Score:5, Insightful)

              by Intropy (2009018) on Friday November 30, 2012 @01:59PM (#42144329)

              Since you asked. Real-world analogies where you wouldn't be held responsible:

              You deliberately have no fence around your yard so that anyone who likes can walk across it from one side to the other. You will not be charged if someone flees from the police through your yard.

              You and your neighbors pool various gardening tools and keep them in an unlocked tool shed so that anyone can use them with a policy being that you trust people to bring the tools back. You will not be charged if someone steal a shovel and uses it to kill someone.

              You are zip car. Someone uses one to commit any of the ten million crimes you can commit with cars. You will not be charged.

      • by ewieling (90662)
        The problem with this logic is that ISPs are not considered Common Carriers in the actual USA LAWS. ISPs don't want to be Common Carriers because Common Carriers are highly regulated. Acting like a dog doesn't make you a dog. Acting like a common carrier does not make you a common carrier.
    • Re:ISPs as well? (Score:4, Interesting)

      by TheRealMindChild (743925) on Friday November 30, 2012 @12:10PM (#42142317) Homepage Journal
      No. Your ISP probably does little more than route traffic properly to the next router. A TOR exit node is an actual entity distributing data to others. A good analogy would be, your ISP is a self checkout line, and the TOR exit node is a physical employee walking the transaction through to completion. One is dumb, one is not
      • by KiloByte (825081)

        How come? An ISP router shuffles packets from one layer 1/2 protocol to another (ATM, Ethernet, ...), completely changing their encapsulation but not affecting the actual content. A TOR node shuffles packets from an encapsulated form to another, not affecting the content. What's the difference?

        • Re:ISPs as well? (Score:5, Insightful)

          by tilante (2547392) on Friday November 30, 2012 @12:39PM (#42142791)

          Well, here's a couple of differences....

          Your ISP has an acceptable use policy that you are required to agree to in order to get service from them, which most likely states that you're not allowed to do anything illegal, and that if you do use their network to do something illegal, you agree that you are wholly responsible for it. It also keeps records, so that it can cooperate with the authorities in tracking down people who are using their network for illegal purposes.

          A Tor operator, on the other hand, by design does not know who is using their connection, and thus, cannot enforce that their users must agree to any policy. Further, and again by design, a Tor node does not keep any records that can be used to help authorities track down people using that connection for illegal purposes.

          Much of the law operates on the basis of what a 'reasonable person' would understand. A reasonable person would understand that, given their policies and practices, a typical ISP is not attempting to shield people performing illegal activities. On the other hand, a reasonable person who knows what a Tor exit node is and sets one up should understand that there is a high chance that there will be illegal activities being funneled through their node.

          So, from a legal point of view, there's a big difference. Now, ethics and morals... those are different things. But honestly, if you're not willing to go to jail to defend the principle that people should be able to anonymously use the Internet, then maybe operating a Tor exit node isn't something you should be doing.

          • Re:ISPs as well? (Score:4, Insightful)

            by Githaron (2462596) on Friday November 30, 2012 @01:16PM (#42143547)
            Tor does not attempt to shield illegal activities. It attempts to keep private data private. To do so completely, the network operators themselves must not be able to track back the data to the original request or view the contents. Yes, this can be abused by criminals but that doesn't make the network operator responsible. I don't see the police busting down the door of sport stores, confiscating the contents, and arresting the manager whenever they sell a ski mask to a random, cash paying customer that so happens to later use it in a bank robbery. They should be going after the criminals not the network operators.
      • by X.25 (255792)

        No. Your ISP probably does little more than route traffic properly to the next router. A TOR exit node is an actual entity distributing data to others. A good analogy would be, your ISP is a self checkout line, and the TOR exit node is a physical employee walking the transaction through to completion. One is dumb, one is not

        Hahaha.

        Wow, I haven't read something this bad in a long time.

    • Re:ISPs as well? (Score:4, Insightful)

      by buchner.johannes (1139593) on Friday November 30, 2012 @12:16PM (#42142397) Homepage Journal

      For the police it is pretty clear that an ISP almost exclusively forwards traffic, so it makes sense to contact them to get connection details for specific illegal activities. There is no way to know from the outside whether a home line is used by a person or is forwarding someone elses requests like Tor (rare). So you have to hold that person, in the first step, accountable for the traffic that comes from his place.

      Then in the process of the allegations, you can show plausible deniability, e.g. you are well-known to run a Tor exit node / participate in the Tor community, and the raid did not turn up any illegal material stored on your drives.

      While it is extremely annoying to the guy, I do understand the taken measures (except perhaps the power-cord ripping). It really depends on the judge now though, hopefully they don't decide something silly. The question is really whether it is your responsibility to check each forwarded request (ISPs must not read content, or store anything beyond what is needed for forwarding and billing), and whether you may allow anonymous forwarding (ISPs don't I believe, not sure what the law says there).

      • Re:ISPs as well? (Score:5, Interesting)

        by buchner.johannes (1139593) on Friday November 30, 2012 @12:45PM (#42142919) Homepage Journal

        I just read up the law (TKG, should be similar to the European law). I learned two things

          - Anyone can become a ISP/telecom. You have to register, but the gov doesn't stop you.
          - Participants have the right to taken into records (written or electronic, to be made available to other ISPs/telecoms+gov) of each participant: Family name, name, academic title, address, ID, and, if the participant wants, occupation. (18 p1-1, 69 p3)
              But apparently, this is only a right of the participants, so it does not say anywhere that you are not allowed to provide anonymous services. In fact, participants have the right to have their records deleted too.

        Solution: Register your Tor exit node as a communication service. If records are requested, say that your participants all don't want their records stored.
        Caveat: You have to provide your services to anyone, and people who insist on having their names stored have a right on that. Why anyone would want to use Tor and be identified is beyond me though.
        Finally, you may have to comply with data retention laws, i.e. store connection data (not records) for 6 months. Since nobody will be able to use this data anyways, with Tor nodes overseas, that's not a killer.

    • by Anonymous Coward

      If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.

      Your ISP has a legally established "safe harbor" exclusion. In the U.S. you establish yourself as an ISP when you register your company with the FCC as a telecommunications provider/ISP.

      Individuals running TOR exit nodes enjoy no similar protections and will be prosecuted to the fullest extent of the law. Those that are not prosecuted for the illegal act itself will be prosecuted for facilitating/aiding and abetting the criminal activity.

    • Re:ISPs as well? (Score:4, Insightful)

      by Anonymous Coward on Friday November 30, 2012 @01:03PM (#42143305)

      We (including the very smart lawyers at the EFF) believe Tor nodes qualify as transmission providers under DMCA 512(a), not 512(c). This makes them exempt from "notice and takedown" procedures, including the need to issue "putback" responses. The EFF has even prepared a template response for improper DMCA 512(c) takedown notices.

      Question: What are the criteria a service provider must satisfy in order to qualify for safe harbor protection under Subsection 512(a) of the Digital Millennium Copyright Act?

      Answer: Subsection 512(a) provides a safe harbor for service providers in regard to communications that do not reside on the service provider?s system or network, but merely pass ?through? the system or network. Any copies of the communications on the system must be temporary, i.e., ?intermediate or transient.?

      A service provider must satisfy the following critical elements in order to qualify for the ?safe harbor? or protection from liability provided by subsection 512(a) (note that subsection 512(k)(1)(A) defines ?service provider? as used in subsection 512(a)):

      (a) The service provider is an entity offering the transmission, routing, or providing of connections for digital online communications [512(k)(1)(A)];
      (b) The service provider did not initiated the transmission of the material [512(a)(1)]
      (b) The transmission, routing, provision of connections, or storage is carried out by an automatic technical process [512(a)(2)];
      (c) The Internet user, not the service provider, must select the origination and destination points of the communication [512(a)(3) and 512(k)(1)(A)];
      (e) The service provider must not modify the communication selected by the Internet user [512(a)(5)];
      (f) The communication is transmitted ?through? the system or network of the service provider [512(a)(2)];
      (f) No copy of the communication is maintained on the system or network in a manner ordinarily accessible to anyone other than anticipated recipients [512(a)(4)]; and
      (g) No copy is maintained on the system or network in a manner ordinarily accessible to anticipated recipients for a longer period than is reasonably necessary for the transmission, routing, and provision of connections [512(a)(4)].

      https://www.torproject.org/eff/tor-dmca-response.html

  • by Hatta (162192) on Friday November 30, 2012 @11:59AM (#42142161) Journal

    Run a dark net.

  • by NettiWelho (1147351) on Friday November 30, 2012 @12:00PM (#42142177)

    "What backup plan, if any, should the average nerd have for something like this?"

    Select a new exit node, duh.

  • by h4rr4r (612664) on Friday November 30, 2012 @12:01PM (#42142193)

    I think not running TOR is about all you can do.

    Of course if this is something they can prosecute you for, can they also prosecute your ISP as well?

  • thermite (Score:4, Funny)

    by WillgasM (1646719) on Friday November 30, 2012 @12:02PM (#42142205) Homepage
    You mean to tell me you guys don't have your cases rigged with thermite?
  • Not running a Tor exit node. Really, they could say that any participant of the Tor network could have been participating in distribution of illegal materials; running an exit node just lets them prove the exit node operator in particular was doing so.

  • Shipping analogy (Score:5, Insightful)

    by LaminatorX (410794) <sabotage.praecantator@com> on Friday November 30, 2012 @12:03PM (#42142211) Homepage

    If you ship contraband via FedEx, is FedEx a criminal?

    • by knarfling (735361)
      That depends. Did you put the words, "Heroin inside. Handle with care." on the outside of the package? Did it still ship with those words on the box?
      • by Z00L00K (682162) on Friday November 30, 2012 @01:24PM (#42143711) Homepage

        You may write whatever you like on the content label. But you will take a risk that it's taken literally.

        Like the person that sent his photos in a mail protected by a 1/2 inch aluminum plate and then wrote on the content label "bend this if you can" - it arrived to the recipient neatly bent to 90 degrees...

    • by blueg3 (192743)

      No, but the authorities are very familiar with what FedEx does and it's very visible. If you ran a local package-delivery service and the authorities found that big boxes of drugs keep managing to come from your facility, you can bet that they will show up, take some of your stuff, demand a bunch of records, and ask some very pointed questions. If you really know nothing about the drug cartels shipping product through your company, you'll probably be fine.

      The same goes here, though laws very dramatically by

      • Oh c'mon, Western Union has been used as a mule for money laundering in ID theft cases for ages now and they weren't even required to change their policies.

        What it comes down to is whether you have enough money to stand up for yourself.

    • by squiggleslash (241428) on Friday November 30, 2012 @12:17PM (#42142403) Homepage Journal

      If FedEx actively advertises the fact that shipping via them prevents law enforcement from prying into what it is you're shipping, then... may be.

      The problem with Tor is its advertised application. It's a network designed to prevent you from being snooped upon, but by and large the (work of mouth) advertising isn't "And this way Google will never be able to select ads that are of interest to you" or "You don't have to worry that your affair will be discovered by your spouse" (to use two extremes) but "The government will not be able to snoop on you!"

      And while, yes, there are occasions that the government snoops on people maliciously and illegally, it remains the case, today, that the primary reason why the government snoops on people is, well, because they're enforcing laws. Joe Sheriff doesn't care that much about the fact you voted for Obama or believe Bradly Manning is being treated unfairly, but he sure as hell cares about people sending each other child pornography, or orders for illegal drugs, or even getting copyrighted movies without the permission of the copyright holders and not paying for them, or whatever.

      And so you have idealistic nerds saying "I know, let's be the next Amnesty International and provide a way for dissidents to swap messages about how terrible the regimes are that they live under", and you get the idealistic nerds using it, because they know it's not going to work otherwise and, sure, maybe one or two of those dissidents using it, and a few paranoid rednecks who are convinced Obama will take their guns away if they talk about them in public.... and you also get a lot of people using this network that's secure against government snooping for doing the things that governments actually legitimately snoop on, you know, doing stuff illegally. Did I say "A lot of people"? Maybe most, I don't know. It would not exactly be surprising if most Tor users are actually using it for illegal stuff, even if the majority of those Tor users are using it for stuff nerds don't see as wrong, such as trading copyrighted movies without the permission of the copyright holder.

      I don't think Tor can work as is. It's a nice, idealistic, concept, but...

      • It's a network designed to prevent you from being snooped upon, but by and large the (work of mouth) advertising isn't "And this way Google will never be able to select ads that are of interest to you" or "You don't have to worry that your affair will be discovered by your spouse" (to use two extremes) but "The government will not be able to snoop on you!"

        The "word of mouth" I hear about Tor is that it's software originally developed by the U.S. government that can to help people in China and Syria and ot [torproject.org]

    • No, but that probably has more to do with FedEx's wealth vs a lowly human citizen's wealth than anything else.
    • If you taker packet from somebody without knowing the packet content, hide it on your person or car, then bring it discretely to somebody else, are you a criminal ? In the juridiction I know of, yes you would be seen as a complice of the crime, imagine for example that you are raided while delivering the packet and it turns out it is cocaine, good luck trying to use a defense of "but I did not knew what was inside".
      • by X.25 (255792)

        If you taker packet from somebody without knowing the packet content, hide it on your person or car, then bring it discretely to somebody else, are you a criminal ? In the juridiction I know of, yes you would be seen as a complice of the crime, imagine for example that you are raided while delivering the packet and it turns out it is cocaine, good luck trying to use a defense of "but I did not knew what was inside".

        It would appear that mostly people that have no fucking idea how Tor works are trying to comment on it.

        Brilliant.

    • No because
      1. The government needs FedEx and it's too big to fail
      2. Because they have money and lobbyists.

    • by emt377 (610337)

      If you ship contraband via FedEx, is FedEx a criminal?

      You have to provide ID to ship, and FedEx will x-ray or otherwise examine the package. If they see what looks like contraband they'll contact the appropriate law enforcement organization (ATF etc). If a TOR operator took similar precautions they'd likely avoid prosecution as well.

  • Never (Score:2, Insightful)

    by Anonymous Coward

    If you want real security, you should be using a network where the data never "exits" from the secure zone. And never let other people use your network blindly for their own purposes, until something like common carrier status is established for that sort of thing.

    This was Austria. I can't imagine the FBI or any other local jurisdiction being that much friendlier. Even if the law is technically on your side, expect to have to lose everything defending your rights.

    • Re:Never (Score:4, Interesting)

      by borcharc (56372) * on Friday November 30, 2012 @12:10PM (#42142313)

      They have a history of doing stuff like this in Austria (Germany also). I am now aware of this happening in the US, we have fairly clear laws on the subject. I have ran a 5 mb/sec exit node unmolested, without even one single abuse complaint for 10 years. Anyone who sees the obvious tor-exit hostname in their logs knows whats up, if they are still confused the exit node notice [torproject.org] should clear things up. The EU has been trying to get some reasonable laws passed but their broken economy steels the show.

  • by Maximum Prophet (716608) on Friday November 30, 2012 @12:04PM (#42142225)
    It's hard for the average nerd, you either have to be so small and invisible that you can take off at a moment's notice, or maintain shell corporations that own all the stuff that might get taken. If you own a house, or have a family that you care about, fugetaboutit.
  • Define "average?" (Score:4, Insightful)

    by Shoten (260439) on Friday November 30, 2012 @12:04PM (#42142227)

    What backup plan, if any, should the average nerd have for something like this?

    What average nerd runs a TOR exit node?

    • i would but i cant afford the bandwidth.

    • by tilante (2547392)

      I would guess that the original poster's question is meant to be more "What backup plan should the average nerd have in case all their electronics are seized or destroyed for some reason" rather than "What backup plan should the average nerd have in case the Tor exit node they operate is taken down".

      Keeping off-site copies of important data is a good plan - either backed up at a cloud storage provider, or periodically burned to DVD and put somewhere else. Having some paper records of very important thing

  • by Anonymous Coward on Friday November 30, 2012 @12:06PM (#42142243)

    I've wondered, from day one, why anyone would be crazy enough to run a TOR exit node. Why would you willing serve as the front man for someone else's unknown but likely illegal activity? It's just crazy.

    Running an exit node is just begging to get arrested for child porn. I'm positively amazed that it doesn't happen a LOT more often.

    • by pipatron (966506)
      Yeah, what crazy people would risk anything at all for a little freedom? Crazytalk. I better just shut up and keep updating my facebook status.
      • What freedoms is it about? Freedom of speech? You wouldn't have any reason to be arrested. Freedom to do illegal things without interference? Be ready for the consequences. Freedom of privacy? Nice and all, but you need to be prepared to accept the responsibility for protecting others' privacy and them abusing it.

        You can't have all flavors of cake, the world is far more selfish and less ideological than you. There is a dream where someone can host a data agnostic service and not be responsible for policin
    • Because they want to hide their own activities.
  • by hendrikboom (1001110) on Friday November 30, 2012 @12:12PM (#42142339)

    If I were an American nerd, I could just argue that running the exit node is my patriotic duty. After all, the NSA wants there to be a lot of tor traffic so it can send its state secrets securely.

  • I guess they should arrest all pawn shop owners as they often facilitate the fencing of stolen goods.

    • What you mean is, "They should arrest pawn shop owners that facilitate fencing stolen goods", which they do, as they aren't arresting all owners of Tor exit nodes, just ones they can show are doing illegal things.
      • Re:With that logic (Score:5, Insightful)

        by Dishwasha (125561) on Friday November 30, 2012 @01:09PM (#42143425)

        No, in both cases the pawn shop owner (or Tor node operator in this case) wasn't explicitly aware that their business (or Tor node) was being used to steal goods (or illegal online activity). The pawn shop owner (or Tor node operator) is likely aware that running a pawn shop (or Tor node) carries the risk that illegal goods (or illegal online activity) will be filtered through, though predictive knowledge itself is not a crime. Rather than seeking the assistance of the business owner (or Tor node operator) in tracking down the perpetrator, the authorities chose to instead implicate the business owner (or Tor node operator) directly for the illegal activities of the perpetrator who utilized the business owner's (or Tor node operator's) property to carry out those illegal activities.

        See how that analogy works there? If they arrested all pawn shop owners who had facilitated the stealing of stolen goods without explicit knowledge then likely all pawn shop owners would be arrested.

  • by slashmydots (2189826) on Friday November 30, 2012 @12:19PM (#42142441)

    What backup plan, if any, should the average nerd have for something like this?

    1. Don't run an exit node
    2. if 1 fails, fly to Belize and live blog my evasion of the local police

  • by SuricouRaven (1897204) on Friday November 30, 2012 @12:21PM (#42142463)

    Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure. The standard police procedure is 'if in doubt, take everything,' because it isn't practical to train frontline officers to work out what is and isn't potentially evidence. That's why they take cell phones and games consoles. That and, as the more cynical point out, the more miserable they can make the defendent the easier it is to force a plea bargin. So they'll take all your backups too.

    You can forget about getting that back, too. Even if all charges are dropped. Law enforcement is well-known all around the world for their reluctance to return siezed evidence, espicially evidence that may one day go into police auction. Even if they are willing to return it, many areas have overwhelmed forensics staff and computers can sit in the locker for months before there is an expert available to poke around and declare them free of anything incriminating.

    So if you do have reason to worry about being raided - eg, you run an open wireless hotspot or exit node - then a sensible precaution is to keep backups of critical data somewhere out of reach, like a cloud store hosted overseas, or drives left with trusted friends for safekeeping. Making sure, of course, that no-one else knows - you don't want them to get raided too!

    Also beware of another police policy. It varies by country, and even by state and district, but many departments are loathe to let any accused off without charge or found not guilty - it makes them look incompetent, wrongly arresting someone. So they will likely resort to the 'throw the book' approach, going through the evidence looking for any other, unrelated crimes they can find. Sure, you may not have actually launched that attack or trafficked those illegal files they raided you for - but if, in the process of investigating, they discover you've been involved in piracy or find chat logs of you talking about your drunken vandalism or theft of office supplies, or something which would be otherwise borderline illegal, they will happily add more charges - insurance in case you were innocent of the original accusations, and to pile on more pressure for a plea bargin. Prosecutors love guilty pleas - much more reliable than actually having to prove something beyond reasonable doubt.

    You can encrypt, of course. But that just makes you look even more suspicious, plus in most countries now it's either an explicit crime to withhold keys from police or considered a form of withholding evidence, either of which gets you jailed anyway. Even if you legally wriggle free from that, good luck getting a jury to see it as anything other than a sign you are trying to hide evidence of whatever terrible act you are accused of.

    • by omnichad (1198475)

      Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure

      Off-site backup is part of that.

  • The Simple Truth? (Score:4, Insightful)

    by fallen1 (230220) on Friday November 30, 2012 @12:22PM (#42142475) Homepage

    Simply tell the prosecution / judge - "I run a TOR exit node to help preserve freedoms on the internet, especially those of people oppressed in countries like Syria and other places. If you choose to prosecute me for running a TOR exit node which, by its stated purpose and nature, is encrypted and anonymous AND which I have no control of the data flowing through it then you must also prosecute EVERY internet service provider over which the same data flowed. I do not know now, nor have I ever known, exactly what data flows over the exit node. Just like ISPs do not know what data is flowing over their networks."

    DO NOTHING ELSE. Even if it makes complete sense to you (keeping an encrypted backup of all your data and computer images off-site), the prosecution will do what they can to skew that to "Why did you keep encrypted backups off-site? What are you hiding?" Fuck 'em. Don't give them any ammunition in their fear-mongering quest to rule your life. Come away clean and then lawyer up and sue the police departments, all government levels* involved, and even the prosecutor. Your aim with the lawsuits is not to get paid, it is to get all your electronics back in a timely manner if they refuse to give them back once you are cleared. Of course, if they're being dicks about it then the object is to get your equipment back and get VERY large settlements.

    *Not sure how the government levels are in Austria, but here in the United States we have city government, county government, then state, then federal. Depending on who is doing the prosecution, I would start my lawsuits with that level of government and work my way down. Same with the police forces involved.

    • by tilante (2547392) on Friday November 30, 2012 @01:04PM (#42143319)

      You can tell them that... but they're not going to buy it. First off, ISPs operate under legally-established safe harbor provisions, which require them to do certain things. If you haven't also done those things, then you're not operating under the safe harbor provisions, and thus, the rules that apply to you aren't the same as those that apply to the ISPs. It's not simply a matter of not knowing what data goes through your network - there are other things you have to do, which include keeping certain types of records about your users... and TOR by design does not do that.

      Second, prosecutors have leeway to choose which cases they will prosecute - so your "you must also prosecute" is simply not true, and the prosecution and judge both know this. So they'll simply ignore your speech, and instruct the jury to do so as well.

      Now, whether these things are right is a separate question - but there are definite legal differences between an ISP and you, if you're operating a TOR node.

  • Lawyers, guns, and money.
  • What backup plan, if any, should the average nerd have for something like this?

    That depends upon what you mean by "something like this?

    .
    Do you mean to imply that an "average nerd" fosters possible illegal activity?

    Or do you mean to imply that having a Tor node is OK?

  • by Anonymous Coward

    This situation isn't completely unheard of. It's happened a few times before. Raids by technically-clueless police forces are an occupational hazard for TOR exit node operators. It's happened in the US, too. However, this is interesting, as several very large TOR nodes are run in Austria in major datacenters. EDIS, UPC and Silver Server in particular host some well-known, stable ones. Best of luck to this guy. Has he contacted EFF Europe already?

    If you host one, it should be clearly and completely separate

    • by lbft (950835)

      The node was in a datacentre in another country.

      He was raided at home based on the address details the police obtained from the datacentre.

  • Deadman's Switch (Score:5, Interesting)

    by CanHasDIY (1672858) on Friday November 30, 2012 @01:11PM (#42143455) Homepage Journal
    Set it up so that if a certain encrypted file isn't updated manually at certain intervals, the entire system self-immolates.

    Realistically, though, I've been thinking about building inconspicuous, low-power Tor exit servers that I can dead-drop in places with open wifi. That way, exits can be operated with a minimal threat of legal ramifications for anyone (plausible deniability on the part of the wifi provider).

    To that end - anybody know where I can bulk order small form factor, inexpensive low-power computers that are battery pack/solar power friendly?
    • by RobinH (124750)
      So someone has the courtesy to run an open WiFi node and you screw them by dumping a Tor exit node on their connection. Or better yet, Grandma calls technical support at her ISP because the "internet isn't working" and the first thing the ISP's technical support does is have her do a hardware reset of her WiFi router, erasing it to factory defaults (happened to my parents), and then after determining it was a cable modem problem, never walks her through setting up the WPA2 with a password again (which her
  • by kelemvor4 (1980226) on Friday November 30, 2012 @01:32PM (#42143859)
    I believe the term that applies here is "herp derp [urbandictionary.com]". How could you be silly enough to allow anonymous individuals to access the internet through your computer? You might as well go buy a pound of cocaine and put a sign on your street corner advertising a free coke party. Of course this idiot got arrested and got his gear confiscated.
  • by ThatsNotPudding (1045640) on Friday November 30, 2012 @02:16PM (#42144581)
    The perfect, unquestionable reason to justify the right-wing death squad execution of reputation, privacy, anonymity, innocence before proven guilt...

    And as all us compliant soccer moms know, at least 30% of every populace are child pron producers and consumers!

    I'm surprised Orwell didn't write more about such a powerful tool.

COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray

Working...