Raided For Running a Tor Exit Node

An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"

Be prepared for the concequences

[xtal]

If you're running Tor, or FreeNet, or anything else with the possibility of pissing off the man - be prepared for the concequences. The authorities repsonse here is pretty standard across the board.

Any Freenet nodes get raided? That's a good test for how secure the system is.

Safe Harbor Only For Telecoms And ISPs

[Anonymous Coward]

If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.

Your ISP has a legally established "safe harbor" exclusion. In the U.S. you establish yourself as an ISP when you register your company with the FCC as a telecommunications provider/ISP.

Individuals running TOR exit nodes enjoy no similar protections and will be prosecuted to the fullest extent of the law. Those that are not prosecuted for the illegal act itself will be prosecuted for facilitating/aiding and abetting the criminal activity.

It's in the Legal FAQ

[Anonymous Coward]

This situation isn't completely unheard of. It's happened a few times before. Raids by technically-clueless police forces are an occupational hazard for TOR exit node operators. It's happened in the US, too. However, this is interesting, as several very large TOR nodes are run in Austria in major datacenters. EDIS, UPC and Silver Server in particular host some well-known, stable ones. Best of luck to this guy. Has he contacted EFF Europe already?

If you host one, it should be clearly and completely separate from everything else (especially with a separate IP), it should ideally be unencrypted - all the information on there, after all, will only corroborate your defence - and it must not log.

Regardless of any risks or their probability or magnitude, we of the TOR project, and the many people whose lives are quite literally saved by TOR every day, salute you intrepid exit node maintainers. You are doing the right thing. Bravo.

https://www.torproject.org/eff/tor-legal-faq:—
Should I run an exit relay from my home?

No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection.

Instead, consider running your exit relay in a commercial facility that is supportive of Tor. Have a separate IP address for your exit relay, and don't route your own traffic through it.

Of course, you should avoid keeping any sensitive or personal information on the computer hosting your exit relay, and you never should use that machine for any illegal purpose.

Re:Don't run a TOR exit node?

[bill_mcgonigle]

I think not running TOR is about all you can do.

You can run a relay. Not as valuable as an exit node, but still important. A reporter once noticed the relay I run and wrote a story [wildbee.org] about it.

Hans

[Anonymous Coward]

The same thing happend to me last year in UK. I was running TOR node for just two months back in 2009. Had my all computers sized for over half year as suspicion of possesion and distribution of indecent images.

My advice: DONT RUN TOR EXIT NODES. It's not worth it. Even if you are innocent: your reputation can be destroyed. (neighbors, family, girlfriend etc).
TOR its great idea - but exit node owners are taking huge risk: even if you will be cleared you might be charged by something else instead (like possesion of unlicensed software, music etc).

Also my advice: don't be try to be a smartass. You DONT WANT to take case to court - becasue then your name will automaticly land in newspapers next day.

I beg you: dont run TOR servers in home.

Re:Store your data someplace else

[Shoten]

The original question was how does a Tor-running geek prepare for a computer seizure by authorities. One answer is to backup your data to the cloud, so even after they have your computers, you can at least go buy a new beige box and keep working. That's what the GP was getting at.

Actually, the question had to do with running a Tor Exit Node...essentially, how to protect yourself in this situation.

"What backup plan, if any, should the average nerd have for something like this?"

...for an article about getting busted for running an exit node. And you can't have one, really. From a procedural perspective, that's the point. Half the intent of this kind of enforcement action is to utterly cripple the activity they suspect of taking place. If you're dealing in child porn, as was the trigger for this, they WANT to leave you without a backup plan. They deliberately do everything in their considerable power to leave you unable to send/receive/view/photoshop/make monopoly money out of the images/video/whatever. And they've had practice at it. They will take any computer you have, and demand access to any external storage you have as well. It's just like a physical search and seizure for physical evidence; the warrant covers all storage you own or have rights to, including your home, and even if you have a storage container they know about. And you can be absolutely sure that they will have watched your communications for a little while before raiding you, and would see if you're running backups to an external site. And the guy had dozens of storage devices...HP servers. Good luck backing that up to the cloud without it being incredibly obvious.

The other technical problem is this: your node will be seen as the point of origination for any traffic that goes to the Internet. You don't control that traffic, and don't have any insight into it before it arrives where you are. You're giving up control of your network, to some degree, to parties unknown with reason to hide. In some cases they have reason to hide because other people are bad, and in some cases they themselves are bad, which is why they want to hide. But you can't tell the difference without actually inspecting the content...all of it. (And if you have a way to do that reliably in a situation with no context please do let me know. I know a few VCs who will gladly fund you, because that level of automated content classification on-the-fly on a network is the holy grail of several aspects of information security.) There is no easy way to detect with any level of certainty that you are not actually involved in the activity you're facilitating without seizing your computers and validating that you're not actually running the software behind the traffic or storing the data that was sent to/from your node.

But you know what? None of that matters...because the problem is about running the exit node, not being the one with something to hide. It's not your traffic that got their attention, just the fact that you're the only person they could find who was associated with it. So your options are to take the risk, or don't be an exit node. And again, this is something the article pretty much states outright, so if you've read it, you'd know that.