The EFF Reflects On ICE Seizing a Tor Exit Node 252
An anonymous reader writes "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ. This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes."
don't let your stuff be used for criminal stuff (Score:5, Insightful)
seizing anything that is suspected of being used for criminal activity has been perfectly legal for hundreds of years. and there is no excuse that you were running some service or other and didn't know what other people were doing. if the cops get a hunch they will seize your stuff to look for evidence and impound it if there is evidence of a crime
Re:don't let your stuff be used for criminal stuff (Score:4, Insightful)
Re: (Score:2)
How about agreeing to take a sealed parcel for a stranger with you while you travel the world, and delivering it to another stranger...
How many people would say yes to that?
Re:don't let your stuff be used for criminal stuff (Score:4, Insightful)
Re: (Score:2)
You are not carrying anything for anyone.
The feds don't see it that way, anymore than they see someone's illegal computer files as "just a bunch of 1's and 0's."
Re: (Score:2)
Re: (Score:2)
If it's "just a bunch of 1's and 0's" then how can they see it as illegal?
In the same way that real-world written documents and photographs can be illegal, even though they're just ink and paper arranged in a certain way.
Re: (Score:2)
Re: (Score:3, Informative)
http://en.wikipedia.org/wiki/Ryan_Holle
Re: (Score:3)
Except they won't bother to check, they'll just take everything you own. Although I suppose you could go the "True Names" route and bury your personal equipment.
Re: (Score:2)
And when they come to seize your hardware, they will simply leave your for personal use equipment alone, because you told them that it hasn't been used for illegal activities.
Re: (Score:2)
It isn't heavy handed law enforcement and they won't be able to tell the difference at the time of seizure. They confiscate the equipment not because they even necessarily expect you of a crime, but rather because evidence of a crime may exist on it. If they don't find anything, they can return it. Running separate hardware is a good way to make sure you can get your personal stuff back faster if anything useful to the investigation is actually found on the public hardware.
Re:don't let your stuff be used for criminal stuff (Score:5, Insightful)
Oh, wait -- ISPs are corporations, so we treat them differently. When it is some guy running a service out of his home, then the other set of rules applies, where the service operator is harassed by ICE and threatened when his equipment is returned.
Re: (Score:2)
Have you not seen the warnings? He had an unsecure IP address!
Re: (Score:2)
One guy running an exit node does not a service provider make.
Traffic through ISPs is expected to originate with the customers. If an ISP itself is also participating in criminal activity, their equipment gets seized, too [google.com]. That's just not as common as some end user doing something illegal. Then, of course, there's the various political reasons. ISPs maintain logs of who has what address, and can quite quickly turn those logs over to police when asked. Note that I said "asked", not "presented with a search w
Re: (Score:3, Insightful)
Traffic through ISPs is expected to originate with the customers
A provably false assumption even when Tor is not involved. I share an Internet connection with several other people, and my name is not the name of the account holder. When I was in high school, my (nerdier) friends and I used to grant ssh access to each other -- someone who was not even a resident of my home could have been using my Internet connection. I once discovered that a network administrator had not changed the default password on a router; I could have used that router to relay any traffic I
Re:don't let your stuff be used for criminal stuff (Score:4, Insightful)
I didn't say that traffic always originates with customers. I said it's expected to. That's a reasonable expectation, because the vast majority of home internet connections are for one household and not shared. The US Constitution only protects against unreasonable search and seizure.
These days, more connections are being shared across multiple computers, but still rarely outside the same household. Malware does happen, but it's also rare. Similarly, picking people out of a lineup isn't perfect. DNA evidence degrades over time, and can be contaminated very easily. Firearms can be altered to change their striations. Every kind of evidence used has a level of uncertainty to it, and that's why we have trials to determine whether the amount of evidence supporting a theory is sufficient to show guilt.
The purpose of any investigation is to look for evidence. In this case, the investigation found nothing substantial connecting Mr. King to the crime, so he's not being investigated anymore. Rant all you like about how unreasonable ICE is, but it doesn't change the fact that they did their job perfectly ethically and in accordance with the Constitution. How do you think the investigation should have been conducted, balancing the need to check all potential sources of evidence with the need to respect privacy? Bear in mind, any evidence left in the possession of the suspect after he knows he's under investigation is tainted, and cannot be trusted.
Re: (Score:3, Insightful)
How do you think the investigation should have been conducted
Oh no, you mean that while we are busy respecting the rights of our citizens, some criminals might go free?! Yes, that is what I mean.
Re: (Score:2)
So your plan involves leaving him alone with his equipment after he knows the investigation is underway. What happens if his logs don't check out? You've created a scenario where the standard of evidence is so high, any criminal can invalidate any evidence of any crime by just sending the police off on a wild goose chase. I sincerely hope you're never on a jury.
Re: (Score:2)
What happens if his logs don't check out?
Then you arrest him and seize his equipment. If you detect evidence that he tried to destroy illegal files, then he is guilty of destruction of evidence. If you cannot find anything, I guess he gets to go free -- what a tragedy, that someone who might have downloaded some child pornography will not be arrested.
You've created a scenario where the standard of evidence is so high
Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person? Do you actually think that such a standard is too high? The only evidence
Re: (Score:2)
Have we really gotten to the point where it is unreasonable to think that evidence should actually identify a person?
Yes, we have, and anybody with any knowledge of the criminal justice system will know that we've always been at this point. There is absolutely no 100% certain form of identifying evidence. Even in perfect circumstances, DNA matching can only tell how many million people could have supplied a DNA sample that "matched". Fingerprints give a few hundred matches, and can be altered. Confessions can be faked or coerced. Eyewitnesses can be biased or mistaken. The best we have ever been able to do is to use the u
Re: (Score:2)
There's a balance between the impact of the seizure and the evidentiary value of the equipment. If you seize a TOR node, you're causing a large inconvenience to one, possibly-involved person, seizing a whole lot of unrelated information related to that person, and in return getting one unit of evidence. If you seize just about any single machine from an ISP, in order to get the same unit of evidence, you're causing a large inconvenience to many, almost certainly uninvolved people, and seizing a whole lot of
Re: (Score:2)
ISP's work with law enforcement all the time. i work for one. more than once have i been told to provide a lot of data as evidence in a lawsuit. the reason why legit ISP's don't get equipment seized is they keep records they give to law enforcement.
like in this case where the feds got an IP from the ISP
Re: (Score:2)
What do you mean by endpoint? The Tor exit node is between the source and destination of the traffic. ... -> destination
source -> routers -> exit node -> routers -> tor node ->
The Tor exit node is a general purpose computer first (i.e. an endpoint), Tor node second. They're seized due to them being general purpose computers.
Re: (Score:3)
and there is no excuse that you were running some service or other and didn't know what other people were doing
So just make sure you're watching what every single one of your users/customers are doing at all times. I know I'd want to use such a service.
Re: (Score:2)
So where does the ICE store all the switching network equipment they confiscate from the local bells? I mean, that stuff is used in criminal activity all the time. Wire fraud, internet fraud, hacking, etc. I mean, with the amount of criminal activity on the internet, they must be confiscating enough hardware to fill a few airplane hangars. Think of the expense to the telecom industry in keeping the infrastructure up and running with the government constantly pulling pieces out. Wow.
Re: (Score:2)
Even if running a Tor exit node is legal or not, it still wouldn't change the fact that it's an excellent way to end up with the the feds kicking your door in and sticking a gun in your face. Sure; after you spend a fortune on lawyers, fix your door, deal with the fallout of a public arrest and having your name in the papers a kiddie porn aficionado, and (maybe) get your computer(s) back; you may well win your court case. But that's a pyrrhic victory at best.
Investigated == not good (Score:4, Insightful)
Unfortunately there is a lot the authorities can do under the name of "investigation" to harass, abuse, intimidate, and even detain you. Seizing computers is bad enough but if they really want to play hardball they can haul you in "for questioning" ... on a daily basis ... and pick you up at inconvenient times like when you're at the office or in the middle of the night. So really being investigated is the thing you don't want, because it can make your life hell and in the end the cops can just smile and say "No charges. Have a nice day, citizen."
Re: (Score:2)
I'm pretty sure that if such a pattern (or even habit) arose and word got out about it, you'd have a line of lawyers 10 miles long waiting at your door to help you sue any PD or agency was stupid enough to try.
Sure, they can pull it off for a short period of time, once, and there'd better be a warrant involved (we're talking computers here, not weed - you can't smell illegal computer activity from the front door). More than once (twice at most), and it becomes a pattern of harassment that can be litigated a
Re: (Score:2)
Also, with the very large number in existence these days, if they decide they don't like you because you're supporting the terrorists / pedophiles / commies, I guarantee you, they can convict you of something. Perhaps it's totally unrelated to what they were originally investigating you for, but as long as they had legitimate probable cause for the initial investigation, anything else they find is fair game. So this isn't true:
Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated, and less likely to be convicted, of any cyber crimes.
No sir. It makes you less likely to be convicted than someone else who is bein
Unfortunately... (Score:5, Insightful)
There are the practical difficulties: Having everything vaguely resembling a computer siezed and held for who-knows-how-long, potentially quite signifcant legal costs, etc.
And there are the ones arising from the common, but troublesome, opinion that investigation is a sort of lesser degree of guilt. The taint by mere association is worst with kiddie-porn related matters; but the touchier types seem to consider "Police Record: Checked, found absolutely nothing." to simply be a subspecies of "Police Record" and act accordingly. Fan-tastic.
Re: (Score:2)
What happens in a democracy is what the people want to happen. Remember that Socrates was executed by a democracy. Democracy is a necessary condition for justice, not a sufficient one. The price of freedom is eternal vigilance, and all that.
Answer To This. (Score:2)
Maybe paying for a business line will frame the cops expectations correctly before they roll up on your residence. Make them more willing to listen to your network setup and only take the publicly accessible _half of your kit.
Re: (Score:2)
Re: (Score:3)
Re:Answer To This. (Score:4, Insightful)
You might have better luck with the seedy-but-legalish-if-often-a-cover-for-dodgy-activities techniques adopted by besuited scammers and corporations with creative accountants. A shell company, incorporated in one of the states with virtually bulletproof corporate veils and lax reporting requirements(scenic Nevada, for instance) with a vaguely telcomm-related name and no assets aside from a cheap hosted server somewhere, is no more immune to a raid than you are; but might encourage the investigators to finish picking over the raid evidence before deciding whether or not to try to hunt up the corporate officers/owners...
Re: (Score:2)
I've gotten a call from the police about TOR (Score:5, Interesting)
Re: (Score:3)
Dichotomy? (Score:2)
I do not think it means what you think it means
Specifically, a dichotomy is a separation, usually a splitting of one thing into two separate and distinct parts. It usually requires that there be a choice, A or B.
It does not mean "hey, that's interesting."
Someone did or did not read the fine print... (Score:2)
From the TOR site... [eff.org]
An exit relay is the final relay that Tor traffic passes through before it reaches its destination. Exit relays advertise their presence to the entire Tor network, so they can be used by any Tor users. Because Tor traffic exits through these relays, the IP address of the exit relay is interpreted as the source of the traffic. If a malicious user employs the Tor network to do something that might be objectionable or illegal, the exit relay may take the blame. People who run exit relays should be prepared to deal with complaints, copyright takedown notices, and the possibility that their servers may attract the attention of law enforcement agencies. If you aren't prepared to deal with potential issues like this, you might want to run a middle relay instead. We recommend that an exit relay should be operated on a dedicated machine in a hosting facility that is aware that the server is running an exit node. The Tor Project blog has these excellent tips for running an exit relay. See our legal FAQ on Tor for more info.
I applaud those who do this but sadly they will be taken advantage of for illegal purposes and therefor the operators are at risk.
In other posts people suggest that ISP's should suffer the same fate but don't are reminded of the "Common Carrier" law. If these individuals were to set them selves up as a common carrier I wonder if they would realize the same protections. Given that those with CC protection do in fact cooperate with LE would that then make them obliged to do so?
Re:ICE is doing what now? (Score:5, Informative)
Re:ICE is doing what now? (Score:5, Insightful)
Re:ICE is doing what now? (Score:5, Interesting)
every criminal could simply operate a Tor exit node and be out of reach of investigation.
Or they could just use Tor, and avoid being investigated in the first place. Which is what happened in this case.
The "every criminal will use this excuse" theory is baseless. If an IP address is the only evidence that someone committed a crime, then that person should not be convicted -- and we should be examining what sort of laws led to a situation where IP addresses are the only evidence needed for a search or arrest warrant. I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data? There are dozens of people who have SSH access to my research group's server, and it is possible that any of them could use that server as a proxy -- should the server and all of our computers be confiscated, and all of us arrested, if the IP address shows up during an investigation?
IP addresses are not a form of identification, and even less so when a Tor exit node has that IP address. Anyone could be a criminal, but we should have higher standards for evidence when it comes to issuing warrants and confiscating equipment.
Re: (Score:2)
Re: (Score:3)
I don't think he's disallowing their use, he's disallowing their use as the ONLY basis for probable cause. If your investigation leads to a specific IP address which multiple people could possibly have used to commit the crime, an arrest warrant should not be given for EVERYONE. A search warrant should be given for the end point, but only if the operator will not respond to a subpeona for the logs.
IP Addresses alone are used to definitively identify copyright infringement all the time, frequently it is wron
Re:ICE is doing what now? (Score:5, Insightful)
disallowing their use as probable cause for a search warrant would seem to set an unreasonably high legal bar.
No, it would set the legal bar exactly where it should be: requiring the police to actually identify a person as a suspect. If the police are unable to do so, then they should not be granted a warrant -- this is not a country where we grant the police general search warrants, and it is better to let some criminals walk free than to harass innocent people.
Re: (Score:2)
No, that is a completely unreasonably high bar to attain. An IP address might not identify a person, but given an IP address, a time, and logs from the ISP, it can definitely identify a residence. Which is plenty enough for a warrant.
Re: (Score:2)
So the investigation would have to be finished before it could begin... great plan!
Police have had to have probable cause, including identifying what they want, before getting a warrant well before the internet even existed.
I guess because of OMGHACKERS and OMGKIDDIEPORN those sorts of principles get the boot.
Re: (Score:2, Insightful)
They wanted any computer equipment that may have had evidence relating to the investigation. The probable cause was that the IP address used was assigned to Mr. King's Internet connection, and Mr. King had entered into a legal agreement taking responsibility for the use of that connection, so it's probable that he knows what happened.
I guess because of OMGPRIVACY and OMGFUCKTHEPOLICE those sorts of facts get the boot.
Re: (Score:2)
Re: (Score:2)
They never accused him of anything. He was a part of an investigation. Heck, I was part of an investigation into a 3-car motor vehicle crash. I had been walking down the sidewalk at the time. I certainly didn't do anything criminal, but I was able to provide evidence.
What more evidence than an IP address is possible, given the architecture of the Internet at this point? By your standards, the Internet is place where any crime can go unpunished, because you can't know for certain who was pressing the keys, a
Re: (Score:3)
What more evidence than an IP address is possible, given the architecture of the Internet at this point?
Serious? If you don't know the answer to that question then you have absolutely zero business posting on a tech site like this one. Just another pro-jackboot shill willing to sell civil liberties for the illusion of security.
Re: (Score:2)
They never accused him of anything. He was a part of an investigation.
No, he was a suspect. If he was merely a source of information for the investigation, they would have asked him for the information, or possibly used a subpoena. Warrants are only used when it is likely that the entity in possession of the evidence would have reason not to hand it over because it would incriminate them. As an example, you don't need a warrant for security camera footage if you are not accusing the owner of the security camera of a crime that the security camera footage could be used as e
Re: (Score:2)
Then please educate me.
Assuming law enforcement has taken down a server with evidence of a crime, they'd have access to logs. Web server access logs usually store only IP addresses. There may be a session identifier, but that's not much use after 30 minutes. If the log were ridiculously detailed, it might have a cookie in it - but that's no good without something to match it to, which would require searching a suspect's computer.
If the investigators are monitoring packet data, they could get the MAC address
Re: (Score:2)
If the investigators spent time on the child porn forums or hacking sites or whatever they were investigating, they could infiltrate the community and try to get an actual identity, but that's a ridiculous long shot, and utterly unreliable.
Not such an unreliable longshot, as it turns out. I cannot remember the exact name, but there was a case where IP address logs would not have been terribly useful because an organized and very dangerous child pornography ring -- not just people downloading it, but people who were actually producing it -- was using a combination of the remailers network and Usenet (it would have required a global surveillance program to actually catch them without infiltrating the group). The FBI did wind up infiltrating
Re: (Score:2)
I like how you go off on him, and don't provide any sort of answer to his question. It totally makes you seem bad ass.
Re: (Score:2)
Nobody should be arrested just on the basis of an IP address, or, for that matter, sued. But I think a search may be reasonable. What we need, however, is better definitions of what a 'search' is in the case of a computer. When someone is searching my physical property, they can only search for specific things, and when they find it they have t
Re: (Score:3)
I share an Internet connection with several other people; should we all be arrested if the IP address happened to be an endpoint of illegal data?
Don't be silly, only the men would be arrested.
Comment removed (Score:5, Interesting)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
If you had access to a wife/girlfriend/boyfriend/husband/dog yourself.. why would you need access to porn? Same reason.
Re: (Score:2)
They only use the net long enough to set up a trade on a back alley board which according to my friend there is ZERO chance of a cop infiltrating because the entrance fee is video of you molesting a kid with an object of their choosing and they don't give enough time to fake the video.
Is telling someone to molest a kid and send the video to you not illegal? Seems like there are so many laws justified as protecting the kids that you'd think legislators would have made that massively illegal long ago. Or is it that even if cops saw the request and it was illegal, they'd be unable to track the requester down to arrest them?
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
No, it's not. I agree that if the only evidence is an IP address, then they shouldn't be convicted. However, that doesn't mean they shouldn't be investigated, and other evidence possibly brought up.
Re:ICE is doing what now? (Score:5, Insightful)
You are acting like the fact this guy was running a Tor exit node somehow means it was impossible for him to commit the crime.
No, he is acting like the fact that this guy's IP address appeared in somebody's log is not probable cause for search and seizure. He is acting like running a Tor node is not probable cause for search and seizure. He is acting like common carriage of Tor traffic does not imply responsibility for the content of the packets -- something that was found to be critical to the protection of First Amendment rights when the telephone companies were treading this very ground.
Soviet America? (Score:2)
harassing Tor exit node operators should not fall under the jurisdiction of any agency, but in Soviet America,
In Soviet America, ICE melts you?
Re: (Score:2)
If your car is used in a drive-by shooting, your car will get impounded by investigators. It's not "harassment" to seize computer hardware used in a criminal act.
Re: (Score:2)
It shouldn't, but if I'm tracking CP downloaders, say from a honeypot, I'm going to investigate the IPs that show up, be they Tor exit node or not.
Re:ICE is doing what now? (Score:5, Informative)
While I decry ICE's decision-making process and think it's reaching beyond its authority, I think it's silly to say that TOR investigation is entirely outside of ICE's domain. Immigration and Customs Enforcement. We still live in a USA where some software and data imports and exports are considered unlawful, whether it's controlled technology (cryptology, espionage, classified data) or the more pedestrian types like child pornography.
Re:ICE is doing what now? (Score:5, Insightful)
No, ICE (which was renamed during the reorganization of INS that took place under the Bush II administration, you partisan hack) stands for Immigrations and Customs Enforcement.
Sovereign states have the right to control what passes over their borders. It's part of the definition of statehood. Immigration is about who, Customs is about what.
Back on topic, EFF's "Tor is Legal" sounds an awful lot like the arguments made to justify Freenet back in the day. Ultimately, they all rely on notions like "in any sane legal system", or "in any free country". Problem is, by those sorts of definitions of "free" or "sane", the country hasn't been free since Patriot I, and its legal system has never been sane.
With the end of the Cold War and the demise of the USSR, we lost any motivation for claiming the moral high ground. From printers that identify their owners (like the Romanian archives of individual keystrokes from every manual typewriter), to widespread and omnipresent surveillance (decades before it became a meme, "In Soviet Russia, television watches YOU" was a joke about how much more free we were than the Russians), we ended up becoming what we fought against.
Re: (Score:2)
Re: (Score:2)
For example if the traffic in question really came from someone else through the TOR exit node as claimed. After all, he could well have downloaded the file himself but then claimed "oh, it was coming through TOR, I'm not guilty!" If the file is on his hard drive, he'll have a hard time to explain it.
Re:Intimidation (Score:5, Interesting)
The way you know that this has nothing to do with legitimate investigatory techniques is that ICE threatened the guy when they returned his equipment, telling him that he have to deal with more law enforcement harassment in future should he continue operating a Tor exit. This is a straightforward case of harassing the exit node operator because ICE was unable to defeat Tor. Aside from the minority of law enforcement officers who understand that law enforcement agencies benefit from Tor, law enforcement officers in general disdain Tor and think that it is a tool for criminals.
Re: (Score:2)
Could you elaborate on that a bit? I'm not being confrontational, I'm curious. It's not obvious to me how law enforcement agencies benefit from TOR.
Re: (Score:2)
They can run their own exit nodes, and do traffic analysis to determine what type of traffic certain people are receiving, then use that to get warrants (since all it seems to take any more is a vague notion.)
Re: (Score:2)
Re:Intimidation (Score:4, Insightful)
An employee at an ISP could download child pornography and disguise it as traffic from a customer. Why, then, does ICE not seize the ISP's equipment as part of their investigation, just to see whether or not that is the case?
Because very few police organizations would have the forensic skills to even determine that (outside of the FBI, most police agencies are lucky to have a copy of EnCase and maybe one or two guys on staff who know a little about computers). And a prosecutor would have an almost impossible time proving the case because of the nature of it being an ISP. So they don't waste their time.
Real life law enforcement isn't about being fair. Most of the time they're just going after the low-hanging fruit and the shit they can't ignore.
Re: (Score:2)
If police want to investigate that traffic and you tell them "sorry, I'm just running TOR" and they just take your word for it and go away...that would be some pretty incompetent police work.
If the police had received more than 3 hours of "computer training," they would know that they can get a list of Tor exit node IP addresses at no
Re: (Score:2)
Getting that list of addresses and comparing it takes time,
Really, a comment like this on /. of all places? You are talking about search a list of strings for a particular string, and not even a very long list. The bottleneck is in the amount of time it takes the police to enter the query into their computer.
what's supposed to happen between when the suspect says "I'm running Tor" and when they come back saying "no you're not?"
Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.
Can law enforcement even get historical lists, to show that the guy wasn't actually running the node at the time the crime was committed?
They could maintain their own up-to-date list o
Re: (Score:2)
You are talking about search a list of strings for a particular string
I've parsed the Tor list before myself. I'm fully aware of how little effort it takes, and I'm also aware that it's far beyond the capacity of most police departments. Remember, these folks are funded by taxes, and nobody ever wants tax increases. If it's a choice between getting a programmer to parse the Tor list and getting an extra set of body armor, no sane police department is going to pick the programmer.
Then you have someone who lied to the police (which is evidence that can be used against them), and if they destroyed the incriminating evidence, they are guilty of another crime -- destruction of evidence.
Lying to the police is useless without more evidence of wrongdoing, and destruction of evidence is trivial compared to child pornography. The suspect could just be an ass to police for the fun of it.
They could maintain their own up-to-date list of Tor exits, or just download the list before they go ahead and get a search warrant. It is really not that hard.
Maintaining an accurate list is hard. My purpose was to identify incoming Tor connections on my web server. In testing, I found that the list of exit nodes changes significantly within a span of 10 minutes, and the list I was using had update delays of up to 30 minutes. That's enough variation to cast doubt on any list. Linked in TFA is the [blutmagie.de] ExoneraTor [torproject.org], which strives to do exactly what you suggest, but apparently its results can only show that a given exit node was likely to be running or not.
I view it as a threat -- they are telling the guy that he will have to go through this entire situation again if he continues to run a Tor exit.
That's not so much a threat as a statement of fact. It's not a threat for me to tell you that you're likely to be injured if you start throwing punches at random people on the street.
He was never committing a crime to begin with, so why should his behavior change?
He wasn't convicted of a crime or even accused of one. His behavior should change because he's making life more difficult for himself. If he likes making trouble for investigators and himself, fine. It's his choice. He can go through the hassle again.
ICE has no business showing up at an exit node operator's home.
So if a trail of bloody footprints leads from a murder scene to your front door, the police have no business talking to you about it, because those footprints could have been anybody's, and somebody could have used your porch to change shoes, and it's totally not your problem at all, right? Getting a warrant to check for bloody shoes in your closet is unreasonable, and they should have asked you first! Once you tell them that that guy down the street wears shoes sometimes, they should leave you for a while, and ignore the bonfire in your backyard, because you could be innocent, so they should respect your rights at all costs.
Re:Intimidation (Score:5, Insightful)
Between letting a criminal get away and harming an innocent, I'd rather let the criminal get away, to be honest.
Re: (Score:2)
Would you please become a judge or a police chief? If you do let me know what city you work in.
Re:Intimidation (Score:4, Informative)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Right, because individual citizens are not supposed to be providing communication services, only registered corporations are supposed to be doing that sort of thing.
Re: (Score:2)
It's because individual citizens are not expected to be providing communication services, but ISPs are supposed to be doing that sort of thing.
Re: (Score:2)
But surely you don't expect them to be cleared with absolutely no investigation, do you?
Yes, I do, because IP addresses do not identify people and the only thing that links a Tor exit node to the illegal activity is the IP address. An IP address is an unacceptably low standard of evidence for granting a search warrant. IP addresses are frequently shared, computers may be taken over by malware, your neighbors might guess your WPA passphrase, etc. The police should gather more evidence before they are granted a search warrant; this would avoid the problem of harassing innocent exit node ope
Re: (Score:3)
There's nothing stopping an individual getting their access mechanisms and machine audited,
The police never asked for Mr. King's logs, they just busted in and seized his equipment. They simply assumed that because his home address was listed on the account that the IP address was assigned to, he was the person they were looking for. The most optimistic view is that this was bad police work.
Re: (Score:2)
The police never asked for Mr. King's logs, they just busted in and seized his equipment.
[citation needed]
It appears to me that they simply assumed the guy responsible for the Internet connection was... you know... responsible.
Re: (Score:3)
Straight from today to communism? That's an unlikely sequence.
As long as you have a capitalist welfare state supporting by a local labour aristocracy, you won't have a local exploited proletariat in which to raise united consciousness. The anarchists a century ago were already arguing this and it's come true. You would be better campaigning for better conditions abroad or for the sort of trade protectionism against abusive states which caused South Africa to be shunned in the '80s.
Re: (Score:2)
Re: (Score:2)
Because look how free the Russians were!
Re:This is why we need COMMUNISM! (Score:4, Informative)
Re:This is why we need COMMUNISM! (Score:4, Informative)
Yeah. And people in positions of power in communist states never expand, consolidate, or take over said 'workers' who own production. In turn claiming that they're working, for the works, to strengthen them. How about the USSR, well I realize that's another failed state. Or Cambodia? China? Look at that, the blood of millions.
So here's a family story. My mothers father was a farmer in the Ukraine. The government decides to take all of the food and livestocks that's been produced in order to give it to the central state. They leave him with 2 cows, and tell him he needs to have an additional 187 cows the following year. Which is what they took from him. Of course being that he didn't have it, they tossed him in a gulag for 25 years.
I'm sure that the reality of those of us who had family suffer under the "justice" of communism, are just peachy with your idea. Right behind the mass starvation that the government caused. A communist state is a very nice wonderful utopian idea, that fails in reality because the communist system has no balances, or checks against the inherent greed of a person for power.
Re: (Score:3)
2. You can prove that the use of your connection was unauthorized (and that you were not negligent in securing access to your equipment).
Well that's pretty much everyone with an unpatched Windows botnet zombie going to jail, then.
Re: (Score:2)
depends on which country, but you may breach your agreement with your ISP by running a TOR node.
Re: (Score:3)
None of the above is true, and there is no singular "European law" that would enable it; each country has to have primary legislation enabling such a thing, and the implementation in each country can be very different.