Raided For Running a Tor Exit Node 325
An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"
Re:Be prepared for the concequences (Score:5, Interesting)
Freenet should be safe, as it has no gateway functionality to the wider internet. It's self-contained.
Re:Never (Score:4, Interesting)
They have a history of doing stuff like this in Austria (Germany also). I am now aware of this happening in the US, we have fairly clear laws on the subject. I have ran a 5 mb/sec exit node unmolested, without even one single abuse complaint for 10 years. Anyone who sees the obvious tor-exit hostname in their logs knows whats up, if they are still confused the exit node notice [torproject.org] should clear things up. The EU has been trying to get some reasonable laws passed but their broken economy steels the show.
Re:ISPs as well? (Score:4, Interesting)
Re:ISPs as well? (Score:4, Interesting)
Re:Don't run an exit node. (Score:5, Interesting)
A mesh network isn't far away. Wireless APs are becoming redundant in homes so with a bit of community spirit and recycling you can establish a darknet like that. That community spirit is most easily found in hackerspaces and the Pirate Party, and since the latter type has the ability to support the former type you can get the message into people's homes without coming off as a lunatic fringe.
A lot of people don't understand why you want to build this and assume it's for child porn. I have learned that the appropriate response to crap isn't logic nor debate since it is just lazy rhetoric, but instead instant anger or suggesting 'that's what you'd use it for, isn't it'. Then assuming an air of accepting their apology you can move on with the issue. - As a partisan you should never for any reason permit discussion of child porn in what is a discussion about freedom online. Even throwing a tantrum is much more constructive.
So quit whining and start advocating!
Re:ISPs as well? (Score:5, Interesting)
I just read up the law (TKG, should be similar to the European law). I learned two things
- Anyone can become a ISP/telecom. You have to register, but the gov doesn't stop you.
- Participants have the right to taken into records (written or electronic, to be made available to other ISPs/telecoms+gov) of each participant: Family name, name, academic title, address, ID, and, if the participant wants, occupation. (18 p1-1, 69 p3)
But apparently, this is only a right of the participants, so it does not say anywhere that you are not allowed to provide anonymous services. In fact, participants have the right to have their records deleted too.
Solution: Register your Tor exit node as a communication service. If records are requested, say that your participants all don't want their records stored.
Caveat: You have to provide your services to anyone, and people who insist on having their names stored have a right on that. Why anyone would want to use Tor and be identified is beyond me though.
Finally, you may have to comply with data retention laws, i.e. store connection data (not records) for 6 months. Since nobody will be able to use this data anyways, with Tor nodes overseas, that's not a killer.
Deadman's Switch (Score:5, Interesting)
Realistically, though, I've been thinking about building inconspicuous, low-power Tor exit servers that I can dead-drop in places with open wifi. That way, exits can be operated with a minimal threat of legal ramifications for anyone (plausible deniability on the part of the wifi provider).
To that end - anybody know where I can bulk order small form factor, inexpensive low-power computers that are battery pack/solar power friendly?
Re:Backup Plan (Score:5, Interesting)
Instead of trying to run a TOR server yourself, and needing to defend yourself, let a charity [noisebridge.net] take care of it for you. Your money will end up being pre-tax dollars and will then go farther, and if you really want to be more hands-on you could probably volunteer.
For EU residents, there is a tax-deductible German [torservers.net] charity of the same ilk.
Re:Nerds? (Score:4, Interesting)
20 computers isn't that much. WIth my family of 5, we have 3 home theater PCs, a server, 3 laptops, and 3 tablets that just have easily could have been additional laptops. That's 10 "computers" right there and I don't consider myself particularly nerdy anymore.
From one of the links the guys says that those 20 computers were mainly "barebone PCs, HP storage microservers, and thin clients". And it doesn't state if those were even functional computers. Over the years I've collected and scavenged from many old PCs that were going to be thrown out or were no longer wanted.
Re:There is no preparation for this. (Score:4, Interesting)
Look at Kim Dotcom.
I think Kim is, a definite lesson here. What he was doing is really similar to running a Tor exit node but his attitude to it was almost guaranteed to get him into trouble. If you do plan to run one, you want to do a bunch of things differently from the way he does it. Here are some ideas, but remember that some of them might be a really bad idea in one place and a fine idea in a different one. Talk to not just a lawyer, but a lawyer who is actually working for you (more later).
Make sure you, yourself are squeaky clean. Don't break other laws even if you disagree with them. For example, I'm deeply opposed to the media industry (RIAA & MPAA) but I don't consider it a terrible life threatening hardship to go without their products. Thus, if I actually for some sick reason or other found myself wanting to listen to Lady Gaga I would go out and buy a DRM free CD. I would rip it, however that is legal where I live so it's not a legal risk. Make sure that all your media, software etc. is 100% legal.
Secondly; Kim seems to have been setting out to tweak the whiskers of big media. His moral case was never very strong. Make very sure that the reason that you are involved is strongly about protected free speech. Make your views clear; make sure that they are openly registered somewhere.
Thirdly; People in Kim's organisation seem to have been caught supporting piracy and so on. You might want to see when you can identify pirating connections and block them. Nice is to show a little page telling them you identified them (e.g. from the identifiers in their traffic) and explaining why they are overloading the system. You want to be really active in blocking or even hunting down users that are invovled in things like child pornography. This is a bit difficult; merely reporting something might make you of interest; however if you are active in combatting child pornographers this makes it difficult to accuse you of supporting them.
Forthly; Kim was trying to make a profitable service; this makes it easy to portray him as greedy sponger. Make sure you don't accept any money for your work; not even expenses.
Fifthly; where Kim was all about personality and basically painted a big target sign on himself, consider hiding behind an association. Get together as a group of people who believe in tor, and have a leadership of people who are not actively involved in any way in the day to day running of the service (best if they have no practical knowledge of where the servers are and who owns them. )
Having an association will also allow you to do a bunch of legal things; e.g. hiring a lawyer as a group; which would be difficult otherwise. You will be able to talk to the government as a group. If they say that what you are doing is illegal, you will be able to take them to court without any particular individual having to risk taking the stand for what they are already doing.