by costco on 9/10/24, 8:12 PM with 334 comments
by edm0nd on 9/10/24, 8:51 PM
I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.
The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.
Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).
The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.
Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.
I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.
by hwbehrens on 9/10/24, 10:07 PM
This is not why.
> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.
This is why. It's basically a textbook example of a chilling effect.
by walrus01 on 9/10/24, 8:47 PM
"Why you need balls of steel to operate a tor exit node"
http://web.archive.org/web/20100414224255/http://calumog.wor...
The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.
by Manuel_D on 9/10/24, 8:48 PM
My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.
Would be happy to hear from someone who is more knowledgeable in this area.
by iamnotsure on 9/11/24, 6:59 AM
by raxxorraxor on 9/11/24, 6:45 AM
Raids on homes for trivialities are common place, there is basically no legal protection against that. This shows a state that is a bit overwhelmed with its primary affairs and the country itself is not a dependable partner for protection of basic rights.
by motohagiography on 9/10/24, 9:06 PM
if you use Tor you already know what's going on. onion routing didn't save anyone from anything in 20 years. the evils Tor enabled often seem to trace back to the very states and establishments who manage and tolerate them. drug cartels run several of the governments Tor ostensibly protects users from, and human trafficking is within a degree of most western establishments in every direction, from "NGOs" to intelligence operations to the sex trade.
if you want privacy, tech is an inferior solution. make nations that protect it.
by steelframe on 9/10/24, 10:56 PM
by paravirtualized on 9/11/24, 6:03 AM
Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y
And for good measure,
It's Tor not TOR: https://support.torproject.org/#about_why-is-it-called-tor
by walrus01 on 9/10/24, 8:56 PM
They're going to assume until proven otherwise (by first confiscating all your electronics and sending them to a digital forensics lab to analyze them for 6-12 months) that some person who is physically present at that exact location is engaged in CSAM/CP or malicious/illegal activity.
by BLKNSLVR on 9/11/24, 2:04 AM
So I was specifically told by a detective.
*Australia has laws that requires ISPs to keep metadata for at least two years.
by LinuxBender on 9/10/24, 8:39 PM
[1] - https://archive.is/LDTL8
by gea0 on 9/11/24, 1:10 AM
- This IP had malicious activity or is otherwise relevant to a (maybe complicated) case
- It says "tor" on a landing page, or in WHOIS, or the IP is on the public list of nodes
Some things to consider:
- All kinds of other servers, services or proxies could also be running on or behind this IP
- The node could be misconfigured in a variety of ways to keep forensic traces, even being a VM that is being snapshotted regularly
- Some lunatic could be running an exit on his personal machine, but just coincidentally to the observed criminal activity
- A high percentage of nodes is malicious, keeps logs, mines data, poisons traffic and tries opportunistic TLS stripping (those poor, naive souls clicking the warning away...)
Not to encourage raids on node operators, but it is worthwhile to keep in mind that there could be actual reasoning behind these actions.
If you are smart about this, you can even get the relevant and obtainable info with little LE resources and without unduly harassing the operator.
by ghransa on 9/10/24, 9:24 PM
by pelasaco on 9/11/24, 5:22 AM
by game_the0ry on 9/11/24, 12:38 AM
I am sorry for what your governments are about to do you, bc you will likely go through a very difficult time in the near future. Now, its Tor and Telegram - soon, every opinion you have shared will likely be scrutinized and used against you.
Good luck, European people. I am hoping the best for you.
by gaiagraphia on 9/14/24, 3:51 PM
Mad respect to anybody who goes against the grain, and puts their own livelihood and freedom at risk, to help support privacy and freedom.
by marcodiego on 9/10/24, 10:53 PM
It wouldn't fix the "someone used my exit node to send a bomb treat" case though.
by o999 on 9/10/24, 9:58 PM
by trhway on 9/10/24, 11:09 PM
by jmakov on 9/11/24, 6:55 AM
by janandonly on 9/11/24, 1:05 PM
by numpad0 on 9/10/24, 9:22 PM
by seu on 9/11/24, 5:51 AM
No. Their objective is to intimidate individuals, exhaust them, which leads to...
> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes. That is a risk I am just no longer willing to take anymore.
Which is totally understandable.
by aborsy on 9/11/24, 1:22 AM
Even like, the majority or minority.
by hnbad on 9/10/24, 8:57 PM
On the other hand Germany does use flimsy excuses to crack down on services like Tor and that's bad.