A German operator of a Tor server used to anonymously route traffic over the net said he was arrested in a midnight raid on his residence that stemmed from an investigation into bomb threats said to have passed through an internet protocol address under his control. Alexander Janssen said he had just returned from a night of …
Law enforcement should learn about anonymity
We deplore the treatment of our German volunteer at the hands of his law enforcement authorities. No one should be subject to such unjustified treatment.
The irony of all of this is that the actual Tor server involved in their putative investigation was 500 miles away in a colocation facility. Did they consult a network security forensics expert at all?
Tor is used by journalists, bloggers, human rights groups and many others for good ends. It acts as a "caller-ID block" mechanism for your Internet address. This is a basic element of Internet privacy, and is used by many individuals around the globe -- including military personnel and law enforcement.
But again and again we have seen Tor server operator volunteers harassed by law enforcement officials who are not adequately trained in Internet security.
We encourage law enforcement to contact us to better understand how Tor can help law enforcement, and how law enforcement can distinguish a Tor server -- which is no more liable, as far as we know, for the traffic that crosses it than any ISP, router, or switch that passes traffic without taking responsibility for the content of the traffic.
The Tor Project
George W. Bush should be proud
The jackbooted ignoramuses who raided this fellow's home used precisely the tactics that the Bush Administration in the USA advocates to fight "terror" - that is, they terrorized an innocent man, who was working hard to preserve freedom of expression, and they terrorized his wife. And the terror tactics worked - he won't help support freedom in that way any more.
Acts of terrorism committed in the name of "the war on terror" are no less reprehenisble than the acts of the terrorists wearing turbans.
I spent 23 years in the US Army. I now see it was complete waste. My advice to anyone considering a military term of service is, "don't." You'll regret it - if you're lucky. Otherwise you go die someplace to shore up the profits of one of Bush's stockholders.
It's a bit sad
Fine, I know that these agencies probably don't have the time or money available to train their forces about the latest technologies and how these work, but surely even a little basic research or a phone call to an expert to ask beforehand could have saved a lot of trouble? Aside from the harrassment of the individual involved, and whatever repercussions this may cause for the Tor project, there's still also the horrendous cost of a search in terms of manpower and time - all of which is paid for by the taxpayer. Seriously. Learn to think first.
Tor & Fraud
I'm sure you're well aware what Tor is often used for, plain and simply fraud. I'm not suggesting this was definitely the case nor am i suggesting he had done anything 'wrong' that warranted this treatment, the fact is his node could have been easily used to fraud - let's face it the majority of poker fraud was done via Tor and a VNC... The police are well aware of how powerful Tor is it's alot more than your average SOCKS proxy, saying this alot of dummy nodes which are logged are out their to catch these fraudsters utilizing Tor.
You can argue he was offering a "caller-ID block" service - well Tor is so closely bundled with fraud it's unbelievable - this is why it's such a big deal to take down these 'free' nodes, albeit they offer the good guys anonymous browsing they also allow bad boys to go card some goods... Maybe he should have been logging and passing on these logs as i'm pretty sure now matter how hard he monitored it that it'd be used for dodgy purposes.
If he had nothing to fear he would not have taken down his node, the fact is any bod can use the node do whatever they fancy - whether it's threaten on a forum, scan a site for holes, phish or card - tor and socks servers will always get this treatment while they're not strictly monitored - oh wait, that takes out the anonymous element...
Not government sponsored
While the current government in Germany is currently thinking out loud about severely curtailing personal freedoms on the internet, it should be noted that the previous government actually sponsored a project for anonymous surfing.
In a perfect world...
..Nobody should need to cover up her/his activities.
How much of this traffic could be legitimate or just harmless is not proven (mainly because the police is not able to dig inside the real object of contention: data themselves).
Mr. Nerad and the others have their share of responsibility for not willing to admit that such anonymity services are the subject of widespread abuse: why is this overlooked?
Not that I am justifying the modus operandi of the German Police, not at all, but I still stick with the principle that where's smoke there has to be some fire too.
Just because he ran a tor server doesn't make him innocent
He said that he ran a tor server, why should that suddenly make him innocent?
They searched his home because a bomb threat came from a machine owned by him, for all they know he could have sent it himself, they will know what tor is but that was not the case here.
On the other hand...
I haven't had a lot of time for anonymising services since one of the early ones was used to forge things in my name some years ago... Seems to me that the majority of use is malicious rather than free speech... What is it that's said about freedom without responsibility... I'm afraid I don't buy the argument that you have no responsibility at all for what your creation is used for, whether it be from the creators of anonymiser services or the creators of poison gas...
so I guess skype users are liable too ...
... for any traffic routed through their node by the skype routing system, which is peer-to-peer, I understand?
If the police are so interested, why don't they run a TOR server themselves?
Thin end of the wedge
Perhaps the German authorities will see these tactics as an effective way of disabling TOR? Maybe their actions will be copied by other countries who see privacy as a threat?
Now I could be so wrong BUT,
I understood the BBC iPlayer used a distributed system so send out content,
so my computer is handeling lots of data for others I don't know about.
Now if the BBC for some reason was to send out something which say the US did not like, does that mean I could be getting a visit fomr the men in black ?
Well it was a bomb threat.
Although law enforcement are behind when it comes to general knowledge of such technologies it's not hard to understand their posistion on this one.
There's been a bomb threat and they get intel that your house is involved, they can't really take any chances, they storm in, you react like they expect (everyone does basicly react the same way, that's what they're trained for), the police use their training to take control of everyone and everything as quickly as possible.
Your scared but they're for the most part not going to hurt you, even if you struggle, which they expect, two or three guys trained in restraint can hold you down till you calm down.
Let's face it the only examples of this we have where for Child Porn and Bomb Threats.
Poor couple though, wouldn't wish it anyone.
I'm a Tor-operating coward ...
... I just use a draconian, middle-man only exit policy. That should be pretty safe. Admittedly the network needs people who are't as twitchy as me about it but castrated nodes like mine do still help, so if people are worried they should consider doing that rather than shutting down completely.
Missing the point perhaps ...
I think that you may find that there was no error made at all by the Police, perhaps rather a "detterent" for all people who seek to help others hide their criminal activities ...
If I ran a Tor server right now, I would certainly have to think twice about keeping it going, with the thought that I could have my door kicked in, my possessions siezed and spend a few nights in a Police cell while they "learn" that it was nothing to do with me ... Especially with the wonderful new anti-terror laws that mean they don't even have to charge me to hold me ...
Nah - make no mistake ... They knew exactly what they were doing ...
You missed a crucial fact - the location of the server
According to the CNET article, the Tor server wasn't in Janssen's house, but at a data centre several hundred km away, so none of the data was passing through his home network.
"even through the undergarments of his terrified wife."
"Sargent, why are you looking for evidence in my underwear drawer?"
"Well there wasn't any ten minutes ago, so I thought it was time to check again."
...even through the undergarments of his terrified wife..
Do you think she was wearing them at the time?
Ahh the wonderful smell of limited liberty
"where's smoke there has to be some fire too"
There goes the "innocent until proven guilty" bit. There is no more innocence anymore. You'll be strip-searched until we find you weakness !
Ooohhh, random search turns up a pic of an underage girl naked next to the pool. This guy has to be a perv ! "But it's my daughter, officer" "You pig ! Doing that to your own daughter ! Take him in, Sergeant !" Cue twenty years of legal strife to regain one's liberty, to say nothing of honor, and a whole family wasted.
But there was a picture . . and where there's smoke . .
Where there is smoke there may well be a smoke canister, carefully planted to make sure the search would turn up something good. I'm getting sick of this "where there is smoke" attitude. Use it on criminals that have a record, I can understand that, but when you approach a random citizen without any criminal record I would suggest you NOT consider beforehand that he IS a criminal.
Unless, of course, you want the whole country to become one big jail.
Oh wait, you from the USA ? Already done then, forget I ever said this.
Privacy and security
As always, in these matters, there are two conflicting needs: Privacy and security.
Total privacy on the internet allows crooks to do their bidding - money laundering, extortion, defamation, etc.
Total security on the other hand depends on a controlling entity being fully aware of each individual's deeds on the internet: by logging, monitoring, confiscating hardware, etc.
So, ask yourself what you prefer: Being potentially a victim of a criminal or factually under surveillance.
@Tor & Fraud
> I'm sure you're well aware what Tor is often used for, plain and simply fraud.
So is snail-mail & the telephone - and for much longer. Should their providers' offices also be raided in this ham fisted manner?
Privacy vs. security
I fail to see how the German police action advances either side of the argument. It seems less about argument and reason, and more about coercive behaviour modification.
@Privacy and security
"So, ask yourself what you prefer: Being potentially a victim of a criminal or factually under surveillance."
I'll have option A, thank you very much. I'll take my chances.
Any pathetic cowards who live their entire lives in desparate fear are perfectly welcome to go and voluntarily live in jail, safe under the gaze of the all-seeing panopticon.
What they can NOT do, however, is insist that all the rest of us effectively come with them, by turning our entire society into one big totalitarian prison.
Someone should maintain a database of compromised PCs owned by employees of law enforcement so people can route their traffic through those machines' IP addresses. I bet they would think twice before turning a fellow officer's house inside out. Or if they didn't, the resulting internal consternation would probably make them think a little harder in future.
RE: Tor & Fraud
"If he had nothing to fear he would not have taken down his node"
Sorry? What planet are you on? And what story did you just read?
The guy wasn't worried that activities that he may or may not have been up to would be found out; he wanted to make sure that his family never went through that terrifying situation again. I completely understand that.
And have you been outside in the real world recently? Just about everyone suspects just about everyone else of pretty much everything nowadays. Not to mention that the various powers being imbued upon police forces mean that you can be innocent of anything and they can get you for something.
Personally, I think it's the governments and police that people need to fear most.
Re: Just because he ran a tor server doesn't make him innocent
The fact that he has the right to be Presumed Innocent Unless Proven Guilty is what makes him innocent!
Still, I doubt trivial little facts like that matter to you or the German Police. Or, for that matter to the British Police or the Americans or...
Re: On the other hand...
"I haven't had a lot of time for anonymising services since one of the early ones was used to forge things in my name some years ago... Seems to me that the majority of use is malicious rather than free speech... What is it that's said about freedom without responsibility... I'm afraid I don't buy the argument that you have no responsibility at all for what your creation is used for, whether it be from the creators of anonymiser services or the creators of poison gas..."
A perfectly understandable position. However, at least as it applies in the current situation, it is not the current LEGAL position. If you - or the police - wish this to change, then you - or the police - should work on changing the LAW. Committing acts of terror on INNOCENT (by definition) civil liberties geeks is the wrong way to go about it.
Personally, I disagree. I'm bothered by the potential for abuse these services provide, but think that destroying them altogether is going too far. One way or the other, I feel the police grossly overstepped their bounds in this case.
"it is also be seen as a setback, however small, for grass-roots projects such as Tor, that aim to shield individuals from prying eyes"
Seems like that would be enough of a reason for the police to want to terrify these people. There probably was no threat.... other than to the ability of law enforcement to spy on us.