Feeds

back to article Tor node admin raided by cops appeals for help with legal bills

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node. William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Blimee...

I class myself as a bit of a data hoarder, and I have a tendency to keep old machines and recycle them. I also take a lot of photographs and store them in RAW form, but this guy has twice as many PC's as me and blows my online storage completely out of the water...

100TB... At home... In a flat?! Although I do wonder if there is a bit of Daily Mail style reporting going on as I only saw 2 HP Microservers, which even when modded with extra SATA cards are not going to account for 100TB.

If he truly does have 100TB, I can't help but suspect the cops will find something amongst all that data which will hang this chap completely out to dry.

2
0
Silver badge
Happy

Re: Blimee...

You can fit 5 drives inside a microserver easily, lets be generous and say he's updated to the latest and greatest 4TB drives, that's 20TB per microserver. A 2TB laptop drive could be crammed in at the top and connected by looping the eSATA port back inside the case. The internal USB slot can host a thumb drive, and there are another five externally for another 1.5 TB. With a suitable USB-3.0 card in the PCIe 1x slot an with internal socket and three external you could add another 4 of these for another TB.... you might be able to pick up and *maybe* fit in the case a PCIe flash card in the x16 slot for up to another TB, bringing us to ~25.5TB per microserver before we even consider external SATA or USB3.0 enclosures...

So with a decent budget and some determination you *could* do 100TB in four microservers I reckon.

2
0
Silver badge

Re: Blimee...

100 TB is a lot more than your average guy, but it's not that much really. It's also probably not 100TB of actual storage, but 100 TB of storage with no redundancy.

I have a simple setup here with two 16 disk JBOD arrays with SAS expanders plugged into one server. Currently I have 18 disks in there, for a total of 36 TB 'headline' storage, which comes down to about 30 TB of redundant storage. If I filled the remaining bays with 4 TB drives, that would be another 80TB, easily bringing me over 100 TB - although there is no way I'm paying £50+/TB.

The JBOD arrays were second hand, only cost me around £70 each plus postage from the US.

Without going for an external chassis, you can get quite a lot of disks just by cramming them into a decent full tower case. Before I had the JBODs, this is what I had, a tower case filled with 12 disks.

You can easily find motherboards with 7 or 8 onboard SATA ports and multiple PCI-E x8 slots, and you can buy cheap 8 port SATA LSI cards from ebay for around £100, or cheap 2 port cards for around £15.

The worst downsides to doing this is that a case crammed with disks needs proper airflow, or your disks die real quick, and when a disk does die, you have to dig around in a powered off case to find the broken one.

0
0
Silver badge

Re: the cops will find something amongst all that data

If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

- attributed to Armand Jean du Plessis Duc de Richelieu,

18
0

Re: Blimee...

He runs a hosting company edis.at famous for offering free collocation of raspberry pi. Its probably mostly old servers retired to datacenter duty.

2
0
Anonymous Coward

Re: Blimee...

I can't help but suspect the cops will find something amongst all that data which will hang this chap completely out to dry.

You don't have to worry about that, they will bitchslap him for pot smoking should all else fail.

0
0
Silver badge

Re: Blimee...

And apparently for "legally held firearms".

2
0
Silver badge

Re: Blimee...

100TB isn't so much. There's an article floating around the web (I've read it, but I'm too lazy to go find it right now) about how to build a RAID5 petabyte SAN on a relatively modest budget (around $3000 if I recall correctly). It'd still be a rather large, but not inconceivable, chunk of change for an individual. I've tried to talk my wife into letting me do it with our tax return for the last couple years, but apparently having an insane amount of storage that I could never dream of actually using up is not a good enough use of several thousand dollars for her.

0
0
Silver badge
Boffin

Re: Blimee...

"....100TB... At home...." Coppers (at least here in the UK) tend to count all forms of storage they find as "storage" without breaking it out, so it doesn't necessarily mean he had 100TB of spinning disk. For example, if you have a box of fifty 8.5GB DVD-R DL disks then that will be counted as 425GB. I currently have about 200-odd DVD-Rs kicking round the house, some with software project backups, Outlook PSTs, some with home videos and recorded TV shows, and plenty of blanks, but if I was raided they would be counted along with everything else to make up the one "storage" figure. Given that I also have some LTO tapes with "3TB" on the cases you can see it's quite possible to get into double figures of TB before you even get round to disks.

0
1
Silver badge
Joke

Re: Blimee...

"I was raided they would be counted along with everything else to make up the one "storage" figure."

Well, if you were raided, it would be a moot point, since you'd die in the firefight ensuing after you screamed, "You'll never take me alive, fucking feds!" and started spraying M16 ordnance at the encroaching circle of police vehicles.

1
1
Silver badge
Big Brother

This is why I can't run an exit node

Or a freenet node, or really be part of any other sort of darknet where you don't monitor stuff going over your own links.

Not because there's a legal risk, but because I'm damned if any network or computation resources of mine are going to be used to transmit child porn.

11
9
Silver badge

Re: This is why I can't run an exit node

The way Freenet works, is that unpopular stuff gets deleted from the network first. Stuff that's requested a lot sticks around.

So by running a Freenet node, uploading popular content that isn't child porn, and not downloading any child porn, you make child porn less accessible.

Just a thought.

4
4
Silver badge
Childcatcher

Re: This is why I can't run an exit node

You'd still be letting your link be used for this stuff, adding to the network capacity. Though perhaps you've just highlighted a potential attack on the system, if you had a lot of nodes and bandwidth that all flooded the network with nothing much and then requested it over and over again.

Either way I ain't touching that.

1
2
Silver badge
Facepalm

Re: Re: This is why I can't run an exit node

"....unpopular stuff gets deleted from the network first...." It only has to traverse your IP address once to make it possible for you to get visit from the authorities and start your neighbours gossiping about possible child molestation.

0
1
Silver badge
Trollface

Re: This is why I can't run an exit node

"So by running a Freenet node, uploading popular content that isn't child porn, and not downloading any child porn, you make child porn less accessible."

I've always thought that, if you go on the logic of the music industry that anonymous downloads = lost sales = direct cost to the industry, you could bankrupt child pornographers simply by downloading pirated versions often enough. Wait, you say that wouldn't work? Huh....

0
1
Bronze badge
FAIL

Clever police

Arrest the postman for delivering an illegal packet.

15
4
Gav
Bronze badge
Holmes

Re: Clever police

Except he's not "the postman".

It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an explanation of them. All the time.

5
6
Anonymous Coward

Re: Clever police

Immigration and Customs fine lorry drivers for delivering immigrants...Choose another...

4
7
Bronze badge
WTF?

Re: Clever police

quote: "It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an explanation of them. All the time."

"Immigration and Customs fine lorry drivers for delivering immigrants...Choose another..."

It is exactly like the ISP(s) that delivered the child pornography to the end users once it exited TOR though... I hope they are also being questioned and all their equipment confiscated pending investigation?

Or is this yet another case of companies being allowed to do things that ordinary citizens face jail/gaol time for? If they (ISPs) cannot be held responsible for the traffic they carry, then why is a TOR admin being held responsible for the traffic he carries?

I think I should register My House Internets Ltd. as a reseller of my connection, so I cannot personally be held legally liable for the traffic over it. I should just need to get hold of a boilerplate DMCA process and I reckon I'm golden :)

P.S. I laffo'd at "legitimate uses" of TOR being to avoid state-mandated censorship... I'm sure the UK / US governments are all for it "in countries with a poor human rights record" but see how quick they stomp on you for using it internally; this is a case in point. It's like torrents, if you use it there is immediately an expectation of guilt, regardless of (or rather because of) the fact that the tech is morality-agnostic.

4
0
Silver badge

Re: Clever police

>Immigration and Customs fine lorry drivers for delivering immigrants

And yet don't fine the channel tunnel or ferry operators.

In the same way they fine small ISPs but not the owners of the cable or satelite.

Remember the golden rule, those with the gold make the rules.

2
0
Anonymous Coward

Re: Clever police

"It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an

explanation of them. All the time."

Well, if every household router connected to each other via an onion like mesh network, we could plausibly assume that most would not be the origin or requester of child pornography.

Then the explanation should be very simple: The operator does not know, has zero ability to verify or dispel any suspiscion and is neither the actual sender nor receiver.

Any information control is a broken and unworkable paradigm in a society in which you have a right to be administrator on your own general purpose hardware and have your computer talk to other computers.

Child pornography is awful, but the slippery slope the society started when it outlawed the depiction of a crime was a mistake.

Mere depiction of crime should never be unlawful, and criminalizing possession of any depiction of crime no matter its nature is only enforceable in an Orwellian society in which all data connections are logged by the police.

4
2

Re: Clever police

The difference is the ISP will gladly tell the Police where the packet came from. Tor cannot by design do that. Hence you're left holding the bag legally until the law catches up with technology.

3
0
Anonymous Coward

Re: Clever police

Exactly: A private individual going through customs with a "packet some guy gave them" which turns out to contain something illegal will be prosecuted. A courier taking said same packet through customs won't be prosecuted because of carrier privilege (or whatever it's called, I can't remember off hand).

1
0
Silver badge
Facepalm

Re: Re: Clever police

"....The operator does not know, has zero ability to verify or dispel any suspiscion and is neither the actual sender nor receiver....."

Ignorance is not a good legal defence. Suppose you let people store stuff in your shed, it gor raided by the Police, and they found a stolen item or a stash of illegal substances - you are the legal owner of the shed and liable for the contents, it is no good just shrugging and saying "not mine". Similarly, if the Police are tracking the transfer of child pr0n and see it going to your IP address it is your responsibility. Unless you can prove it was not you downloading it you will be the person arrested, charged and sent to prison. If you don't keep transaction logs as part of the TOR setup "out of principle" then you are just setting yourself up.

0
2

Re: Clever police

"In the same way they fine small ISPs but not the owners of the cable or satelite."

I'd like to see them confiscate a satellite or cable while they investigate.

0
1
Silver badge
Joke

Re: Clever police

@StephenH

More likely they'd try and get an order for you to surrender it, and then stamp their feet when you don't (because you can't)

0
0
Anonymous Coward

Re: Clever police

"Ignorance is not a good legal defence. Suppose you let people store stuff in your shed, it gor raided by the Police, and they found a stolen item or a stash

of illegal substances - you are the legal owner of the shed and liable for the contents, it is no good just shrugging and saying "not mine"."

" Similarly,

if the Police are tracking the transfer of child pr0n and see it going to your IP address it is your responsibility. Unless you can prove it was not you

downloading it you will be the person arrested, charged and sent to prison. If you don't keep transaction logs as part of the TOR setup "out of principle"

then you are just setting yourself up."

Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography.

The difference between the owner of the shed and the internet connection is that the owner of the shed often has a practical ability to verify what is stored, and is therefore more likely lying when claiming ignorance, whereas the owner of the internet connection often can't see what is going through.

Your claim that an IP address = legal liability unless the owner can prove his innocence is flatly wrong as seen in the copyright context. UK courts have squarely ruled contrary to your position.

2
1
Silver badge
FAIL

Re: Re: Clever police

".....Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography....."

You best work on that whole knowing thing:

"94 of 187 Interpol member states had laws specifically addressing child pornography as of 2008. Of those 94 countries, 58 criminalized possession of child pornography regardless of intent to distribute." http://en.wikipedia.org/wiki/Laws_regarding_child_pornography

0
1
Anonymous Coward

Re: Clever police

"".....Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't

let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography.....""

"You best work on that whole knowing thing:

"94 of 187 Interpol member states had laws specifically addressing child pornography as of 2008. Of those 94 countries, 58 criminalized possession of child

pornography regardless of intent to distribute.""

Yes, and possession and distribution are distinct offenses. If a person possesses child pornography, he is a criminal regardless of proven intend to distribute, but that does not detract from my argument that knowledge as to the illegality of the material is an element of the crime which must be proven independently of the material being found.

In the United States, the Supreme Court in fact interpreted the federal child pornography statute in a manner as to avoid imposing strict liability on distributors. The rational given by the court was that the lack of a knowledge requirement would violate free speech by chilling distribution of legal pornography. I am sure that the ECTHR would find fault with a child pornography law essentially meaning that your always guilty if the material is found in your home or on your computer.

0
0
Silver badge

Re: Re: Clever police

".....but that does not detract from my argument that knowledge as to the illegality of the material is an element of the crime which must be proven independently of the material being found....." That's probably the only thing stopping the TOR node admin in question going to prison - the authorities have accepted that he didn't actually open the files and view the pr0n, just that it traversed his system. In the UK it would be irrelevant - it's on your hard-drive, you own the hard-drive, you are liable, whether you have actually opened the file and examined its contents or not. I have that on legal advice as we have (for years) regularly swept all systems in my company for anything even remotely likely to be a pr0n file, not because we're do-gooders but because of the company's liability.

0
1
Silver badge
Paris Hilton

Really?

"The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely."

The *military* uses Tor?? Really?? Would expect it to be a fairly tin-pot military that resorted to Tor.

1
11

Maybe you're not familiar with tor's original supporter the U.S. Naval Research Laboratory? I highly doubt militaries are relying on it solely but I imagine it's a very good tool in an arsenal. Particularly if you need deninability.

15
0
Anonymous Coward

Re: Really?

Having done work for QinetiQ, I'd say it would be an extremely advanced military that would use Tor. We mostly just use email for everything - communications, integration, etc etc.

6
0
Anonymous Coward

Re: Really?

The military created tor IIRC...

2
0
Anonymous Coward

Re: Really?

Yes really! Sponsored by the US Navy originally, but there was a story on El Reg a few years ago where someone monitored his own exit node for a while and wrote a paper on it. It was rife with spooks of many nationalities exhibiting very poor data hygiene and communicating with their motherships in plain text, mistrusting TOR to magically encrypt end-to-end. So TOR is very much a legitimate limb of modern comms and has much governmental patronage too. It's also full of pron, just like the plain old Internet.

5
0
Anonymous Coward

Would that be a legal pickled onion?

1
0
Silver badge
Headmaster

Just a minor point

Any Landeskriminalamt (a state bureau of criminal investigation) is not an equivalent of the FBI, that would be the Bundeskriminalamt (federal bureau of criminal investigation).

</pedantry>

4
0
Anonymous Coward

From the linked article: "Additionally, I was accused of sharing (and possibly producing) child pornography on a clearnet forum via an image hosting site that was probably tapped. If convicted, this could land me in jail for 6 to 10 years."

Tapped, really? So how do we know he's really the saint he claims to be?

Looking a the photos and reading about his various co-located servers, he seems to have put a lot of kit into this .. Excuse me if I don't entirely believe this Good Samaritan story.

5
19
Silver badge
Holmes

You seem to be firmly in grip of the spirit of the 21st century, my good sir. I can only applaud this.

Have you applied for a civil servant place at the Ministry of Smoke an' Fire already? I'm sure your reptile eyes will uncover quite a few edgy cases...

14
3
Silver badge
Childcatcher

Holy sh*t, downvotes!

4
0

I must admit that guns, guns, and extra guns in a safe, together with cash and spare mobile in a safe deposit box in a bank doesn't strike me as being the average sysadmin's backup plan.

0
0
Silver badge

"doesn't strike me as being the average sysadmin's backup plan."

...starting to look like it should be, though.

0
1
Silver badge
Facepalm

"...starting to look like it should be, though." Just don't forget your tinfoil hat.....

0
1
Silver badge

"Just don't forget your tinfoil hat....."

Just when you think it's safe to not use the 'joke alert' icon...

0
0
Silver badge
Happy

Re: David W.

"....Just when you think it's safe to not use the 'joke alert' icon..." The large number of LOIC fodder out there just proves that the joke icon should be mandatory for any such posts, otherwise you run the risk of stirring the easily- impressionable (AKA, MoveOn, Occupy, Anonymous, etc., etc.). In fact, I was thinking of starting a petition to get it mandatory that all political TV broadcasts should display the joke icon or a FUD icon when they're making ridiculous claims to stir the voters.

0
1
Silver badge
Unhappy

No good deed...

... goes unpunished.

Although it would be easy to say that it's his own fault for running something which can be abused, I find it difficult to do so.

He was providing his own resources for the benefit of others. Of course there is the potential for abuse, but it is a sad state of affairs when he is punished for doing a good deed. I have heard of other cases which have had similar effects, e.g. people hosting public Wi-Fi APs etc. being collared when it was someone abusing their generosity. Hell, our office has locked down our "visitors" Wi-Fi network because someone was bringing their laptop in and downloading torrents, which almost caused the entire companies internet access to be cut off.

It reminds me of a school friend's hippie mother. She tried to help people out wherever she could. At one point, she started allowing (through a charity) homeless people to stay at her house. She had a spare room, and they would stay for a few days, get hot meals, showers and a nice warm place to sleep for a few days. She got nothing back except the knowledge that she had helped someone in need.

This all stopped after one person abused the system. Someone who she had been so kind to robbed the house (and the insurance wouldn't cover it).

It is abuses like this which stop people from helping. It makes the whole world worse off. If I was this guy, I'd be very reluctant to run a Tor exit node again, and the story will likely put others off from doing the same. It makes me sad (although the cynic in me knows that this is just how the world works, I always try to listen to the ever-diminishing voice of my inner optimist)

10
1
Childcatcher

Re: No good deed...

it is a sad state of affairs when he is punished for doing a good deed.

Did it occur to you that is why he has been "punished".... "They" find somebody running a TOR exit node and push some kidde p0rn through the TOR to give then an excuse to shut it down?????

After all they are only thinking of the children.

Black helicopters icon as well.

6
1
QdK
FAIL

Re: No good deed...

How is helping child abusers a good deed??

0
14
Silver badge

Re: No good deed...

People who sell food or rent apartments to child abusers help them too - but grocers and landlords, like this tor admin, don't know which, or whether any, of their customers might be doing what. If it is made their responsibility to do so, they're forced to take on the responsibility of law enforcement without the authority of law enforcement.

If you want this tor admin to find criminals benefiting from his service, give him a budget for investigators and the authority to do something about it.

If you don't want to give him the authority, and you don't want him to continue to provide his service, then at least be consistent and arrest everyone who sells anything or transacts in any way with anyone doing anything illegal - because they're all 'helping' the criminals. Medical care, food, housing, basic network access - all of those are arguably *more* important to a child pornographer than a tor network; it's clear that a pornographer could continue without tor, but he'd certainly have a difficult time without any food or cameras or a place to live or an internet connection.

Be consistent. Neither Nikon (or Canon - we'll leave as an exercise to the reader the judgment over which a child porn producer would pick) nor Pepsico nor BMW (or Mercedes - we'll leave as an exercise to the reader the judgment over which a child porn producer would pick) nor this tor admin know who is using their products and for what.

The fact that this tor exit is one of the more visible points of utility doesn't make it the most critical or the most relevant, and is a very bad reason to punish the provider or choke the service.

13
1
Silver badge

Re: No good deed...

QdK:

Not knowing exactly what you do for a living, I can't be sure of an example which fits. A reasonable guess, as you are on this site, would be an IT admin.

Say a colleague, or a friend, brought you a laptop in and asked you to fix it for him. You do so as a favour. A couple of months later you find that he has been arrested for making and distributing kiddie porn, and a big chunk has been done using the laptop you fixed, since you fixed it.

So, you did a good deed by fixing his laptop, but you helped a child abuser. It was still a good deed.

The same applies to this guy. He set up a Tor exit node, donating his bandwidth and system resources to the general public. This is a good deed. The fact that the service is used by child abusers doesn't make it any less of a good deed.

3
0

Page:

This topic is closed for new posts.