back to article Tor node admin raided by cops appeals for help with legal bills

A sysadmin had his flat raided and equipment seized by police last week for hosting a Tor exit node. William Weber from Graz, Austria, was questioned by cops after someone allegedly distributed child abuse images over one of the Tor exits he administered. Contrary to some early reports Weber was only questioned by police, who …

COMMENTS

This topic is closed for new posts.
  1. Steve Evans

    Blimee...

    I class myself as a bit of a data hoarder, and I have a tendency to keep old machines and recycle them. I also take a lot of photographs and store them in RAW form, but this guy has twice as many PC's as me and blows my online storage completely out of the water...

    100TB... At home... In a flat?! Although I do wonder if there is a bit of Daily Mail style reporting going on as I only saw 2 HP Microservers, which even when modded with extra SATA cards are not going to account for 100TB.

    If he truly does have 100TB, I can't help but suspect the cops will find something amongst all that data which will hang this chap completely out to dry.

    1. David Hicks
      Happy

      Re: Blimee...

      You can fit 5 drives inside a microserver easily, lets be generous and say he's updated to the latest and greatest 4TB drives, that's 20TB per microserver. A 2TB laptop drive could be crammed in at the top and connected by looping the eSATA port back inside the case. The internal USB slot can host a thumb drive, and there are another five externally for another 1.5 TB. With a suitable USB-3.0 card in the PCIe 1x slot an with internal socket and three external you could add another 4 of these for another TB.... you might be able to pick up and *maybe* fit in the case a PCIe flash card in the x16 slot for up to another TB, bringing us to ~25.5TB per microserver before we even consider external SATA or USB3.0 enclosures...

      So with a decent budget and some determination you *could* do 100TB in four microservers I reckon.

      1. Tom 38

        Re: Blimee...

        100 TB is a lot more than your average guy, but it's not that much really. It's also probably not 100TB of actual storage, but 100 TB of storage with no redundancy.

        I have a simple setup here with two 16 disk JBOD arrays with SAS expanders plugged into one server. Currently I have 18 disks in there, for a total of 36 TB 'headline' storage, which comes down to about 30 TB of redundant storage. If I filled the remaining bays with 4 TB drives, that would be another 80TB, easily bringing me over 100 TB - although there is no way I'm paying £50+/TB.

        The JBOD arrays were second hand, only cost me around £70 each plus postage from the US.

        Without going for an external chassis, you can get quite a lot of disks just by cramming them into a decent full tower case. Before I had the JBODs, this is what I had, a tower case filled with 12 disks.

        You can easily find motherboards with 7 or 8 onboard SATA ports and multiple PCI-E x8 slots, and you can buy cheap 8 port SATA LSI cards from ebay for around £100, or cheap 2 port cards for around £15.

        The worst downsides to doing this is that a case crammed with disks needs proper airflow, or your disks die real quick, and when a disk does die, you have to dig around in a powered off case to find the broken one.

    2. Crisp

      Re: the cops will find something amongst all that data

      If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.

      - attributed to Armand Jean du Plessis Duc de Richelieu,

    3. Paddy 1

      Re: Blimee...

      He runs a hosting company edis.at famous for offering free collocation of raspberry pi. Its probably mostly old servers retired to datacenter duty.

    4. Anonymous Coward
      Anonymous Coward

      Re: Blimee...

      I can't help but suspect the cops will find something amongst all that data which will hang this chap completely out to dry.

      You don't have to worry about that, they will bitchslap him for pot smoking should all else fail.

      1. Destroy All Monsters Silver badge

        Re: Blimee...

        And apparently for "legally held firearms".

    5. sisk

      Re: Blimee...

      100TB isn't so much. There's an article floating around the web (I've read it, but I'm too lazy to go find it right now) about how to build a RAID5 petabyte SAN on a relatively modest budget (around $3000 if I recall correctly). It'd still be a rather large, but not inconceivable, chunk of change for an individual. I've tried to talk my wife into letting me do it with our tax return for the last couple years, but apparently having an insane amount of storage that I could never dream of actually using up is not a good enough use of several thousand dollars for her.

    6. Matt Bryant Silver badge
      Boffin

      Re: Blimee...

      "....100TB... At home...." Coppers (at least here in the UK) tend to count all forms of storage they find as "storage" without breaking it out, so it doesn't necessarily mean he had 100TB of spinning disk. For example, if you have a box of fifty 8.5GB DVD-R DL disks then that will be counted as 425GB. I currently have about 200-odd DVD-Rs kicking round the house, some with software project backups, Outlook PSTs, some with home videos and recorded TV shows, and plenty of blanks, but if I was raided they would be counted along with everything else to make up the one "storage" figure. Given that I also have some LTO tapes with "3TB" on the cases you can see it's quite possible to get into double figures of TB before you even get round to disks.

      1. Anonymous Coward
        Joke

        Re: Blimee...

        "I was raided they would be counted along with everything else to make up the one "storage" figure."

        Well, if you were raided, it would be a moot point, since you'd die in the firefight ensuing after you screamed, "You'll never take me alive, fucking feds!" and started spraying M16 ordnance at the encroaching circle of police vehicles.

  2. David Hicks
    Big Brother

    This is why I can't run an exit node

    Or a freenet node, or really be part of any other sort of darknet where you don't monitor stuff going over your own links.

    Not because there's a legal risk, but because I'm damned if any network or computation resources of mine are going to be used to transmit child porn.

    1. M Gale

      Re: This is why I can't run an exit node

      The way Freenet works, is that unpopular stuff gets deleted from the network first. Stuff that's requested a lot sticks around.

      So by running a Freenet node, uploading popular content that isn't child porn, and not downloading any child porn, you make child porn less accessible.

      Just a thought.

      1. David Hicks
        Childcatcher

        Re: This is why I can't run an exit node

        You'd still be letting your link be used for this stuff, adding to the network capacity. Though perhaps you've just highlighted a potential attack on the system, if you had a lot of nodes and bandwidth that all flooded the network with nothing much and then requested it over and over again.

        Either way I ain't touching that.

      2. Matt Bryant Silver badge
        Facepalm

        Re: Re: This is why I can't run an exit node

        "....unpopular stuff gets deleted from the network first...." It only has to traverse your IP address once to make it possible for you to get visit from the authorities and start your neighbours gossiping about possible child molestation.

      3. Anonymous Coward
        Trollface

        Re: This is why I can't run an exit node

        "So by running a Freenet node, uploading popular content that isn't child porn, and not downloading any child porn, you make child porn less accessible."

        I've always thought that, if you go on the logic of the music industry that anonymous downloads = lost sales = direct cost to the industry, you could bankrupt child pornographers simply by downloading pirated versions often enough. Wait, you say that wouldn't work? Huh....

  3. Mystic Megabyte
    FAIL

    Clever police

    Arrest the postman for delivering an illegal packet.

    1. Gav
      Holmes

      Re: Clever police

      Except he's not "the postman".

      It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an explanation of them. All the time.

      1. Anonymous Coward
        Anonymous Coward

        Re: Clever police

        "It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an

        explanation of them. All the time."

        Well, if every household router connected to each other via an onion like mesh network, we could plausibly assume that most would not be the origin or requester of child pornography.

        Then the explanation should be very simple: The operator does not know, has zero ability to verify or dispel any suspiscion and is neither the actual sender nor receiver.

        Any information control is a broken and unworkable paradigm in a society in which you have a right to be administrator on your own general purpose hardware and have your computer talk to other computers.

        Child pornography is awful, but the slippery slope the society started when it outlawed the depiction of a crime was a mistake.

        Mere depiction of crime should never be unlawful, and criminalizing possession of any depiction of crime no matter its nature is only enforceable in an Orwellian society in which all data connections are logged by the police.

        1. Matt Bryant Silver badge
          Facepalm

          Re: Re: Clever police

          "....The operator does not know, has zero ability to verify or dispel any suspiscion and is neither the actual sender nor receiver....."

          Ignorance is not a good legal defence. Suppose you let people store stuff in your shed, it gor raided by the Police, and they found a stolen item or a stash of illegal substances - you are the legal owner of the shed and liable for the contents, it is no good just shrugging and saying "not mine". Similarly, if the Police are tracking the transfer of child pr0n and see it going to your IP address it is your responsibility. Unless you can prove it was not you downloading it you will be the person arrested, charged and sent to prison. If you don't keep transaction logs as part of the TOR setup "out of principle" then you are just setting yourself up.

          1. Anonymous Coward
            Anonymous Coward

            Re: Clever police

            "Ignorance is not a good legal defence. Suppose you let people store stuff in your shed, it gor raided by the Police, and they found a stolen item or a stash

            of illegal substances - you are the legal owner of the shed and liable for the contents, it is no good just shrugging and saying "not mine"."

            " Similarly,

            if the Police are tracking the transfer of child pr0n and see it going to your IP address it is your responsibility. Unless you can prove it was not you

            downloading it you will be the person arrested, charged and sent to prison. If you don't keep transaction logs as part of the TOR setup "out of principle"

            then you are just setting yourself up."

            Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography.

            The difference between the owner of the shed and the internet connection is that the owner of the shed often has a practical ability to verify what is stored, and is therefore more likely lying when claiming ignorance, whereas the owner of the internet connection often can't see what is going through.

            Your claim that an IP address = legal liability unless the owner can prove his innocence is flatly wrong as seen in the copyright context. UK courts have squarely ruled contrary to your position.

            1. Matt Bryant Silver badge
              FAIL

              Re: Re: Clever police

              ".....Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography....."

              You best work on that whole knowing thing:

              "94 of 187 Interpol member states had laws specifically addressing child pornography as of 2008. Of those 94 countries, 58 criminalized possession of child pornography regardless of intent to distribute." http://en.wikipedia.org/wiki/Laws_regarding_child_pornography

              1. Anonymous Coward
                Anonymous Coward

                Re: Clever police

                "".....Citation please. So far I know child pornography is not a strict liability crime but contingent on knowledge as to the the content. Otherwise, I couldn't

                let a neighbor use my internet connection, if it turned out that he had used the connection to transmit child pornography.....""

                "You best work on that whole knowing thing:

                "94 of 187 Interpol member states had laws specifically addressing child pornography as of 2008. Of those 94 countries, 58 criminalized possession of child

                pornography regardless of intent to distribute.""

                Yes, and possession and distribution are distinct offenses. If a person possesses child pornography, he is a criminal regardless of proven intend to distribute, but that does not detract from my argument that knowledge as to the illegality of the material is an element of the crime which must be proven independently of the material being found.

                In the United States, the Supreme Court in fact interpreted the federal child pornography statute in a manner as to avoid imposing strict liability on distributors. The rational given by the court was that the lack of a knowledge requirement would violate free speech by chilling distribution of legal pornography. I am sure that the ECTHR would find fault with a child pornography law essentially meaning that your always guilty if the material is found in your home or on your computer.

                1. Matt Bryant Silver badge

                  Re: Re: Clever police

                  ".....but that does not detract from my argument that knowledge as to the illegality of the material is an element of the crime which must be proven independently of the material being found....." That's probably the only thing stopping the TOR node admin in question going to prison - the authorities have accepted that he didn't actually open the files and view the pr0n, just that it traversed his system. In the UK it would be irrelevant - it's on your hard-drive, you own the hard-drive, you are liable, whether you have actually opened the file and examined its contents or not. I have that on legal advice as we have (for years) regularly swept all systems in my company for anything even remotely likely to be a pr0n file, not because we're do-gooders but because of the company's liability.

    2. Anonymous Coward
      Anonymous Coward

      Re: Clever police

      Immigration and Customs fine lorry drivers for delivering immigrants...Choose another...

      1. NumptyScrub
        WTF?

        Re: Clever police

        quote: "It's not a perfect analogy, but he's more like a private courier. In which case, yes, the police often arrest couriers of illegal packets and demand an explanation of them. All the time."

        "Immigration and Customs fine lorry drivers for delivering immigrants...Choose another..."

        It is exactly like the ISP(s) that delivered the child pornography to the end users once it exited TOR though... I hope they are also being questioned and all their equipment confiscated pending investigation?

        Or is this yet another case of companies being allowed to do things that ordinary citizens face jail/gaol time for? If they (ISPs) cannot be held responsible for the traffic they carry, then why is a TOR admin being held responsible for the traffic he carries?

        I think I should register My House Internets Ltd. as a reseller of my connection, so I cannot personally be held legally liable for the traffic over it. I should just need to get hold of a boilerplate DMCA process and I reckon I'm golden :)

        P.S. I laffo'd at "legitimate uses" of TOR being to avoid state-mandated censorship... I'm sure the UK / US governments are all for it "in countries with a poor human rights record" but see how quick they stomp on you for using it internally; this is a case in point. It's like torrents, if you use it there is immediately an expectation of guilt, regardless of (or rather because of) the fact that the tech is morality-agnostic.

        1. PixelPusher220

          Re: Clever police

          The difference is the ISP will gladly tell the Police where the packet came from. Tor cannot by design do that. Hence you're left holding the bag legally until the law catches up with technology.

          1. Anonymous Coward
            Anonymous Coward

            Re: Clever police

            Exactly: A private individual going through customs with a "packet some guy gave them" which turns out to contain something illegal will be prosecuted. A courier taking said same packet through customs won't be prosecuted because of carrier privilege (or whatever it's called, I can't remember off hand).

      2. Yet Another Anonymous coward Silver badge

        Re: Clever police

        >Immigration and Customs fine lorry drivers for delivering immigrants

        And yet don't fine the channel tunnel or ferry operators.

        In the same way they fine small ISPs but not the owners of the cable or satelite.

        Remember the golden rule, those with the gold make the rules.

        1. StephenH

          Re: Clever police

          "In the same way they fine small ISPs but not the owners of the cable or satelite."

          I'd like to see them confiscate a satellite or cable while they investigate.

          1. Ben Tasker
            Joke

            Re: Clever police

            @StephenH

            More likely they'd try and get an order for you to surrender it, and then stamp their feet when you don't (because you can't)

  4. Annihilator
    Paris Hilton

    Really?

    "The system is used by journalists, activists and military organisations around the world to bypass censorship and communicate securely."

    The *military* uses Tor?? Really?? Would expect it to be a fairly tin-pot military that resorted to Tor.

    1. Daemon Byte

      Maybe you're not familiar with tor's original supporter the U.S. Naval Research Laboratory? I highly doubt militaries are relying on it solely but I imagine it's a very good tool in an arsenal. Particularly if you need deninability.

    2. Anonymous Coward
      Anonymous Coward

      Re: Really?

      Having done work for QinetiQ, I'd say it would be an extremely advanced military that would use Tor. We mostly just use email for everything - communications, integration, etc etc.

    3. Anonymous Coward
      Anonymous Coward

      Re: Really?

      The military created tor IIRC...

    4. Anonymous Coward
      Anonymous Coward

      Re: Really?

      Yes really! Sponsored by the US Navy originally, but there was a story on El Reg a few years ago where someone monitored his own exit node for a while and wrote a paper on it. It was rife with spooks of many nationalities exhibiting very poor data hygiene and communicating with their motherships in plain text, mistrusting TOR to magically encrypt end-to-end. So TOR is very much a legitimate limb of modern comms and has much governmental patronage too. It's also full of pron, just like the plain old Internet.

  5. Anonymous Coward
    Anonymous Coward

    Would that be a legal pickled onion?

  6. Michael H.F. Wilkinson Silver badge
    Headmaster

    Just a minor point

    Any Landeskriminalamt (a state bureau of criminal investigation) is not an equivalent of the FBI, that would be the Bundeskriminalamt (federal bureau of criminal investigation).

    </pedantry>

  7. Anonymous Coward
    Anonymous Coward

    From the linked article: "Additionally, I was accused of sharing (and possibly producing) child pornography on a clearnet forum via an image hosting site that was probably tapped. If convicted, this could land me in jail for 6 to 10 years."

    Tapped, really? So how do we know he's really the saint he claims to be?

    Looking a the photos and reading about his various co-located servers, he seems to have put a lot of kit into this .. Excuse me if I don't entirely believe this Good Samaritan story.

    1. Destroy All Monsters Silver badge
      Holmes

      You seem to be firmly in grip of the spirit of the 21st century, my good sir. I can only applaud this.

      Have you applied for a civil servant place at the Ministry of Smoke an' Fire already? I'm sure your reptile eyes will uncover quite a few edgy cases...

      1. Destroy All Monsters Silver badge
        Childcatcher

        Holy sh*t, downvotes!

    2. Benjol

      I must admit that guns, guns, and extra guns in a safe, together with cash and spare mobile in a safe deposit box in a bank doesn't strike me as being the average sysadmin's backup plan.

      1. Anonymous Coward
        Anonymous Coward

        "doesn't strike me as being the average sysadmin's backup plan."

        ...starting to look like it should be, though.

        1. Matt Bryant Silver badge
          Facepalm

          "...starting to look like it should be, though." Just don't forget your tinfoil hat.....

          1. Anonymous Coward
            Anonymous Coward

            "Just don't forget your tinfoil hat....."

            Just when you think it's safe to not use the 'joke alert' icon...

            1. Matt Bryant Silver badge
              Happy

              Re: David W.

              "....Just when you think it's safe to not use the 'joke alert' icon..." The large number of LOIC fodder out there just proves that the joke icon should be mandatory for any such posts, otherwise you run the risk of stirring the easily- impressionable (AKA, MoveOn, Occupy, Anonymous, etc., etc.). In fact, I was thinking of starting a petition to get it mandatory that all political TV broadcasts should display the joke icon or a FUD icon when they're making ridiculous claims to stir the voters.

  8. Dr. Mouse
    Unhappy

    No good deed...

    ... goes unpunished.

    Although it would be easy to say that it's his own fault for running something which can be abused, I find it difficult to do so.

    He was providing his own resources for the benefit of others. Of course there is the potential for abuse, but it is a sad state of affairs when he is punished for doing a good deed. I have heard of other cases which have had similar effects, e.g. people hosting public Wi-Fi APs etc. being collared when it was someone abusing their generosity. Hell, our office has locked down our "visitors" Wi-Fi network because someone was bringing their laptop in and downloading torrents, which almost caused the entire companies internet access to be cut off.

    It reminds me of a school friend's hippie mother. She tried to help people out wherever she could. At one point, she started allowing (through a charity) homeless people to stay at her house. She had a spare room, and they would stay for a few days, get hot meals, showers and a nice warm place to sleep for a few days. She got nothing back except the knowledge that she had helped someone in need.

    This all stopped after one person abused the system. Someone who she had been so kind to robbed the house (and the insurance wouldn't cover it).

    It is abuses like this which stop people from helping. It makes the whole world worse off. If I was this guy, I'd be very reluctant to run a Tor exit node again, and the story will likely put others off from doing the same. It makes me sad (although the cynic in me knows that this is just how the world works, I always try to listen to the ever-diminishing voice of my inner optimist)

    1. Field Marshal Von Krakenfart
      Childcatcher

      Re: No good deed...

      it is a sad state of affairs when he is punished for doing a good deed.

      Did it occur to you that is why he has been "punished".... "They" find somebody running a TOR exit node and push some kidde p0rn through the TOR to give then an excuse to shut it down?????

      After all they are only thinking of the children.

      Black helicopters icon as well.

    2. QdK
      FAIL

      Re: No good deed...

      How is helping child abusers a good deed??

      1. Anonymous Coward
        Anonymous Coward

        Re: No good deed...

        People who sell food or rent apartments to child abusers help them too - but grocers and landlords, like this tor admin, don't know which, or whether any, of their customers might be doing what. If it is made their responsibility to do so, they're forced to take on the responsibility of law enforcement without the authority of law enforcement.

        If you want this tor admin to find criminals benefiting from his service, give him a budget for investigators and the authority to do something about it.

        If you don't want to give him the authority, and you don't want him to continue to provide his service, then at least be consistent and arrest everyone who sells anything or transacts in any way with anyone doing anything illegal - because they're all 'helping' the criminals. Medical care, food, housing, basic network access - all of those are arguably *more* important to a child pornographer than a tor network; it's clear that a pornographer could continue without tor, but he'd certainly have a difficult time without any food or cameras or a place to live or an internet connection.

        Be consistent. Neither Nikon (or Canon - we'll leave as an exercise to the reader the judgment over which a child porn producer would pick) nor Pepsico nor BMW (or Mercedes - we'll leave as an exercise to the reader the judgment over which a child porn producer would pick) nor this tor admin know who is using their products and for what.

        The fact that this tor exit is one of the more visible points of utility doesn't make it the most critical or the most relevant, and is a very bad reason to punish the provider or choke the service.

      2. Dr. Mouse

        Re: No good deed...

        QdK:

        Not knowing exactly what you do for a living, I can't be sure of an example which fits. A reasonable guess, as you are on this site, would be an IT admin.

        Say a colleague, or a friend, brought you a laptop in and asked you to fix it for him. You do so as a favour. A couple of months later you find that he has been arrested for making and distributing kiddie porn, and a big chunk has been done using the laptop you fixed, since you fixed it.

        So, you did a good deed by fixing his laptop, but you helped a child abuser. It was still a good deed.

        The same applies to this guy. He set up a Tor exit node, donating his bandwidth and system resources to the general public. This is a good deed. The fact that the service is used by child abusers doesn't make it any less of a good deed.

        1. El Andy

          Re: No good deed...

          @Dr Mouse: But he didn't keep logs, which is bordering on destruction of evidence in a child porn case. He could just as easily run a Tor node, keep logs and then provide them to law enforcement officers in the event of a crime. Like any other ISP or service provider would.

          1. Dr. Mouse

            Re: No good deed...

            "But he didn't keep logs, which is bordering on destruction of evidence in a child porn case."

            Tor is provided as an anonymising service. It is used by many people, often for perfectly legitimate purposes, not just paedophiles. He cannot trace where the traffic comes from (a feature of Tor, the data is bounced around the network in such a way that you can't trace it, until it pops out of en exit node). And he would not want to. He has no legal obligation to, and the whole point of Tor is to avoid tracking. Nobody would use it if everything was logged, because it defeats the point of it.

            1. Anonymous Coward
              Anonymous Coward

              Re: No good deed...

              "But he didn't keep logs, which is bordering on destruction of evidence in a child porn case."

              What Dr. Mouse said, plus: If you say he should have kept logs since it was within his technical capability to do so, doesn't that imply that our putative laptop repairman should have to do the same? Even if you say, well, actively copying the disk he works on is a different level of thing - what if he has to back up the media and put it on a new disk, since the old one is messed up? Is he obligated to keep the intermediate copy, since it would be 'destroying the evidence' if he did otherwise?

              Unless there's been a crime committed and you have knowledge of said crime, you can't 'destroy evidence', otherwise almost anything which could *potentially* have been part of a crime would be sacrosanct. Find a bunch of broken glass in your sidewalk after a hard rain, and sweep it up? Well, it might have been part of a murder! Sure, you don't have any particular reason to believe so since the rain washed away *most* of the blood, but it's still there, so when you cleaned up the glass you were cleaning up a crime scene!

              In short, and adjunct to my point above, it's not a private citizen's responsibility to positively vet any action as not being part of a crime. It's been pointed out that you can't get away with hauling a brown paper package for someone - well, this is and isn't true. If you're driving a box across the country for someone, you're (at least in the US) not going to be hauled off to jail for it. But if some guy in a trenchcoat (they all wear those, right?) offers you $4,000 in small, unmarked bills to stick a manila envelope under your shirt and walk through customs, you *do* have a reasonable basis to believe that he just might not be on the up-and-up.

              Basically, you can't do stuff that you know damn well is specifically and only going to be used for crime. If this guy had run a server for Vladimir from Ukraine who wanted to host files for his modelling agency and would pay you ten times the going rate, you might be expected to go, "hmmm....". But if you offer a public service to all and sundry, the overwhelming majority of which are almost certainly not criminals, it's unreasonable to expect you to somehow divine who's doing what - and it's also unreasonable to ban private communications because of the potential for abuse.

            2. Matt Bryant Silver badge
              Facepalm

              Re: No good deed...

              ".....He has no legal obligation to....." Nothing to do with legal obligations, more to do with basic common sense.

  9. Anonymous Coward
    Anonymous Coward

    Change of plan

    I rent a couple of VPS servers in the US which host a noddy application of my own, and was thinking of 'donating' some of the unused bandwidth to Tor by running a couple of relays or even exit nodes. I think I may now scrap that idea!

    1. Old Handle

      Re: Change of plan

      I think a relay is still pretty safe, assuming that unlike David Hicks, it's the legal risk and not damnation that you're worried about. There have been one or two cases like this one where exit node operators wound up (temporarily) in legal trouble, but I've never heard of a relay operator getting in trouble and it's difficult to imagine a situation where they would, unless Tor itself were illegal where you live.

      If you run an exit node, it looks, at least initially, like any traffic "exiting" there is coming from you. With a relay node there should be no such confusion.

  10. Shane8
    WTF?

    TOR:

    What is Tor?

    Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

    1. Anonymous Coward
      Anonymous Coward

      Re: TOR:

      no it isn't

      Tor is a patented United States Navy product which still receives State Department funding.

      establishing pseudonymity (near anonymity) is difficult and realistically requires hard cryptographic tools and sophistication. TOR is a fairly easy to use software that unfortunately SHOUTS I AM USING TOR to all and sundry. 'Bad states' can and do investigate and experiment to watch for ‘Tor headers’ and other unique signatures, MTU packet size etc; which are ‘bug doors’ designed in Tor for ‘work factor reduction’ purposes.

      https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix

      Using Tor, caution is required, as Tor or Cloud Tor is likely to be under extreme surveillance by intelligence agencies and might not provide even pseudonymity if used in, say, Bahrain or Saudi Arabia

  11. Anonymous Coward
    Anonymous Coward

    Reminds me of a few years back..

    Long time ago I worked for a guy building a small ISP startup (back when such a thing was a realistic proposition).

    By small I mean all we had his building cabled and some nearby businesses via Wifi - but we had some big ideas. We also had an ISDN modem bank supposedly for remote access (56K yay) but it mostly for show.

    After not seeing much expansion for a few months I decided to sniff one of the boss's personal servers (hey sue me). Turns out the real business was running a subscription warez service, and being an "ISP" gave him the perfect legal coverage.

    1. Tom 38

      Re: Reminds me of a few years back..

      A subscription warez service? I doubt it. One of the points of warez is that it is software that you are not prepared to pay money for, and so I doubt how successful such an enterprise would be.

      Plus, if this was the golden age as you describe it, warez was everywhere - kickme.to/fosi - no-one was paying for it, let alone a subscription.

      You sure this guy didn't just have a personal FTP server hooked up to his shiny network connection? 'Back in the day' the number of dodgy FTP sites covertly run by sysadmins on commercial networks was obscene.

      1. Dr. Mouse

        Re: Reminds me of a few years back..

        "A subscription warez service? I doubt it. One of the points of warez is that it is software that you are not prepared to pay money for, and so I doubt how successful such an enterprise would be."

        Actually, I remember lots of subscription warez services from that era. You tended to get faster connections, larger collections of software, quicker access to newer releases and a single place to look. The subscriptions were small, and if you were after high value software (e.g. professional stuff costing thousands) it was well worth it. Plus, you got less malware in the subscription services.

  12. Anonymous Coward
    Anonymous Coward

    I hope he gets a good precedence set so that people offering exit nodes are not liable for the actions of the users.

    What difference is there between him and a company offering VPN's that don't keep logs?

    Unless the judge is and the jury are ignorant there is no way he should be convicted of any crime

    1. Yet Another Anonymous coward Silver badge

      judge and jury ?

      That's the nice thing about these cases - even if it never goes to trial you can bankrupt the person with legal bills, they lose their business because you impounded everything electronic they own for 3years, and then after it's all dropped they are still on your system as a "suspected whatever" so get refused any sort of job that needs a police check.

      Actually bothering to have a trial and a conviction is almost unnecessary

      1. Anonymous Coward
        Anonymous Coward

        Re: judge and jury ?

        then after it's all dropped they are still on your system as a "suspected whatever" so get refused any sort of job that needs a police check.

        That area of the law needs an overhaul, if you have a criminal record for not wearing a seat belt for example, you shouldn't be turned down for any job that does NOT involve a vehicle.

  13. Peladon

    ""I'm not unsympathetic to the fact that Tor gives a voice to oppressed groups and so on, but misuse is inevitable," Harley concluded."

    "So how do we know he's really the saint he claims to be?

    Looking a the photos and reading about his various co-located servers, he seems to have put a lot of kit into this .. Excuse me if I don't entirely believe this Good Samaritan story."

    Guns can be misused. My opinions on such matters not being germane to the point, in those jurisdictions where gun ownership is legal, their potential for abuse is not held to the supplier's accountability.

    Vehicles can be misused. If I see three cars parked in your driveway, how do I know you're not using them for improper purposes, you potential bank-robber, you?

    The Internet can be (and is) abused and misused for various purposes. So should we close down all the ISPs, raid every server farm? I'm willing to bet such raids would find improper material in just6 about every one of them.

    Yes, the comparisons are extreme. Yes, some people would potentially approve of a Code Napoleon (guilty until proven innocent). Apart from the big companies, of course. Obviously it wouldn't be fair to hold _them_ accountable to the same standards, right?

    For the benefit of those who may choose to see it otherwise - the previous two sentences were in fact irony. Or sarcasm. Or artichokes. Or something.

    Mr Harley is , of course, entitled to express his view. I would, however, question the value of poiting out that (insert random thing here) has the potential to be abused. And equally AC is entitled to his (or her) doubts as to Herr Weber's Samariten-ness or otherwise. But the extension of such logic would seem to place us all in the same dock.

    Or, rather, it would to me. And I am, I believe, entitled to _my_ view also.

  14. Prawn

    Who keeps a mobile and cash in a safety deposit box - just in case ??

    Does he think he is Jason Bourne ?

    1. Anonymous Coward
      FAIL

      Indeed

      "why does he not entrust all his money to the banksters ?"

      1. Anonymous Coward
        Anonymous Coward

        Re: Indeed

        @Frank - If he's got his money in a safety deposit box, he almost certainly is trusting it to bankers.

        Anyway, as someone who has worked in UK FI for a while, I had annual training on money laundering, keeping large wads of cash in a safety deposit box is, while not damming, a highly suspicious behavior that would warrant further investigation under anti-money laundering regulations.

        1. Anonymous Coward
          Anonymous Coward

          Re: Indeed

          Oh dear, I had no idea. I also have wads of cash and mobiles stashed away here and there. I pay for everything by cash wherever possible mostly because I'm utterly paranoid about those who decide to store my card details ad infinitum on their chaotic malware ridden servers. (Or *shudder* in teh cloud.)

    2. karlp
      Pirate

      I don't find it unreasonable at all.

      Some cheap insurance if you ask me.

      Any person with a vague understanding of how the modern world works probably has one reason or another to have some sort of plan b.

      I can't tell you the last time I used cash for a purchase, much less a major one, but yet I still keep a reasonable amount of Cash handy in the event that I were to ever need it.

      In this day and age, when even having the same name as someone else who happened to do a bad thing can be enough to have accounts frozen and services suspended (by error of course, but inconvenient at the very least), I think it might actually be a good idea.

      Certainly a much better investment than any number of other dubious "insurance" policies one might be offered in the course of life.

      Upon reflection, I may even add a pre-paid to the insurance pile.

      As my dad always says "Either be prepared, or hang around someone who is" (:

    3. Anonymous Coward
      Anonymous Coward

      Tax Law

      Is not the same throughout Europe. Austria has some arcane dodges that let you keep stuff in a safety deposit box with a nominal value to avoid death duties. Families do this as a matter of course, my inheritance included something similar.

      1. O RLY
        Headmaster

        Re: Tax Law

        They are "safe deposit boxes".

  15. Anonymous Coward
    Stop

    Control Freaks Meme #1: "Child Porn"

    If you really believe these lies by the government you are a sorry idiot. Western governments hate TOR for the same reason Mr Ahmadinejad hates it: Loss Of Information Control.

    Using TOR, people can criticize the Rich&Powerful without the cost of "being investigated by intelligence and their stooges". These "investigations" do not usually include physical violence, but certainly threats of such including the use of dogs are basically "OK" in Pax Americana Land (from Tokio to Warsaw). This not being theory but practice. If you try rock the mental boat of the western world, many, many people will be royally pissed off. When they want war and have all their media outlets singing the tune of war and you are against this over your private DSL line, you bet strange things will happen.

    The media whores are part of this scam and if you really believe in "free press" you are an equally sorry idiot. Established media is in collusion with every crime the rich&powerful concoct. Currently they want war with Iran and every third media message will directly or indirectly condition you for that "inevitable" war.

    Let them try to shut down TOR: soon we will have much stronger systems without central points of weakness such as directory servers or exit nodes.

    1. Anonymous Coward
      WTF?

      Re: Control Freaks Meme #1: "Child Porn"

      Yeah, because right now, nobody in the media opposes the idea of war with Iran, anyone who criticizes the US government is investigated and threatened, and the 'rich and powerful' are, en masse, colluding with everyone whose voice reaches more than a few thousand people.

      When was the last time you heard of someone in Europe or the US arrested or threatened for running a blog critical of their government?

      Or does the media just cover it all up?

      Sorry to break this to you, but at least in the US, the government is way to busy being at *its own* throat to worry about 'crushing opposition'. Hell, the media have been rabidly anti-government in many ways recently - and have been regularly accused by both sides of colluding with the other.

      And yet organizations like Move On, Occupy, etc etc, continue to exist unfettered. Or are they mouthpieces of the 'government' too?

      Honestly, I'm not seeing ANY media outlet singing the tune of war. Most people hate the idea. In Europe, there's not even an instinctive support for Israel that might be used to justify it.

      How is it that news organizations like Fox and MSNBC disagree with eachother so much, yet neither have been put out of business by threats of physical violence and 'dogs' (whatever that means)? Which wealthy bastards are they beholden to when they're at odds with one another over most policies?

      Are El Reg part of this group of 'media whores' which are in on it with "the government" - notwithstanding that "the government" apparently applies to every Western nation, most of whose governments have profound disagreements.

      The EU can't even agree on central banking policy, and yet you accuse them of running a massive conspiracy along with big business and the US to foment media support (which doesn't exist) for a war in Iran (that nobody is talking about)?

      Seriously?

  16. Christian Berger

    This is why the CCC offers a Tor service

    The Chaos Computer Club runs multiple Tor exit nodes, financed by donations. They have the resources to fend of legal threats. It is probably the more sane way of supporting the Tor network.

    http://www.ccc.de/anonymizer/

  17. Anonymous Coward
    Flame

    One More Anti-TOR Message: "Perfidious Botnets !!!!"

    http://www.computerworld.com.au/article/444088/tor_network_used_command_skynet_botnet/

  18. Anonymous Coward
    Anonymous Coward

    If he's guilty...

    ...I hope they hang his arse.

    1. Anonymous Coward
      Flame

      If you are deep government

      ..I hope they will get you in crackistan, Iran or wherever the MIC currently wages a War For Profit.

      Thanks for the PSYOP work this evening.

  19. Danny Bowman

    A point worth noting is that he is being investigated, he is not being punished. At least, not yet.

    If the police decided not to investigate any child pornography found where the person was running a Tor exit node, how long would it take before all the child pornographers decided to start running Tor exit nodes? Until the investigate, they don't know if the person was doing it themselves or it was done through the exit node.

    And taking away the guns? I'd rather hope that's standard procedure when someone is being investigated for a crime, much like taking their passport away.

    1. Dr. Mouse

      "A point worth noting is that he is being investigated, he is not being punished. At least, not yet."

      This depends on your definition of punishment.

      If the cops came to your house, took away all your computers, mobile phones etc, some of which may be part of your business, this could easily be thought of as a punishment.

      For example, for myself, it would have a big impact on my life. I only use my mobile phone, so I would loose contact with a lot of people. My computers contain a large amount of my personal data, projects, photos, and many other things. There would be a huge inconvenience, and at this point I would already consider it a punishment.

      Then there's my work's laptop. Although all my data is backed up at work, there would be a lot of work to set me up a new workstation. There is also the damage to reputation: In this case, I would likely have to explain to my bosses why the laptop had been seized. if it is on suspicion of child porn, imagine what my bosses would think! Do you really think there would be no impact? I could easily see being suspended from work, and irreparable damage being done to my reputation, even if cleared later.

      If you run a computer based business, it would be even worse. Even a few months of investigation could bankrupt a small business. The destruction of a business that someone has worked hard to build, ploughed large amounts of money and time into, is definitely a punishment.

      I'm sorry, but I do think that even this "investigation" step is punishment. It may be necessary, but it's still punishment.

      1. Yet Another Anonymous coward Silver badge

        This is a common tactic against legitimate porn sites in the USA

        The operators are required to keep records showing the models are over 18 - the police have a right to "inspect" those records

        This is often interpreted as a right to seize anything that may contain a record = every computer, every disk drive, every digital camera, every video editing console - and take them away for a few months "to be inspected"

      2. david wilson

        >>"I'm sorry, but I do think that even this "investigation" step is punishment. It may be necessary, but it's still punishment."

        If you're saying that it's [potentially] necessary to avoid people doing what Danny Bowman suggested some people might be tempted to do, whose 'fault' is the punishment?

        Some kind of mix of his, some of the TOR users and the authorities?

  20. corestore

    Goddess help them...

    ...if they ever come for me.

    They'll need at least two 40-foot containers, and a forklift... I've just moved the Corestore collection from New York to New Zealand, and the total weight was something in the region of 35 tons... most of it IBM mainframes!

    And they won't get diddly squat without a rubber hose; nothing much less will get them anywhere with Truecrypt, let alone RACF!

  21. nrta

    criminalization of technology

    https://www.youtube.com/watch?v=qJYlmEZ399I

    I wonder how many sysadmins here know precisely what data is being transmitted over their networks.

    If this man is convicted on the basis of traffic that passed through his exit node, then the TOR protocol is in effect being outlawed in Austria, and possibly the rest of the EU.

    Where does the culpability stop? Are you confident that all that encrypted traffic passing through your firewall is squeaky clean? Do you keep meticulous records and logs to prove that you are only providing a communications network and not aiding child pornographers and terrorists? Is your audit trail good enough to convince a technically illiterate judge and jury that you are not a nonce?

    The implication of a guilty verdict in this case would be that anyone operating a computer network should inspect all traffic to determine that it complies with the laws of the country they reside in.

    Child abuse is a social problem that has always existed, it tends to run in families as the victims turn into abusers themselves. Since the invention of the camera pedophiles have been able to record their crimes and seem to have a compulsion to share the pictures. This could be achieved by any number of means, criminalizing encrypted anonymous communication will not remove the compulsion.

    Prosecutions like this are pushing the use of anonymous encrypted communication into a legal grey area, with a presumption of guilt, effectively branding anyone providing it a paedo/thief/terrorist. Will making TOR unavailable stop child abuse happening? I think not.

  22. Mad Mike

    What's he done

    Surely, a network such as TOR is effectively performing the same function as an ISP? It's simply providing an infrastructure layer over which people send traffic? An ISP isn't held liable for what goes over its network. So, why should anything to do with TOR? They don't know what's in the traffic in the same way as an ISP doesn't. So, why can't people running these dark nets have the same protections? Obviously, should they become aware of something dodgy happening, they should deal with it in much the same way an ISP would.

    Seems to be a matter of ensuring the authorities have control over anyone they want. ISPs are basically under control, but TOR admins etc. are not. So, whilst logically they're doing the same thing (simply providing bandwidth), the TOR admins have to go as they're not under control. Nothing to do with the law or natural justice. Simply ensuring you are powerful and control the world.

    1. david wilson

      Re: What's he done

      >>"An ISP isn't held liable for what goes over its network. So, why should anything to do with TOR?"

      It's a tricky issue.

      It *might* be considered less likely that an ISP would be a cover for an individual's own illegal activity.

      An ISP might be more able to help in an ongoing way with an enquiry by allowing future monitoring, or to provide historic data (who was using what IP address at what time) which allowed an investigation to progress.

      The second of those things somewhat reinforces the first - the fact that what went where should be traceable is likely to make people working at the ISP fairly unlikely to try doing anything dodgy due to the likelihood of detection.

      In the case of someone running an exit node, if they are unable to be of any real help and are thought to be more likely than an ISP to be responsible for some of the offending traffic, it's easy to see why they may be seen differently.

      Being honestly unable to help the police shouldn't itself be a crime, nor should simply putting oneself in a position where one is honestly unable to help, but deliberately putting oneself in that position (especially in a situation where it is difficult for anyone else to tell whether dodgy traffic was someone else's or not without significant investigation) is going to make it more likely that one becomes collateral damage in an investigation, and that's something that people choosing to assist others access the internet untraceably should understand.

      I understand that if I leave a wifi router open, I'm opening myself to at least having my machines looked at if someone does do something dodgy with my net connection.

      However innocent someone might know they are, if their hospitality has been abused in order to help someone commit a crime, they can't expect that there won't be any kind of investigation, or that it won't be inconvenient for them.

      In the case of an ISP, being legally regulated, they have some kind of defence - if the law says they have to keep certain data for X months, it effectively also says that getting rid of it after X months is permissible - if they do provide what the law requires that they provide, there would be little justification for seizing machines unless there were unusual grounds for suspicion that they were doing something dodgy themselves and covering it up.

      1. Mad Mike

        Re: What's he done

        But TOR isn't adding anything to current, just making it simpler and easier. The traffic into TOR is just as visible as traffic without TOR, so no change there. Also, what's the difference between bouncing around various proxies in 'unfriendly' places and going through TOR. Yes, the ISP can tell you where the packets went and you can ask the proxy admin where they went, then the next etc.etc. However, once you meet a proxy in an unhelpful place, the trail stops. So, are we now going to investigate anyone who hosts a proxy for the same reason?

        Effectively the misdealings of a few are being used as reason for putting the entire population under surveillance. That's the start of a totalitarian state. Surveillance is always the start point. East Germany and the Stasi would have loved to have some of these laws!! Essentially, what is wrong with people have private conversations or communications?

        I guess the TOR network could be setup in such a way that each admin can keep records and reveal them to the authorities on demand (there are other ways of obscuring where the packets are going), but I suspect it wouldn't make any difference. They would still go after the admins as they can't be brought to heel and can appear and disappear as end point much easier and quicker than ISPs do. This smacks totally of control rather than anything else.

        1. david wilson

          Re: What's he done

          >>"Effectively the misdealings of a few are being used as reason for putting the entire population under surveillance. That's the start of a totalitarian state. Surveillance is always the start point. East Germany and the Stasi would have loved to have some of these laws!! Essentially, what is wrong with people have private conversations or communications?"

          What is against the law about people having private conversations?

          In times past, operators listened in to phone calls, letters could be opened, and people could be followed to see who they met, but that was by no means an inevitable slippery slope leading to totalitarianism.

          I'm sure the Stasi would have absolutely loved people being able to encrypt emails, or untraceably hide messages in other files, or each be able to be their own mini-broadcaster with blogs, etc where messages could also be hidden, or instantly duplicate large mounts of information.

          People these days have access to unsnoopable communication that people in the past could only have dreamed of.

          Hell, some paranoid person worried about the route of a communication being traced could easily post a memory card with vast amounts of encrypted and obscured data to a trusted friend of their target recipient, knowing that it is useless if intercepted, and that recipient has full plausible deniability.

    2. david wilson

      Re: What's he done

      >>"Seems to be a matter of ensuring the authorities have control over anyone they want. ISPs are basically under control, but TOR admins etc. are not. So, whilst logically they're doing the same thing (simply providing bandwidth), the TOR admins have to go as they're not under control. Nothing to do with the law or natural justice. Simply ensuring you are powerful and control the world."

      But they're not 'simply providing bandwidth' - they are quite intentionally providing anonymity, which ISPs are not doing.

      In fact, they're not even 'providing bandwidth' - in reality they are consuming it by bouncing the same data around in ways which are entirely unnecessary for simple communication, but useful for anonymity.

      They are not logically doing the same thing as ISPs, as is fairly obvious from the fact that everyone using them has an ISP and is using TOR as an addition.

      1. Mad Mike

        Re: What's he done

        They are part of a communications path, whether physical infrastructure or logical functionality. Sort of like the various layers of the networking stack. On the basis of your argument, the inventors of SSL should be arrested and thrown in jail for making the packets unreadable!! Perhaps that is a better analogy. What the difference between SSL and TOR. Even if you can tell where the packet went, that doesn't help much unless you know the content. Or, are you going to investigate anyone who once sent or received a network packet from a known paedophile?

        1. david wilson

          Re: What's he done

          >>"On the basis of your argument, the inventors of SSL should be arrested and thrown in jail for making the packets unreadable!! "

          Please don't misrepresent me.

          I'm not remotely trying to argue anyone should be thrown in jail for developing encryption, or for running a proxy server, or a TOR exit point, or for opening up their Wifi to strangers.

          I am pointing out that if someone is doing something which could ultimately result in detectable illegal traffic passing across communications links they are responsible for, they can expect one or other authority to be interested if such traffic actually occurs even in the absence of any Great Conspiracy to stamp out TOR.

          In the case of ISPs, there will be a fairly consistent positive history of past co-operation of ISPs with legal enquiries, a legal framework regarding what an ISP has to provide in terms of information, and also a 'negative history' of enquiries pretty overwhelmingly turning out to be down to a customer doing something dodgy, not the ISP.

          But face PC Plod with J Random Citizen with a net connection which illegal content has travelled over, and it's highly predictable that they will seize obvious hardware until they can satisfy themselves that the traffic *wasn't* that of the individual himself.

          It's certainly a pain in the arse for the individual, but hardly an entirely unpredictable one.

          Now if there was some way of making decent money out of running an exit node, and one was being run by a multi-employee company which had detailed records of all its internal traffic such that they could identify what went to internal machines and what disappeared into TOR, they might find it easier dealing with an enquiry since the police might trust rather more that they would be being given accurate information, and that people in the company would tend to keep an eye on each other and make sure no-one was abusing the system.

          Even something run professionally but for free by volunteers might be in a reasonable position, especially if they have prior legal advice and representation on tap.

          Being a one-man-band doing stuff for free seems likely to put someone in a meaningfully worse position even if doing the precise same thing, since the only people who can check on you are the boys in blue.

This topic is closed for new posts.

Other stories you might like