Part of the reason I sadly stopped running any exit nodes was law enforcement harassment.

I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.

The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.

The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.

Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).

The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.

Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.

I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.

Is something like this unexpected? I personally never ever thought so (which is the reason why I never ever even considered running a TOR exit node).

As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

> I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

On one hand I admit that that might be the case, on the other hand even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).

In my opinion it's obvious that the current situation of solutions is in general bad: too much pressure on services that provide privacy because it's too easy for crime to misuse them :o(

> As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

During The Troubles bombs were sent via the Royal Mail. Nobody blamed the post office. Indeed any infrastructure is a tool of terrorism as we rely on it (I am not going to make a list for obvious reasons). I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk. The question is whether or not the same applies to free speech - you're right there is no win-win solution, but it still might be worth it.

However if you start "Peters no questions asked hand delivery service, shipping direct from Ireland to London so reliably you can set a timer by it" - and you deliver 3 bombs to politicians you might find yourself being asked a few questions.

At the time that's exactly what the Royal Mail was. Requiring identification to send packages is a much more recent development. Society just accepted that bad actors could do this and solved the root problem instead.

> Society just accepted that bad actors could do this and solved the root problem instead.

You ... do not read much about history, I guess from this.

There are quite a bit of differences here. The mail services transport physical goods, and the whole path can be tracked. Every letter or parcel is registered by the postal office where it was submitted to for transport. And usually there is quite some physical evidence with everything you do mail.

The poster wasn’t blamed, he was investigated, just like the post office was. Police didn’t just throw up their hands and walk away.

Well, many (if not most) exit nodes are ran by three-letter agencies, so at least there is some infrastructure in place.

> depending on which side of the Israel/Palestine conflict you are on

Here's the thing: I am not on either side of that conflict, or likely any other conflict you could use as an example. There are atrocities committed by both sides. There are victims on both sides. You could argue over who committed the worse atrocities or over who is the biggest victim until your face turns blue, it isn't going to end the cycle of violence as long as there are people facilitating that violence.

And no, I am not naive. I know there are people out there who care nothing about causes beyond their own self interest and who care nothing about their victims. I realize that these people are impossible to combat without the innocent coming in harms way. Yet the moment we fail to be ashamed of the harm we cause in the name of the cause, the moment we fail to acknowledge who is being harmed in the name of the cause, is the moment we become no better than them.

Here's a better example then. Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?

Lots of horrible dictators have used rhetoric like yours to rationalize/facilitate their actions.

The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.

You have to pick a stance and live with the harm that comes out of it (yes, whichever stance you pick, will cause harm).

> Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?

Realistically, I am unlikely to help since I am unlikely to understand the circumstances and I am especially unlikely to understand who I am aiding. Revolutionaries often look noble (or try to look noble) until they are in power and show their true colours.

Operating an exit node is something that I would be unwilling to do since it goes beyond possibly facilitating those who would want to do harm, it is pretty much a guarantee of facilitating those who would do harm.

> The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.

While I agree that there is no absolute objective moral compass, we each have a moral compass. We have to live by them. Will other people exploit those morals to their advantage. Undoubtedly. That doesn't mean we ignore those morals. Personally, I draw the line at facilitating violence.

Oh just because you are not affected yet, you might be in the future, most probably if no one is there to help against people with obscene power and they start to easily win

> Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

Stepping back though neither side in that conflict needs Tor. They both have numerous supporters in other countries where that support is legal. They can send and receive information through trusted outside supporters including some outside governments. They just need secure communication channels to a few representatives among those supporters rather than something is general as Tor.

> In the end, this really comes down to whether you value freedom or state protection more

If we're talking about the decision to actually run an exit node, I disagree with this breakdown of the ethics. I can value freedom more than state protection in the abstract while at the same time not feeling that helping support freedom in Russia and China and Iran is worth the cost of simultaneously helping to shield perpetrators of violence closer to home.

In most people's ethical frameworks choosing not to run a Tor node does not make me culpable for the actions of a state suppressing its people, but choosing to run one does make me at least somewhat complicit in shielding the perp of a bomb threat.

how is this different from running a postal service? would you be against that?

The USPS has an embedded law enforcement agency [0] whose full time job is to track down people who are using the postal service to commit crimes. Tor is very specifically designed to make an equivalent impossible.

[0] https://en.m.wikipedia.org/wiki/United_States_Postal_Inspect...

There's enough truly bad actors out there, not everything is shades of gray. Cartels, North Korea, ISIS, etc.

‘Truly bad’ still relies on the perspective of the participant though. Parents point is that ‘bad’ is a matter of perspective, and that right or wrong, at lease some cartel/nk/isis operatives believe their actions are justified for some greater good, Palestine/Israel opinions and belief are obviously a more easy to understand perspective, but the point still stands.

NK operatives feel incredibly lucky they get to not starve. Unless they got to where they are at due to nepotism.

You don't know that, you've never been there or probably spoken to a north korean. Not saying you're wrong (i can admit i have no idea), but i'm annoyed you're swallowing narratives from warlords who have been known to lie to start wars as if it's assumed default true

I have no idea about nk politics, but if the media continually pumps out ‘the west is the reason we’re starving, join the military today!’ then they might feel lucky to both be fed, and to be serving their country.

Hitler thought he is a good guy. Stalin thought he is good guy. Everyone thinks he is a good guy from the own perspective.

Really? Some cartel operatives believe their actions are justified for some greater good? Well unless you count filling your own pockets a "greater good" then they are objectively extremely deranged and delusional which possibly makes them even more dangerous.

> relies on the perspective of the participant though > Parents point is that ‘bad’ is a matter of perspective, and that right or wrong,

Not really, though. Some things are just 'bad' (you or the perpetrator might not agree but that doesen't change that fact).

Nothing is inherently right or wrong, see moral nihilism. At any rate, cartel operatives may have other intentions than just simply fill their own pockets. Maybe they are selling medical marijuana to people in need because they would love to help people, and get money doing that, how about this?

Are we the baddies?

https://www.youtube.com/watch?v=ToKcmnrE5oY

You have to ask yourself if the good is worth the harm.

But the math on that looks like this.

The "really bad" people have no conscience. No qualms about compromising the device of some innocent victim and then using that as their "exit node" if Tor wasn't available. So if Tor doesn't exist, that's what they do, and that's worse. Because not only do the bad guys still get to be anonymous, now the owner of the compromised system takes the blame. Which is more likely to be someone less able than you to articulate what happened, and who has to claim they were hacked with perhaps scant evidence rather than being able to point to their IP address on the public list of Tor exit nodes. They also might not be in a country with due process. So what you're doing there isn't helping the bad guys, it's saving some of their innocent victims from being unjustly punished.

Meanwhile the "good guys" who use Tor do have a conscience, so they wouldn't do that to an innocent third party, and then without Tor they have nothing. So you'd be helping them too.

We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Come on, Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false. You’re mostly enabling all sorts of criminal activities, from benign to major. Hosting a tor exit nod doesn’t make you a hero, quite the opposite actually.

> We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Locks aren't for the really bad people, who are in fact going to break down the door. They prevent crimes of convenience.

But Tor is the lock, and the crimes of convenience would be e.g. mass surveillance of the population, in the event that ordinary people don't have it. So it's not clear what you're arguing here. That everyone should use Tor?

> Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false.

Start here:

https://news.ycombinator.com/item?id=41507790

Add to this, the illegal stuff isn't accessed via exit nodes, which link into the ordinary internet. Those things use hidden services, which are internal to the network and don't use exit nodes.

But let's even explore the premise. Suppose a lot of the traffic is people trading in illegal materials. Well, that's not really a big problem; people do that stuff via several other existing channels and the societal cost of each instance of someone buying pot over the internet isn't very high. Whereas the societal benefit of one single whistleblower is massive. These things can change the lives of millions of people. So even if it's 99% contraband, the remaining 1% is ten million times as valuable.

It's true that keys are mostly there to deal with minor bad actors and don't do much against determined adversaries. They are however not much of an obstacle to authorized persons which is why we use them.

You also may notice that in most civilized countries we do stop at somewhat weak keys and glass windows and don't bother with fortifying each house to withstand a full on assault from a criminal organization. That's because this will have a very high cost and we are better off dealing with criminals in other ways so this lack of protection is not a real concern.

I would use that argument if I were an oppressive government that was troubled by journalists using Tor to expose me. It's only 1% right? Think of the children.

Quoth Fidel Castro: ¿Armas para qué? (What do you need guns for?)

Guess what he did after he took the people's guns

If your weapon against oppression is 99% enabling child pornography to thrive, I fail to see what overall good you are making. How many lives ruined for how many articles read?

You try to paint me as a "purist" that would allow the world to fall into the worst abusive governments just to save 1 child, but if you look at it honestly, you are at least as purist as me, because you would enable arbitrary amount of crimes just to save 1 journalist.

Assuming my 99% is accurate, the numbers are really not in your favor, plus journalists are grown adults that make their own choices, while children don’t chose to risk being abused, filmed and exposed online.

Even if we assume 99% of Tor is CP, that doesn't mean blocking Tor will remove 99% of CP. In fact, it probably will have no impact, as criminals will just use other methods, as they are well funded unlike oppressed journalists.

Surely there are also other ways for whistleblowers/journalists to communicate secrets. And why do you assume the random child porn creator/enjoyer is well funded? This kind of crime is more about availability and lack of consequences than money. Tor makes it invisible as no one will ever admit to it, but it's still easily available to anyone, with no consequences. Why are you so convinced that going after it is necessarily useless, necessarily harmful and necessarily wrong? I can't help but feel that it's a principled position, and that no amount of harm done would justify making it law-enforceable to you. How much lawlessness should we accept in exchange for how much whistleblowing? Any amount vs the slightest act doesn't sound like a good balance to me.

> Even if we assume 99% of Tor is CP, that doesn't mean blocking Tor will remove 99% of CP.

Yeah, sure. But now you're talking statistics, which is rather irrelevant in a discussion on principles.

> In the end, this really comes down to whether you value freedom or state protection more...

This is again a forced binary "and/or"-decision, without anything inbetween.

It doesn't have to be like that - both can coexist, if both terms are not extreme.

(disclosure: my post is not related in any way to Israel nor Palestine and I'm personally not linked in/directly to anything related to Israel nor Palestine and this post is not related to the current conflict)

> Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

The problem is when you choose to involve yourself in nation-state conflicts they’re just not going to care about your protestations of neutrality and freedom. They’re just going to see you aiding their enemy.

>In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

I want to argue for freedom, on the grounds that most people know whats best for themselves better than others, so on balance there should be more people using that freedom for good, but then most people are busy, and not as motivated or knowledgable of how to use that freedom as the malicious actors are.. so is that even freedom in the end?

I don't think that dicotomy is quite right. bad actors can take away my freedoms (for example if they steal my bank account I'm no longer financially free as I'd have no money)

I don't know the correct balance. maybe it's just an impossible problem. I just don't think the two sides are freedom vs state protection.

> even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

Decentralization is not an excuse for negligence. Anyone working in cybercrimes should be aware that Tor exists and of what it is. The list of exit nodes is public. Harassing the operators can only be one of malice or incompetence and neither alternative is excusable.

And it doesn't need to be a "really bad actor". I have been spammed by someone for years who clearly used a script to target an online service of mine. Always connecting from TOR, so banning an IP or a range wouldn't block that person.

This shows how easily TOR can be abused, even for small misdeeds.

Agreed.. this " I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution," could be dependant on what you personally see as bad actor.

Would being gay count? In some countries it's a death sentence, so using TOR is how they avoid being thrown off a roof or stoned. Talking about anything LGB is a crime.

What about someone who wants to read 1984.. Would you be okay with them committing that crime?

> I hate the current general trend pushing a position of an either absolute "yes/no" for any theme...

The people who do live in those countries could, however, be using an exit node in Germany. It isn't the exit node operator who chooses who uses it.

"I won't help building roads because criminals might drive on them"

Law enforcement are blaming the road builders, that's what's wrong with the picture.

Agreed, except, what is especially European about this?

The idealism and rose-tinted/"self righteous" view of the world.

"Wir schaffen das"

I'm not sure what you mean with this "Wir schaffen das" reference. By attempting to be host refugees, one is committing the fault of being self-righteous?

Think of it as a kind of "Hero Syndrome"

Idealism around privacy and liberty are quite important, otherwise you end up with a worse country and there is a reason for laws to usually grant people these rights.

The law failed here and it is a typical problem for Germany, that historically and still today has problems with liberties in general.

FUD doesn't mean we should do away with liberty. To say otherwise is naive idealism that requires infallible human actors in security related agencies. That is impossible.

I’m surprised DO allows Tor exit nodes. No wonder their IP reputation is trash the time I tried to set up my mail server there.

https://docs.digitalocean.com/products/droplets/details/poli...:

> We do not specifically disallow Tor exit nodes, but as the account holder, you are responsible for all the traffic going through your Droplet (including traffic that an exit node may generate), and we do prohibit some of the traffic types that may go through a typical Tor exit node.

> If you are unable to stop prohibited traffic like torrents, spam, SSH probes, botnets, and DDoS attacks, running a Tor exit node may lead to us suspending or terminating your account. We send you an email in the event of a violation of our Terms of Service, and you must address these issues as soon as possible.

Running Tor exit node without abuse? How is that possible? Since they didn’t shut you down after three abuses serious enough to get law enforcement involved, I guess they don’t really give a shit about abuse after all.

Restrictive exit policies

I actually think that Tor should deemphasize exit nodes and trying to provide access to the clearnet, in favor of better hidden services.

Nearly every major site ends up either totally blocking anything that comes from a Tor relay, or applying massive numbers of weird CAPTCHAs and restrictions, so it's getting to be basically unusable anyway.

The new Cloudflare captcha has changed this and it's a lot better now. There's no more Recaptcha hell. I read the Ben Collier book about Tor recently and in his interviews he found that some Tor contributors actually feel the opposite, because they feel the negative attention that the "dark web" mythology brought on has been bad for Tor. According to the book the archetypal Tor user is someone in a censorship heavy country like Iran visiting facebook.com or nytimes.com, so they don't get much out of hidden services.

I don't even use Tor (this is literally stock Safari) and Cloudflare will not let me through as of last week or so.

> I actually think that Tor should deemphasize exit nodes and trying to provide access to the clearnet, in favor of better hidden services.

Isn't that I2P[1]?

[1]: https://en.wikipedia.org/wiki/I2P

There really is a fundamental difference between : secure end to end messages of willing participants. VS arbitrary anything-illegal from someone else's public ip.

This gets back to AnthonyMouse's argument (above) that

(1) TOR exit node operators are buffers to protect people from being hacked. A hacker would more easily use TOR than need the effort to runa scan for vulnerable routers, root one, and hop between various routers.

Which implies

(2) if TOR had no exit nodes and/or clearnet service blocked TOR ranges, hackers will just resort to hacking routers / other systems / botnets to make their own proxy. Now the block doesn't work, someone(s) got hacked, TOR is gone.

Basically TOR as a "containment" system. Seems to me that would be preferable for law enforcement, particularly because some state actors (https://www.infosecinstitute.com/resources/general-security/...) are putting great effort into unmasking TOR, making it a great honeypot. Ironic that Germany prosecuted a German exit node when they were the same ones investing heavily in unmasking it!

But flipping the script: bomb threats and Qatar conducting international espionage aren't silly things as far as the government is concerned, and if we intentionally interpose ourselves in the comms channel in a way that the attack trace stops at us, we should be expecting follow-up from a human being tasked with enforcing the law, right?

I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.

If you had visited any of my exit nodes via port 80 or 443, I had a lander on them stating that it was a Tor exit node and to please contact me if you wanted your IP to be blacklisted from it. I also stated that there was no useful information contained on this server (by design) that would be helpful for any evidence gathering or investigations. Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.

Additionally, Tor exit nodes are public and all they had to do was look into my IP more than 5 seconds after finding it in logs somewhere and firing off a warrant or subpoena for it. The first two were straight up vague templated fishing expeditions. The 3rd subpoena actually came straight from the DOJ and was a lot more detailed and serious.

They should know what Tor is and know that any Tor server contains ZERO info that would be able to assist them in whatever they are attempting to investigate.

Sure, I do think such situations require follow-up but as soon as they are informed it's a Tor ip, they should know to drop any pursuit of getting evidence from it. They do not, they continue to go after you via legal means. Even though I had the EFFs help, this entire process still took months.

It's pretty stressful to be in a situation where its lil ole me VS the entire United States government who has unlimited resources, time, and money to go after you.

I am extremely blessed to have had the EFF lawyers at my defense and will forever be a life long supporter and donor to them. They really do fight for our digital rights and can help defend you in a digital equivalent of a David versus Goliath situation.

There's a very productive spammer that sends out spam for their shops and, on their home page, they have a big info about how they didn't send that spam, and it's just somebody else trying to ruin their reputation.

If all you'd need to deter law enforcement is to put a website up on your server and say that you don't have anything to do with anything happening on that server and that they shouldn't bother because there's nothing to see anyhow, a lot more criminals would do that. I'm sure they'd even put an actual exit node on their machines if that protected them from law enforcement.

Maybe rather than a big info explaining that there's nothing to see, it could be a big info explaining that "source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.

It's like raiding the home of the mail carrier because someone got drugs in the mail. Sure, it could technically be that the mail carrier is also a drug dealer. But when it comes to the USPS, the identity of who delivered the contraband package is not a useful data point for investigating the crime, and acting otherwise is willful ignorance.

> "source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.

It doesn't have to be the actual origin for it to be useful—unless the software is specifically designed to avoid traces (i.e., Tor), there are often logs that will lead you to another IP address, which might lead you to another, which might eventually lead you to the source. It would be foolhardy for police investigating a bomb threat to not at least ask, given how many people they do in fact catch this way.

> It's like raiding the home of the mail carrier because someone got drugs in the mail.

No, in the case of OP it's like subpoenaing the local post office and asking for everything they know about where that package came from. Which is, incidentally, quite common, except that in the US the post office is a government entity that doesn't need to be subpoenaed because it has its own law enforcement agency that should have jurisdiction over the case.

Fair enough!

The end goal is probably to get you to do what you did, which is shut down the exit node. If they make it painful to run a Tor exit node, they make Tor harder to use.

Exactly. Which is not as obviously an unethical approach as some here would think—if you are standing between law enforcement and a bomb threat, "I'm intentionally ignorant of the activities of the people that I'm shielding" is a morally dubious place to stand. The law allows law enforcement to subpoena records related to an investigation like this, and I honestly think it's fair to force Tor exit node operators to handle those subpoenas every time, even if the answer is always the same.

To have some sort of automated process in place to deflect blame allows an exit node operator to ignore the real damage their work can do. They may still decide that the good that they're doing outweighs the bad, but forcing them to see the negative consequences of shielding anyone who wants a shield has value.

Is that the horseman we're giving up our rights for today?

Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?

I'm not suggesting people shouldn't be able to run a Tor exit node. I'm suggesting that people who run Tor exit nodes should occasionally have to a deal with a subpoena that says "your exit node was used by a criminal to hurt people in ${these ways} and we require any information you have to help apprehend the attacker."

I don't want to deprive anyone of the right to make a moral decision, but I do want them to feel the weight of the full import of that decision.

> Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?

Can you name a product or service for which this is not the case? Militaries use general purpose software to design weapons. Murderers use vehicles and transit systems. We don't expect the government to harass the makers of cutlery because they provided a product used in a mugging.

I think that any creator of any tool should be faced on a regular basis with the harm that that tool causes and have to make the call on a regular basis if it's still worth it.

So steel workers should get a subpoena they have no effective means to respond to on a regular basis because steel is used to make all manner of weapons and machinery that gets used by bad actors?

This is a bad faith comparison and I'm not going to engage with it.

I'm honestly not sure what distinction you're trying to draw between them. Clearly any ordinary product can be used for nefarious purposes.

The distinction some people try to draw is when a higher proportion of a product's users are nefarious, but that doesn't really work either because who uses something can change over time.

If you have a society where nobody has window blinds or locks on their doors because it's a rural area and there is no one around to invade your privacy then locks will be disproportionately used by neerdowells "with something to hide", and then busybodies will claim that anyone with nothing to hide shouldn't be concealing their private spaces and anyone selling or using any privacy technology should be pressured to stop. Which sustains the status quo through external pressure even if someone does start invading everyone's privacy.

And that's what's been happening on the internet. Surveillance is the default, Cloudflare et al block Tor users as a matter of course and that drives normal people from Tor and similar technologies even though they would otherwise benefit from its use. People are told that it's the dark web where there are criminals and they shouldn't use it -- it being Tor Browser, the thing that keeps ad networks from tracking them across the internet.

Then after dispersing the normal users who would otherwise benefit from using it, people say that it has a lot of nefarious users to justify the continued harassment of anyone who does. But that's just path dependence, and there are parties interested in leading us down the garden path to mass surveillance.

I believe you are right. I have heard OP's argument many times before, it is almost akin to the "you only need privacy if you have something to hide" and whatnot; same kind of mentality.

Everything could be used for nefarious purposes, and I do not think that is why we should "stop having nice things".

By their logic, we should get rid of encryption, too, completely.

You apparently read what you thought I was going to say and not what I actually wrote. This does not even begin to approach an accurate assessment of what I said or meant.

I'm saying that too many people in this forum are too comfortable completely ignoring the harm that Tor causes, and in order to make a good judgement call about whether to run an exit node the harms need to be surfaced. Full stop.

Everything else that you and others in this thread read into my comment is on you, not me.

Tor does not inherently cause harm, though. Similarly to how E2EE does not cause harm, nor do platforms (or programs) where you are allowed to exchange messages. Do you agree with the first statement or not? If not, what are the differences between Tor and IM software with E2EE?

> Tor does not inherently cause harm, though.

Case in point.

> If not, what are the differences between Tor and IM software with E2EE?

I would never run an IM software with e2e encryption either, for the same reason. I don't want to be paying to move data that is being used to hurt people, no matter how many people I'd be benefiting in the process.

If other people come to a different decision that's entirely reasonable as long as they're cognizant of the harms caused and not in denial.

Where do you draw the line?

> Clearly any ordinary product can be used for nefarious purposes.

Right, I could kill a person with a spoon. Still we regulate guns and not spoons, why is that?

> not sure what distinction you're trying to draw between them

Cost versus benefit. Steel has massive, obvious benefits. That makes its costs worth it. On the other hand, several toxic compounds have no known benefits and are tighty regulated.

You're trying to argue Tor's costs are worth its benefits. But that requires being clear-eyed about both. You can't build buildings and spaceships out of Tor. But neither can you fashion it into a gun. Unless you're arguing for solely action-based regulation, never access-based, which is its own idiotic can of worms.

Aside from this being a bad faith comparison - no way you actually believe that steel rods and bars can't be subject to EAR

You can't justify a bad policy with a different bad policy. Trying to control access to a fungible global commodity is pointless.

You've questioned existence of such "bad policy". I pointed out that there are such policies. I neither supported nor opposed them.

I won't be surprised if there were something in US criminal code with supreme court precedents that specifically dictate the government harass in timely manners the makers of cutlery used in a mugging. There _are_ always laws. _Everything_ is regulated. Most of those regulations are reasonable.

We, uh, absolutely expect the government to "harass" people operating transit systems for any and all information about a criminal using that system.

Camera feeds, ticket records... All of that is accessible via warrant. That's probably the most salient example in this context.

Tor exit nodes don't have any information to identify the end user. They don't know who it is, so there is nothing to subpoena or turn over. Subjecting low-resource entities to a known-futile legal process is a form of harassment.

Exactly: They intentionally built their transit system without cameras. Who benefits from that, except criminals? Oh yeah, sure: North Korean dissidents, Saudi LGBTQ people, etc, etc.

Yes, quite noble. But: How many of those are there using it, and how many criminals? It's mind-boggling how people so adamantly insist on seeing this only as black-and-white, and refuse to admit that there even exists something to weigh against each other.

It's not known-futile. A misconfigured Tor node could be storing all sorts of useful traffic data. Besides, there's also the possibility that the exit node operator themselves could be the actor; since the trail stops at them, they're under suspicion.

> there’s no individual moral accountability or responsibility

Of course there is. If I am deciding whether to dedicate resources, money and time to running a service which -

a) Helps dissidents in authoritarian regimes communicate freely

and

b) Enables bad actors to send threats and/or move CSAM around

Then that is absolutely a moral choice I need to make. It's not outside your control, you get to decide whether or not to provide the service.

> I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.

That's my experience too from actually having my house raided. I had two kids in bed at the time, and the police didn't even know to expect kids in the house (both kids were over 11 years old, had birth certificates, had lived in that house all their lives and attend local schools and are darn fine students).

They didn't know. It's mind boggling to me that they could get a raid warrant without having done even the most basic (below even basic) investigation.

My opinion of police investigative competence took a 99% hit as a result.

It's a lesson my kids won't forget either.

The raid no doubt was carried out by the police. They just what they are told to do by an organisation that is higher up. No one will get reasons. Maybe the chief of police. But only a limited amount so he can claim plausible deniability.

The dirty people behind all this are in the way they run the investigations. And what way is that ? Well it’s the “organised crime investigations”. The Netherlands pushed the RIEC way of working here to Germany and Belgium. Look it up. Euriec.

The whole way of working is to do dirty tricks in an unaccountable way.

I don’t know. Could you imagine if you were in charge of investigating something like this and you _didnt_ check one of the computers involved just because the guy who owned the computer claimed it doesn’t have anything useful on it?

There could be logging bugs in Tor that you were unaware of, or the owner could be using Tor as a cover. It would be negligent _not_ to at least check the device logs for anything useful.

By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.

The truth is that police investigations normally are restrained based on the disruption that they cause the public. Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.

They want to punish operators because the authorities are frustrated by the effectiveness of these technologies in countering the pervasive surveillance environment which the authorities take for granted.

> Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.

Citation needed. ISPs have entire departments dedicated to cooperating with law enforcement. Comcast has a whole portal with its own subdomain specifically for handling requests from law enforcement [0]. Cox has a page detailing exactly how to send them a subpoena [1]. These guys are clearly dealing with subpoenas just like the ones OP is describing all the time.

It only seems out of the ordinary this time because it's a random person who decided to play middle-man instead of an enormous corporation with a massive legal department.

[0] https://lrc.comcast.com/lea

[1] https://www.cox.com/aboutus/policies/law-enforcement-and-sub...

> By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.

Implying that they don’t have the capability to do this already and/or alternative means to accomplish the same thing.

https://en.wikipedia.org/wiki/Room_641A

> Room 641A is a telecommunication interception facility operated by AT&T for the U.S. National Security Agency, as part of its warrantless surveillance program as authorized by the Patriot Act. The facility commenced operations in 2003 and its purpose was publicly revealed by AT&T technician Mark Klein in 2006.

ISPs cooperate with law enforcement. Most even have dedicated staff for that.

So there's no need to seize their equipment.

/s

< By that logic why not also seize and do forensics on all the ISP's routers too then, just in case?

You think they don't!?

Maybe they did not expect any useful info? One gets jaded but https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_wha...

That isn't the reading I would make of the situation.

Like the OP says, it's harrassment to discourage continued operation.

I think that's what the person you replied to was saying. The purpose of the "system" of law enforcement is not what they say it is (to try and gather evidence from the server), but rather is what the system does (get people to shut down exit nodes because of the hassle).

> Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.

I mean, yes, I'm pretty sure "just take my word for it" is asking too much of LE.

We can always say "Come back with a warrant" but then sometimes they'll come back with a warrant.

> They should know what Tor is and know that any Tor server contains ZERO info

Unless, of course, one has misconfigured it... Which could be the case. Definitely the kind of thing LEO can figure out on the other side of a seize-and-strip of the hardware. Unfortunately, I think the only way to not be a part of the story here is to not be a part of the story here... Don't proxy anonymous traffic if you don't want law enforcement asking after the anonymous traffic you proxied. Otherwise, expect the responsibility imposed upon a service provider (since you're providing a service).

Other ISPs avoid this scrutiny by going out of their way to be helpful to law enforcement.

There is no way for police to know if the traffic came through tor, or was initiated by the owner of computer/server. It seems reasonable that the police have the right to investigate. If not, anyone could run a tor node to cover up their own criminal activities. Even if you did have logs suggesting it was tor activity, should we trust someone’s claim that the logs are proof that it was someone else?

It would in fact be negligent if the police did not properly investigate the server/computer/house of the device.

Yup that's the same conclusion that I've come to for now. I got a family and stuffs now so don't want to bring any stress to them.

One day I will resume but in the future :)

Yes, but they should be able to investigate without placing an undue burden on exit node operators (or regular people with a compromised device that was used as a proxy). Unfortunately it's hard not to be cynical and assume that these kinds of overreactions (and worse) are going to continue. But in my opinion, any society where policing is convenient for the police is a horrible place to live. (Is it really such a radical concept that law enforcement should be focused on protecting the innocent, not punishing the guilty?)

> but they should be able to investigate without placing an undue burden on exit node operators

Is the burden undue?

A Tor exit node operator has made the ethical judgment call that they're doing more good than harm. That might be a reasonable position to take, but I don't think it's unreasonable for us to expect an operator to face up to exactly what it is that they are doing. I'm fully on board with any bomb threats (as just one example) leading to a subpoena on the exit node operator who shielded the threat actor, even if the answer is the same every time.

Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

I can think of very few cases where the possibility of your home being raided by heavily armed police officers, and your property seized, is appropriate if it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

It is fair that running an exit node might be inconvenient, maybe even to the point where consulting a lawyer is advisable, but I think we should draw a hard line at direct threats to an innocent person's liberty, livelihood, and physical safety. That kind of fear is definitely an "undue burden".

Yes, I can agree that an armed raid or the threat thereof is definitely an undue burden.

> it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

I do not view software as amoral. It's a tool, and like any tool it is an extension of myself. Software that I run is acting on my behalf, and what my software is designed to do is something that I should be held morally accountable for.

I'm not sure when the hacker ethos came to mean that "just running software" absolved you from having to account for the damage your software causes, but if that's what the hacker ethos is about then yes, you can count me out.

My point was that running any kind of software should not come with a presumption of guilt. But in the eyes of the establishment, it often does; see: Aaron Swartz, or how pressing F12 might be illegal[0], or many other such cases. A "hacker" should not have any sympathy for this kind of draconian knee-jerking.

[0] https://techcrunch.com/2021/10/15/f12-isnt-hacking-missouri-...

> should not come with a presumption of guilt

Where is the presumption of guilt? A threat of violence was traced to their IP and they were served a subpoena to provide information that might lead to finding the threat actor before they actually hurt anyone. No one even accused OP of a crime, much less presumed their guilt.

I don't mean in the judicial sense, I mean in terms of how they are treated by law enforcement.

Again: where is the presumption of guilt in OP's case? They got subpoenaed, they enlisted help to respond, life went on.

Their lawyers warned them to prepare as though a raid would occur, but that's the lawyers' job: to prepare their clients for the worst just in case.

> (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)

When computing became predominantly online, hackers inherited a moral dimension: the need to consider whether they are doing harm to others via what they do with the shared global network.

It's a different story when you're cobbling scraps together in your basement, and it's a different story when you're primarily phone phreaking "the man," as it were.

Hacker News is hacker like a hot dog is a dog

> law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

That's not what subpoenas are for, and it would be a really stupid waste of time and resources. If you really want to do that, just send them an email.

> Is the burden undue?

Yes.

> A Tor exit node operator has made the ethical judgment call that they're doing more good than harm.

They are. Absolutely. It's not really a question.

> Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.

No, that's just harassment.

The danger is that the Government could just make all this up to specifically target nodes they do not control.

The exit nodes have been known to be the weakest part of the tor design. It has been a logical theory for a while that all exit nodes are visible to the U.S. Govt.

This is just one way they can leave a system like Tor up for their uses and also make sure anything domestically is fully visible to them.

What about timing attacks though, things like governments controlling things coming and going into routers and the internet as a whole?

Surely that's worse than the exit nodes?

The way I see it, the right approach is some kind of continuous communication where messages end up in fixed slots, where if no message would have gone, there'd have been a randomly generated message.

> we should be expecting follow-up from a human being tasked with enforcing the law, right?

That's very nice but until tor exit nodes are illegal, such police action is purely a harassment effort, right?

One thing that struck me, years ago, is that the people running these actions (recipient of a death threat or police) are far more concerned with the fact that "someone enabled this", rather than the fact that someone was angry enough at them to issue a death threat. They had no visible concern about that wannabe murderer, apparently spending no effort trying to identify THEM. They just wanted retribution against the exit node operator. It was totally doing something for the sake of doing something, zero concern about solving any root problem. They had seemingly zero concern that their safety was a risk (I mean, from eventual action stronger than a death threat.)

They also had zero awareness that anonymous email had allowed this ennemy to be revealed before any physical violence.

Wouldn't the true exit node be the ISP as you are one clear node behind them? How many ISP execs get raided by SWAT teams?

Yes the IP was just a DO vps I setup to be a Tor exit.

That's why they requested my personal account information, billing info, IPs that I logged into DO with, all of that.

If not interrupted by me getting the help of the amazing EFF lawyers, the next step after getting my personal information, could have been to raid my home and seize all my electronics. I work from home and would have been greatly disrupted and not been able to work without my computers and etc. Then I'd have to wait months/years to be found innocent and then get all of my electronics back + spend thousands on lawyers.

During all of this, the EFF lawyers straight up told me to prepare my home as if it were to be raided and encrypt all my devices.

Thankfully it did not come to that.

In jurisdictions whose ISP laws I'm familiar with, ISPs have a special protection granted: they don't get raided because they're seen as an infrastructure provider, but only as long as they can point to a customer responsible for some given traffic when served a court order.

I was going to run an exit node when I first learned about Tor, but realized that the cool positive use cases I was imagining it would help with could be effectively done in other ways. In some cases those other ways might not be as easy, but there would be enough resources available to the people involved to get the job done.

It seemed likely that it would be the horrible use cases it would benefit the most.

Balancing an increase in the efficiency of doing good things that could already by done other ways against greatly benefiting horrible use cases made it so that I could not morally justify it.

Situations like this are the main reason I shuttered the torwhois.com service. The barely zero gain wasn't worth the risk, sadly.

What kind of useful logs could an exit operator collect? The whole point of TOR is that the destination doesn't get any meaningful information about the source.

I ran an exit node back 2007-2008 ish after learning about Tor at a conference.

I stopped running an exit node when I looked at the traffic flowing through it. I even sslstripped it back when that was much easier.

No freedom fighters. No oppressed journalists. No free speech.

Only porn and scams.

Running a Tor exit node for freedom is like burning a village to save it or enriching your own uranium to solve the energy crisis.

There's gotta be an answer, but this ain't it.

Just because most stuff is botspam, that doesn't mean it's not worth it for the occasional Snowden or Panama Papers - those would have been next to impossible to safely execute without Tor.

Makes sense that's where the bulk of the volume is, not much different from the internet at large. Freedom fighters and oppressed journalists are exceedingly rare, but they do use Tor.

I wonder what you expected?

Enriching own uranium is an interesting project. I prefer nuclear simulations, but same vibes.

They were sending this in cleartext?

Why don't lawyers just do this stuff? Then minor legal threats are not a concern.

Alternatively, why don't we become lawyers, too?

At the end of the day, lawyers are human too, with lives and families.

They would know the full extent of the inconveniences regarding home raids and device seizures for long periods of time. This would disrupt their lives, work, and probably affect their ability to serve their clients’ legal troubles.

At the very least, I’m thankful for the efforts of the EFF and others that do know the law and help. But I’d imagine there’s a good case for separations of concerns here. Stay out of the legal troubles yourself so you can help others that do get caught up in it. One degree away.

My sarcastic self would say because lawyers became lawyers to earn good money and have social standing. Not to be benevolent to society.

Doesn't running a post office help people communicate coded messages about nefarious things? Doesn't running a telephone network help people do the same? What about cellular hardware providers and maintainers?

They do. But all of the above bend over backwards to help law enforcement.

> post office help people communicate coded messages about nefarious thing

The US postal service scans and stores the outside of every envelope and package they handle. Law enforcement agencies can query this metadata.

https://en.m.wikipedia.org/wiki/Mail_Isolation_Control_and_T...

> Doesn't running a telephone network help people do the same?

They do, but they are not only share the metadata with law enforcement, but also let them wiretap. (Often they require a warrant for this, but that is not a hard burden for a LEO.) And this capability is not some aftertought, but deeply integrated into their tech stack.

> But all of the above bend over backwards to help law enforcement.

We prefer they assist LEO operating under court order, instead.

Tor isn't a post office or telephone network. We have post offices and telephone networks. Tor also isn't a replacement for a web browser or internet, we have those too.

Tor's feature isn't "communication" in the abstract, it's anonymity. And yes, that can be used for good or for evil. But the upthread comment was saying how nice it was to run an exit node because it was "helping people". And to the extent that's true, I think correct thinking demands you also account for the harm.

And let's be clear: Tor is definitely harmful. Almost all Tor traffic is some degree of nefarious. The tiny handful of dissidents are drowned in a sea of phishing and contraband.

You don't need tor for terrorism or identity theft, and it probably isn't widely used in those circles. There are easier ways. But plenty of people use tor to avoid what amount to terrorist govenments and regimes.

This statement is made without basis. What percentage of tor traffic is used for terrorism, identity theft, or people avoiding persecution?

I'm not going to make a value judgment on the use of tor, but I do think it's important to be honest about how it may be used.

> There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.

This is not why.

> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.

This is why. It's basically a textbook example of a chilling effect.

No, that's not (necessarily) it.

It only takes one person in LE to request to investigate this IP, and a single judge that isn't entirely convinced that it will be worthless to try to sign it off.

If parts of the state wanted to harass operators systematically or organize to discourage TOR, they could do much worse.

Most judges don't really read what they sign if it comes from LE, I am convinced.

The one person in LE is assisted by specialists (you know, if they really care to be.)

and the judge and the state attorney involved are controlled by the state's justice department which is run by politicians. yes, in germany the judiciary system is not politically independent ...

https://www.transparency.de/aktuelles/detail/article/eugh-ur...

Historical:

"Why you need balls of steel to operate a tor exit node"

http://web.archive.org/web/20100414224255/http://calumog.wor...

The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.

> As a parent of very young children I have an extensive network of friends and contacts in my neighbourhood who also have children. As we know the subject of paedophilia is not one that can be debated with any rationality at all in the UK. It is surrounded by hysteria. I was terrified that people would find out that my computer had been taken because of that – ‘no smoke without fire’.

Many European countries have standing police armed forces, closer to army national guards than blue shirted civilian police. They're for suppressing resistance forces and revolutionary uprisings, and they tend to fill roles of FBI too. I think that contributes more to normalization of MP5 ninjas fast roping down through your chimney for Internet crimes in Europe than law enforcement over-militarization had done.

Has that ever happened to a Tor node operator? If it hasn't, what's the closest incident to a Tor node operator you're aware of where it has?

In my country there was this famous case ~a few~ many years ago: https://www.zdnet.com/article/austrian-man-raided-for-operat...

Looks like he was not only arrested, but actually sentenced: https://www.theregister.com/2014/07/04/austrian_tor_exit_rel...

3 years probation and 30.000€ fine.

I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities. Like drug sales and CSE media. If a government goes on Tor, downloads such material they'll easily see the exit node as the last hop in the chain. It's a clear-cut case that the exit node operator facilitated illegal activity.

My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.

Would be happy to hear from someone who is more knowledgeable in this area.

> I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities.

How do ISPs operate legally? Every single thing that's ever been done over a Tor relay has crossed multiple ISPs.

ISPs cooperate with law enforcement and often happily give out the information for people doing illegal things on their networks. I realize that operators of Tor exit nodes likely can't help track people on the Tor exit nodes, but I doubt law enforcement cares, they just see it as "not helping" while they see ISPs as "helping."

The core question here is w whether law enforcement actually believes, incorrectly, that the exit node operators are being intentionally unhelpful, or if they understand that due to Tor’s design the exit node operators have no valuable information but the police continue to raid them anyway as a scare tactic.

> The core question here is w whether law enforcement actually believes, incorrectly, that the exit node operators are being intentionally unhelpful

They could keep logs, but they choose not to. They are intentionally unhelpful.

The reason they aren't keeping logs is not for the privacy of others.

If I run an exit node, I know I am not reading the logs to garner personal information of others. And unless someone hacks my server and goes through the logs, which is extremely unlikely, noone else will read the logs either.

The only one reading the logs would be law enforcement.

By not keeping logs, you are intentionally hindering law enforcement.

>By not keeping logs, you are intentionally hindering law enforcement.

This is why I keep a diary indicating every single person I've ever interacted with, along with the date, time and place. It's a pain to do so and it takes up a lot of storage space and it makes people wary about interacting with me but I'd certainly never want to hinder law enforcement.

Unless I'm misunderstanding your comment, you are arguing in bad faith.

It is not a "pain" to set up logging. Most non-tor proxies implement logging. It would be a completely reasonable task for the tor project to implement logging by default.

No one would be any more "wary" to interact with your tor node. Trusting your node not to log would be foolish anyway. So whether you make known that you are logging, or whether you claim not to log (but might secretly do anyway) doesn't make much of a difference.

The storage space a log takes up is negligible (unless you keep logs for unreasonably long times) on anything but the smallest systems. And since running a tor node takes quite a bit of processing power, you won't be running your node on a system that can't handle a few megabytes of logs.

>It's a pain to do so and it takes up a lot of storage space

The perspective is that in order for these actions to be ethical, you must log the traffic, or you should not bother setting up the node. It's irresponsible to setup the node (which takes some amount of effort) but not do the precautionary part which makes it ethical.

You can believe otherwise if you'd like, but this is an ethical framework applied to many other parts of our society and it's the thing that sets you apart from the ISPs, and generally it's the thing accepted by the public at large.

I'd like to make the argument that "we" believe otherwise.

It is legal to keep some logs for a limited amount of time if you run an IT service in Germany, mostly for the purpose of keeping the service running properly. If you have that data, you can give it to LE when they request it.

The thing accepted by the public at large is often codified within a country's laws. German laws generally do not require you to store logs if you are an ISP. Storing them for too long can even be unlawful. There is no so called Vorratsdatenspeicherung anymore, and it is a recurring topic of political debate. So at least in Germany, the public view on storing data is more complex, and people don't believe not storing data or reducing the amount of data stored is clearly immoral when running IT services. https://de.wikipedia.org/wiki/Datenvermeidung_und_Datenspars...

On another note, if LE requests you to log specific access patterns in advance, you might have to do it. If your ISP services are really big (lots of users), you might even have to provide some sort of interface for LE. IMO and under certain interpretations of the involved laws, the German state could ask every single node operator in Germany to log everything, but the political backlash would be quite high.

This is why you enable location history for Google Maps. It had genuinely saved few honest people from false accusations.

I'm stuck.

Please add /s or the links or both.

Telescreen works both ways. That could come in handy if you truly have nothing to hide, or I suppose if what you are hiding must be within His tolerances.

  Chalmers sent a copy of his timeline to Premier Park Ltd, the company that charged him with  the crimes, and the defendant was able to prove his innocence. The charges against him were dropped.[1] 

  the lawyer met with the detective in order to show him screenshots of McCoy’s Google location history, including data recorded by RunKeeper. The maps showed months of bike rides past the burglarized home, NBC News reports.[2]

1: https://www.phonearena.com/news/google-maps-keeps-user-from-...

2: https://news.sophos.com/en-us/2020/03/10/google-data-puts-in...

3: https://www.youtube.com/watch?v=d-7o9xYp7eE

Law enforcement is also about going after whistleblowers, journalists, or, in most countries, just ordinary citizens the current people in power don't like, even if no crime was committed.

You seem to have misinterpreted my comment.

I was not making any moral judgement on people operating tor nodes.

I was simply stating that you are, in fact, hindering law enforcement if you set up a non-logging proxy for the purposes of hindering law enforcement.

Whether that's a good or a bad thing is up to you to decide. Clearly many people think it's a good thing; good enough to go through the efforts of setting up a proxy.

Germany does not mandate that TOR end-node providers are expected to log their users. Saying that not logging someone who went through your end-node is intentionally hindering the police would be like accusing a shopkeeper of intentionally hindering the police because they didn't make of record of every person who entered their storefront.

Maybe.

I think it differs because tor is specifically created to protect against surveillance; both private surveillance and state surveillance (a.k.a. law enforcement).

If a shop was actively helping people avoid surveillance, I would expect them to actively assist law enforcement, too.

I find it perfectly reasonable to consider people who actively help a project which advertises on its website that it is being used to protect against state surveillance / law enforcement to be hindering law enforcement.

> They could keep logs, but they choose not to. They are intentionally unhelpful.

Some tech companies have extremely sophisticated observability which dumps huge volumes data about the internal state of a program. Some companies have very limited observability beyond maybe logging "we just served a request". Your argument suggests that companies who don't have the extensive logs of the former are being intentionally unhelpful?

There are lots of reasons to not keep logs – lack of storage space, additional economic cost of doing so, slower response times due to overhead of observability, etc.

Are shopkeepers required to take down the name and keep a mugshot of everyone who visits their shop in order to help law enforcement? Are the proprietors of any building one might visit required to do so, including those with home security cameras?

You are implying that by not keeping records of all events you are involved with you are intentionally hindering law enforcement, implying that we are morally and legally bound to gather and retain information which helps law enforcement.

Does that make clearing browser history a deliberate attempt to hinder law enforcement?

Internet cafe's wipe the computers after every session. Is that intentionally hindering law enforcement?

I think it's about whether the expectation to log is within reason. Though that is of course subjective.

The difference between your examples and logging proxy access is that logging proxy access is the standard behavior (for proxies which aren't tor).

Tor proxies deliberately decide to behave in a non-standard manner. And with what tor is about, it is clear that this is not for technical reasons but for hindering law enforcement.

I will claim that if the tor project did not openly intend to make government surveillance more difficult, it would have implemented logging long ago.

But that's just a claim, not a fact. Maybe I'm wrong.

>it is clear that this is not for technical reasons but for hindering law enforcement.

Aren't there valid reasons for people not to conceal or anonymize their communications, such as whistleblowers, journalists, or people needing to hide their communications from oppressive governments?

On the issue of clearing browser history are you aware that the FBI threatened a boy for clearing his browser history under laws intended for destruction of corporate documents and communications?

> Aren't there valid reasons for people not to conceal or anonymize their communications, such as whistleblowers, journalists, or people needing to hide their communications from oppressive governments?

Keeping logs doesn't help other goverments. Other governments cannot access your logs. Your government can access your logs. You are protecting them from your government. You may claim that your government is oppressive. But that doesn't change that you are hindering the enforcement of their (oppressive) laws.

Regarding the moral question: I agree that there are cases where hindering your own government's law enforcement may make sense.

Regarding tor, I mostly take issue with the concept of onion services. If you want to publish USA government secrets, you can publish them on Russian servers. If you want to publish Russian government secrets, you can publish them on American servers, etc. The sole purpose of onion services is to publish content which is illegal in every country on earth. I can't think of many good things that are ollegal in every country on earth.

> incorrectly, that the exit node operators are being intentionally unhelpful

I mean, exit node operators are being intentionally unhelpful? They're intentionally helping people who don't want to be tracked. "I don't want to give you the papers" and "I can't give you the papers because I burned them so that I couldn't give them to anybody" are equivalent morally; the only difference is that the latter is irreversible.

There are good reasons to not want to be tracked, but there are also bad reasons to not want to be tracked. Exit node operators have chosen to help both. Police on the whole tend not to be the kinds of people who understand the "good reasons not to want to be tracked" thing.

> "I don't want to give you the papers" and "I can't give you the papers because I burned them so that I couldn't give them to anybody" are equivalent morally; the only difference is that the latter is irreversible.

There are other differences. One is after the fact, the other is a decision made before the fact; one is specific (rejecting that request in particular), the other is general (all requests of that type are guaranteed to be affected equally).

It's the same with, for instance, email retention policies. We accept that old messages are irrevocably deleted after X days, even when we require them to be produced once requested if they still exist.

> It's the same with, for instance, email retention policies.

Indeed it is. The intention and moral purpose of email deletion policies is to reduce the risk of embarrassing or incriminating emails being turned up as part of a lawsuit or investigation -- in other words, to be unhelpful.

The legal justification for being unhelpful in both cases is that "this is just policy, we're treating everyone the same". That doesn't change the fact that in both cases the intent was to be unhelpful to investigators.

What if I just want to delete old information because it’s just noise now. My intent is to reduce my operational burden.

I have long retention policies for things and life cycles for others. Information shouldn’t be permanently available to me if it’s not relevant or it’s a waste of resources.

Could it not be that you don't want such emails exposed if you were hacked? Why does it have to be only law enforcement that you're hiding them from?

Courts, and even law enforcement, are actually smart enough to know that they have to enforce the laws as written and that they can't just act on their feels. At least most of the time. In many places.

They can't say they're breaking the law but as long as they don't admit to wrongdoing they can accomplish the goal of picking up pretty much anyone for something..

It's best to assume the government is a hostile, rabid actor who will seize any reachable assets and your freedom at any point they wish and proceed accordingly.

FWIW this is more of a concern if you expect the case to go to court. In the US most "criminals" accept plea bargains without a court ever seeing the case. So statistically you can likely "act on your feels" as long as the suspect does not think they can prove you wrong in a court of law (whether it's because they're guilty, because they don't fully understand the law or because they can't afford the time and money involved in a court process).

> How do ISPs operate legally?

I described exactly that in my second paragraph.

Tor relay operators are, as a rule, entirely willing to give law enforcement all the information they have about connections that have gone through their relays. They simply don't have any. And there's no legal requirement for them to have any.

... or at least there never was in the past. The new wave of stupid and extremely broad "duty of care" laws that try to apply to the design of any and every communication service may change that. But it hasn't been litigated anywhere.

Whether or not the exit node operators retained logs is besides the point. These exit nodes are facilitating illegal activities, and it's trivial to prove. How do they not get arrested?

It sounds like Germany extends some sort of carrier protection to Tor exit node operators. E.g. if someone organizes a drug deal over the phone, Verizon is not liable. But Verizon does have to meet some minimum standards of records keeping and law enforcement assistance (wire tapping).

Lots of people and organizations facilitate crime. That’s not generally the legal standard. They typically must be proved to done so intentionally (or with reckless disregard)

No, it is. There are more often specific laws that exempt platformers of liabilities on condition that they keep logs and cooperate with LE.

Perhaps the most famous example is DMCA: [Google] is exempt from liabilities for hosting pirated movies on [YouTube] by US laws, on condition that it's not actively involved with it and fully robotic with takedowns.

If a criminal rode on a bus to place of the crime, is the bus driver automatically liable? Bus company? Is his phone company liable because he talked about his crimes on the phone?

IANAL, but "legally"? Bus companies has code of conduct posted on the wall at their depot for its users to read and agree, or state law regulating public transportation, and it always says using it for crimes is against the law. Those clauses let drivers and companies frame themselves as victims to escape prosecutions, unless there's going to be gross negligence or sorts that override them.

It's not like courts treat popular businesses like buses and ISPs as sceneries just by gut feeling. There are always laws.

No. But legal system treats 'on the Internet' in a more harshly way.

Does iMessage or WhatsApp has wire tapping feature? Are they "facilitating illegal activities"?

If a government investigator joins a WhatsApp channel where loads of people are sharing CSE, WhatsApp will help the government find the people responsible. WhatsApp encrypts the content of the data, but they retain message logs and do cooperate with law enforcement. Presumably the same for iMessage.

This largely conforms with how the first telecoms received immunity for abuse of their services. They retain logs and assist the government with investigations, and in exchange they are shielded from liability. WhatsApp and iMessage would probably cooperate to the same extent, minus wire-tapping messages in transit (because they can't). That's vastly greater cooperation than a tor exit node operator that retains no logs.s

The original post mentioned facilitation, which from what i understand is when you assist comitting a crime but have no secific knowledge of the crime.

I imagine for tor, the reason is that there are also good uses for tor. However i dont think "i intentionally know nothing" works as a defence in general.

Ianal

I was answering something about assistance to law enforcement, which isn't the same issue as facilitation of crime.

"Facilitation" as an offense in itself is one of those things that tends to be a real thing, but varies a lot depending on the jurisdiction. In most places, most of the time, you're only going to get in trouble for facilitating crime if your service is especially set up to be unusually useful for crime. You're especially vulnerable if you specifically designed it for crime. If those things apply, then knowing it's being used for crime (but not necessarily on which specific occasions) can make it worse for you. Give or take, depending on where you live.

In the past, Tor nodes, even exit nodes, have mostly gotten a pass, at least in countries where most of them are located. They get raided all the time, but largely as cases of mistaken identity. That's probably because most Tor traffic has historically probably been people trying to hide from ad tracking or people worried about their perfectly legal activities being spied on. So it's hard to say the service is really aimed at illegal activity.

Things are tightening up worldwide, in statute and probably in case law, mostly because of Tor and other services possibly being swept in by standards primarily aimed at social media. We may start seeing Tor nodes targeted because Tor is now considered "too adapted to legal activity", or even because node operators are "not doing enough to prevent" illegal activity (including redesigning the system if necessary).

But until fairly recently that's been more what you'd expect to see in North Korea than what you'd expect to see in Germany (or the US).

What law mandates forced compliance outside subpoenas?

Communications act of 1934, among others: https://en.wikipedia.org/wiki/Communications_Act_of_1934#Wir...

The question was about ISPs.

You are quite literally telling me what question I asked.

How do you expect further fruitful dialogue?

You can make the same argument for developers of encryption. There are legitimate reasons for privacy. The fact that criminals want privacy, too, doesn't mean privacy should be illegal.

The difference is that with Tor you are physically downloading CSAM and forwarding it on to the offender. With encryption you're just providing tools for them to hide material.

Exit node applies only to traffic that goes into a clearnet. You could to illegal stuff, but only tor users have protection and website owners are liable to raids should they allow illegal stuff to happen on their platforms.

With Tor Hidden Service there's no exit node as such since traffic terminates inside the Tor network. The networking route is doubly anonymized so both the server and the client can't track each other down.

Perhaps I'm not understanding something. I'm imagining this scenario:

1. Bob is running a Tor exit node.

2. Charlie is a government official investigating illegal content (use your imagination)

3. Charlie downloads illegal content via Tor

4. This content is sent to Charlie from Bob's exit node.

5. Charlie observes that Bob's exit node sent him illegal content.

I understand that even if Bob is raided and his computer searched, they cannot find the website hosting the illegal content. But Charlie would know that Bob helped deliver the illegal content. Tor Hidden Service does not anonymize the exit node from the client.

Your mixing up general Tor use vs Tor hidden services. With hidden services there’s not really an exit node because the traffic never exits the Tor network.

Charlie could only see the machine in the final step of requesting the illegal content it Charlie was hosting the hidden service themselves. These requests can come from many different Tor operators not just exit nodes.

To be clear, Bob is not the host of the illegal content. Bob is just the second-to-last hop before the content reaches the end destination (Charlie). My understanding of the tor network is that it obfuscates traffic across many hops. The path content takes from the host to Charlie:

Host -> Node 1 -> Node 2 -> ... Bob -> Charlie

this obfuscates the Host from Charlie. But Charlie knows that Bob sent him illegal content. Yes, Bob didn't host the content. The host is obfuscated. But Bob is still delivering illegal content and Charlie knows it.

Exit nodes are not the nodes that are directly facing tor users. Those nodes are called "Guard Relays".

Guard Relays usually don't have these issues, since you have to be somewhat technical to actively probe relays by requesting content through tor. And technical people know there isn't any point to rading an operator's home.

> Bob is still delivering illegal content and Charlie knows it

Does BOB know they are delivering illegal content?

No... is it even possible to send unencrypted traffic by Tor? If it's even possible, Charlie must be the only person in the world doing it.

> Does BOB know they are delivering illegal content?

He does when Charlie knocks on his door and informs him that he delivered CSE to him. Ignorance of the fact that one is breaking the law is rarely accepted as a defense. Carriers usually get this protection when when meet some standards of safeguards and cooperation with law enforcement.

Ignorance of the law is not generally accepted as a legal defense, but ignorance of facts is. Most crimes involve a mental state of knowledge or intent with respect to the wrongdoing, and an exit node operator does not know what users are accessing.

Taking the wrong jacket by mistake is not theft, and operating the exit node through which someone downloads CSAM is not criminal possession of CSAM or knowing facilitation thereof.

Do you think drug mules get off scot-free when they say "I didn't know what was in that package"?

If the prosecutor can't convince the jury that they did know, yes.

That rarely happens in practice because prosecutors are usually pretty good at their jobs, and tend not to bring cases they can't prove.

The prosecutor doesn't need to definitively prove that the mule knew he was transporting drugs. Only that a reasonable person should have known.

Back to our Tor example: if you've been repeatedly told by the government that your node is being used for illegal activity, it's hard to plead ignorance.

You've described the legal mental state of negligence, and it's true that some crimes use it. Some jurisdictions have "criminally negligent homicide" as a crime with a lower penalty than manslaughter (reckless homicide) for example.

A look at federal drug distribution statutes in the USA[0] shows the mental state used for most of the forbidden acts is "intentionally" or "knowingly". Other jurisdictions could have different laws, but in the USA, it does appear the prosecutor has to prove that a drug mule knew what they were doing.

Similarly, the federal statute in the USA criminalizing distribution and transmission of child pornography[1] says "knowingly". Someone operating an ISP, an internet router, a VPN, or an exit node has no obligation (and often no ability) to inspect the data they're transmitting to find out if it contains child pornography, and knowing that there's a certain probability a given amount of random traffic contains some does not trigger criminal liability because the operator does not know that any particular data is child pornography.

In another comment you mentioned that ISPs can aid law enforcement because they know details about their customers. They usually do for billing purposes, but in many jurisdictions they're not required to. There is not, to my knowledge a KYC law in the USA for providing internet service.

[0] https://www.law.cornell.edu/uscode/text/21/841

[1] https://www.law.cornell.edu/uscode/text/18/2252A

Continuing to operate a Tor node after being informed by the government that it's being used for illegal activity means the operator did this "knowingly". It's even more egregious than a drug mule transporting an unmarked package:

Imagine the government tells the mule that their employer is shipping dugs in these packages, and the mule still tries to claim that they didn't know that they might be transporting drugs.

It's not enough in parts of the world usually considered free and democratic for an information services provider to know that some of the data they're transmitting might be illegal. If it was, everyone from ISPs to messaging apps to social media sites would be at risk. In the case of child pornography, most jurisdictions require them to report it if they discover it, but they are not required to actively attempt to discover it.

The EU Chatcontrol proposal seeks to change that in some cases (TOR exit nodes not among them), and most people here are vehemently opposed to it.

Hidden service connections don't go through exit nodes. In theory it's two back-to-back Tor connection that meet somewhere in the network, but you can also think of it (possibly more correctly) as a six-hop Tor connection to an exit node that is only used to directly connect to the backend server. If set up right this prevents government sniffing at all points.