Part of the reason I sadly stopped running any exit nodes was law enforcement harassment.
I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.
The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.
Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).
The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.
Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.
I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.
Is something like this unexpected? I personally never ever thought so (which is the reason why I never ever even considered running a TOR exit node).
As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.
> I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
On one hand I admit that that might be the case, on the other hand even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.
I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).
In my opinion it's obvious that the current situation of solutions is in general bad: too much pressure on services that provide privacy because it's too easy for crime to misuse them :o(
> As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.
Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.
In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.
During The Troubles bombs were sent via the Royal Mail. Nobody blamed the post office. Indeed any infrastructure is a tool of terrorism as we rely on it (I am not going to make a list for obvious reasons). I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk. The question is whether or not the same applies to free speech - you're right there is no win-win solution, but it still might be worth it.
However if you start "Peters no questions asked hand delivery service, shipping direct from Ireland to London so reliably you can set a timer by it" - and you deliver 3 bombs to politicians you might find yourself being asked a few questions.
At the time that's exactly what the Royal Mail was. Requiring identification to send packages is a much more recent development. Society just accepted that bad actors could do this and solved the root problem instead.
There are quite a bit of differences here. The mail services transport physical goods, and the whole path can be tracked. Every letter or parcel is registered by the postal office where it was submitted to for transport. And usually there is quite some physical evidence with everything you do mail.
> I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk.
The thing is, we absolutely don't tolerate this with infrastructure. We have entire systems in place to make sure that we can find people who use our infrastructure to kill people. The USPS has its own entire law enforcement branch whose sole job is to track down people who misuse the mail. I'm sure there are processes in the UK for the same.
With our infrastructure there's some non-zero amount of abuse that we acknowledge we won't be able to prevent in order to make everything work without infinite enforcement cost, but we don't just close our eyes to the abuse and not even try to do anything about it at all.
The difference between the post office and Tor is that Tor is very specifically designed to make tracking a sender of a bomb threat impossible. State-run postal services at least try to have an audit trail for what they send.
> depending on which side of the Israel/Palestine conflict you are on
Here's the thing: I am not on either side of that conflict, or likely any other conflict you could use as an example. There are atrocities committed by both sides. There are victims on both sides. You could argue over who committed the worse atrocities or over who is the biggest victim until your face turns blue, it isn't going to end the cycle of violence as long as there are people facilitating that violence.
And no, I am not naive. I know there are people out there who care nothing about causes beyond their own self interest and who care nothing about their victims. I realize that these people are impossible to combat without the innocent coming in harms way. Yet the moment we fail to be ashamed of the harm we cause in the name of the cause, the moment we fail to acknowledge who is being harmed in the name of the cause, is the moment we become no better than them.
Here's a better example then. Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?
Lots of horrible dictators have used rhetoric like yours to rationalize/facilitate their actions.
The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.
You have to pick a stance and live with the harm that comes out of it (yes, whichever stance you pick, will cause harm).
> Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?
Realistically, I am unlikely to help since I am unlikely to understand the circumstances and I am especially unlikely to understand who I am aiding. Revolutionaries often look noble (or try to look noble) until they are in power and show their true colours.
Operating an exit node is something that I would be unwilling to do since it goes beyond possibly facilitating those who would want to do harm, it is pretty much a guarantee of facilitating those who would do harm.
> The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.
While I agree that there is no absolute objective moral compass, we each have a moral compass. We have to live by them. Will other people exploit those morals to their advantage. Undoubtedly. That doesn't mean we ignore those morals. Personally, I draw the line at facilitating violence.
Oh just because you are not affected yet, you might be in the future, most probably if no one is there to help against people with obscene power and they start to easily win
> Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.
Stepping back though neither side in that conflict needs Tor. They both have numerous supporters in other countries where that support is legal. They can send and receive information through trusted outside supporters including some outside governments. They just need secure communication channels to a few representatives among those supporters rather than something is general as Tor.
> In the end, this really comes down to whether you value freedom or state protection more
If we're talking about the decision to actually run an exit node, I disagree with this breakdown of the ethics. I can value freedom more than state protection in the abstract while at the same time not feeling that helping support freedom in Russia and China and Iran is worth the cost of simultaneously helping to shield perpetrators of violence closer to home.
In most people's ethical frameworks choosing not to run a Tor node does not make me culpable for the actions of a state suppressing its people, but choosing to run one does make me at least somewhat complicit in shielding the perp of a bomb threat.
The USPS has an embedded law enforcement agency [0] whose full time job is to track down people who are using the postal service to commit crimes. Tor is very specifically designed to make an equivalent impossible.
‘Truly bad’ still relies on the perspective of the participant though. Parents point is that ‘bad’ is a matter of perspective, and that right or wrong, at lease some cartel/nk/isis operatives believe their actions are justified for some greater good, Palestine/Israel opinions and belief are obviously a more easy to understand perspective, but the point still stands.
You don't know that, you've never been there or probably spoken to a north korean. Not saying you're wrong (i can admit i have no idea), but i'm annoyed you're swallowing narratives from warlords who have been known to lie to start wars as if it's assumed default true
I have no idea about nk politics, but if the media continually pumps out ‘the west is the reason we’re starving, join the military today!’ then they might feel lucky to both be fed, and to be serving their country.
Really? Some cartel operatives believe their actions are justified for some greater good? Well unless you count filling your own pockets a "greater good" then they are objectively extremely deranged and delusional which possibly makes them even more dangerous.
> relies on the perspective of the participant though
> Parents point is that ‘bad’ is a matter of perspective, and that right or wrong,
Not really, though. Some things are just 'bad' (you or the perpetrator might not agree but that doesen't change that fact).
Nothing is inherently right or wrong, see moral nihilism. At any rate, cartel operatives may have other intentions than just simply fill their own pockets. Maybe they are selling medical marijuana to people in need because they would love to help people, and get money doing that, how about this?
This is the crux of every argument against free speech, no?
There is a fundamental trade off we have always had to make between safety and freedom. If you believe that privacy online is a freedom worth having, or if you believe one should be able to say whatever they want, you have to accept the bad with the good.
As soon as you start gating access by judging a person by what they're trying to do privately online, or what they're trying to say, you've thrown out that freedom and made it a privledge.
There's not even anything wrong with that if that's the world you would prefer to live in. Its important to know that's the tradeoff you're making though, and be prepared to accept the consequences if you one day find yourself running into new leadership that believes what you want to do online, or what you say, isn't worthy of the privilege.
> Its important to know that's the tradeoff you're making though
Exactly. This is all I'm saying.
I don't have enough knowledge of Tor to make an argument that it does more harm than good or vice versa. But I do know that a lot of people on here are just as ignorant as I am but are quick to assume that Tor must be inherently good because it protects privacy.
As I said, if you look frankly at the risks and decide that the benefits are still worth it, that's a decision I'm comfortable with you making. But that requires looking very frankly at the risks, which most seem reluctant to do in favor of high-minded abstract discussions of the merits of freedom and privacy.
This subthread spawned from someone who helped facilitate a bomb threat through an exit node they were running, and that kind of concrete harm needs to be mentioned in any discussion of the merits of Tor.
And someone else pointed out that the IRA used to send bombs through the mail. Yet we are not debating shutting down the Royal Mail because of that (and rightly so).
There are governments out there who kill people who criticise them, usually journalists. We need those people to continue their work. We do not want a world in which all communication is government-approved.
> the IRA used to send bombs through the mail. Yet we are not debating shutting down the Royal Mail because of that (and rightly so).
As I said elsewhere, at least in the US there's an entire law enforcement agency whose sole job is tracking down people who use the postal service to commit crimes and hurt other people. I'm sure there's an equivalent process in the UK. Tor is specifically designed to make that impossible.
There's really no comparison.
> There are governments out there who kill people who criticise them, usually journalists. We need those people to continue their work. We do not want a world in which all communication is government-approved.
I agree, and it may well be that on the balance we come to the conclusion that Tor is worth it. All I'm asking is that we stop looking at the harms as an abstraction and the benefits as concrete.
OP facilitated a bomb threat but seems to have thought primarily about how unfair it was that law enforcement subpoenaed them rather than the complexity of the moral choice they made and its consequences.
OP facilitated a bomb threat in the same way that the postman who delivered an IRA bomb did.
The complaint seems to be really about how the people who are hunting for the actual bad guys are so incompetent that they're hassling people running Tor exit nodes. The basic misunderstanding of technology is leading to unjust outcomes (whatever you think of the moral choices of people running Tor nodes; they are incapable of helping the inquiries so should not be subjected to these incompetent fumblings).
If the government thinks that Tor is a bad thing, and that running an exit node is immoral then we have a system in place to deal with that: pass a law making it illegal. Letting incompetent authorities hassle people who choose to do this perfectly legal activity is not the answer.
This trade off concept is a popular belief but completely fictitious and dishonest.
The state is not fundamentally better than the people as a whole. They just have more focused resources.
More resources to brainwash their subjects about how their power is always such a great and wonderful thing and is only ever used for good, and definitely better than people exercising power themselves.
Oh and also much more resources to gas people to death in camps, starve them to death, blow them to bits (but always for completely good and justified reasons of course).
I disagree. Centralizing power absolutely has the potential for providing more safety. Its up to those with the power to decide whether to provide it, and to whom they provide it.
I whole heartedly agree with your underlying argument that granting power to the state is never worth the trade off though.
Wasn’t the raid done in a democratic land? There is no gestapo in Germany in 2024, is there? Privacy is what terrorists love too. There needs to be a balance. Even guns need permits and psychological evaluation.
Be more precise in your thinking. This is not about bomb threats, this is about punishing people that provide a line of communication.
It is not a new concept that defendants of freedom of speech often have to protect scoundrels too. The argument doesn't change, it always has the same pattern and principle. And yes, it is advisable to err on the side of freedom, there is enough literature here to expand on that point.
Additionally the agencies that would demand these information are prone to break the law itself. So this isn't even a discussion about doing something just or not. This is purely a discussion about how much power you want the executive to have. Or in case of Germany, the often misdirected and overworked judicative branch.
Criminals and fraudsters will abuse pretty much every technology they can get their hands on. As a consequence, every service operator needs to do their part to prevent fraud and abuse. If you offer a service anonymously and indiscriminately, your service will be overrun by crooks, and you'll end up serving criminals.
The fact that your service could be used to defend free speech does not absolve you from your duty of monitoring the use of your service. If you realise your service is used for exchanging illegal content and bomb threats, it's your duty to do something against that, or stop providing the service.
I'm as much of a supporter of encryption as anyone, but I also accept that true effective encryption enables some pretty horrible things.
One of those "better look your meat in the eyes, before you murder and eat it" idealism-meets-realism moments.
On the whole, though, I think even with perfect encryption the remaining physical traces of illegality are sufficient for law enforcement purposes (granted: if more difficult).
I don't think the analogies to encryption are fair because a Tor exit node is far more active in shielding criminals than the inventor of a new cryptography scheme is. The inventor merely puts out an idea that can be used for good or bad. The exit node operator is actively paying on an ongoing basis to shuttle CSAM and bomb threats.
The exit node operator is also shuttling other content, so it's not wholly evil and on the balance someone might decide it's still worth it, but it's still a much less obvious ethical call than simply designing a piece of tech.
Someone has to pay for distribution, maintenance, and integrations of the encryption on an ongoing basis. If it was legal to write encryption but illegal to distribute it, what would be the difference from a ban? Both tor and cryptography require an ongoing effort to provide their service.
I see a pretty strong difference between hosting the latest build of gpg and actually running a server that moves the bytes that cause the harm. You may not, but I do.
You're naming things that are in the grey zone though. For example I can find polls [0] suggesting that North Korea is one of the least popular countries, but not strikingly different in absolute terms than someone like Russia or the USA. Internationally speaking they aren't unusually bad actors.
The problem with a "no shades of grey" stance is that in any large organised group there are going to be some good points and reasonable ideologies for why they have banded together to do what they do. They may be mistaken on important points, and it certainly may be necessary to put all empathy aside and try to ruthlessly crush them regardless of any good points they have - but in practice that approach almost always leads to terrible results compared to negotiating to emphasise the good and suppress the bad. Take ISIS - the reason we have groups like ISIS running around is generally because of a no-shades-of-grey approach taken to deal with their precursors. The US policy in the Middle East typically destabilises things (although they are hardly alone in doing that).
The "really bad" people have no conscience. No qualms about compromising the device of some innocent victim and then using that as their "exit node" if Tor wasn't available. So if Tor doesn't exist, that's what they do, and that's worse. Because not only do the bad guys still get to be anonymous, now the owner of the compromised system takes the blame. Which is more likely to be someone less able than you to articulate what happened, and who has to claim they were hacked with perhaps scant evidence rather than being able to point to their IP address on the public list of Tor exit nodes. They also might not be in a country with due process. So what you're doing there isn't helping the bad guys, it's saving some of their innocent victims from being unjustly punished.
Meanwhile the "good guys" who use Tor do have a conscience, so they wouldn't do that to an innocent third party, and then without Tor they have nothing. So you'd be helping them too.
We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.
Come on, Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false. You’re mostly enabling all sorts of criminal activities, from benign to major. Hosting a tor exit nod doesn’t make you a hero, quite the opposite actually.
> We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.
Locks aren't for the really bad people, who are in fact going to break down the door. They prevent crimes of convenience.
But Tor is the lock, and the crimes of convenience would be e.g. mass surveillance of the population, in the event that ordinary people don't have it. So it's not clear what you're arguing here. That everyone should use Tor?
> Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false.
Add to this, the illegal stuff isn't accessed via exit nodes, which link into the ordinary internet. Those things use hidden services, which are internal to the network and don't use exit nodes.
But let's even explore the premise. Suppose a lot of the traffic is people trading in illegal materials. Well, that's not really a big problem; people do that stuff via several other existing channels and the societal cost of each instance of someone buying pot over the internet isn't very high. Whereas the societal benefit of one single whistleblower is massive. These things can change the lives of millions of people. So even if it's 99% contraband, the remaining 1% is ten million times as valuable.
It's true that keys are mostly there to deal with minor bad actors and don't do much against determined adversaries. They are however not much of an obstacle to authorized persons which is why we use them.
You also may notice that in most civilized countries we do stop at somewhat weak keys and glass windows and don't bother with fortifying each house to withstand a full on assault from a criminal organization. That's because this will have a very high cost and we are better off dealing with criminals in other ways so this lack of protection is not a real concern.
I would use that argument if I were an oppressive government that was troubled by journalists using Tor to expose me. It's only 1% right? Think of the children.
Quoth Fidel Castro: ¿Armas para qué? (What do you need guns for?)
If your weapon against oppression is 99% enabling child pornography to thrive, I fail to see what overall good you are making. How many lives ruined for how many articles read?
You try to paint me as a "purist" that would allow the world to fall into the worst abusive governments just to save 1 child, but if you look at it honestly, you are at least as purist as me, because you would enable arbitrary amount of crimes just to save 1 journalist.
Assuming my 99% is accurate, the numbers are really not in your favor, plus journalists are grown adults that make their own choices, while children don’t chose to risk being abused, filmed and exposed online.
Even if we assume 99% of Tor is CP, that doesn't mean blocking Tor will remove 99% of CP. In fact, it probably will have no impact, as criminals will just use other methods, as they are well funded unlike oppressed journalists.
Surely there are also other ways for whistleblowers/journalists to communicate secrets. And why do you assume the random child porn creator/enjoyer is well funded? This kind of crime is more about availability and lack of consequences than money. Tor makes it invisible as no one will ever admit to it, but it's still easily available to anyone, with no consequences. Why are you so convinced that going after it is necessarily useless, necessarily harmful and necessarily wrong? I can't help but feel that it's a principled position, and that no amount of harm done would justify making it law-enforceable to you. How much lawlessness should we accept in exchange for how much whistleblowing? Any amount vs the slightest act doesn't sound like a good balance to me.
> In the end, this really comes down to whether you value freedom or state protection more...
This is again a forced binary "and/or"-decision, without anything inbetween.
It doesn't have to be like that - both can coexist, if both terms are not extreme.
(disclosure: my post is not related in any way to Israel nor Palestine and I'm personally not linked in/directly to anything related to Israel nor Palestine and this post is not related to the current conflict)
> Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.
The problem is when you choose to involve yourself in nation-state conflicts they’re just not going to care about your protestations of neutrality and freedom. They’re just going to see you aiding their enemy.
>In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.
I want to argue for freedom, on the grounds that most people know whats best for themselves better than others, so on balance there should be more people using that freedom for good, but then most people are busy, and not as motivated or knowledgable of how to use that freedom as the malicious actors are.. so is that even freedom in the end?
I don't think that dicotomy is quite right. bad actors can take away my freedoms (for example if they steal my bank account I'm no longer financially free as I'd have no money)
I don't know the correct balance. maybe it's just an impossible problem. I just don't think the two sides are freedom vs state protection.
> even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.
Decentralization is not an excuse for negligence. Anyone working in cybercrimes should be aware that Tor exists and of what it is. The list of exit nodes is public. Harassing the operators can only be one of malice or incompetence and neither alternative is excusable.
And it doesn't need to be a "really bad actor". I have been spammed by someone for years who clearly used a script to target an online service of mine. Always connecting from TOR, so banning an IP or a range wouldn't block that person.
This shows how easily TOR can be abused, even for small misdeeds.
Agreed.. this " I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution," could be dependant on what you personally see as bad actor.
Would being gay count? In some countries it's a death sentence, so using TOR is how they avoid being thrown off a roof or stoned. Talking about anything LGB is a crime.
What about someone who wants to read 1984.. Would you be okay with them committing that crime?
> I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).
Exactly
Making an analogy, I feel these people are kinda the European ideological equivalents of the "sovereign citizens" in the US (though sure, they're usually more informed)
In one way, deeply concerned about very legitimate worries of free speech and privacy. In another way, very naive about what happens in the real world or how legal process works
Expectations: "We're helping people fight dictators!11" Reality: 80% malicious usage, 10% "just a prank bro", 5% people with legitimate uses and then the rest
I'm not sure what you mean with this "Wir schaffen das" reference. By attempting to be host refugees, one is committing the fault of being self-righteous?
Idealism around privacy and liberty are quite important, otherwise you end up with a worse country and there is a reason for laws to usually grant people these rights.
The law failed here and it is a typical problem for Germany, that historically and still today has problems with liberties in general.
FUD doesn't mean we should do away with liberty. To say otherwise is naive idealism that requires infallible human actors in security related agencies. That is impossible.
> We do not specifically disallow Tor exit nodes, but as the account holder, you are responsible for all the traffic going through your Droplet (including traffic that an exit node may generate), and we do prohibit some of the traffic types that may go through a typical Tor exit node.
> If you are unable to stop prohibited traffic like torrents, spam, SSH probes, botnets, and DDoS attacks, running a Tor exit node may lead to us suspending or terminating your account. We send you an email in the event of a violation of our Terms of Service, and you must address these issues as soon as possible.
Running Tor exit node without abuse? How is that possible? Since they didn’t shut you down after three abuses serious enough to get law enforcement involved, I guess they don’t really give a shit about abuse after all.
I actually think that Tor should deemphasize exit nodes and trying to provide access to the clearnet, in favor of better hidden services.
Nearly every major site ends up either totally blocking anything that comes from a Tor relay, or applying massive numbers of weird CAPTCHAs and restrictions, so it's getting to be basically unusable anyway.
The new Cloudflare captcha has changed this and it's a lot better now. There's no more Recaptcha hell. I read the Ben Collier book about Tor recently and in his interviews he found that some Tor contributors actually feel the opposite, because they feel the negative attention that the "dark web" mythology brought on has been bad for Tor. According to the book the archetypal Tor user is someone in a censorship heavy country like Iran visiting facebook.com or nytimes.com, so they don't get much out of hidden services.
There really is a fundamental difference between : secure end to end messages of willing participants. VS arbitrary anything-illegal from someone else's public ip.
This gets back to AnthonyMouse's argument (above) that
(1) TOR exit node operators are buffers to protect people from being hacked. A hacker would more easily use TOR than need the effort to runa scan for vulnerable routers, root one, and hop between various routers.
Which implies
(2) if TOR had no exit nodes and/or clearnet service blocked TOR ranges, hackers will just resort to hacking routers / other systems / botnets to make their own proxy. Now the block doesn't work, someone(s) got hacked, TOR is gone.
Basically TOR as a "containment" system. Seems to me that would be preferable for law enforcement, particularly because some state actors (https://www.infosecinstitute.com/resources/general-security/...) are putting great effort into unmasking TOR, making it a great honeypot. Ironic that Germany prosecuted a German exit node when they were the same ones investing heavily in unmasking it!
But flipping the script: bomb threats and Qatar conducting international espionage aren't silly things as far as the government is concerned, and if we intentionally interpose ourselves in the comms channel in a way that the attack trace stops at us, we should be expecting follow-up from a human being tasked with enforcing the law, right?
I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.
If you had visited any of my exit nodes via port 80 or 443, I had a lander on them stating that it was a Tor exit node and to please contact me if you wanted your IP to be blacklisted from it. I also stated that there was no useful information contained on this server (by design) that would be helpful for any evidence gathering or investigations. Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.
Additionally, Tor exit nodes are public and all they had to do was look into my IP more than 5 seconds after finding it in logs somewhere and firing off a warrant or subpoena for it. The first two were straight up vague templated fishing expeditions. The 3rd subpoena actually came straight from the DOJ and was a lot more detailed and serious.
They should know what Tor is and know that any Tor server contains ZERO info that would be able to assist them in whatever they are attempting to investigate.
Sure, I do think such situations require follow-up but as soon as they are informed it's a Tor ip, they should know to drop any pursuit of getting evidence from it. They do not, they continue to go after you via legal means. Even though I had the EFFs help, this entire process still took months.
It's pretty stressful to be in a situation where its lil ole me VS the entire United States government who has unlimited resources, time, and money to go after you.
I am extremely blessed to have had the EFF lawyers at my defense and will forever be a life long supporter and donor to them. They really do fight for our digital rights and can help defend you in a digital equivalent of a David versus Goliath situation.
There's a very productive spammer that sends out spam for their shops and, on their home page, they have a big info about how they didn't send that spam, and it's just somebody else trying to ruin their reputation.
If all you'd need to deter law enforcement is to put a website up on your server and say that you don't have anything to do with anything happening on that server and that they shouldn't bother because there's nothing to see anyhow, a lot more criminals would do that. I'm sure they'd even put an actual exit node on their machines if that protected them from law enforcement.
Maybe rather than a big info explaining that there's nothing to see, it could be a big info explaining that "source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.
It's like raiding the home of the mail carrier because someone got drugs in the mail. Sure, it could technically be that the mail carrier is also a drug dealer. But when it comes to the USPS, the identity of who delivered the contraband package is not a useful data point for investigating the crime, and acting otherwise is willful ignorance.
> "source IP address" is useless as evidence of a crime, because, as this server and many, many other proxy services demonstrate, the IP listed as the origin is in no way guaranteed (or even likely) to be the actual origin of the traffic.
It doesn't have to be the actual origin for it to be useful—unless the software is specifically designed to avoid traces (i.e., Tor), there are often logs that will lead you to another IP address, which might lead you to another, which might eventually lead you to the source. It would be foolhardy for police investigating a bomb threat to not at least ask, given how many people they do in fact catch this way.
> It's like raiding the home of the mail carrier because someone got drugs in the mail.
No, in the case of OP it's like subpoenaing the local post office and asking for everything they know about where that package came from. Which is, incidentally, quite common, except that in the US the post office is a government entity that doesn't need to be subpoenaed because it has its own law enforcement agency that should have jurisdiction over the case.
The end goal is probably to get you to do what you did, which is shut down the exit node. If they make it painful to run a Tor exit node, they make Tor harder to use.
Exactly. Which is not as obviously an unethical approach as some here would think—if you are standing between law enforcement and a bomb threat, "I'm intentionally ignorant of the activities of the people that I'm shielding" is a morally dubious place to stand. The law allows law enforcement to subpoena records related to an investigation like this, and I honestly think it's fair to force Tor exit node operators to handle those subpoenas every time, even if the answer is always the same.
To have some sort of automated process in place to deflect blame allows an exit node operator to ignore the real damage their work can do. They may still decide that the good that they're doing outweighs the bad, but forcing them to see the negative consequences of shielding anyone who wants a shield has value.
Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?
I'm not suggesting people shouldn't be able to run a Tor exit node. I'm suggesting that people who run Tor exit nodes should occasionally have to a deal with a subpoena that says "your exit node was used by a criminal to hurt people in ${these ways} and we require any information you have to help apprehend the attacker."
I don't want to deprive anyone of the right to make a moral decision, but I do want them to feel the weight of the full import of that decision.
> Your right to knowingly run a service that is used by people to kill other people while never having to interact with the consequences of that decision?
Can you name a product or service for which this is not the case? Militaries use general purpose software to design weapons. Murderers use vehicles and transit systems. We don't expect the government to harass the makers of cutlery because they provided a product used in a mugging.
I think that any creator of any tool should be faced on a regular basis with the harm that that tool causes and have to make the call on a regular basis if it's still worth it.
So steel workers should get a subpoena they have no effective means to respond to on a regular basis because steel is used to make all manner of weapons and machinery that gets used by bad actors?
I'm honestly not sure what distinction you're trying to draw between them. Clearly any ordinary product can be used for nefarious purposes.
The distinction some people try to draw is when a higher proportion of a product's users are nefarious, but that doesn't really work either because who uses something can change over time.
If you have a society where nobody has window blinds or locks on their doors because it's a rural area and there is no one around to invade your privacy then locks will be disproportionately used by neerdowells "with something to hide", and then busybodies will claim that anyone with nothing to hide shouldn't be concealing their private spaces and anyone selling or using any privacy technology should be pressured to stop. Which sustains the status quo through external pressure even if someone does start invading everyone's privacy.
And that's what's been happening on the internet. Surveillance is the default, Cloudflare et al block Tor users as a matter of course and that drives normal people from Tor and similar technologies even though they would otherwise benefit from its use. People are told that it's the dark web where there are criminals and they shouldn't use it -- it being Tor Browser, the thing that keeps ad networks from tracking them across the internet.
Then after dispersing the normal users who would otherwise benefit from using it, people say that it has a lot of nefarious users to justify the continued harassment of anyone who does. But that's just path dependence, and there are parties interested in leading us down the garden path to mass surveillance.
I believe you are right. I have heard OP's argument many times before, it is almost akin to the "you only need privacy if you have something to hide" and whatnot; same kind of mentality.
Everything could be used for nefarious purposes, and I do not think that is why we should "stop having nice things".
By their logic, we should get rid of encryption, too, completely.
You apparently read what you thought I was going to say and not what I actually wrote. This does not even begin to approach an accurate assessment of what I said or meant.
I'm saying that too many people in this forum are too comfortable completely ignoring the harm that Tor causes, and in order to make a good judgement call about whether to run an exit node the harms need to be surfaced. Full stop.
Everything else that you and others in this thread read into my comment is on you, not me.
Tor does not inherently cause harm, though. Similarly to how E2EE does not cause harm, nor do platforms (or programs) where you are allowed to exchange messages. Do you agree with the first statement or not? If not, what are the differences between Tor and IM software with E2EE?
> If not, what are the differences between Tor and IM software with E2EE?
I would never run an IM software with e2e encryption either, for the same reason. I don't want to be paying to move data that is being used to hurt people, no matter how many people I'd be benefiting in the process.
If other people come to a different decision that's entirely reasonable as long as they're cognizant of the harms caused and not in denial.
> not sure what distinction you're trying to draw between them
Cost versus benefit. Steel has massive, obvious benefits. That makes its costs worth it. On the other hand, several toxic compounds have no known benefits and are tighty regulated.
You're trying to argue Tor's costs are worth its benefits. But that requires being clear-eyed about both. You can't build buildings and spaceships out of Tor. But neither can you fashion it into a gun. Unless you're arguing for solely action-based regulation, never access-based, which is its own idiotic can of worms.
You are talking into a void following this line of reasoning. There is no logical consistency in the context of a state and all the myriad of terms and concepts in its wake. That's by design and everyone that's brought up under it from a young age is taught to embrace that, as a feature. Your words are foreign invaders and every core of these smart people's beings will fight you with their ridiculously smart and well trained antibodies.
Not trying to single out the person you're responding to, but I've seen this play out many times and engaged in it previously to no effect.
You've questioned existence of such "bad policy". I pointed out that there are such policies. I neither supported nor opposed them.
I won't be surprised if there were something in US criminal code with supreme court precedents that specifically dictate the government harass in timely manners the makers of cutlery used in a mugging. There _are_ always laws. _Everything_ is regulated. Most of those regulations are reasonable.
Tor exit nodes don't have any information to identify the end user. They don't know who it is, so there is nothing to subpoena or turn over. Subjecting low-resource entities to a known-futile legal process is a form of harassment.
Exactly: They intentionally built their transit system without cameras. Who benefits from that, except criminals? Oh yeah, sure: North Korean dissidents, Saudi LGBTQ people, etc, etc.
Yes, quite noble. But: How many of those are there using it, and how many criminals? It's mind-boggling how people so adamantly insist on seeing this only as black-and-white, and refuse to admit that there even exists something to weigh against each other.
It's not known-futile. A misconfigured Tor node could be storing all sorts of useful traffic data. Besides, there's also the possibility that the exit node operator themselves could be the actor; since the trail stops at them, they're under suspicion.
If it is moral for the US government to create Tor, it is moral to use it. Sure, it may be it’s a tragedy of the commons, but there’s no individual moral accountability or responsibility for those running Tor because of things other people do or don’t do on it. That’s outside anyone’s ability to control anyway.
> I suppose my issue stems from my perception of the seemingly lack of serious investigation on their law enforcement side.
That's my experience too from actually having my house raided. I had two kids in bed at the time, and the police didn't even know to expect kids in the house (both kids were over 11 years old, had birth certificates, had lived in that house all their lives and attend local schools and are darn fine students).
They didn't know. It's mind boggling to me that they could get a raid warrant without having done even the most basic (below even basic) investigation.
My opinion of police investigative competence took a 99% hit as a result.
The raid no doubt was carried out by the police. They just what they are told to do by an organisation that is higher up. No one will get reasons. Maybe the chief of police. But only a limited amount so he can claim plausible deniability.
The dirty people behind all this are in the way they run the investigations. And what way is that ? Well it’s the “organised crime investigations”. The Netherlands pushed the RIEC way of working here to Germany and Belgium. Look it up. Euriec.
The whole way of working is to do dirty tricks in an unaccountable way.
I don’t know. Could you imagine if you were in charge of investigating something like this and you _didnt_ check one of the computers involved just because the guy who owned the computer claimed it doesn’t have anything useful on it?
There could be logging bugs in Tor that you were unaware of, or the owner could be using Tor as a cover. It would be negligent _not_ to at least check the device logs for anything useful.
By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.
The truth is that police investigations normally are restrained based on the disruption that they cause the public. Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.
They want to punish operators because the authorities are frustrated by the effectiveness of these technologies in countering the pervasive surveillance environment which the authorities take for granted.
> Police deviate from standard operating procedure when it comes to TOR exit node operators because they want to punish and intimidate them.
Citation needed. ISPs have entire departments dedicated to cooperating with law enforcement. Comcast has a whole portal with its own subdomain specifically for handling requests from law enforcement [0]. Cox has a page detailing exactly how to send them a subpoena [1]. These guys are clearly dealing with subpoenas just like the ones OP is describing all the time.
It only seems out of the ordinary this time because it's a random person who decided to play middle-man instead of an enormous corporation with a massive legal department.
> By that logic why not also seize and do forensics on all the ISP's routers too then, just in case? After all, the ISP could be secretly in on the criminal plot, and how could you know without imaging every hard-drive in the data center? It would be negligent not to.
Implying that they don’t have the capability to do this already and/or alternative means to accomplish the same thing.
> Room 641A is a telecommunication interception facility operated by AT&T for the U.S. National Security Agency, as part of its warrantless surveillance program as authorized by the Patriot Act. The facility commenced operations in 2003 and its purpose was publicly revealed by AT&T technician Mark Klein in 2006.
I think that's what the person you replied to was saying. The purpose of the "system" of law enforcement is not what they say it is (to try and gather evidence from the server), but rather is what the system does (get people to shut down exit nodes because of the hassle).
> Seriously, all they had to do was plug my IP into a browser or do a simple scan of it but I suppose that's asking too much from LE lol.
I mean, yes, I'm pretty sure "just take my word for it" is asking too much of LE.
We can always say "Come back with a warrant" but then sometimes they'll come back with a warrant.
> They should know what Tor is and know that any Tor server contains ZERO info
Unless, of course, one has misconfigured it... Which could be the case. Definitely the kind of thing LEO can figure out on the other side of a seize-and-strip of the hardware. Unfortunately, I think the only way to not be a part of the story here is to not be a part of the story here... Don't proxy anonymous traffic if you don't want law enforcement asking after the anonymous traffic you proxied. Otherwise, expect the responsibility imposed upon a service provider (since you're providing a service).
Other ISPs avoid this scrutiny by going out of their way to be helpful to law enforcement.
There is no way for police to know if the traffic came through tor, or was initiated by the owner of computer/server. It seems reasonable that the police have the right to investigate. If not, anyone could run a tor node to cover up their own criminal activities. Even if you did have logs suggesting it was tor activity, should we trust someone’s claim that the logs are proof that it was someone else?
It would in fact be negligent if the police did not properly investigate the server/computer/house of the device.
Yes, but they should be able to investigate without placing an undue burden on exit node operators (or regular people with a compromised device that was used as a proxy). Unfortunately it's hard not to be cynical and assume that these kinds of overreactions (and worse) are going to continue. But in my opinion, any society where policing is convenient for the police is a horrible place to live. (Is it really such a radical concept that law enforcement should be focused on protecting the innocent, not punishing the guilty?)
> but they should be able to investigate without placing an undue burden on exit node operators
Is the burden undue?
A Tor exit node operator has made the ethical judgment call that they're doing more good than harm. That might be a reasonable position to take, but I don't think it's unreasonable for us to expect an operator to face up to exactly what it is that they are doing. I'm fully on board with any bomb threats (as just one example) leading to a subpoena on the exit node operator who shielded the threat actor, even if the answer is the same every time.
Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.
I can think of very few cases where the possibility of your home being raided by heavily armed police officers, and your property seized, is appropriate if it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)
It is fair that running an exit node might be inconvenient, maybe even to the point where consulting a lawyer is advisable, but I think we should draw a hard line at direct threats to an innocent person's liberty, livelihood, and physical safety. That kind of fear is definitely an "undue burden".
Yes, I can agree that an armed raid or the threat thereof is definitely an undue burden.
> it's clear all you're doing is running software. (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)
I do not view software as amoral. It's a tool, and like any tool it is an extension of myself. Software that I run is acting on my behalf, and what my software is designed to do is something that I should be held morally accountable for.
I'm not sure when the hacker ethos came to mean that "just running software" absolved you from having to account for the damage your software causes, but if that's what the hacker ethos is about then yes, you can count me out.
My point was that running any kind of software should not come with a presumption of guilt. But in the eyes of the establishment, it often does; see: Aaron Swartz, or how pressing F12 might be illegal[0], or many other such cases. A "hacker" should not have any sympathy for this kind of draconian knee-jerking.
Where is the presumption of guilt? A threat of violence was traced to their IP and they were served a subpoena to provide information that might lead to finding the threat actor before they actually hurt anyone. No one even accused OP of a crime, much less presumed their guilt.
> (Side note: I'm surprised how often attitudes on this site are at odds with the "hacker" part of "Hacker News".)
When computing became predominantly online, hackers inherited a moral dimension: the need to consider whether they are doing harm to others via what they do with the shared global network.
It's a different story when you're cobbling scraps together in your basement, and it's a different story when you're primarily phone phreaking "the man," as it were.
> law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.
That's not what subpoenas are for, and it would be a really stupid waste of time and resources. If you really want to do that, just send them an email.
An email can be filtered, doing that with a subpoena would be... silly.
> a really stupid waste of time and resources
Subpoenas are used all the time in cases where they're not expected to be inherently useful for acquiring information. If law enforcement is going to take 10x as long to find the perp because you hid them, I don't see a problem with them sharing that burden with you a bit—there are externalities here that should be internalized.
> A Tor exit node operator has made the ethical judgment call that they're doing more good than harm.
They are. Absolutely. It's not really a question.
> Making the decision that you're doing more good than harm requires you to fully understand the harm that you're justifying, and law enforcement subpoenaing you every single time is one way to make it very clear what it is that you're choosing.
The danger is that the Government could just make all this up to specifically target nodes they do not control.
The exit nodes have been known to be the weakest part of the tor design. It has been a logical theory for a while that all exit nodes are visible to the U.S. Govt.
This is just one way they can leave a system like Tor up for their uses and also make sure anything domestically is fully visible to them.
What about timing attacks though, things like governments controlling things coming and going into routers and the internet as a whole?
Surely that's worse than the exit nodes?
The way I see it, the right approach is some kind of continuous communication where messages end up in fixed slots, where if no message would have gone, there'd have been a randomly generated message.
> we should be expecting follow-up from a human being tasked with enforcing the law, right?
That's very nice but until tor exit nodes are illegal, such police action is purely a harassment effort, right?
One thing that struck me, years ago, is that the people running these actions (recipient of a death threat or police) are far more concerned with the fact that "someone enabled this", rather than the fact that someone was angry enough at them to issue a death threat. They had no visible concern about that wannabe murderer, apparently spending no effort trying to identify THEM. They just wanted retribution against the exit node operator. It was totally doing something for the sake of doing something, zero concern about solving any root problem. They had seemingly zero concern that their safety was a risk (I mean, from eventual action stronger than a death threat.)
They also had zero awareness that anonymous email had allowed this ennemy to be revealed before any physical violence.
Yes the IP was just a DO vps I setup to be a Tor exit.
That's why they requested my personal account information, billing info, IPs that I logged into DO with, all of that.
If not interrupted by me getting the help of the amazing EFF lawyers, the next step after getting my personal information, could have been to raid my home and seize all my electronics. I work from home and would have been greatly disrupted and not been able to work without my computers and etc. Then I'd have to wait months/years to be found innocent and then get all of my electronics back + spend thousands on lawyers.
During all of this, the EFF lawyers straight up told me to prepare my home as if it were to be raided and encrypt all my devices.
In jurisdictions whose ISP laws I'm familiar with, ISPs have a special protection granted: they don't get raided because they're seen as an infrastructure provider, but only as long as they can point to a customer responsible for some given traffic when served a court order.
I was going to run an exit node when I first learned about Tor, but realized that the cool positive use cases I was imagining it would help with could be effectively done in other ways. In some cases those other ways might not be as easy, but there would be enough resources available to the people involved to get the job done.
It seemed likely that it would be the horrible use cases it would benefit the most.
Balancing an increase in the efficiency of doing good things that could already by done other ways against greatly benefiting horrible use cases made it so that I could not morally justify it.
> though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target
There is room for a middle ground that will make nobody happy: a safe harbor for exit-node operators who (a) blacklist (or actively report) connections to a set of IPs and (b) maintain some semblance of logs and provide them when served with a warrant.
The case for the operator is it lets them help show that the offending traffic came from TOR. Presumably, it should also assist law enforcement to some degree. And I don't think someone having e.g. 60 days' exit logs materially damages TOR's privacy.
What kind of useful logs could an exit operator collect? The whole point of TOR is that the destination doesn't get any meaningful information about the source.
Just because most stuff is botspam, that doesn't mean it's not worth it for the occasional Snowden or Panama Papers - those would have been next to impossible to safely execute without Tor.
Makes sense that's where the bulk of the volume is, not much different from the internet at large. Freedom fighters and oppressed journalists are exceedingly rare, but they do use Tor.
At the end of the day, lawyers are human too, with lives and families.
They would know the full extent of the inconveniences regarding home raids and device seizures for long periods of time. This would disrupt their lives, work, and probably affect their ability to serve their clients’ legal troubles.
At the very least, I’m thankful for the efforts of the EFF and others that do know the law and help. But I’d imagine there’s a good case for separations of concerns here. Stay out of the legal troubles yourself so you can help others that do get caught up in it. One degree away.
> The 1st [subpoena] was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
...
> I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.
This really doesn't strike you as cognitive dissonance? I mean, yes, I get it, it's easy to construct a scenario where you're "helping people". But you're also "helping" people engage in terrorism and identity theft in exactly the same way.
Surely that deserves at least a little thought and moral calculus, no? You're not making a first principles argument about fundamental rights or anything, you're saying you run exits because it's "helping". Well, shouldn't it help more than it hurts?
Doesn't running a post office help people communicate coded messages about nefarious things? Doesn't running a telephone network help people do the same? What about cellular hardware providers and maintainers?
> Doesn't running a telephone network help people do the same?
They do, but they are not only share the metadata with law enforcement, but also let them wiretap. (Often they require a warrant for this, but that is not a hard burden for a LEO.) And this capability is not some aftertought, but deeply integrated into their tech stack.
Tor isn't a post office or telephone network. We have post offices and telephone networks. Tor also isn't a replacement for a web browser or internet, we have those too.
Tor's feature isn't "communication" in the abstract, it's anonymity. And yes, that can be used for good or for evil. But the upthread comment was saying how nice it was to run an exit node because it was "helping people". And to the extent that's true, I think correct thinking demands you also account for the harm.
And let's be clear: Tor is definitely harmful. Almost all Tor traffic is some degree of nefarious. The tiny handful of dissidents are drowned in a sea of phishing and contraband.
You don't need tor for terrorism or identity theft, and it probably isn't widely used in those circles. There are easier ways. But plenty of people use tor to avoid what amount to terrorist govenments and regimes.
I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.
The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.
Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).
The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.
Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.
I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.