Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Raided For Running a Tor Exit Node

Soulskill posted about a year and a half ago | from the internet-over-tor-is-a-series-of-tubers dept.

Censorship 325

An anonymous reader writes "A Tor Exit node owner is being prosecuted in Austria. As part of the prosecution, all of his electronics have been held by the authorities, including over 20 computers, his cell phone and hard disks. 'During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.' This brings up the question: What backup plan, if any, should the average nerd have for something like this?"

cancel ×

325 comments

Store your data someplace else (5, Funny)

bobstreo (1320787) | about a year and a half ago | (#42142127)

Cloud storage, and make the exit node a leech off your neighbors wifi.

Re:Store your data someplace else (-1, Offtopic)

bigjocker (113512) | about a year and a half ago | (#42142147)

LOL

Re:Store your data someplace else (3, Insightful)

buchner.johannes (1139593) | about a year and a half ago | (#42142239)

You suggest pumping 30 terabytes of data per day through your neighbors wifi?

Re:Store your data someplace else (5, Funny)

Zemran (3101) | about a year and a half ago | (#42142269)

Sounds good to me :-)

Re:Store your data someplace else (1)

Anonymous Coward | about a year and a half ago | (#42142807)

I wish I had thought of that before the persecution started. I really hate my neighbors.

Re:Store your data someplace else (1)

Opportunist (166417) | about a year and a half ago | (#42142779)

At least it will pump less spam.

What? If he cannot secure his WiFi, chances are his computers are just as insecure and been used as spamsluggers for ages.

Re:Store your data someplace else (-1, Troll)

Shoten (260439) | about a year and a half ago | (#42142999)

He wasn't storing the data in question...do you even know what TOR is? Did you even read the article?

Backup Plan (5, Insightful)

Sigvatr (1207234) | about a year and a half ago | (#42142129)

Lots of money.

There is no preparation for this. (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42142131)

Look at Kim Dotcom.

Be prepared for the concequences (5, Informative)

xtal (49134) | about a year and a half ago | (#42142149)

If you're running Tor, or FreeNet, or anything else with the possibility of pissing off the man - be prepared for the concequences. The authorities repsonse here is pretty standard across the board.

Any Freenet nodes get raided? That's a good test for how secure the system is.

Re:Be prepared for the concequences (4, Interesting)

SuricouRaven (1897204) | about a year and a half ago | (#42142201)

Freenet should be safe, as it has no gateway functionality to the wider internet. It's self-contained.

Re:Be prepared for the concequences (1)

Anonymous Coward | about a year and a half ago | (#42142915)

They would just arrest any Freenode users for whom they connected since 'illegal materials' were obviously in the possession of those passing them and since possession is a strict liability it doesn't matter if they didn't know.

ISPs as well? (5, Insightful)

grahamm (8844) | about a year and a half ago | (#42142153)

If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.

Re:ISPs as well? (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42142283)

Just like the mail service can be held responsible if they deliver a package with drugs in it? It's basically the same thing as bringing a bag full of drugs that a stranger gave you while on holidays... right?
No.
Common Carrier vs Doing a Favour for a Stranger.
Totally different.

Re:ISPs as well? (3, Interesting)

ZombieBraintrust (1685608) | about a year and a half ago | (#42142535)

ISP will work with law enforcement to identify the person who sent the packet. That is why they are not prosecuted. The Tor exit node operator can not do that. The tech is designed to prevent it.

Re:ISPs as well? (3, Funny)

hduff (570443) | about a year and a half ago | (#42142743)

ISP will work with law enforcement to identify the person who sent the packet. That is why they are not prosecuted. The Tor exit node operator can not do that. The tech is designed to prevent it.

Well then, the Tor exit node operator can cooperate fully.

Re:ISPs as well? (1)

Anonymous Coward | about a year and a half ago | (#42142301)

It boils down to whom has the bigger legal team. AT&T can say that a user on their network downloading something they shouldn't is that user's fault, not AT&T's.

With the decisions made in court that an IP address == that person, even someone with an open wireless AP can be held criminally responsible for traffic, and that is because there is a big difference between a business and a personal Internet connection in the eyes of the law.

I knew this was going to happen in the days of anonymous remailers, then Tor Exit nodes. It is only a matter of time before people started getting raided, perhaps as part of a false flag operation.

The solution? The exit node uses an encrypted offshore proxy in a country not buddy-buddy in the location where the node is physically located. This is tougher than it sounds because most PPTP proxies, if disconnected, will automatically shunt over to the local Internet connection. Of course, one can have a router block all outgoing packets unless they go through the IP and proxy port.

Re:ISPs as well? (1)

Anonymous Coward | about a year and a half ago | (#42142879)

It boils down to whom has the bigger legal team.

Yes, time for some Grammar Nazi. But I will try to be constructive and not just say "that's wrong!"

The linking verb "has" puts the relative pronoun in the subjective case. They are the "who" who is "having something". The subjective case of that word is "who"; the objective case is "whom".

This is not like "for whom the bell tolls", where the subject is left unspecified (the one tolling the bell) but the object is for whom it tolls.

Still, congratulations for even knowing that there is such a word as "whom". The American public schools are producing students with no real grasp of grammar. That's terrible considering that most Americans only know a single language. The media does not help either. All newspapers and broadcasts are deliberately written to target about a fifth-grade reading level, dumbing everything down. Intelligence and higher forms of expression are not generally celebrated in our society.

Re:ISPs as well? (3, Interesting)

TheRealMindChild (743925) | about a year and a half ago | (#42142317)

No. Your ISP probably does little more than route traffic properly to the next router. A TOR exit node is an actual entity distributing data to others. A good analogy would be, your ISP is a self checkout line, and the TOR exit node is a physical employee walking the transaction through to completion. One is dumb, one is not

Re:ISPs as well? (2)

KiloByte (825081) | about a year and a half ago | (#42142393)

How come? An ISP router shuffles packets from one layer 1/2 protocol to another (ATM, Ethernet, ...), completely changing their encapsulation but not affecting the actual content. A TOR node shuffles packets from an encapsulated form to another, not affecting the content. What's the difference?

Re:ISPs as well? (5, Insightful)

tilante (2547392) | about a year and a half ago | (#42142791)

Well, here's a couple of differences....

Your ISP has an acceptable use policy that you are required to agree to in order to get service from them, which most likely states that you're not allowed to do anything illegal, and that if you do use their network to do something illegal, you agree that you are wholly responsible for it. It also keeps records, so that it can cooperate with the authorities in tracking down people who are using their network for illegal purposes.

A Tor operator, on the other hand, by design does not know who is using their connection, and thus, cannot enforce that their users must agree to any policy. Further, and again by design, a Tor node does not keep any records that can be used to help authorities track down people using that connection for illegal purposes.

Much of the law operates on the basis of what a 'reasonable person' would understand. A reasonable person would understand that, given their policies and practices, a typical ISP is not attempting to shield people performing illegal activities. On the other hand, a reasonable person who knows what a Tor exit node is and sets one up should understand that there is a high chance that there will be illegal activities being funneled through their node.

So, from a legal point of view, there's a big difference. Now, ethics and morals... those are different things. But honestly, if you're not willing to go to jail to defend the principle that people should be able to anonymously use the Internet, then maybe operating a Tor exit node isn't something you should be doing.

Re:ISPs as well? (1)

X.25 (255792) | about a year and a half ago | (#42142777)

No. Your ISP probably does little more than route traffic properly to the next router. A TOR exit node is an actual entity distributing data to others. A good analogy would be, your ISP is a self checkout line, and the TOR exit node is a physical employee walking the transaction through to completion. One is dumb, one is not

Hahaha.

Wow, I haven't read something this bad in a long time.

Re:ISPs as well? (3, Insightful)

buchner.johannes (1139593) | about a year and a half ago | (#42142397)

For the police it is pretty clear that an ISP almost exclusively forwards traffic, so it makes sense to contact them to get connection details for specific illegal activities. There is no way to know from the outside whether a home line is used by a person or is forwarding someone elses requests like Tor (rare). So you have to hold that person, in the first step, accountable for the traffic that comes from his place.

Then in the process of the allegations, you can show plausible deniability, e.g. you are well-known to run a Tor exit node / participate in the Tor community, and the raid did not turn up any illegal material stored on your drives.

While it is extremely annoying to the guy, I do understand the taken measures (except perhaps the power-cord ripping). It really depends on the judge now though, hopefully they don't decide something silly. The question is really whether it is your responsibility to check each forwarded request (ISPs must not read content, or store anything beyond what is needed for forwarding and billing), and whether you may allow anonymous forwarding (ISPs don't I believe, not sure what the law says there).

Re:ISPs as well? (4, Interesting)

buchner.johannes (1139593) | about a year and a half ago | (#42142919)

I just read up the law (TKG, should be similar to the European law). I learned two things

  - Anyone can become a ISP/telecom. You have to register, but the gov doesn't stop you.
  - Participants have the right to taken into records (written or electronic, to be made available to other ISPs/telecoms+gov) of each participant: Family name, name, academic title, address, ID, and, if the participant wants, occupation. (18 p1-1, 69 p3)
      But apparently, this is only a right of the participants, so it does not say anywhere that you are not allowed to provide anonymous services. In fact, participants have the right to have their records deleted too.

Solution: Register your Tor exit node as a communication service. If records are requested, say that your participants all don't want their records stored.
Caveat: You have to provide your services to anyone, and people who insist on having their names stored have a right on that. Why anyone would want to use Tor and be identified is beyond me though.
Finally, you may have to comply with data retention laws, i.e. store connection data (not records) for 6 months. Since nobody will be able to use this data anyways, with Tor nodes overseas, that's not a killer.

Safe Harbor Only For Telecoms And ISPs (2, Informative)

Anonymous Coward | about a year and a half ago | (#42142479)

If a TOR exit node can be prosecuted for traffic passing through it, should the ISP and backbone router owners not also be held responsible for traffic passing through their nodes? If the ISP and network operators are not held responsible then neither should the TOR node owner.

Your ISP has a legally established "safe harbor" exclusion. In the U.S. you establish yourself as an ISP when you register your company with the FCC as a telecommunications provider/ISP.

Individuals running TOR exit nodes enjoy no similar protections and will be prosecuted to the fullest extent of the law. Those that are not prosecuted for the illegal act itself will be prosecuted for facilitating/aiding and abetting the criminal activity.

Hmm... (1)

Anonymous Coward | about a year and a half ago | (#42142157)

Ummm, don't run an exit Tor node if you aren't prepared to be sued for distributing child porn?

Don't run an exit node. (3, Insightful)

Hatta (162192) | about a year and a half ago | (#42142161)

Run a dark net.

Re:Don't run an exit node. (1)

fustakrakich (1673220) | about a year and a half ago | (#42142335)

A 'dark net' is very easy to shutdown. If a protocol is not white listed by the authorities, any packets that are using it will be dropped. Until the internet becomes peer to peer over a mesh network, there is no hope.

Re:Don't run an exit node. (1)

Hatta (162192) | about a year and a half ago | (#42142723)

Sure, if you're somewhere where encryption is actually prohibited. We're not there yet. And still, there are workarounds. You can encapsulate encrypted data in HTTP.

Re:Don't run an exit node. (4, Interesting)

Ceriel Nosforit (682174) | about a year and a half ago | (#42142749)

A mesh network isn't far away. Wireless APs are becoming redundant in homes so with a bit of community spirit and recycling you can establish a darknet like that. That community spirit is most easily found in hackerspaces and the Pirate Party, and since the latter type has the ability to support the former type you can get the message into people's homes without coming off as a lunatic fringe.

A lot of people don't understand why you want to build this and assume it's for child porn. I have learned that the appropriate response to crap isn't logic nor debate since it is just lazy rhetoric, but instead instant anger or suggesting 'that's what you'd use it for, isn't it'. Then assuming an air of accepting their apology you can move on with the issue. - As a partisan you should never for any reason permit discussion of child porn in what is a discussion about freedom online. Even throwing a tantrum is much more constructive.

So quit whining and start advocating!

Re:Don't run an exit node. (1)

X0563511 (793323) | about a year and a half ago | (#42142833)

So, what stops one from encapsulating the darknet traffic within a whitelisted protocol such as HTTPS?

The backup plan. (5, Funny)

NettiWelho (1147351) | about a year and a half ago | (#42142177)

"What backup plan, if any, should the average nerd have for something like this?"

Select a new exit node, duh.

dont run a tor node (0)

Anonymous Coward | about a year and a half ago | (#42142179)

Dude,
You know a lot of bad stuff could be traded through the Tor network (child porn,terrorism anyone ?).
You also know a lot of stupid people are lobbying any gov against anything remotely related to the children or ben laden.
it is to be expected that people running exit node could face charges if something bad go through their pipe.

be smart and stop your Tor node unless you want to be a freedom martyr.

Re:dont run a tor node (1)

lister king of smeg (2481612) | about a year and a half ago | (#42142347)

yes and all of that same stuff can be traded o the open internet securely via ssl ssh pgp and other encryption schemes.

Re:dont run a tor node (2)

tylikcat (1578365) | about a year and a half ago | (#42142703)

You say freedom martyr like that's a bad thing.

My co-resident at the zendo at which I reside and I have been discussing setting up a Tor exit node for a while. The arguments against, are obvious - last I checked the general recommendation was to lease a server at a facillity that was set up for the likely eventual legal problems. But we're both fairly squeaky clean, and would be happy to talk at length about why we feel this is important. (And are in situations where spending time in jail, while not fun, wouldn't ruin us. Or would ruin us less quickly than most, anyway.)

And good friends who are lawyers in the right specialties.

I guess the argument really is that someone has to stand up for freedom. And frankly, some people have more wherewithal than others to do so. ...but it might be hard on the zendo. And so we haven't, yet.

Don't run a TOR exit node? (3, Insightful)

h4rr4r (612664) | about a year and a half ago | (#42142193)

I think not running TOR is about all you can do.

Of course if this is something they can prosecute you for, can they also prosecute your ISP as well?

Re:Don't run a TOR exit node? (2)

shentino (1139071) | about a year and a half ago | (#42142259)

Selective prosecution is pretty handy.

Filters on Exit Node (0)

ZombieBraintrust (1685608) | about a year and a half ago | (#42142449)

You could place filtering tech on the exit node.

Re:Don't run a TOR exit node? (0)

Anonymous Coward | about a year and a half ago | (#42142773)

I think not running TOR is about all you can do.

Of course if this is something they can prosecute you for, can they also prosecute your ISP as well?

Which of you has lobbyists? Which of you has well-paid lawyers.

thermite (4, Funny)

WillgasM (1646719) | about a year and a half ago | (#42142205)

You mean to tell me you guys don't have your cases rigged with thermite?

Re:thermite (1)

Anonymous Coward | about a year and a half ago | (#42142289)

It really isn't that difficult. Aluminum powder (aluminum foil in the blender works nicely) and iron oxide (rust) with a catalyst and a trigger for the reaction. Creates some nicely melted iron. Use a bucket with water and sand underneath to catch the liquid metal and you're good to go. It was always my favorite experiment in my high school chemistry class.

Re:thermite (1)

Anonymous Coward | about a year and a half ago | (#42142333)

Or just use magnesium ribbon to get the reaction started http://www.thecatalyst.org/other/thermite/

Re:thermite (0)

Opportunist (166417) | about a year and a half ago | (#42142903)

Marine signal flares work pretty well too. And they're easy and legal to obtain while also being very easy to operate even by people without a chemistry background.

Re:thermite (0)

Anonymous Coward | about a year and a half ago | (#42142495)

I thought about something else. Wireless storage. Use it for everything sensitive (= everything except boot and SW). A disk enclosure communicating with the computers in the room/house using very short range wireless. Have it bricked into the wall, floor, or somewhere similar. Have a remote kill switch handy that shuts it down to be completely EM passive until further instructed. And, of course, don't tell anyone that you have something like this. Devices can be replaced, and they won't help the prosecutor any bit at all. Data is much more precious.

My Backup Plan (1)

TheSpoom (715771) | about a year and a half ago | (#42142207)

Not running a Tor exit node. Really, they could say that any participant of the Tor network could have been participating in distribution of illegal materials; running an exit node just lets them prove the exit node operator in particular was doing so.

Shipping analogy (4, Insightful)

LaminatorX (410794) | about a year and a half ago | (#42142211)

If you ship contraband via FedEx, is FedEx a criminal?

Re:Shipping analogy (1)

knarfling (735361) | about a year and a half ago | (#42142355)

That depends. Did you put the words, "Heroin inside. Handle with care." on the outside of the package? Did it still ship with those words on the box?

Re:Shipping analogy (2)

blueg3 (192743) | about a year and a half ago | (#42142385)

No, but the authorities are very familiar with what FedEx does and it's very visible. If you ran a local package-delivery service and the authorities found that big boxes of drugs keep managing to come from your facility, you can bet that they will show up, take some of your stuff, demand a bunch of records, and ask some very pointed questions. If you really know nothing about the drug cartels shipping product through your company, you'll probably be fine.

The same goes here, though laws very dramatically by country. If you run a Tor exit node, there's a distinct possibility that a lot of criminal activity will look like it came from your Internet connection. A lot of it you can't, in the end, be prosecuted for, because the laws generally require intent and there's no intent to commit criminal acts on your part. (Strict liability, conspiracy, etc. will make your life difficult, though.) But you should certainly expect to be investigated, at least. After all, the police shouldn't take you on your word that you were running a Tor exit node, and even when they verify that you are, they shouldn't just assume that if you're running an exit node, any criminal activity *must* have been through the exit node -- otherwise it would provide a perfect front for criminal activity.

Re:Shipping analogy (2)

Opportunist (166417) | about a year and a half ago | (#42142963)

Oh c'mon, Western Union has been used as a mule for money laundering in ID theft cases for ages now and they weren't even required to change their policies.

What it comes down to is whether you have enough money to stand up for yourself.

Re:Shipping analogy (4, Insightful)

squiggleslash (241428) | about a year and a half ago | (#42142403)

If FedEx actively advertises the fact that shipping via them prevents law enforcement from prying into what it is you're shipping, then... may be.

The problem with Tor is its advertised application. It's a network designed to prevent you from being snooped upon, but by and large the (work of mouth) advertising isn't "And this way Google will never be able to select ads that are of interest to you" or "You don't have to worry that your affair will be discovered by your spouse" (to use two extremes) but "The government will not be able to snoop on you!"

And while, yes, there are occasions that the government snoops on people maliciously and illegally, it remains the case, today, that the primary reason why the government snoops on people is, well, because they're enforcing laws. Joe Sheriff doesn't care that much about the fact you voted for Obama or believe Bradly Manning is being treated unfairly, but he sure as hell cares about people sending each other child pornography, or orders for illegal drugs, or even getting copyrighted movies without the permission of the copyright holders and not paying for them, or whatever.

And so you have idealistic nerds saying "I know, let's be the next Amnesty International and provide a way for dissidents to swap messages about how terrible the regimes are that they live under", and you get the idealistic nerds using it, because they know it's not going to work otherwise and, sure, maybe one or two of those dissidents using it, and a few paranoid rednecks who are convinced Obama will take their guns away if they talk about them in public.... and you also get a lot of people using this network that's secure against government snooping for doing the things that governments actually legitimately snoop on, you know, doing stuff illegally. Did I say "A lot of people"? Maybe most, I don't know. It would not exactly be surprising if most Tor users are actually using it for illegal stuff, even if the majority of those Tor users are using it for stuff nerds don't see as wrong, such as trading copyrighted movies without the permission of the copyright holder.

I don't think Tor can work as is. It's a nice, idealistic, concept, but...

Re:Shipping analogy (0)

Anonymous Coward | about a year and a half ago | (#42142729)

Actually, the vast majority of Tor traffic is perfectly legal in most countries (plain ordinary vanilla pornography, gay pornography, news about iran, facebook).

Re:Shipping analogy (2)

Mr. Slippery (47854) | about a year and a half ago | (#42142787)

It's a network designed to prevent you from being snooped upon, but by and large the (work of mouth) advertising isn't "And this way Google will never be able to select ads that are of interest to you" or "You don't have to worry that your affair will be discovered by your spouse" (to use two extremes) but "The government will not be able to snoop on you!"

The "word of mouth" I hear about Tor is that it's software originally developed by the U.S. government that can to help people in China and Syria and other totalitarian nations get net access without being snooped on. [torproject.org]

If it occasionally gets in the way of lazy-ass cops who'd rather not be bothered doing legwork to track down real crimes, too bad. We have a word for states where freedom is restricted in order to make things easier for police: a police state.

Re:Shipping analogy (1)

interkin3tic (1469267) | about a year and a half ago | (#42142465)

No, but that probably has more to do with FedEx's wealth vs a lowly human citizen's wealth than anything else.

Not the correct analogy (1)

aepervius (535155) | about a year and a half ago | (#42142503)

If you taker packet from somebody without knowing the packet content, hide it on your person or car, then bring it discretely to somebody else, are you a criminal ? In the juridiction I know of, yes you would be seen as a complice of the crime, imagine for example that you are raided while delivering the packet and it turns out it is cocaine, good luck trying to use a defense of "but I did not knew what was inside".

Re:Not the correct analogy (1)

X.25 (255792) | about a year and a half ago | (#42142937)

If you taker packet from somebody without knowing the packet content, hide it on your person or car, then bring it discretely to somebody else, are you a criminal ? In the juridiction I know of, yes you would be seen as a complice of the crime, imagine for example that you are raided while delivering the packet and it turns out it is cocaine, good luck trying to use a defense of "but I did not knew what was inside".

It would appear that mostly people that have no fucking idea how Tor works are trying to comment on it.

Brilliant.

Re:Shipping analogy (1)

schlachter (862210) | about a year and a half ago | (#42142555)

No because
1. The government needs FedEx and it's too big to fail
2. Because they have money and lobbyists.

Re:Shipping analogy (1)

emt377 (610337) | about a year and a half ago | (#42142843)

If you ship contraband via FedEx, is FedEx a criminal?

You have to provide ID to ship, and FedEx will x-ray or otherwise examine the package. If they see what looks like contraband they'll contact the appropriate law enforcement organization (ATF etc). If a TOR operator took similar precautions they'd likely avoid prosecution as well.

Never (2, Insightful)

Anonymous Coward | about a year and a half ago | (#42142215)

If you want real security, you should be using a network where the data never "exits" from the secure zone. And never let other people use your network blindly for their own purposes, until something like common carrier status is established for that sort of thing.

This was Austria. I can't imagine the FBI or any other local jurisdiction being that much friendlier. Even if the law is technically on your side, expect to have to lose everything defending your rights.

Re:Never (3, Interesting)

borcharc (56372) | about a year and a half ago | (#42142313)

They have a history of doing stuff like this in Austria (Germany also). I am now aware of this happening in the US, we have fairly clear laws on the subject. I have ran a 5 mb/sec exit node unmolested, without even one single abuse complaint for 10 years. Anyone who sees the obvious tor-exit hostname in their logs knows whats up, if they are still confused the exit node notice [torproject.org] should clear things up. The EU has been trying to get some reasonable laws passed but their broken economy steels the show.

Re:Never (0, Flamebait)

Anonymous Coward | about a year and a half ago | (#42142389)

Only an idiot can relate broken economy to this.

Re:Never (1)

Opportunist (166417) | about a year and a half ago | (#42142993)

Not necessarily. If people have more pressing things to worry about than freedom, it is fairly trivial to pass laws against it.

non-destructive backup plan (0)

Anonymous Coward | about a year and a half ago | (#42142223)

Not much you can do, I do not know the specs of the TOR network (not sure if communication from node to node is encrypted) but if you are running an exit node I would recommend building a linux box that has all of it's drives encrypted. Host the encryption key a USB stick that the machine requires at boot time. As soon as you hear "police open the door" destroy USB stick. This will only help you if you are at the machine when they perform the search warrant. Another possibility is that the key needs to be present at boot but can be removed. Chances are they will turn off the machine when they move it so when they boot it back up they won't have access to much.

That being said always nice to have a laptop in a safety deposit box under someone elses name that can generate a copy of key if needed.

Re:non-destructive backup plan (3, Insightful)

h4rr4r (612664) | about a year and a half ago | (#42142251)

They likely will not turn it off when they remove it. There are products just for that purpose.

Destruction of the USB stick would get you Obstruction of Justice charges.

Re:non-destructive backup plan (4, Insightful)

pipatron (966506) | about a year and a half ago | (#42142357)

The problem is not the exit node, no information of any value contains there, and nothing that can incriminate you will be on the exit node.

The problem is the complete raid of everything of value you own and depend on that had no part in the exit node, no matter what is stored on the machines. Likely keeping them for months, even years depending on how far they want to go with the case.

Exact opposite of what you should do (2)

ZombieBraintrust (1685608) | about a year and a half ago | (#42142667)

If raided by the policy you need to prove that your innocent of intentionally distributing porn. They will have enough evidence to prove that porn came from your network already. Destroying stuff hurts your case that it didn't start with you. Read the story. The policy became friendly after they checked all his stuff and didn't find anything illegal. He may be able to get his stuff back after paying a fine. If he had destroyed some stuff his chance of going to prison would have encreased dramatically.

Plausible Deniability (5, Insightful)

Maximum Prophet (716608) | about a year and a half ago | (#42142225)

It's hard for the average nerd, you either have to be so small and invisible that you can take off at a moment's notice, or maintain shell corporations that own all the stuff that might get taken. If you own a house, or have a family that you care about, fugetaboutit.

Define "average?" (3, Insightful)

Shoten (260439) | about a year and a half ago | (#42142227)

What backup plan, if any, should the average nerd have for something like this?

What average nerd runs a TOR exit node?

Re:Define "average?" (0)

Anonymous Coward | about a year and a half ago | (#42142337)

There are some nerds who insist running an exit node helps political dissidents in China/Iran/[firewalled country du jur]

Re:Define "average?" (1)

Shoten (260439) | about a year and a half ago | (#42142887)

Yeah, but if you RTFA, you'll see that he was pushing terabytes of data doing this. It's not a little thing, running an exit node. Yes, running one helps many people, some good, some bad. So what? It's still nowhere near something an "average" anything would do.

Re:Define "average?" (1)

lister king of smeg (2481612) | about a year and a half ago | (#42142409)

i would but i cant afford the bandwidth.

Wondered From Day One (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42142243)

I've wondered, from day one, why anyone would be crazy enough to run a TOR exit node. Why would you willing serve as the front man for someone else's unknown but likely illegal activity? It's just crazy.

Running an exit node is just begging to get arrested for child porn. I'm positively amazed that it doesn't happen a LOT more often.

Re:Wondered From Day One (1)

pipatron (966506) | about a year and a half ago | (#42142381)

Yeah, what crazy people would risk anything at all for a little freedom? Crazytalk. I better just shut up and keep updating my facebook status.

Re:Wondered From Day One (0)

Anonymous Coward | about a year and a half ago | (#42142417)

Probably the same reasons people like Ghandi stand up and risk themselves for others

Re:Wondered From Day One (1)

Anonymous Coward | about a year and a half ago | (#42142427)

Most illegal activity is probably done over hidden services.

average nerd? (0)

Anonymous Coward | about a year and a half ago | (#42142263)

This goes a bit beyond the daily use case for the "average" nerd. And what exactly do you mean by "backup plan": disaster recovery or bourne style go-bag?
If you are pissing off the man, passports to a country with no extradition would be a good idea.

Patriotic duty? (2)

hendrikboom (1001110) | about a year and a half ago | (#42142339)

If I were an American nerd, I could just argue that running the exit node is my patriotic duty. After all, the NSA wants there to be a lot of tor traffic so it can send its state secrets securely.

Ditch your computers and go outside (1)

Anonymous Coward | about a year and a half ago | (#42142395)

Here is your "backup" plan. Ditch all your computers never use the internet again because the people running the countries are retarded, insane, and looking for a good witch hunt.

It is a bad time in history to be a nerd.

Re:Ditch your computers and go outside (1)

Titan1080 (1328519) | about a year and a half ago | (#42142459)

It also would help to limit your online activities to 'legal only'.

With that logic (1)

Dishwasha (125561) | about a year and a half ago | (#42142411)

I guess they should arrest all pawn shop owners as they often facilitate the fencing of stolen goods.

Re:With that logic (1)

O('_')O_Bush (1162487) | about a year and a half ago | (#42142839)

What you mean is, "They should arrest pawn shop owners that facilitate fencing stolen goods", which they do, as they aren't arresting all owners of Tor exit nodes, just ones they can show are doing illegal things.

Dont Host a Tor node. Duhhh (-1)

Anonymous Coward | about a year and a half ago | (#42142423)

If you are dumb enough to host a tor node so other freaks can use your IP to surf for child porn, then you deserve to have all your computers taken.

FDE (0)

Sparticus789 (2625955) | about a year and a half ago | (#42142435)

My backup plan is to encrypt my Tor exit node with TrueCrypt FDE. Yes, it means I have to run Windows, since FDE support is not available for Linux yet. However, the FBI has not been able to defeat TrueCrypt [techworld.com] . They can say the traffic came from your internet connection, but they cannot prove that you viewed any of it.

Re:FDE (0)

Anonymous Coward | about a year and a half ago | (#42142557)

Yes, it means I have to run Windows, since FDE support is not available for Linux yet.

Have you tried LUKS [wikipedia.org] ?

Re:FDE (1)

gl4ss (559668) | about a year and a half ago | (#42142675)

My backup plan is to encrypt my Tor exit node with TrueCrypt FDE. Yes, it means I have to run Windows, since FDE support is not available for Linux yet. However, the FBI has not been able to defeat TrueCrypt [techworld.com] . They can say the traffic came from your internet connection, but they cannot prove that you viewed any of it.

that's not a backup plan. all that will do in a case like this seem that you did stash the illegal material on your own machine and drag the case on forever.

the real backup if any is keeping a log about every packet, so you can pass the blame.

Re:FDE (1)

Sparticus789 (2625955) | about a year and a half ago | (#42142977)

Of course, FDE only applies when used in a country with a 5th Amendment style of protection. And this assumes that law enforcement actually follows the law, which is not always the case. In some countries, it can be court ordered to hand over passwords. This would not work there.

Solution: run your Tor exit node in a country that has a 5th Amendment style of protection.

Re:FDE (1)

pipatron (966506) | about a year and a half ago | (#42142845)

  • Nothing is stored on the exit node, it's just pointless to encrypt it.
  • I've been running full disk encryption on my Linux systems for years, how to do it is standardized and doesn't need third-party products.

I actually have 2 plans (4, Funny)

slashmydots (2189826) | about a year and a half ago | (#42142441)

What backup plan, if any, should the average nerd have for something like this?

1. Don't run an exit node
2. if 1 fails, fly to Belize and live blog my evasion of the local police

maybe (-1, Troll)

Titan1080 (1328519) | about a year and a half ago | (#42142451)

Maybe the 'average nerd' should stop being a PEDOPHILE?!!

Don't expect to get your data back. (3, Insightful)

SuricouRaven (1897204) | about a year and a half ago | (#42142463)

Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure. The standard police procedure is 'if in doubt, take everything,' because it isn't practical to train frontline officers to work out what is and isn't potentially evidence. That's why they take cell phones and games consoles. That and, as the more cynical point out, the more miserable they can make the defendent the easier it is to force a plea bargin. So they'll take all your backups too.

You can forget about getting that back, too. Even if all charges are dropped. Law enforcement is well-known all around the world for their reluctance to return siezed evidence, espicially evidence that may one day go into police auction. Even if they are willing to return it, many areas have overwhelmed forensics staff and computers can sit in the locker for months before there is an expert available to poke around and declare them free of anything incriminating.

So if you do have reason to worry about being raided - eg, you run an open wireless hotspot or exit node - then a sensible precaution is to keep backups of critical data somewhere out of reach, like a cloud store hosted overseas, or drives left with trusted friends for safekeeping. Making sure, of course, that no-one else knows - you don't want them to get raided too!

Also beware of another police policy. It varies by country, and even by state and district, but many departments are loathe to let any accused off without charge or found not guilty - it makes them look incompetent, wrongly arresting someone. So they will likely resort to the 'throw the book' approach, going through the evidence looking for any other, unrelated crimes they can find. Sure, you may not have actually launched that attack or trafficked those illegal files they raided you for - but if, in the process of investigating, they discover you've been involved in piracy or find chat logs of you talking about your drunken vandalism or theft of office supplies, or something which would be otherwise borderline illegal, they will happily add more charges - insurance in case you were innocent of the original accusations, and to pile on more pressure for a plea bargin. Prosecutors love guilty pleas - much more reliable than actually having to prove something beyond reasonable doubt.

You can encrypt, of course. But that just makes you look even more suspicious, plus in most countries now it's either an explicit crime to withhold keys from police or considered a form of withholding evidence, either of which gets you jailed anyway. Even if you legally wriggle free from that, good luck getting a jury to see it as anything other than a sign you are trying to hide evidence of whatever terrible act you are accused of.

Re:Don't expect to get your data back. (1)

omnichad (1198475) | about a year and a half ago | (#42142911)

Traditional backup methods are good against media failure, or even natural disaster, but ineffective against seizure

Off-site backup is part of that.

The Simple Truth? (3, Insightful)

fallen1 (230220) | about a year and a half ago | (#42142475)

Simply tell the prosecution / judge - "I run a TOR exit node to help preserve freedoms on the internet, especially those of people oppressed in countries like Syria and other places. If you choose to prosecute me for running a TOR exit node which, by its stated purpose and nature, is encrypted and anonymous AND which I have no control of the data flowing through it then you must also prosecute EVERY internet service provider over which the same data flowed. I do not know now, nor have I ever known, exactly what data flows over the exit node. Just like ISPs do not know what data is flowing over their networks."

DO NOTHING ELSE. Even if it makes complete sense to you (keeping an encrypted backup of all your data and computer images off-site), the prosecution will do what they can to skew that to "Why did you keep encrypted backups off-site? What are you hiding?" Fuck 'em. Don't give them any ammunition in their fear-mongering quest to rule your life. Come away clean and then lawyer up and sue the police departments, all government levels* involved, and even the prosecutor. Your aim with the lawsuits is not to get paid, it is to get all your electronics back in a timely manner if they refuse to give them back once you are cleared. Of course, if they're being dicks about it then the object is to get your equipment back and get VERY large settlements.

*Not sure how the government levels are in Austria, but here in the United States we have city government, county government, then state, then federal. Depending on who is doing the prosecution, I would start my lawsuits with that level of government and work my way down. Same with the police forces involved.

"gaming consoles and other electronics" (1)

Anonymous Coward | about a year and a half ago | (#42142477)

OK, I know cops don't get paid much and that buying Christmas presents is hell but I had no idea it's this bad.

Not for the faint of heart (1)

mindcandy (1252124) | about a year and a half ago | (#42142493)

Lawyers, guns, and money.

well fuck me (1)

Anonymous Coward | about a year and a half ago | (#42142517)

I run a tor exit node, have open wifi, use free software, and host key parties because I believe in freedom. Also (and this is a common sentiment) running a tor exit node or open wifi gives plausible deniability if the **AA throw a lawsuit at you. The secret service have interviewed (not raided) me a couple times and they've advised me to disable my open wifi. But stories like this make me rethink my stance.

"Something like this?" (1)

QuietLagoon (813062) | about a year and a half ago | (#42142705)

What backup plan, if any, should the average nerd have for something like this?

That depends upon what you mean by "something like this?

.
Do you mean to imply that an "average nerd" fosters possible illegal activity?

Or do you mean to imply that having a Tor node is OK?

Austria has "precedents"? (0)

Anonymous Coward | about a year and a half ago | (#42142817)

After all I know, Austria is more like Germany in terms of laws. Which means, unlike in the US, there is no such thing as precedents.

Anyone from Austria here, who's better informed than Weber?

It's in the Legal FAQ (2, Informative)

Anonymous Coward | about a year and a half ago | (#42142835)

This situation isn't completely unheard of. It's happened a few times before. Raids by technically-clueless police forces are an occupational hazard for TOR exit node operators. It's happened in the US, too. However, this is interesting, as several very large TOR nodes are run in Austria in major datacenters. EDIS, UPC and Silver Server in particular host some well-known, stable ones. Best of luck to this guy. Has he contacted EFF Europe already?

If you host one, it should be clearly and completely separate from everything else (especially with a separate IP), it should ideally be unencrypted - all the information on there, after all, will only corroborate your defence - and it must not log.

Regardless of any risks or their probability or magnitude, we of the TOR project, and the many people whose lives are quite literally saved by TOR every day, salute you intrepid exit node maintainers. You are doing the right thing. Bravo.

https://www.torproject.org/eff/tor-legal-faq:—
Should I run an exit relay from my home?

No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection.

Instead, consider running your exit relay in a commercial facility that is supportive of Tor. Have a separate IP address for your exit relay, and don't route your own traffic through it.

Of course, you should avoid keeping any sensitive or personal information on the computer hosting your exit relay, and you never should use that machine for any illegal purpose.

DVD backups in a safebox and... (1)

The123king (2395060) | about a year and a half ago | (#42142909)

lots and lots of strong magnets to wipe the whole lot! Wipe all the evidence!

Average Nerd (0)

Anonymous Coward | about a year and a half ago | (#42142969)

The average Nerd is not running a Tor Exit Node. You know the possibilities when you do this, you better have a good lawyer and lots of money. Thats why I stay clear of it.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...