Fwd: [tor-talk] William was raided for running a Tor exit node. Please help if you can.

Mitar mmitar at gmail.com
Sun Dec 2 06:33:50 UTC 2012


Forwarding my answer to tor-talk list.


---------- Forwarded message ----------
From: Mitar <mmitar at gmail.com>
Date: Sat, Dec 1, 2012 at 12:29 AM
Subject: Re: [tor-talk] William was raided for running a Tor exit
node. Please help if you can.
To: tor-talk at lists.torproject.org
Cc: nanog at nanog.org


On Fri, Nov 30, 2012 at 2:09 PM, Naslund, Steve <SNaslund at medline.com> wrote:
> Remember, they did not raid the Tor exit node.  They raided the home of
> the guy running the Tor exit node.  Way different.

I can probably explain that. We were running a Tor exit node in
Slovenia (neighboring country of Austria, EU too). We had Tor exit
node on collocation at local ISP and the collocation was on friend's
name (not on some legal entity). Twice they came to his home in early
hours with warrant for all computer equipment he has at home. Once
because somebody was using Tor for blackmailing, the second time for
child pornography.

Why they came to his home? I believe the reason is simple: they have
IP, they write to ISP something like "Who is your client who had that
and that IP at that and that time?" ISP responds: "This is X Y, living
there and there and + some other personal information they have on who
this person is." Criminal investigators go to the judge and say "We
need a warrant for this and this person at this and this location."
They get one and they come to visit you in early morning hours.

In both cases he just had to explain that: 1) this IP is at
collocation and not at that location and 2) that it is a Tor exit node
and we do not keep any logs of activity through it.

1) tells makes their warrant invalid and you move from being a suspect
(they had in mind that you are using your own home connection to do
something illegal, this is the highest probability based on their
information) to a witness (you are server admin and it is higher
probability that some your user did something illegal).

2) tells them that even if you are a witness, you are worthless
witness: you do not have typical users and services, and you are not
even logging anything. For most services you are not really required
to log anything. Running Tor is not illegal. Having logs for it also
not required.

They left without taking anything and he hasn't heard from them
afterwards (this was few years ago). It might be because both cases
were international (Interpol) so for local investigators it was the
easiest to just write: it was Tor exit nodes, no logs possible to
obtain, case closed. And move on with their lives. If it would be some
local thing with a very motivated investigator they might not believe
him and would still confiscate equipment. But from a point when they
discover that their warrant is probably wrong they are on thin ice as
obviously IP was physically somewhere else.

It might be that in this case of a guy from Austria he didn't know
that it raid is for Tor node but he thought that it might be for
something else and just later on discovered that. Or that they simply
didn't listen to or believe him. Probably it depends on how you
communicate with investigators and your language skills.


More information about the NANOG mailing list