Hi! Forwarding my answer to tor-talk list. Mitar ---------- Forwarded message ---------- From: Mitar <mmitar@gmail.com> Date: Sat, Dec 1, 2012 at 12:29 AM Subject: Re: [tor-talk] William was raided for running a Tor exit node. Please help if you can. To: tor-talk@lists.torproject.org Cc: nanog@nanog.org Hi! On Fri, Nov 30, 2012 at 2:09 PM, Naslund, Steve <SNaslund@medline.com> wrote:
Remember, they did not raid the Tor exit node. They raided the home of the guy running the Tor exit node. Way different.
I can probably explain that. We were running a Tor exit node in Slovenia (neighboring country of Austria, EU too). We had Tor exit node on collocation at local ISP and the collocation was on friend's name (not on some legal entity). Twice they came to his home in early hours with warrant for all computer equipment he has at home. Once because somebody was using Tor for blackmailing, the second time for child pornography. Why they came to his home? I believe the reason is simple: they have IP, they write to ISP something like "Who is your client who had that and that IP at that and that time?" ISP responds: "This is X Y, living there and there and + some other personal information they have on who this person is." Criminal investigators go to the judge and say "We need a warrant for this and this person at this and this location." They get one and they come to visit you in early morning hours. In both cases he just had to explain that: 1) this IP is at collocation and not at that location and 2) that it is a Tor exit node and we do not keep any logs of activity through it. 1) tells makes their warrant invalid and you move from being a suspect (they had in mind that you are using your own home connection to do something illegal, this is the highest probability based on their information) to a witness (you are server admin and it is higher probability that some your user did something illegal). 2) tells them that even if you are a witness, you are worthless witness: you do not have typical users and services, and you are not even logging anything. For most services you are not really required to log anything. Running Tor is not illegal. Having logs for it also not required. They left without taking anything and he hasn't heard from them afterwards (this was few years ago). It might be because both cases were international (Interpol) so for local investigators it was the easiest to just write: it was Tor exit nodes, no logs possible to obtain, case closed. And move on with their lives. If it would be some local thing with a very motivated investigator they might not believe him and would still confiscate equipment. But from a point when they discover that their warrant is probably wrong they are on thin ice as obviously IP was physically somewhere else. It might be that in this case of a guy from Austria he didn't know that it raid is for Tor node but he thought that it might be for something else and just later on discovered that. Or that they simply didn't listen to or believe him. Probably it depends on how you communicate with investigators and your language skills. Mitar