Re: William was raided for running a Tor exit node. Please help if you can.

On 2012-11-30 13:51 , Joakim Aronius wrote:

* Will Hargrave (will@harg.net) wrote:

...

On 29 Nov 2012, at 20:53, George Herbert <george.herbert@gmail.com> wrote:

...

The assertion being made here, that it's somehow illegal (or immoral, or scary) for there to be not-completely-traceable internet access in the US, is absurd.

The real issue here is *not* the legality of the act of providing a Tor exit node, or an open access point, or anything else. In sensible countries that is perfectly legal. The problem here is the reality of undergoing a criminal investigation.

It could also be the case that they think the person running the Tor exit node is the actual perpetrator, i.e. its needed to seize all HW to get the kiddie pr0n. Is it even possible for a network sniffer to distinguish between Tor exit traffic and his own traffic?

Not easily, this as TCP connections originate from the box itself.

Hopefully he will get it all back but it will most liklely cost both time and money to explain Tor to the Austrian judical system.

According to http://raided4tor.cryto.net/ he at least got a full list of what was confiscated including the various weapons in his possession, that in combo with the owning of a safe deposit box (which was not searched) with amongst others cash is an interesting part in personal security IMHO though ;)

...

Think carefully about the impact of having everything in your life which runs an operating system taken away. Phones. Tablet. Laptop. Servers. All portable drives, data. If you rely on that hardware for your income (and who doesn't?) you're going to have to buy all of that again. And restore your data, if you are able.

Actually they did not take anything away that was really related to the what was detected. The IP that the connection to the (apparently monitored or owned by the $investigators) CP website came from was a rented server in Poland. He apparently was notified that that exit node was being used for abuse and thus 'closed it because of the hacking through it' (which really is not helping when you still run others and looks a lot like you have something to hide to me...) All the other servers he apparently runs in the US and Hong Kong etc are still up and running too. Thus the computer things confiscated where effectively unrelated to the IP that triggered them to look at it. On 2012-11-30 13:58 , Rich Kulawiec wrote:> On Thu, Nov 29, 2012 at 08:04:02AM -0500, Chris quoted (William):

...

Yes, it happened to me now as well - Yesterday i got raided for someone sharing child pornography over one of my Tor exits.

Question: what evidence has been published -- that is, placed somewhere that we can all see it -- that substantiates the claim that child porn traversed the node in question?

The moment you can see that it is real CP you have seen CP. Do not ask for that. There are special people who have legally signed documents and agreements that investigate this.

Followup question 1: if no such evidence has been produced, then why should we believe that it exists? Extraordinary claims require extraordinary proof.

What likely is the case, from what I understand, is that the server hosting the CP was being either monitored or operated by $investigators.

Followup question 2: if the goal is to identify and apprehend the perpetrators of child porn (and that's a good goal) then why would the police raid this operation?

Because they maybe think he originated it, see also the note above of closing the Tor exit that (allegedly) sourced the request(s).

Would it not make far more sense to take advantage of the operator's knowledge and experience and quietly ask for his/her cooperation *while leaving the node running*?

He already closed the node, apparently due to hacking happening through it. But that would not help anyway, as it is Tor, thus unless you are really really good there is nothing to see there as you'll never find out who originated the connection through Tor.

Followup question 3: what evidence in front of us allows us to clearly discern that this is what it purports to be and not simply an attempt to shut down a Tor node (and intimidate the operators of others) by using a plausible excuse based on a universal hot-button issue?

The owner (the William person this is about) shut it down himself. See the blog mentioned above for more details from his side. Greets, Jeroen