> Seattle police spokesman Sean Whitcomb says the department understands how Tor relays work, and they knew Robinson was a Tor host.
> "Knowing that, moving in, it doesn't automatically preclude the idea that the people running Tor are not also involved in child porn," Whitcomb says. "It does offer a plausible alibi, but it's still something that we need to check out."
> Whitcomb also says Seattle police were "artful" in the way they did the search. Instead of impounding all of Robinson's computers, which the warrant would have allowed, they offered to search them on the premises as long as he consented to turning over his passwords. He did, and they let him keep his machines after they scanned them.
This is the important part. They didn't shut down the exit node. They didn't even take away the computer. This sounds bad, but in all honesty, it could have gone at lot worse.
While I applaud the police for being an unobtrusive as they could, this sort of discretionary enforcement is worrying in and of itself. In no small part, because it seems to set a precedent that they could have raided his house and impounded all his computer for no other reason than he was running a Tor exit node.
It's still stupid though. It's like raiding the mailman's house for delivering an illegal letter with no return address. Sure, it could have been sent by the mailman, but it could have been sent by anyone. There isn't any more reason to suspect the exit node operators than anyone else in the whole world who could also have used the exit node.
I'm happy with this level of response. It's a little bad in that they essentially coerced password disclosure and I'm guessing they would have acted on any other crime (say copyright violation) they happened to find during search. But, overall this is how Police should work / act. They need to investigate and they should investigate with consideration, care, moderation, and assumption of innocence until actual evidence indicates otherwise, they should ask for cooperation rather than assume hostile/adversarial stance.
They don't need to have SWAT no-knock the place. They don't need to seize and confiscate everything and make it very hard to recover. They don't need to handcuff anyone. They don't need to act like smug assholes. Etc.
It went "ok" because he consented to giving them unfettered access to his computers without his oversight when they had no reason to be there. This is more akin to police searching you car with no evidence of drugs, not finding drugs, and then letting you keep your car. It's still a hideous violation of your privacy for no reason.
Except now he has to wipe everything because their "search" likely involves plugging in a USB drive and infecting his machines with a RAT at the very least. Just given how many companies are out peddling RATs to LEAs like this I think we have to consider it a likely possibility.
Although my view won't be popular, running an exit mode and having to deal with this is not a smart thing to do. What is the upside vs. having to deal with this type of raid and perhaps police who are not so accommodating at some point? Why draw attention to yourself in this way? Also assumes that some rogue cop won't plant something on your device if it does get hauled away. Seems dangerous the way I see it.
Someone I know (in the UK) was arrested and spent a day in a cell when some criminal postings to Twitter were traced to his Tor exit node.
When the police interviewed him and admitted they _knew_ what a Tor exit node was, and that he was unlikely to be responsible for the traffic. But they did want him to know that running a Tor exit node makes their life harder, and would land him in this sort of trouble.
(I can't remember the exact words he reported, but it was outright intimidation).
> Robinson admits it might be safer, legally, to host the Tor relay on rented space from a commercial Internet service to avoid mingling his personal traffic with Tor, but he says he shouldn't have to.
It'd probably be safer still setup a nonprofit group to own and run the exit node(s).
I don't understand this. If the police see the law being broken, they have an obligation to investigate, even if it's probably just the tor exit node.
Allowing any random person to forward mail through your address may not end up well for you either, but I think people are more willing to accept that they've opened themselves up to the liability in that case.
The problem with running Tor nodes in a datacenter is that mingling your personal traffic with a Tor exit node provides plausible deniability for both you and the people using your node. It's impossible for an advisory to know which traffic is yours and which isn't. Dedicated Tor nodes are suspicious (and often get blacklisted) because they aren't a source of "legitimate" traffic, but Tor nodes run in people's homes don't.
I'm blown away that someone (obviously so security savvy) would willingly hand over their passwords. There's little sense accepting their assurances at face value in potentially serious matters. LE can and will lie pursuant to their duties. I suppose I'm even more surprised they didn't end up impounding all the equipment anyways.
It seems to me the risk is almost entirely on the police in this scenario, meddling with running equipment is far from forensically sound and potentially leaves ample room for doubt in court. Volunteering to comply with the police request would also seem to exemplify the searchee's own presumption of innocence
I went to law school at the University of Washington and graduated in 2013 and I actually did a little research about Tor while I was there and we talked to some people fairly high up in Seattle area law enforcement and honestly I'm surprised at how fast they've come along.
At the time, we couldn't find anyone who had even heard of Tor (not to say there weren't lots of people who were familiar, just that we didn't find any of them), let alone thought through the implications of someone running an exit node so I find it interesting that they didn't just seize all of his equipment. Based on my experience, I would not have predicted such an "artful" search, to use words from the article, even just a couple years ago.
If the FBI was able to monitor your traffic they would still see the IP addresses to which your node was reaching out. Same goes if they are running a honeypot[0] that your IP is hitting (as could be the case in this instance[1]).
That might not be much in the way of concrete evidence, but if your exit node is hitting carder forums all day long it might be enough for them to still knock on your door.
No, Apple should definitely not be in a position of running TOR nodes. All it takes is one National Security Letter and a Secret Court ruling that makes it so they have to compromise that endpoint for law enforcement / anti-terrorism organizations.
They need to keep doing what they have been doing with the recent FBI case and bringing these things out into the public's view. There is far too many things happening to subvert our privacy that we know nothing about...
In his position, I would immediately cease operations after that police software was used on the system. Resume operations only after restoring from a clean backup taken prior to the raid.
Should the police be allowed to do this? I don't know. Obviously the line has to be drawn somewhere right? Child pornography isn't like narcotics. It isn't in any way a victimless crime and I would prefer that the police be able to inhibit its distribution. But then again if they had taken the same actions because someone was purchasing drugs I would be totally opposed. Severity of a crime is subjective, but a the law is still the law no matter how unfair it may seem. My point is that either the police should be allowed to take these actions or they shouldn't and the crime in question shouldn't really enter the picture. Actions taken based on one type of crime can be fairly easily justified for another. This is why in the US free speech is limited as little as is possible. It's a slippery slope. So I think the real question is if you operate a Tor exit node and something illegal passes through it should the police be able to compel you to release the passwords to your servers. I think they probably shouldn't. You would be hard pressed to find a Tor node that something illegal hasn't passed through. Does that give police carte blanche to access any information on any Tor node they want? Maybe.
Seattle, and most of cascadia for that sake, is a complete police state. They are far enough and fringe enough from the rest of the population to get away with whatever they would like.
I'm disgusted the detectives carried around child porn even tho it's evidence and not only brought it to a potential crime scene but offered to show it to him.
Would they bring around cocaine or a gun from another scene? I'm assuming the police officer is exempt from distributing child porn as long as he's accusing of something before showing it.
Having read various police forensic reports, I'd say this is normal. They need the hash of the image to do a forensic sweep of his computer. The search for porn would be mostly automated, especially considering they are searching for one specific image which is probably what the warrant was limited to.
Then they would probably want to compare the image itself if it was detected on the harddrive, instead of relying purely on the file hash.
Why would anybody give up their password & allow the police to work on your computer? Let them take the systems and accept the risk that running a TOR node in this day and age will get you a visit from the police or similar.
This guy gave up the password & now doesn't trust what they did to his systems. He has to get rid of them now? This is no different if they took his computers away without knowing his passwords.
What if this guys was working with the police all along. Now some guy decides to give away his password to the police so they can check his computer? Sounds fucking suspicious to me. I guess they are testing the waters to see if other TOR node exit maintainers are going to do the same.
Listen up! Never give your password out. Encrypt your systems & keep them separated if you are running a TOR node. Let them take your systems, because you will have to trash them anyway if you grant them access.
How many bytes do I need? In the countries that have laws against cartoons, can I make an illegal favicon? Can I design a neural network which generates illegal favicons?
More seriously, criminalizing data is a terrible, terrible idea, simply because it provides a backdoor into the justice system.
The german criminal police (in US: FBI) once called me and insisted on a good talk because of something. They finally visited me sensibly at my workplace, dressed up as customers (promised not to tell my coworkers who they really were). Then they told me there had been terror threats for thr Ukraine coming from my TOR server (they knew about Tor...). Bad thing: the terror threat had been some weeks ago and I had reinstalled the server three days before (without Tor) and all logs/evidences had been destroyed. Luckily, they believed me and left me after I simply gave them all passwords concerning the case.
I have not run a Tor server since then. I support the concept, but it can bring you real trouble.
You can tell the exit node which out-bound ports you want to allow. So for example, you can deny port 25 traffic so people can't send spam (as easily) anonymously via your exit.
If I ever get the balls to host an exit node myself, I'd likely only allow port 22. Even allowing 443 seems a bit risky after reading this.
Technically speaking, you can do whatever you want to traffic passing in/out of your node. In practice I recall reading that there's some degree of monitoring on the network that attempts to detect and flag misbehaving exit nodes.
You could certainly, for example, redirect HTTP traffic through the Internet Watch Foundations child-porn filters, if you had the connections.
[+] [-] LeoPanthera|10 years ago|reply
> "Knowing that, moving in, it doesn't automatically preclude the idea that the people running Tor are not also involved in child porn," Whitcomb says. "It does offer a plausible alibi, but it's still something that we need to check out."
> Whitcomb also says Seattle police were "artful" in the way they did the search. Instead of impounding all of Robinson's computers, which the warrant would have allowed, they offered to search them on the premises as long as he consented to turning over his passwords. He did, and they let him keep his machines after they scanned them.
This is the important part. They didn't shut down the exit node. They didn't even take away the computer. This sounds bad, but in all honesty, it could have gone at lot worse.
[+] [-] ghkbrew|10 years ago|reply
[+] [-] AnthonyMouse|10 years ago|reply
[+] [-] njharman|10 years ago|reply
They don't need to have SWAT no-knock the place. They don't need to seize and confiscate everything and make it very hard to recover. They don't need to handcuff anyone. They don't need to act like smug assholes. Etc.
[+] [-] homero|10 years ago|reply
[+] [-] FussyZeus|10 years ago|reply
[+] [-] ultramancool|10 years ago|reply
Not exactly a best case.
[+] [-] gist|10 years ago|reply
Although my view won't be popular, running an exit mode and having to deal with this is not a smart thing to do. What is the upside vs. having to deal with this type of raid and perhaps police who are not so accommodating at some point? Why draw attention to yourself in this way? Also assumes that some rogue cop won't plant something on your device if it does get hauled away. Seems dangerous the way I see it.
[+] [-] tibbon|10 years ago|reply
[+] [-] djsumdog|10 years ago|reply
[+] [-] mattbee|10 years ago|reply
When the police interviewed him and admitted they _knew_ what a Tor exit node was, and that he was unlikely to be responsible for the traffic. But they did want him to know that running a Tor exit node makes their life harder, and would land him in this sort of trouble.
(I can't remember the exact words he reported, but it was outright intimidation).
[+] [-] gherkin0|10 years ago|reply
It'd probably be safer still setup a nonprofit group to own and run the exit node(s).
[+] [-] mtmail|10 years ago|reply
[+] [-] kbenson|10 years ago|reply
Allowing any random person to forward mail through your address may not end up well for you either, but I think people are more willing to accept that they've opened themselves up to the liability in that case.
[+] [-] thescriptkiddie|10 years ago|reply
[+] [-] brbsix|10 years ago|reply
[+] [-] _wmd|10 years ago|reply
(IANAL!)
[+] [-] ksdale|10 years ago|reply
At the time, we couldn't find anyone who had even heard of Tor (not to say there weren't lots of people who were familiar, just that we didn't find any of them), let alone thought through the implications of someone running an exit node so I find it interesting that they didn't just seize all of his equipment. Based on my experience, I would not have predicted such an "artful" search, to use words from the article, even just a couple years ago.
[+] [-] d33|10 years ago|reply
https://blog.torproject.org/running-exit-node
Also, how risky would it be to host an exit node that is HTTPS only?
[+] [-] amdavidson|10 years ago|reply
That might not be much in the way of concrete evidence, but if your exit node is hitting carder forums all day long it might be enough for them to still knock on your door.
0: https://theintercept.com/2016/03/30/fbi-honeypot-ensnares-mi...
1: http://www.techworm.net/2016/01/fbi-child-porn-sexually-expl...
[+] [-] TenOhms|10 years ago|reply
[+] [-] redbeard0x0a|10 years ago|reply
They need to keep doing what they have been doing with the recent FBI case and bringing these things out into the public's view. There is far too many things happening to subvert our privacy that we know nothing about...
[+] [-] antman|10 years ago|reply
[+] [-] ThrustVectoring|10 years ago|reply
In fact, I should probably build a "invalidate every credential I have on all my computers and accounts" checklist. That and a tested backup strategy.
[+] [-] pmocek|10 years ago|reply
[+] [-] fhood|10 years ago|reply
[+] [-] goldent777|10 years ago|reply
Tor exit nodes in the PNW are a very bad idea.
[+] [-] SG-|10 years ago|reply
Would they bring around cocaine or a gun from another scene? I'm assuming the police officer is exempt from distributing child porn as long as he's accusing of something before showing it.
[+] [-] dmix|10 years ago|reply
Then they would probably want to compare the image itself if it was detected on the harddrive, instead of relying purely on the file hash.
[+] [-] l3m0ndr0p|10 years ago|reply
This guy gave up the password & now doesn't trust what they did to his systems. He has to get rid of them now? This is no different if they took his computers away without knowing his passwords.
What if this guys was working with the police all along. Now some guy decides to give away his password to the police so they can check his computer? Sounds fucking suspicious to me. I guess they are testing the waters to see if other TOR node exit maintainers are going to do the same.
Listen up! Never give your password out. Encrypt your systems & keep them separated if you are running a TOR node. Let them take your systems, because you will have to trash them anyway if you grant them access.
[+] [-] stegosaurus|10 years ago|reply
How many bytes do I need? In the countries that have laws against cartoons, can I make an illegal favicon? Can I design a neural network which generates illegal favicons?
More seriously, criminalizing data is a terrible, terrible idea, simply because it provides a backdoor into the justice system.
[+] [-] geff82|10 years ago|reply
[+] [-] swang|10 years ago|reply
I can't tell if the detective is a moron or just really hoping to induce a pedophile
[+] [-] athenot|10 years ago|reply
[+] [-] blacksmith_tb|10 years ago|reply
https://www.eff.org/pages/what-tor-relay
[+] [-] fizgig|10 years ago|reply
If I ever get the balls to host an exit node myself, I'd likely only allow port 22. Even allowing 443 seems a bit risky after reading this.
[+] [-] nly|10 years ago|reply
You could certainly, for example, redirect HTTP traffic through the Internet Watch Foundations child-porn filters, if you had the connections.
[+] [-] wstrange|10 years ago|reply
Running an exit node as an individual is going to be a dicey proposition.
[+] [-] godgod|10 years ago|reply
[deleted]