top | item 14096625

Russian FOSS activist arrested in Russia for his Tor exit-node

305 points| choojoy | 9 years ago | reply

Dmitry Bogatov was arrested on the 6th of April: he became part of the big penal case initiated by Russia’s Investigation Committee on "incitations to mass riots" during the protest action that took place on the 2nd of April in Moscow. According to the Investigation Committee, Bogatov was publishing messages on the forum sysadmin.ru, inciting to violent actions, for example, "he" was suggesting to bring to the Red Square "bottles, fabric, gasoline, turpentine, foam plastic". According to the Investigation, the experts had analyzed the text of these messages and proved a "linguistic and psychological characteristics of incitations to terrorism". However, Dmitry claims that he has nothing to do with posting the incendiary messages.

Dmitry Bogatov, 25 years old, teaches maths in MFUA (Moscow Finance and Law University) was a free and open source software activist (https://sinsekvu.github.io/pages/about.html). Dmitry was administrating a Tor exit node (https://atlas.torproject.org/#details/2402CD5A0D848D1DCA61EB708CC1FBD4364AB8AE) from his house. In fact, the author of "incendiary messages" (called "Airat Bashirov") was using Tor, and, by lack of chance, he used the ip adress of Dmitry's exit node.

Dmitry's lawyer, Alexei Teptsov, presented videos from surveillance cameras, that proved that, during the moments when the "incendiary messages" were posted, Dmitry was away from his computer. He was coming back from a fitness center with his wife, Tatiana, a genetician, and then went to a supermarket, where cameras were also working. Moreover, "Airat Bashirov", the author of the provocative messages, continues to post on sysadmin.ru, while Dmitry is under arrest. The last post was seen on the forum on April 11.

Dmitry will stay in pre-trial detention center until June 8 at least. Now the Investigation is examining all his seized devices.

111 comments

[+] dublinben|9 years ago|reply

Not to excuse the behavior here, but anyone else who would like to run a Tor exit node can learn from this situation. Follow the best practices[0] for running an exit node, which would include not running it from your home.

You are much less likely to be raided and arrested if a cloud server in a datacenter somewhere, leased by an anonymous LLC you control, is the subject of an investigation.

[0] https://blog.torproject.org/blog/tips-running-exit-node

[+] radarsat1|9 years ago|reply

If you actually think you run a high risk of being raided for your behaviour, is it ethical to put some poor saps running your data center in that position instead of you?

Admittedly, I guess data centers run this risk automatically by the fact of providing data storage/transfer services.

[+] unknown|9 years ago|reply

[deleted]

[+] elastic_church|9 years ago|reply

and speaking of anonymous LLC's, I know a registered agent that takes cryptocurrency for several years

so now you can email him anonymously over TOR, and pay his bitcoin invoices Shapeshifting some Monero

I also checked the Panama Papers and none of those entities they filed for me appeared in the leak, but even in the off chance they did, you wouldn't be associated.

GreenCloudVPS also takes cryptocurrency.

and finally, there is at least one jurisdiction in the world that still offers legit bearer share companies which require no registration. And your entity no longer needs a banking relationship to acquire goods and services.

[+] r721|9 years ago|reply

Sources:

https://meduza.io/en/feature/2017/04/10/mathematics-teacher-... (English, Tor is not mentioned yet)

https://geektimes.ru/post/287944/ (Russian)

https://zona.media/news/2017/11/04/home (Russian)

Liveblogs from the court (Russian):

https://zona.media/online/2017/07/04/2april (Day 1)

https://zona.media/online/2017/08/04/bogatov-2 (Day 2)

https://zona.media/online/2017/10/04/bogatov-3 (Day 3)

[+] unholythree|9 years ago|reply

The "This happens in the US too" comments are an annoying pointless digression.

Just like in the Wikileaks threads when people go on about the abuses in other countries, and how unfair it is that JUST America's/ the DNC's/ the CIA/ the NAS's dirty laundry gets aired.

Repression and abuses of power should concern us all. One evil does not negate an other.

[+] quirkafleeg|9 years ago|reply

There's only one comment that says simply "this happens in the US too", and it's unclear whether it's trying to excuse the Russian authorities or simply pointing out that authoritarianism is not limited to Russia (Russian/Russia seems, perhaps accidentally, heavily emphasised in the subject).

The other posts that refer the US are in response to comments stating/implying that it's a specifically Russian thing, pointing out that no, similar things occur in the US.

They're not trying to say one evil (Russian) is negated by another (American), but that both sides do evil.

[+] steveracer|9 years ago|reply

It is the primary mode of Russian paid trolls to use the "tu quoque" method of argumentation ("You do it too!") in online discussions. However, tu quoque is a fallacy. It is irrelevant to the discussion if other places do other things. We are talking about this specific instance. It also is trying to create a false equivalence, stating that if a bad thing happens once in country A, it is as bad as country B. However the frequency and severity of these matters is almost universally different, which shows the false equivalence.

[+] abiox|9 years ago|reply

i agree that "One evil does not negate an other", but it's worth noting that persistent one-sided storytelling contributes to a persistent one-sided view of the world.

[+] unknown|9 years ago|reply

[deleted]

[+] sstradling|9 years ago|reply

What's concerning to me here is "Now the investigation is examining all his seized devices". It's possible, although perhaps slightly paranoid, that the message posting was intended to create pretext for seizure.

This may be a little far-fetched - there's likely easier ways to generate pretext - but it might be something for owners of Tor exit nodes to be aware of.

[+] saint_fiasco|9 years ago|reply

It's more likely that Russia just does not like Tor in general, so they find excuses to put users in jail and mess with their devices just to dissuade other people from using Tor.

From that perspective, your theory is not so far-fetched because it's not like the Russian government went through a lot of effort to frame this activist in particular. Any other Tor user would do.

[+] holtalanm|9 years ago|reply

When are authorities, or people in general, going to realize that IP addresses are NOT a "smoking gun".

[+] 086421357909764|9 years ago|reply

It's Russia, They don't likely believe him to be the culprit, instead they're trying to break down the spirit of the masses for using or the facilitation of TOR which they cannot control.

[+] bluehazed|9 years ago|reply

Possibly this is more about trying to discourage people from running exit nodes rather than a matter of technical understanding (could be a little of both)

[+] maxlybbert|9 years ago|reply

You seem to think the authorities are worried about the truth. Luckily, there are many countries where that is the case. But, almost by definition, oppressive regimes aren't so worried about the details.

[+] paulddraper|9 years ago|reply

In order to convince everyone they're not, you'll have to show how virtually every lead based on IP is false.

And I'm not so sure that is true.

[+] golergka|9 years ago|reply

They got a closed case, why would they care if they got the right guy?

[+] mattbee|9 years ago|reply

They already know.

The same thing happened to someone I know in the UK, a few years back. He was arrested at dawn and put in a cell for a whole day after an offence was committed from the IP address under his control.

He said the officer interviewing him admitted he understood that the offender and node owner were probably different people, but it was close enough to justify an arrest.

This was a high-profile case where they did actually find and arrest the actual offender, so they had real leads - could only conclude this was intimidation.

[+] smsm42|9 years ago|reply

Oh, they know it very well. They just don't care. It's not like they try to catch somebody specific. They just try to find somebody to blame, convict him and then report that they did their part.

[+] Dolores12|9 years ago|reply

1) The title is misleading.

2) If someone using your TOR node posts a message threatening to kill someone, YOU will be SWAT-ed first and only then police will find out you run TOR exit-node and maybe you are not the one who posted it. You implicitly accept risks associated with your operation.

[+] x1798DE|9 years ago|reply

Why would running a Tor exit node ever imply that the people exiting at that node are speaking on your behalf? Is a coffee shop "vouching" for you by letting you use its wifi? Is your ISP?

And if you're a cop, why would you dispatch a SWAT team to a Tor exit node at all? You can see if the IP is on the list and if so you'll have a hell of a time proving that the traffic came from the person running it even if they did (after all, why would they even use their own IP address when you could have used Tor?). At that point, you're basically punishing a random, innocent person for the (legal) act of running an exit node.

[+] fuzzybeard|9 years ago|reply

3) You'll have an army of pissed off cops who will try to find something to charge you with, like aiding and abetting or some other tertiary charge. And then you can HOPE a prosecutor doesn't try to make an example out of you by telling you to either plea to 6 months of jail or face a jury trial that could send you to jail for 30 years.

[+] abiox|9 years ago|reply

> posts a message threatening to kill someone

do internet threats generally hold any credibility? what's the actualization rate?

[+] mirimir|9 years ago|reply

Yes, don't run Tor exits from home.

[+] unknown|9 years ago|reply

[deleted]

[+] foobarer|9 years ago|reply

In Soviet Russia you do not critique the government, the government critiques you. If necessary, jails you. If absolutely necessary, poisons you with Polonium-210.

[+] darpa_escapee|9 years ago|reply

If someone in the US posted publicly about bringing "bottles, fabric, gasoline, turpentine, foam plastic" to a protest, they'd get a visit from the FBI. Speech that incites violence is something they investigate regularly.

[+] spacemanmatt|9 years ago|reply

This happens in the U.S., too.

[+] grindal|9 years ago|reply

[deleted]

[+] andoon|9 years ago|reply

I know this opinion is not going to be popular, but here it goes: by running a Tor exit, you're letting anonymous people do whatever they want in your behalf, because the exit IP address relates their activities to you. I believe it's irresponsible to do so. This kind of stuff is going to happen.

I also don't believe the "an IP address doesn't identify a person" mantra that's so widely used in the privacy-aware circles. Your ISP gives you an IP address for yourself, and if you let others use it, you know you can get yourself in trouble, the same you'd get yourself in trouble if you let anybody who asked you use a rifle of yours, or a car. Would you let someone you don't know at all drive your car? What if he runs over someone? Would you be responsible of it for letting him use your car? Would you risk going to prison?

The alternative is worse: I could be looking at pedophilia or terrorism sites all day and if they catch me say "well I also run a Tor exit node so how do you prove it was me!". Your IP identifies you, so be responsible!

[+] zzzcpan|9 years ago|reply

> I could be looking at pedophilia or terrorism sites all day and if they catch me say "well I also run a Tor exit node so how do you prove it was me!"

Why would that be a problem, looking at things on the internet?

But advocating to sacrifice anonymity is a problem. It makes those fighting governments very vulnerable and easily silenced. And gives a way for governments to take action against anonymity.

[+] humanrebar|9 years ago|reply

> ...the same you'd get yourself in trouble if you let anybody who asked you use a rifle of yours.

You lost me here. This is more like letting someone make a call with your phone. Rifles are inherently dangerous, even gun enthusiasts agree on that. We're talking about information more broadly here.

[+] wruza|9 years ago|reply

IP address is too weak point of such failure. Your wifi password can leak or be guessed, and wired connection can have mitm so easily. Trojans may operate as exit nodes of some dark network. IP should not be used as identity in any way even in investigation process (not to mention courts). IP doesn't identify you, it simply leads to your connection point.

In practice though, these clinical cretins can throw you into russian jail for two months without taking counter-evidence into account. Just because.

[+] wyager|9 years ago|reply

> the same you'd get yourself in trouble if you let anybody who asked you use a rifle of yours.

If someone borrows my car and crashes into someone else, I'm not legally responsible. Same goes for companies that let anyone use their cars, like rental services.

[+] maxlybbert|9 years ago|reply

This story illustrates why Tor will never actually bring down a repressive regime. Tor appears to be based on the idea that if you can't prove who actually said something, then you can't punish them. Repressive regimes can punish those people anyway.

[+] unknown|9 years ago|reply

[deleted]

[+] hilyen|9 years ago|reply

Honest question, its not illegal to run an unrestricted wifi access point, and you can't be held accountable for others using that ip for illegal means in court today. So how does this differ from running a TOR exit node?