I'm all for privacy technologies like Tor, but this is one of the risks you assume when you operate an exit node. The alternative would be to give all Tor exit node operators not only legal immunity, but immunity from investigation, for illegal activities originating from any IP address associated with them. Even if the judge and the police were aware of the exit node, it wouldn't have changed the way this was investigated.
It's still a legal problem as much as running an exit node is, they just can't easily figure out that you did anything because of how Tor works. You couldn't even confess to anything either if you wanted to.
Suppose I'm AT&T and one of my customers is running a Tor exit node. Do I now have "immunity from investigation, for illegal activities originating from any IP address associated with them"? I can certainly use a router spoof my customer's IP address for any connections I want to use for illegal activity. Then the IP address will trace back to that customer, which is a Tor exit node, and the police can't investigate me.
For that matter, every user of Tor is in the same situation.
But the premise is wrong. The police can investigate you as much as they like, they just can't assume that the traffic coming from that IP address has anything to do with anyone in particular.
You're still going to jail when you buy something with a stolen credit card and have it shipped to your house, regardless of whether you used Tor or operated a Tor exit node or are an ISP and used an IP address assigned to a customer.
No exit node operator has ever been taken to court over something like this. The police eventually realize their mistake, realize the Tor node is of no help to their investigation, and move on.
As more law enforcement become literate in technology and become aware of what Tor is, this will happen less than the vanishingly improbable rate that it happens now, until it never happens at all.
> Is it reasonable for the police to investigate an exit node operator for traffic coming from his node, even if they know he's an exit node operator?
In theory, you are right and the police would probably need to examine his servers to determine whether Tor was involved in this. In practice, they will probably just harrass people in the hope that they will confess and keep his servers for a long time (or forever) because they lack the expertise for such an investigation.
Yes, exactly. There's never been any case law on the issue, but in the ideal theoretical world, exit node operators would get the same protections from what their users do that ISPs do.
Unfortunately, since we're often a single guy with no legal entity, we are not afforded such protections by default. I've been running an exit node since 2005, and I've had to switch ISPs numerous times because of abuse coming out of the node. I've even had my hardware physically confiscated when network administrators couldn't figure out what kind of traffic was coming out of it.
While I believe in the goals of the Tor project, I am not really interested in being the guy who has to set the precedent here, so I don't run my exit node in the US any more. If history is any indication it would be a long legal battle to set such a precedent.
Couldn't running an exit node be a cover for other activity? One that provides a reasonable doubt as to whether it was the operator or some other actor who did something unsavory from an IP address?
Running tor exit nodes is a legal liability in many western countries already, so "it's only as risky as tor" is small consolation. You might not get convicted ultimately but the process of explaining why your IP showed up on the access logs of the child porn site they just raided is a problematic enough prospect to scare most people off running an exit node
This is probably what I find most worrying about the TOR concept. By running an exit node, you open yourself up to all sorts of legal actions. But if you can't run a TOR exit node as an average citizen, won't all exit nodes end up being run by NSA, GCHQ, and their ilk?
Quite logical, same in France and likely many countries; if you run a Tor exit node (or any type of open proxy), you get visited by the police if someone does something wrong on your exit node.
Otherwise what could happen is that you run a Tor node and use it as an excuse for any crime you do.
People associate TOR with unsavory activity because TOR is used for unsavory activity. Running an exit node on a link you care about is insanity.
The main reason I have never run an exit node is fear that some overzealous LEO trying to make a name for himself is going to trace an IP off of a kiddie porn or drug market to my house and send in SWAT to break all of my windows and tie me up in court for months before deciding that charging me as an accomplice probably won't work this time because I didn't opt for the public defender.
How do you suppose one should make sure the exit node you run won't be used for sharing of child porn? And how is he automatically an idiot for running a TOR exit node? All node operators run them knowing they could be used for illegal activities, and that it could bring them some legal trouble.
In light of the Freedom Hosting kerfluffle, as well as the Snowden revelations, I don't see much incentive to run an exit node.
Prior to these recent events I fooled around with setting up hidden services for my own educational purposes, but the fact that someone could use my Tor exit node to access illegal content was enough to preclude my setting up an exit on any of my servers.
Then I read about some guy in Austria who was arrested for running a Tor exit node and my decision was justified.
The problems inherent to running any sort of anonymizing service are just too many, and too serious, as we have recently seen.
A criminal operating through their own exit node, or even running an exit node at all, is a nonsense misunderstanding of how TOR works.
Combined with your jumping to the "think of the children!" example of a child pornographer, and your framing your argument in the form of concern trolling, it's hard to assume good faith of any kind on your part.
I know this opinion is not going to be popular, but here it goes: by running a Tor exit, you're letting anonymous people do whatever they want in your behalf, because the exit IP address relates their activities to you. I believe it's irresponsible to do so. This kind of stuff is going to happen.
I also don't believe the "an IP address doesn't identify a person" mantra that's so widely used in the privacy-aware circles. Your ISP gives you an IP address for yourself, and if you let others use it, you know you can get yourself in trouble, the same you'd get yourself in trouble if you let anybody who asked you use a rifle of yours, or a car. Would you let someone you don't know at all drive your car? What if he runs over someone? Would you be responsible of it for letting him use your car? Would you risk going to prison?
The alternative is worse: I could be looking at pedophilia or terrorism sites all day and if they catch me say "well I also run a Tor exit node so how do you prove it was me!". Your IP identifies you, so be responsible!
I'm trying to imagine a plausible reason to (a) run a Tor exit node, but also (b) not actually use Tor for online nefariousness, and I'm coming up blank. I don't think running a Tor node as an excuse is a real scenario. (edit: emphasis)
Edit2: Jeez guys. I support Tor. I'm saying anyone who runs an exit node is also going to use Tor for anything that might get them in trouble, not do those thing in the clear and "use Tor as an excuse" as suggested above. That's a silly scenario and a poor justification for criminalizing Tor exit nodes.
I strongly support Tor. I'm saying that anyone who runs an exit node is also going to use Tor for anything that might get them in trouble. Hence, it's nonsense to say that Tor exit nodes should be illegal on the grounds that they can be "used as an excuse," as the comment above suggested.
100% of the exit nodes could be run by the NSA and Tor would still help much, exit nodes are supposed to be untrusted.
I think the fact that (most?) DNM operators keep getting away with it is great evidence that nation states don't have very good visibility into the Tor network.
While I disagree with them, there are a multitude of laws in most countries that make operating a TOR exit node a very bad idea. The concept of criminal responsibility for enabling the illegal acts of others, even when you don't know specifically what others are going to do with the tools you provide, is well established in the US and other countries.
Perfect example: Ryan Holle of Florida is serving life without parole for allowing his friends to borrow his car at a party when he was 18 years old. He went to sleep; his friends took the car and committed a robbery during which someone was killed. The prosecutor's argument to the jury during the 1 day trial? "No car, no murder".
But most Tor users, especially the ones who are using it for disgusting purposes don't run an exit node, so I don't think I understand your point? In addition, Tor exit node IPs are basically public info already.
reply