Another police raid in Germany

Part of the reason I sadly stopped running any exit nodes was law enforcement harassment.

I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.

The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.

The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.

Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).

The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.

Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.

I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.

> There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.

This is not why.

> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.

This is why. It's basically a textbook example of a chilling effect.

Historical:

"Why you need balls of steel to operate a tor exit node"

http://web.archive.org/web/20100414224255/http://calumog.wor...

The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.

I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities. Like drug sales and CSE media. If a government goes on Tor, downloads such material they'll easily see the exit node as the last hop in the chain. It's a clear-cut case that the exit node operator facilitated illegal activity.

My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.

Would be happy to hear from someone who is more knowledgeable in this area.

Eins, zwei, Polizei Drei, vier, Grenadier Fünf, sechs, alte Keks Sieben, acht, Gute Nacht

Despite strong privacy laws, Germany isn't a dependable country that could protect it.

Raids on homes for trivialities are common place, there is basically no legal protection against that. This shows a state that is a bit overwhelmed with its primary affairs and the country itself is not a dependable partner for protection of basic rights.

perhaps an unpopular view as Tor has been a great legal canary and a useful privacy service, but it has also been a substitute for organizing.

if you use Tor you already know what's going on. onion routing didn't save anyone from anything in 20 years. the evils Tor enabled often seem to trace back to the very states and establishments who manage and tolerate them. drug cartels run several of the governments Tor ostensibly protects users from, and human trafficking is within a degree of most western establishments in every direction, from "NGOs" to intelligence operations to the sex trade.

if you want privacy, tech is an inferior solution. make nations that protect it.

I knew someone who ran a Tor exit node from his research lab workstation at Brigham Young University (BYU), a conservative religious school with an extreme institutional phobia of porn. He ended up in a "special interview" with his graduate advisor. I don't know if he fully groked at the time just how close he came to getting expelled.

For a supposed hacker community, knowledge of Tor sure is low. Perhaps the privacy and anonymity people don't feel too keen on commenting.

Here is a good talk by Roger Dingledine, the original author of tor dispelling common myths and giving some statistics on its real world usage: https://inv.nadeko.net/watch?v=Di7qAVidy1Y

And for good measure,

It's Tor not TOR: https://support.torproject.org/#about_why-is-it-called-tor

From the point of view of a less-than-technical law enforcement person writing a affidavit in support to get a search warrant, abusive traffic from a tor exit node is indistinguishable from a person who is physically at a specific street address/premises with a laptop or computer engaged in the activity.

They're going to assume until proven otherwise (by first confiscating all your electronics and sending them to a digital forensics lab to analyze them for 6-12 months) that some person who is physically present at that exact location is engaged in CSAM/CP or malicious/illegal activity.

Just the use of Tor, in Australia* at least, raises a law enforcement red flag (edit: not enough to justify a raid on its own, but a data point in that direction).

So I was specifically told by a detective.

*Australia has laws that requires ISPs to keep metadata for at least two years.

Archive [1]

[1] - https://archive.is/LDTL8

So, LE observes:

  - This IP had malicious activity or is otherwise relevant to a (maybe complicated) case
  - It says "tor" on a landing page, or in WHOIS, or the IP is on the public list of nodes

... does "it will be 100% worthless to investigate" really follow from only this?

Some things to consider:

  - All kinds of other servers, services or proxies could also be running on or behind this IP
  - The node could be misconfigured in a variety of ways to keep forensic traces, even being a VM that is being snapshotted regularly
  - Some lunatic could be running an exit on his personal machine, but just coincidentally to the observed criminal activity
  - A high percentage of nodes is malicious, keeps logs, mines data, poisons traffic and tries opportunistic TLS stripping (those poor, naive souls clicking the warning away...)

It does NOT follow that there are no useful forensic traces to be found, not even that the traffic actually originates from the TOR network.

Not to encourage raids on node operators, but it is worthwhile to keep in mind that there could be actual reasoning behind these actions.

If you are smart about this, you can even get the relevant and obtainable info with little LE resources and without unduly harassing the operator.

It's a tough tradeoff for society, and a lot of harm is concentrated, but in a way that's good thing - there is a way to block tor exit nodes if you need to and the defaults ports do prevent many types of abuse and since the exit nodes are public they can just be blocked for spam, clickfraud, etc. But with any duel use technology, the opposite argument would be investigations also running through TOR, or even a totalitarian state (in this case it seems non technical judicial procedure through proper channels, but that's the concern). The trouble is the routing is outside of the state control and the typical mechanism for takedowns, ultimately for the worse of the worst ultimately has a host somewhere else as tor just does the routing. Since by design the exit node wouldn't necessarily get you any further up the chain to the middle node in the connection, it would be more fruitful to chose a different investigative strategy.

"On Aug 16th 2024 German police considered it once again appropriate to raid the home&office at the registered address of our organization." Police doesn't decide anything, they just follow orders

Europeans, what are your governments doing?

I am sorry for what your governments are about to do you, bc you will likely go through a very difficult time in the near future. Now, its Tor and Telegram - soon, every opinion you have shared will likely be scrutinized and used against you.

Good luck, European people. I am hoping the best for you.

Governments have become absolutely addicted to have real-time access to everything we do, think, and see.

Mad respect to anybody who goes against the grain, and puts their own livelihood and freedom at risk, to help support privacy and freedom.

I think I have a solution: countries (governments) could publish lists of forbidden addresses; you could be allowed to safely run you Tor exit node as long as those addresses are blocked. Of course, not ideal, but could make a lot of people more willing to run exit nodes.

It wouldn't fix the "someone used my exit node to send a bomb treat" case though.

Interestingly enough, there are multiple exit nodes in Russia, as far as I know, law enforcements aren't taking them down

I wonder if it makes sense to register a company/nonprofit and run exits under that umbrella instead of as an individual. Also to preemptively send all the reg. info - office address, phone, exits’ IPs, etc - to local and federal LE.

So the only "legal" node operators left will be state agencies.

This is why you should run a TOR node, but not an exit node.

Yeah, German armed police wrt Internet is kind of known to be a bit like, that. They make excuses, but at the end of the day they're not the most respectful of free speech among G7 or whatever. I wouldn't be sure if Tor exit nodes are something that can lawfully(ignoring backwards ones) ran, though.

> There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.

No. Their objective is to intimidate individuals, exhaust them, which leads to...

> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes. That is a risk I am just no longer willing to take anymore.

Which is totally understandable.

Is it known what percentage of Tor users use it for illegal purposes?

Even like, the majority or minority.

I have mixed feelings about this given that the organisation's only explicit stance is being in defense of free speech, the freedom of the press and opposition to censorship. This tells me nothing about who's behind this, who's involved and what their motives or views are, which, sadly, is often more important than what an organisation claims to be about. The name is also effectively ungoogleable, leaving the thin info on their own website as the only source of information. The author of that post is a former member of the German Pirate Party who left for unclear reasons and ran as an independent on his own penny with no clear message beyond being a protest vote for people who don't want to protest vote for the far right.

On the other hand Germany does use flimsy excuses to crack down on services like Tor and that's bad.