Use Tor P2P - Get Arrested

Tom Keating : VoIP & Gadgets Blog
Tom Keating
CTO
| VoIP & Gadgets blog - Latest news in VoIP & gadgets, wireless, mobile phones, reviews, & opinions

Use Tor P2P - Get Arrested

Tor serverA German blogger has a posting about how the police came knocking on his door, arrested him and confiscated all his computer equipment. The crime? He runs a Tor server, a sort of P2P anonymous proxy server that allows people to anonymously surf the Web, download files, and unfortunately download child pornography with relative impunity. Well, impunity for the downloaders using the P2P Tor server, not so anonymous for the Tor server admin. Specifically, the police stated he was suspected of placing a bomb-threat at a german copper-forum called copzone.de - a forum the blogger never heard about. Obviously, it was someone else using his Tor proxy server to post the message.

The Tor website itself espouses the benefits of Tor by stating, "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security." Yeah, right. Other than the uber-security conscious, who other than criminals and hackers would actually use the Tor network? Ok, I suppose it does have some uses in totalitarian states like China to get around China's infamous firewall that blocks many legitimate websites. I retract my last statement then.

So the question is "Is the blogger an accomplice to the crime?" After all, his Tor server aided in the crime. The answer? He isn't an accomplice to the crime since otherwise ISPs, which route traffic, would be held liable for the actions of its users. The actual crime the police were looking to charge him with was the bomb threat itself and not an accomplice-related crime. I'm sure the police asked the forum admin for the source IP address of the posting and then went to the ISP and asked for who was registered to that IP address at that specific time.

There are so many ways of forging your source IP address on the Internet, it's a wonder anyone can be convicted simply on source IP address alone. I guess that's why they also confiscated his computer equipment for corrobarating evidence. But the keystone coppers didn't realize his Tor-server was running 500km away and didn't bother to confiscate that server. The blogger tried to explain as he was being arrested that he runs a Tor server, but the police weren't tech savvy and so he was taken downtown for questioning. His wife also got a good scare from the police "visit".

Apparently the blogger has lost his "civil" courage and fighting for the right to keep a Tor server up-and-running. He writes, "The consequences: I’ve shut down my Tor-server. I can’t do this any more, my wife and I were scared to death. I’m at the end of my civil courage. I’ll keep engaged in the Tor-project but I won’t run a server any more. Sorry. No."

Ironically, while doing a security audit of TMC's network, I discovered the former IT administrator accidentally left a static IP address mapping to an ISA Server 2004 proxy server. Using a packet analyzer I noticed viagra spam and other spam being sent out via the proxy server. I also noticed Tor traffic was taking advantage of the open proxy server. I shut that down real quick, but just imagine the liability for TMC if someone did something illegal via this open proxy. Relatedly, home users better think twice before setting up a WiFi access point - even with WEP turned on, this can be cracked in 5 minutes. I bet home insurance companies will soon have to offer a separate liability insurance or additional fee to their home insurance policies to cover Internet crimes being perpetrated by criminals using an unsecured or hacked WiFi access point.

In any event, while the charges were eventually dropped, he incurred lawyer fees, and is attempting to recoup them by suing. Though he writes, "They stopped the investigation. I’m sitting on a pile of bills from my lawyer no one except me has to pay. I’ll sue for compensation, but I don’t think that this will lead anywhere."

So all you civil libertarians that think the Internet should be a free-for-all with no consequences better take note. While this happened in Germany and I'm not sure if Germany has a 1st Amendment equivalent, the idea or principle that "freedom of speech" is "free" is far from true.

More from CNet.


Related Articles to 'Use Tor P2P - Get Arrested'

cathy-lanier-police-chief-dc.jpg

Featured Events