A German blogger has a posting about how the police came knocking on his door, arrested him and confiscated all his computer equipment. The crime? He runs a Tor server, a sort of P2P anonymous proxy server that allows people to anonymously surf the Web, download files, and unfortunately download child pornography with relative impunity. Well, impunity for the downloaders using the P2P Tor server, not so anonymous for the Tor server admin. Specifically, the police stated he was suspected of placing a bomb-threat at a german copper-forum called copzone.de - a forum the blogger never heard about. Obviously, it was someone else using his Tor proxy server to post the message.The Tor website itself espouses the benefits of Tor by stating, "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security." Yeah, right. Other than the uber-security conscious, who other than criminals and hackers would actually use the Tor network? Ok, I suppose it does have some uses in totalitarian states like China to get around China's infamous firewall that blocks many legitimate websites. I retract my last statement then.
So the question is "Is the blogger an accomplice to the crime?" After all, his Tor server aided in the crime. The answer? He isn't an accomplice to the crime since otherwise ISPs, which route traffic, would be held liable for the actions of its users. The actual crime the police were looking to charge him with was the bomb threat itself and not an accomplice-related crime. I'm sure the police asked the forum admin for the source IP address of the posting and then went to the ISP and asked for who was registered to that IP address at that specific time.
There are so many ways of forging your source IP address on the Internet, it's a wonder anyone can be convicted simply on source IP address alone. I guess that's why they also confiscated his computer equipment for corrobarating evidence. But the keystone coppers didn't realize his Tor-server was running 500km away and didn't bother to confiscate that server. The blogger tried to explain as he was being arrested that he runs a Tor server, but the police weren't tech savvy and so he was taken downtown for questioning. His wife also got a good scare from the police "visit".
Apparently the blogger has lost his "civil" courage and fighting for the right to keep a Tor server up-and-running. He writes, "The consequences: I’ve shut down my Tor-server. I can’t do this any more, my wife and I were scared to death. I’m at the end of my civil courage. I’ll keep engaged in the Tor-project but I won’t run a server any more. Sorry. No."
Ironically, while doing a security audit of TMC's network, I discovered the former IT administrator accidentally left a static IP address mapping to an ISA Server 2004 proxy server. Using a packet analyzer I noticed viagra spam and other spam being sent out via the proxy server. I also noticed Tor traffic was taking advantage of the open proxy server. I shut that down real quick, but just imagine the liability for TMC if someone did something illegal via this open proxy. Relatedly, home users better think twice before setting up a WiFi access point - even with WEP turned on, this can be cracked in 5 minutes. I bet home insurance companies will soon have to offer a separate liability insurance or additional fee to their home insurance policies to cover Internet crimes being perpetrated by criminals using an unsecured or hacked WiFi access point.
In any event, while the charges were eventually dropped, he incurred lawyer fees, and is attempting to recoup them by suing. Though he writes, "They stopped the investigation. I’m sitting on a pile of bills from my lawyer no one except me has to pay. I’ll sue for compensation, but I don’t think that this will lead anywhere."
So all you civil libertarians that think the Internet should be a free-for-all with no consequences better take note. While this happened in Germany and I'm not sure if Germany has a 1st Amendment equivalent, the idea or principle that "freedom of speech" is "free" is far from true.
More from CNet.
Technorati
Del.icio.us
Slashdot
Digg
twitter
I am astounded at how little you know about our software, considering you say you've actually read an article on it.
Tor was originally created by the Naval Research Lab for use by US military personnel in the field.
The NRL realized that an anonymity system that only included military personnel wasn't very anonymous -- it meant that the user could immediately be identified as "military." So they opened Tor up to the open source world.
Since then, Tor has been adopted and endorsed by Reporters without Borders, Global Voices Online, Amnesty International, Human Rights Watch... It goes on. National Public Radio's China bureau uses us to file their news stories from Beijing, through the "great firewall."
But mundanely, people in the US use Tor to blog anonymously, to separate their personal and their professional lives. For example, a lawyer in a US state capital uses Tor to shield his blogging about local politics -- an activity which might irk all his law partners and half his clients.
We are funded by the folks who do Voice of America and other free speech/journalism interests around the world. We're waiting for a donation to arrive from Human Rights Watch. I spoke at an international Amnesty International conference in June, and our panel on "Blogging where Speech isn't Free" was 7th best rated panel at SXSW this year.
We are not a P2P network, we're client server. But that's the least of your misunderstandings.
The US wouldn't be an independent country without anonymous political speech. We don't slit the mails because we know there are bad things traversing them. We don't tap phone calls without a warrant (ideally). Why should your expectation of privacy be lower online than it is offline?
Yrs,
Shava Nerad
Development Director
The Tor Project
Shava,
Thanks for the background and clarification. I only recently (& briefly) read something about the Tor network about a month ago. I may have mis-remembered what I read, though I know P2P was mentioned with Tor.
For instance, this site mentions P2P with Tor:
http://www.afterdawn.com/news/archive/6945.cfm
Even the Wiki mentions Tor with P2P:
http://en.wikipedia.org/wiki/Anonymous_P2P
From the Wiki: "Governments are also interested in anonymous P2P technology. The United States Navy used to finance the development of Free Haven's onion routing Tor network for politically sensitive negotiations and to aid in hiding the identity of government employees for intelligence gathering work."
So I'm not totally off my rocker. Besides, my article wasn't meant as a backgrounder on the Tor architecture.
But I do appreciate you explaining all the various uses for Tor. Let me just point out that I did "retract" my statement about its legal uses and pointed at China as an example.
Nevertheless, you gave some other great examples for legit uses, so I appreciate the comment and further clarification.
There will be real hard fight between these type of networks and goverment because this networks are really anonymous and havn't backdoors. Some more serious incidents could happened involving Tor and other such networks.
Shava, wonder what is the TOR's development team take on the incident described here? The traffic gets decrypted on the exiting TOR server, so... Are there any measures that a TOR server operator could take to protect oneself from legal charges, if any? I am not sure that a TOR server operator in US would end up much better of then our German friend; the story is not very encouraging.
Also, with a hope to help clarify P2P: my understanding is that a typical TOR connection is from a TOR client to a TOR server to a TOR server to a TOR server... to the desired destination. The TOR servers act as peers, hence P2P.
hi anonymous web communications is vital for human expression. This may be misused by some but if it is used to commit a serious criminal act then no system is a 100% anonymous. Given enough resource and time identities can be found. In the file sharing world there are many such systems one of the most popular being Dargens p2p (www.Dargens.com). This has end to end message encryption as well peer to peer ecryption.