Hacker News new | comments | show | ask | jobs | submit login

It's still stupid though. It's like raiding the mailman's house for delivering an illegal letter with no return address. Sure, it could have been sent by the mailman, but it could have been sent by anyone. There isn't any more reason to suspect the exit node operators than anyone else in the whole world who could also have used the exit node.

I disagree. I like Tor so I'm kind of advocating the devil here, but although anyone could have used the node, it would be way too easy if any child pornography maker could install Tor and be completely exempt from checkups.

It's more like raiding the return address even if it says "I was just forwarding this, this is not the actual return address".

Anyone savvy enough to [run a Tor exit node](https://blog.torproject.org/running-exit-node) to obscure his or her network traffic could more easily do so by using [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en).

And this return-address analogy needs to include the fact that a Tor node operator is cryptographically prevented from tracing backward toward the sender.

If you're messing around with CP, why would you want to use your own exit node though? Why not just use someone else's? I suppose it might help mitigate the risk of de-anon attacks on the Tor network, but it still sounds pretty sketchy.

There's no guarantee you would use your own node. It's entirely possible that the police could find actionable evidence on his systems even if the initiating evidence wasn't actually because of him. Sort of like a police office seeing what looks like a beer bottle in a drivers hand and pulling him over, only to find it's a rootbeer bottle, but the driver actually is drunk.

To make it fit this case, the police know it's root beer before they pull the driver over, but they do it anyway.

To make it fit this case, they got an anonymous call about drunk driving with a car that fits the description. It looks like it's just a root beer bottle, but it's not out of the question (IMHO) to stop the driver and make sure.

If "root beer" is tor traffic, and "beer" is illegal non-tor traffic, then they got an anonymous call about the driver holding a bottle. No evidence of drunkenness.

Well, not quite, but eh I can't make it perfect, it's a throwaway analogy.

No, the police showed up because a a report of child pornography was traced to his ip. An actual crime was reported and followed up on. Let's not lose that point, it's important.

An actual crime, but they knew they had no good guesses about who committed the crime.

More apt, they saw him swerving in his lane, while driving with a root beer bottle.

Ah, the joys of Gettier.

Eh, its a yomi thing. At level 1 you want to run a node because the police will ignore you. It doesn't become a bad play until the police are on level 2.

More like, they'd do CP and run a node in the background as an afterthought just to cover.

You have this backwards. The only person in the world who can be suspected of having originated that traffic is the person from whose network the requests can be seen originating. There's no way for law enforcement to know he didn't make those connections until they investigate, and thus (as others have said on this thread) it would be dereliction of duty for the officers not to have raided him.

If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.

Cost of doing business. If standing on principle was free, it would be unremarkable.

That cost of doing business is unacceptably high. It amounts to, "run a tor exit node, lose your 4th amendment rights... and your 5th amendment rights, if you want to keep your hardware... and consider your hardware compromised."

Who's going to run a tor exit node if that's the legal precedent?

It's also pointless. While it's possible for a CP collector or distributor to run an exit node as cover, why would they when they can just use tor for real for all their CP dealings?

Think of the ultimate consequences. Such a legal precedent would have CP and other criminal activity causing more collateral damage rather than less. If all it takes to get most tor exit node operators to shut them down is engaging in illegal activities that will draw the attention of the authorities, then I can imagine a lot of countries' intelligence and military services would have an interest in engaging in criminal activities using U.S. tor exit nodes to reduce the available pool of tor exit nodes.

> The only person in the world who can be suspected of having originated that traffic is the person from whose network the requests can be seen originating.

The IP address presumably actually belongs to the exit node operator's ISP. By this logic they should be raiding them instead.

> There's no way for law enforcement to know he didn't make those connections until they investigate

There's no way for law enforcement to know that you didn't make those connections until they investigate. That shouldn't be justification for raiding you, should it?

> If you're going to run a TOR exit node, which you are absolutely free to do, you have to expect this to happen from time to time and be prepared to explain why you are not responsible for the traffic you appear to have originated.

They already knew it was an exit node.

> If standing on principle was free, it would be unremarkable.

That is a very poor justification for unnecessarily making it more expensive.

Should they investigate libraries and coffee shops as well? How about the offices of businesses that offer VPN-based proxy services? Homes of those businesses' staff?

Absolutely. If a business is offering services that a customer is using to commit a crime, the police wouldn't be doing their jobs if they didn't go down and ask for logs.

You're conflating a raid with "asking for logs." If the police only asked the exit node operator if they had any logs there would hardly be any objection.

No it sounds actually like good police work.

Running a Tor exit node shouldn't give you some blanket against police investigations.

Pretty sure no one was claiming it should. Rather they are claiming that the police should be required to collect evidence showing probable cause. If raids on tor nodes find CP more then 50% of the time then yeah they are collecting enough evidence. But if they don't then the police are in violation of the Constitution.

You are correct. The thing that should give you the blanket against police investigations is the fact that an IP address does not identify any particular person, and never has. It identifies--temporarily, I might add--a network interface.

A warrant based on an IP address should be specific to the computing device associated with that IP address at the time it was logged. The cops should never be able to threaten someone with additional seizures--beyond what is specified on the warrant--to coerce cooperation.

"...The computing device associated with that IP..."

Just the NAT router? Computer(s) behind the NAT router? Phones which have wi-fi and may or may not have been on it at the time? Computers on the other end of the site-site VPN which routes traffic out that NAT router to get around Geo IP restrictions? Any computer in the world which has TOR installed and therefore may have been "behind" that NAT router?

The Internet is really complicated, how specifically would you write that warrant without details of the network design?

Those defenses - whilst valid in many cases, and for many reasons - also are a core part of the "reasonable" in "reasonable doubt".

Many conflate reasonable doubt with "any doubt whatsoever", and think that any excuse that can be concocted which is technically feasible is an alibi. "But Your Honor, it is possible that someone snuck into his house, spoofed his MAC address to get on his Wifi, used that to download this and that, and then left undetected!"

So there's a standard of reasonability, and there should be corroborating evidence.

Should, at least. In theory.

Beyond reasonable doubt is the standard at a criminal trial. To conduct a search, you only need probable cause, which is a lesser standard.

But if it is not reasonable to believe that an IP address is connected with a person, it is not justifiable to search or seize anything else that person may own or possess, beyond the particular device identified by the IP. I don't think an IP address alone is sufficient to even meet the probable cause standard.

It is also possible that someone with authorized access to his computer used an unsecured browser to view a compromised advertisement on an ordinary website, which recruited the machine into a botnet, which used infected machines as a distributed filesystem.

It is also possible that a wardriver with a cantenna brute-forced his Wi-Fi WPS PIN and extracted the WPA password, obtaining easy access to the network.

It is also possible that the ISP regularly refreshes its IP leases, and gave the cops identifying information for the customer who had the IP at the time the request was made, rather than the customer that had the IP at the time the suspicious traffic was logged.

None of those scenarios are necessarily exculpatory alibis, but they may cast doubt on any hypothesis that purports to connect an IP to a particular person.

In practice, warrant-signing judges seem to believe that an IP address is analogous to a postal address, possibly because it also contains the word "address", which may be conceptually ingrained into their minds as a permanent physical location.

> The Internet is really complicated, how specifically would you write that warrant without details of the network design?

You've discovered the fundamental problem. You can't. An exit node IP address is completely useless for that purpose because it tells you nothing about where the ultimate endpoint is. The person who actually did it could be in Brazil or Korea or on the International Space Station. You have no actual information on which to base a search.

There is at least a reasonable argument to make that for most residential IP addresses the devices that use the IP address are in the same building as the NAT router. And then you have an obvious solution: You look at the NAT router and then you look at the devices it has given a DHCP lease to, as in most cases there will only be a small number of them which will be in the same building.

But that isn't always the case. The NAT router or one of the devices behind it could be routing traffic for a very large number of machines, e.g. an entire corporation or all of a small ISP's customers or a coffee shop's public wifi. And in those cases the number of different machines controlled by different people is large enough that the IP address no longer identifies anything with enough particularity to justify searching all of the possibilities.

Tor and other open proxies are the extreme far end of that spectrum. It could literally be anyone in the whole world. The IP address tells you nothing at all. And if you know it tells you nothing at all, it provides no justification to search anything in particular.

I wonder if it wouldn't be prudent, if you wanted to run an exit, to pay for dedicated static IP, maybe even on a totally different ISP. Hard to guess what the warrant would cover, exactly, in that case (probably still a free pass to all your machines). Of course, it's easy to imagine the opposite situation, where someone connects an exit node to ${random neighbors ap}, with terrible results.

I would have said the same, if it were not for the police's unnecessary and demeaning execution of their warrant at 6:00AM. If the police knew he was a tor exit node operator, then surely they could have executed this search at a more reasonable hour?

When planning an operation like this you need to plan for a time when the suspect is likely to be home. I imagine the most likely time someone is to be home is right at their regular waking time (people often get home at different times). Additionally, 6:00 AM is not excessively early for a large swath of the population. It's not a convenient time, but when is?

I couldn't help but imagine the police sending a request to view his outlook calendar while reading your comment.

At least he still has intact ear drums and door frame. Sounds fairly reasonable at least by contemporary standards.

They didn't seize the house either

A. That's not what "demeaning" means.

B. As others have said 6:00 AM is among the most likely time that most working professionals will be home.

C. I'm not sure what his status as an exit node operator has to do with the hour at which a search is executed?

Like at an hour when kids are up and running around maybe just on their way to school?

But a no knock swat raid killing people's dog is more fun

And that's what we get when simple possession of an image is a statutory crime with no means rea.

I can watch videos of people getting killed on reddit. I can watch rape videos. I can even watch videos of horrific crimes....

But how dare I watch someone under 18 get naked through a computer. Even if that someone is myself. The worst part is that, while in most other crimes, account for intentionality is considered. (Something falling in my cart while I walk out the store isn't shoplifting, yet shoving something in my pocket is.) Instead this "crime" frankly shouldn't be. It is proof a crime took place however. Its too easy to have a potential dangerous image... even from hosting a Tor gateway

Edit: at absolute minimum, there should be a mens rea requirement where possession or transmission of child pornography took place.

Congratulations, you're now on an FBI watch list.

In honestly though, you're not wrong. Richard Stallman has his controversial stance on child porn as well and I tend to agree with him. It is really really bizarre that modern western society doesn't seem to have a problem with video of soldiers shooting up little kids in Baghdad, yet a picture of a teenager showing her breasts to her boyfriend via text is instant grounds for being locked up (in Australia there is a zero tolerance police and teenagers have gone to jail and are on sex offender registries for just that; although their sex offender databases are confidential and not as fucked up as America's).

However, sexual assault on children is a heinous crime. It's sad and destroys the lives of kids who parents hope to keep from getting tainted by the world as long as possible. It's not unjustified to hate this crime to the degree which it is, but it's also kinda bizarre we don't treat videos of kids getting shot the same way. People get off on that stuff too; sexually.

What's even more interesting about this case is that the police knew CP was downloaded from his IP address. That might because the United States has mandatory ISP reporting, or potentially his IP was found on a raided website:


I'm more interested in how that information was obtained, and whether that process involved violating the rights of individuals of people not associated at all with any crimes.

> Congratulations, you're now on an FBI watch list.

I'm not surprised. Considering I work with Tor extensively, along with cryptocurrencies and other 'interesting stuff', I guess I fit right in with the tech crowd on there.

I'm all for just punishment, from which I think pedophilia is most certainly a crime. It gets... fuzzy around a lot of areas though, especially after puberty up to 17. The law, frankly, is just a total mess. Sex- OK, sext- CP, fake license- pedophilia.... on and on.

Pedophilia is a psychiatric disorder.

Pedophilia is a sexual orientation. Nobody chooses to be attracted to kids.

Homosexuality was viewed as psychiatric disorder not too long ago as well. Although some people still think it is - are you one of them?

Whatever. If they can't control their urges, and they sexually abuse people whom can't give consent, they need to be put away.

Whether that is a mental health asylum, prison, or somewhere/somehow else, so be it.

I don't think they should be abused either, as it's a popular trend in the penal system to use rape as an informal deterrent for criminals.

So is homophilia, in many parts of the world or (even recent) history.

Um, consent? Two 'homophiliacs' can agree to have sex with each other. Not so much with the other one...

The *philia range of words do not describe physical acts, much less "having sex". They merely describe the object of one's affection.

Or do you believe that e.g. audiophiles hump their speakers, and bibliophiles use the library for public orgies?

> Or do you believe that e.g. audiophiles hump their speakers

Well, yes. But only because it's really easy to imagine after browsing their forums.

Tip of my hat to you, good sir! LOL.

The laws on child pornography are obviously formulated with pedophilia / child molesters in mind. Unfortunately, the laws ended up being a typical moral panic mess and ended up being overly harsh and broad. Minors charged with child pornography for sexting each other completely undermines the original intent of the law, in my opinion.

I'm curious what the laws / regulations would be for general social media, image hosts, and other businesses that host user content. It's pretty much a given that at some point, there will probably be some illegal content uploaded onto it (including potentially child pornography). In some ways, a Tor exit node sort of falls under that same boat: you are indirectly passing information generated / requested by users.

Now, Twitter or Facebook doesn't going to get raided / computers confiscated every time an illegal image passes through their network. But I'm sure the police may ask questions during investigations (and I'm sure the companies comply as best they can). So I honestly think what happened here is fine. (I'd think differently if the police automatically confiscated computers and trashed houses of Tor exit nodes for no reason.)

I forget where I read it, but being on the BSD mailing list also put you on said FBI list.

I'm sure I'm sitting nice and pretty on several lists.

What's even more baffling, in many countries even virtual child porn is illegal. Drawings, computer-generated graphics, adult actors pretending to be children, ... everything. Personally, if pedophiles want to jerk off, I'd prefer they used fake child porn instead of actual kids.

The mailman is operating on behalf of the postal service. Since the postal service is basically the government, that's confusing, so let's say that we're talking about a FedEx delivery person delivering content that is inherently illegal. (Perhaps it's a controlled substance with no medical uses, perhaps it's counterfeit money, perhaps it's a chemical weapon, etc.)

It seems to me that it would be patently unreasonable to raid the FedEx employee's home, but it would be perfectly reasonable to hold FedEx the company responsible for not delivering such things. If it happened once, sure, raiding them is excessive. But if the government knew that FedEx, by design, actively did not care what they were delivering and made it hard for themselves to figure that out until it's loaded onto a truck for local delivery, and they had evidence that some drugs or weapons were being delivered, then sure, raiding the local FedEx distribution center and searching it seems within the realm of reasonable actions. Seizing all packages at that distribution center would be unreasonable, but the analog (seizing the computers) didn't happen.

Isn't that how UPS and FedEx actually work? You can go to FedEx with an already-sealed box and pay them cash to deliver it. They don't know what it is, they're not going to open it, it could be anything. Presumably they have some kind of policy against illegal substances, but how are they supposed to verify that? Some of the packages they deliver most certainly are narcotics or child pornography or some other illegal thing.

You're saying that should justify the FBI going to all the FedEx hubs and opening all the packages to check for various illegal stuff?

I do in fact think that if the FBI knew that certain people were using FedEx to reliably traffic in illegal substances inside sealed boxes, they would put pressure on FedEx to make it stop somehow, and raid them if they flatly refused. This might involve having them open the packages, but it more likely involves them identifying the people who these boxes come from and go to, and having them drop them as customers. And I am pretty confident that this does happen, because the profession of drug smuggling continues to exist, and druglords aren't just outsourcing their logistics to FedEx and UPS. I certainly agree that some fraction of their packages are illegal, but it's not straightforward to use the service this way.

Unlike UPS and FedEx, Tor makes this straightforward, and also tries to avoid knowing the identities of people who are sending things via their service. So the police don't have that option.

(Note that the above is simply a description of what Tor is currently doing, as I understand it, and not an attempt to make a moral judgment one way or the other as to what Tor should be doing.)

Drug smuggling continues to exist because drug smuggling is wholesale and FedEx is retail. And FedEx wouldn't know to provide security to prevent competing dealers from holding up their drivers.

I suspect that package services are used with high frequency by criminals without these constraints, e.g. the ones committing mail fraud. The police deal with this not by searching the contents of random packages but by arresting the actual perpetrators regardless of what they use for a delivery service.

There seems to be a common impression that if the police can't find you using one specific investigative method then they have to give up and go home. There are hundreds of different ways to catch criminals. Most of the ones people complain about the police losing are ones they never traditionally had to begin with.

Not really. The mailman is operating on behalf of the government with specific policies and laws associated with it.

Tor is more like you operating as a volunteer delivery guy who is willing to pick up a locked box anywhere in the city for free and drop it off anywhere else that is requested. You have no idea what's in the box nor who you are picking it up from or dropping it off to.

Right--a common-carrier delivery service, like UPS, DHL, or FedEx, only they cannot snoop into the clients' private business, and clients are by design anonymous.

Yeah, but if they are aware of the "type-of-content-that-may-be-in-the-box" can be illegal or inappropriate. It's still their fault to deliver.

This doesn't stop police from raiding them.

Common-carrier delivery service, like UPS, DHL, or FedEx are "aware of the "`type-of-content-that-may-be-in-the-box'." They are not held responsible for the actions of their clients of which they are unaware. The same holds true for telephone companies, Internet backbone providers, Internet service providers, and more. The same should hold true of Tor exit node operators.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact