Hacker News new | comments | show | ask | jobs | submit login
Tor exit node operator raided in Austria (lowendtalk.com)
495 points by Nyr on Nov 29, 2012 | hide | past | web | favorite | 310 comments



It seems like a lot of people are objecting to the raid/seizure itself in addition to the possibility of conviction, so I have a question. Is it reasonable for the police to investigate an exit node operator for traffic coming from his node, even if they know he's an exit node operator?

The way I see it, it's their job* to determine whether the traffic in question was relayed, or whether it was the exit node operator himself generating that traffic. In an ideal world, they could just call him up and ask nicely - but if he was actually guilty, he'd say "No, no way it was me!" and immediately start destroying any evidence. On the other hand, raiding someone's home or server rack and confiscating all of their computers isn't a great solution if most exit node operators are not guilty themselves.

I'm not aware of a good solution that avoids inconveniencing exit node operators without giving them some kind of blanket immunity to investigation that goes beyond just relayed traffic.

* - I'm aware that this might be impossible, but you can't know whether it will be ahead of time. It's possible that they could raid him and find no proof, even if he's guilty. It's also possible that they could raid him and find exactly what they were looking for. Like many investigation tactics, there's no guaranteed payoff.


In the strict public policy sense you could argue the raid/seizure either way; The pro-raid argument would go "This activity harms society by allowing criminal activity which is part of the economics of exploiting children, thus it is right for the state to step in and make these raids to identify and contain those threats." Then you could make the anti-raid argument, "The economic disruption of taking a legitimate business off-line and possibly causing irreparable harm to innocent citizens does not warrant such a drastic measure without solid evidence of complicity in the commission of a crime."

In the United States there is an analogous situation which is that of the 'high speed pursuit.' In the pursuit situation the officers have strong reason to believe the driver of a vehicle was involved in a crime and seek to arrest them. The driver of the vehicle doesn't want to be arrested and so they drive away quickly. If the officers give chase, they greatly increase the chance that harm will come to innocent bystanders. If they don't give chase they risk losing their suspect. Generally those debates come down to things like "what crime might they have committed?" and if it was failure to stop for a right turn, that is seen as not being as 'reasonable to chase' as hit and run vehicular manslaughter.

I tend to fall into the "Do the police work to figure out who the crooks are and if you need the co-operation of an end-node provider then get a warrant to compel that co-operation." But I also have spoken to officers who feel that such restrictions are 'red tape' and keep them from doing the job they were paid to do.

In this particular case we don't have the police version of the story. Perhaps they think this guy is complicit? Did they raid/seize any other end nodes? Did they have a warrant and what did it say? Had this person been involved in other questionable activities? "Presumption of innocence" is not a principle that extends outside of US borders so its always difficult to contextualize police action in other countries to Americans who take their constitution for granted.


> "Presumption of innocence" is not a principle that extends outside of US borders so its always difficult to contextualize police action in other countries to Americans who take their constitution for granted.

Sorry, what? Within America, that principle ultimately derives from English common law (from which the legal systems of most former colonies are derived). Moreover, it is a specific part of the European Convention on Human Rights, to which all EU members are party.

Of course it doesn't necessarily apply everywhere in the world (though it'd be foolish to expect any legal doctrine to apply universally, although in this case the doctrine is part of the Universal Declaration of Human Rights, which makes it about as close to universal law as is possible) - but it clearly extends beyond the borders of the US (and in fact, the notion of it 'extending beyond the borders' is pretty offensive, as it suggests the US as the origin of the principle).


Its actually better this is happening out side the US. Simply possessing CP in any format, with or without knowledge or consent is illegal. A handful of smart people have written about the situation (and its been featured on HN in the past). In the US, he would likely be far worse off.


> "Simply possessing CP in any format, with or without knowledge or consent is illegal."

From a recent New York State supreme court decision [0], citing federal law on page 12: "to possess the images in the cache, the defendant must, at a minimum, know that the unlawful images are stored on a disk or other tangible material in his possession". And on page 14, "a defendant cannot knowingly acquire or possess that which he or she does not know exists".

Variations of the word "know" appear over and over again in the decision, particularly in the line "knowing the character and content thereof." All three judges concurred on this point -- possession requires knowledge.

[0] http://www.nycourts.gov/ctapps/Decisions/2012/May12/70opn12....


> "Presumption of innocence" is not a principle that extends outside of US borders so its always difficult to contextualize police action in other countries to Americans who take their constitution for granted.

What? There's nothing particularly American about the principle, it's an accepted core tenet of all democratic countries and many of the others.


There is a wide spectrum for how strictly "presumption of innocence" is followed in various societies in practice though.

The creator of the Winny filesharing program in Japan was dismissed from his Tokyo University Research Assistant position as he went to trial:

"On May 10, 2004, Kaneko was arrested for suspected conspiracy to commit copyright violation by the High-tech Crime Taskforce of the Kyoto Prefectural Police. Kaneko was released on bail on June 1, 2004. The court hearings started in September 2004 at Kyoto district court. On December 13, 2006, Kaneko was convicted of assisting copyright violations and sentenced to pay a fine of ¥1.5 million (about US$13,200).[3] He appealed the ruling. On October 8, 2009, the guilty verdict was overturned by the Osaka High Court.[4] On December 20, 2011, Kaneko was cleared of all charges after a panel of judges agreed that the prosecution could not prove that he had any intention to promote the software for illegal use.[5] [6]" (http://en.wikipedia.org/wiki/Winny#Criminal_procedure)

He was definitely treated by society as if he were guilty of the crime as soon as he was arrested.


By that standard, suspects are often presumed guilty by society even in the USA (for instance, suspected rapists and other sex offenders). The presumption of innocence is still considered one of the core principles of democracy and/or the rule of law.


Its a fair point, its much more codified elsewhere than it was at one time. And to be fair the US has been doing things like locking people in Guantanamo without due process which is disturbing in itself. The point I was trying to make clear was that I recognize trying to interpret a story involving the actions of a the police in a country which doesn't have the same legal climate as the one I live in, it fraught with dangers in making assumptions that don't or won't hold up.


'common law' countries, not 'democratic' countries.


Which would make my sentence: It's an accepted core tenet of all common law countries and many of the others. Well, I suppose that's still true! But I don't think the tie to common law is stronger than the one to the US; it's an almost universal principle.


My point is that it's a core tenet of the common law system, not a core tenet of democracy. Allowing your citizens to vote does not automatically mean that they have a presumption of innocence. It just means that they can vote.


"Presumption of innocence" is not a principle that extends outside of US borders so its always difficult to contextualize police action in other countries to Americans who take their constitution for granted.

No, many countries have "innocent until proven guilty" laws/standards.

e.g. Artictle 6.2 of the European Convention on Human Rights (ECHR) ( http://en.wikipedia.org/wiki/Article_6_of_the_European_Conve... ) says:

> 2.Everyone charged with a criminal offence shall be presumed innocent until proved guilty according to law.

The ECHR is more than just EU, e.g. Russia is bound by it. (USA is not and would be in breech of it because they have capital punishment).

Article 48.1 of the Charter of Fundamental Freedoms of the European Union ( http://en.wikisource.org/wiki/Charter_of_Fundamental_Rights_... ):

> Everyone who has been charged shall be presumed innocent until proved guilty according to law.


"In the United States there is an analogous situation which is that of the 'high speed pursuit.' In the pursuit situation the officers have strong reason to believe the driver of a vehicle was involved in a crime and seek to arrest them. The driver of the vehicle doesn't want to be arrested and so they drive away quickly. If the officers give chase, they greatly increase the chance that harm will come to innocent bystanders. If they don't give chase they risk losing their suspect."

I think any similarity in these situations is only superficial. In a high speed pursuit, the suspect is alerted to the police's interest in their actions and chooses to run, which is an indicator the suspect has something to hide as well as a crime in itself. The act of running from the police is breaking the law.

The exit node scenario is nothing like that--the person being raided is not aware of the police interest and there is no evidence the operator committed a crime. Even if the the suspect was notified in advance and refused to willingly submit their equipment for investigation, it still wouldn't be the same situation unless they were legally compelled to provide the equipment.


In the United States there is an analogous situation which is that of the 'high speed pursuit.' [...] If the officers give chase, they greatly increase the chance that harm will come to innocent bystanders.

Not only that, but they increase the risk to the person they are pursuing. It is general policy for UK police not to pursue motorbikes whose riders aren't wearing helmets for this reason. Presumably causing the person to die in a crash is worse than most offences they would be pursued for. It would also cost the taxpayer a lot more.


>Is it reasonable for the police to investigate an exit node operator for traffic coming from his node, even if they know he's an exit node operator?

Realistically, no. It's a fishing expedition -- it's like raiding the phone company's offices when someone has used a prepaid burner phone because they have the ability to spoof the IP address or phone number of any of their unidentifiable customers. There is no more reason to suspect that the exit node operator is at fault than any other ISP. Especially given the amount of harassment these raids cause for the victims -- can you reasonably state that the police should be able to enter a telco hotel and shut down and confiscate all of the equipment because not all of the traffic passing through it can be traced to an identifiable source? If not then what makes this different?

>I'm not aware of a good solution that avoids inconveniencing exit node operators without giving them some kind of blanket immunity to investigation that goes beyond just relayed traffic.

The solution is to rely on less disruptive investigative means until sufficient evidence is available to determine whether the exit node operator is the likely source of the traffic. For example, get a warrant and wiretap their phone and email and see if they're trafficking in illicit materials through those channels. Have an undercover cop chat them up and set up a sting if they're doing something illegal. Standard police work.


The fundamental misunderstanding here is that police (and, down the chain, other authorities) actually care about the nature of an exit node. From their perspective all they see is that this guy's IP address was used to distribute child pornography. All his stuff is gone, and they will persecute him for that offense. In all likelihood the court trial will go like this:

  Defendant: "But I was merely running a Tor exit node!"

  Judge: "What's that?"

  Court-appointed expert: "It's a computer program that allows 
    pedophiles to exchange pictures online."

  Judge: "I see. That'll be 10 years jail time plus court costs. 
    Also, please stand by for your copyright infringement trial
    that came out of searching your computer equipment. Thanks.
    Next!"


You're describing a show trial. Not to say that they don't exist (or are even particularly rare), but if you're in a country that has them, you're pretty well already screwed regardless of Tor or anything else, because all it takes to throw you in prison for a decade or more is for a cop in your vicinity who needs to make his quota to decide he doesn't like anyone with a beard (or anyone without a beard, or people who are taller or shorter than he is, or brown people, etc.)

In countries where you get a legitimate opportunity to make your case, cases like these get thrown out, because the prosecutor is almost always required to prove that you knew the nature of the material, which in the case of an exit node (where "he ran an exit node" is the only evidence), they can't very well do. For exactly the same reason that ISP employees aren't prosecuted for the same thing.

Which brings it back to the issue at hand: You have people who apparently (barring additional evidence beyond running an exit node) are not guilty of the offense in question, but still the police bust into their facilities and steal their stuff. That should not be allowed to happen.


> required to prove that you knew the nature of the material

Actually, depending on the laws of the country, the prosecutor might only need to prove that they "knew or should have known" the nature of the material. Or it might instead be sufficient to prove that the operator "had a reckless disregard" for the nature of the material.

Or perhaps the operator "failed to comply with the regulations for running an Internet service provider, including maintaining logs of customer connections." Which itself might not carry a very harsh penalty, but might also make him liable for criminal acts that others carry out using his illegal ISP.

Disclaimer: I am not a lawyer. These ideas are merely guesses. The things in quotation marks are not quoting anything in particular. I have no idea about which, if any, jurisdictions would accept the legal points my hyopthetical prosecutor makes.


>Actually, depending on the laws of the country, the prosecutor might only need to prove that they "knew or should have known" the nature of the material. Or it might instead be sufficient to prove that the operator "had a reckless disregard" for the nature of the material.

Obviously we can theorize whatever laws we want and there may even be countries that have them that way, but I'm not sure how that distinguishes the Tor exit node from the ISP. Telecommunications services don't generally inspect the content of the packets they route. I wouldn't want to have to argue that that is "reckless disregard" or whatever, though you can certainly imagine overzealous bureaucrats doing so when it suits them.

>Or perhaps the operator "failed to comply with the regulations for running an Internet service provider, including maintaining logs of customer connections." Which itself might not carry a very harsh penalty, but might also make him liable for criminal acts that others carry out using his illegal ISP.

Or maybe there is a specific law in a particular country that outlaws anonymizing services. Or maybe a license is required to operate an information processing device. Your mileage may vary, etc. Consult an attorney.

But it's worth pointing out that keeping logs doesn't get the government anywhere: The only thing a Tor node has available to log is which nodes it's connected to, and those nodes have a high probability of not having any logs or, even if they do, of being in another country where you can't get access to them. That's kind of the whole idea. So if all you're achieving is to get exit nodes to keep useless logs to make them safe from prosecution under some kind of safe harbor, you just end up back at square one.

The question is, do you want to ban anonymizing services or not? And if not, stop harassing the operators.


>but I'm not sure how that distinguishes the Tor exit node from the ISP

I think it's closer to raiding someone who had their wifi unprotected and someone jumped on and did something illegal.

An ISP is a legal entity that has a certain relationship with its customers. This includes identity and at least some form of monitoring (logging and cooperation with authorities). Tor is opening your connection up to anyone in a totally anonymous and encrypted way. This is not to say that the guy is guilty or even that it's right to raid him, it's just saying that I don't think it's fair to argue he has similar legal protections. In the case of an ISP they don't have to raid them, they just show up with a subpoena and the ISP coughs up the info.

>The question is, do you want to ban anonymizing services or not?

I think that is precisely what they want to do.


>I think it's closer to raiding someone who had their wifi unprotected and someone jumped on and did something illegal.

That's what I'm saying. In what world is that a reasonable thing for the police to do? A raid is a thing they should do last, after they already know who they're dealing with and are just sewing up an already strong case against them, not the first thing to do with a suspicious IP address.

>In the case of an ISP they don't have to raid them, they just show up with a subpoena and the ISP coughs up the info.

They could do the same thing to the operator of the exit node and it would get them the same result as the raid (which is to say really nothing useful) without the harassment, at least in the case that the operator wasn't the perpetrator. Which is the same case for the ISP. Nothing stops criminal ISP employees from responding to a subpoena by destroying the evidence and then fingering some ISP customer known to have open WiFi.

>I think that is precisely what they want to do.

Then they ought to stop pussyfooting around and actually come right out and propose legislation to that effect. And if it subsequently gets (or already has been) defeated in the legislature or struck down by the courts then they ought to stop pretending it wasn't.


What you're proposing gives anyone with open wifi a license to do whatever they want and then claim it was someone else, that doesn't make sense either. The likely chain of events is as follows:

1. Criminal activity is observed from an IP address. 2. The ISP is contacted, proper permission is received and a wiretap is set up 3. Further traffic patterns are observed 4. A raid is conducted on the owner of the IP address.

At this point there is no need to raid the ISP because the traffic can be traced back farther than the ISP to a more specific place. In the case of the IP, the traffic essentially ends at the owner of the IP. It can't be tracked back any further so a raid is conducted to move the investigation to the next level. If the ISP didn't log or wouldn't turn over information, the ISP would be raided, I imagine.

Obviously running a TOR exit node, open wifi or ISP can't be a blank check to get away with crime. Once the investigation was stopped, the next logical level was to get more information from the last place it was seen (the IP owners equipment).

>Then they ought to stop pussyfooting around and actually come right out and propose legislation to that effect.

This assumes that "they" is a single unified entity with a single, unified goal. Very likely there are people who want to discourage this sort of activity without the trouble of actually legislating it. That's obviously wrong, but it happens all the time, often totally benignly, in this case much more maliciously.


>At this point there is no need to raid the ISP because the traffic can be traced back farther than the ISP to a more specific place.

It seems like you're still not distinguishing it from the exit node: In order to set up a wiretap, the ISP is going to know about it (it's their equipment). If the ISP employees are the criminals then getting a wiretap for the customer's IP address that they've been spoofing is going to tip them off. If you're not worried about that for the ISP then stop worrying about it for the exit node -- in which case you could do the same thing, require the exit node operator to install wiretapping software on the exit node and trace the traffic "back farther than the [exit node] to a more specific place" (i.e. the next Tor node in the chain). It still doesn't get you anything, but neither does a subpoena to the ISP that just leads you to an otherwise-clean exit node.

>Obviously running a TOR exit node, open wifi or ISP can't be a blank check to get away with crime.

People keep saying this -- it's wrong twice. First, just because you can't do a smash and grab police raid doesn't mean you can't do an investigation. Digital forensics are crap anyway -- way too easy to forge. (Criminal installs remote control software on some poor sap's PC to do dirty work, secure removes it when finished and everything ends up pointing to the sap.) Try doing some actual police work, interview suspects, look at the illicit materials to see if there are clues from the background, on and on. And after you've done your homework, if the evidence still points to the exit node operator (instead of just the exit node's IP address), then you do a raid.

But perhaps more importantly, how is it the operators of the anonymizing thing who we are worried about getting away with something? If you know enough about Tor to set up an exit node and you're a criminal, you can just use somebody else's exit node instead of setting up your own. Or hop on some public wifi, or break into some sucker's PC to use it as a proxy, etc. If the police have successful methods to catch those criminals, then use them against the criminal who hides under an exit node instead of raiding it.

And if not, well, that's life. A police state is very helpful to the police. The cost of not having a police state is that some criminals get away with it. It's the cost of doing business in a free society.

>That's obviously wrong, but it happens all the time, often totally benignly, in this case much more maliciously.

Which is why they ought to be stopped. Government malfeasance is all but universally a more serious problem than private malfeasance, because a good government can often save you from bad private actors, but almost nobody can save you from a bad government.


You're creating all sorts of situations and "what-ifs" and "buts" that don't fit the facts. We don't really have any idea what kind of investigation was conducted, or what other steps they have taken before this point. I don't imagine police in most democratic societies -- especially ones with robust free presses -- conduct raids lightly.

Furthermore, it's not really the police's job to interject possibilities into this situation. Phrases like "digital forensics are crap -- way to easy to forge" and "If the ISP employees are the criminals then getting a wiretap for the customer's IP address that they've been spoofing is going to tip them off" and "if you know enough about Tor to set up an exit node" don't really enter into their though process. The investigation reached a dead end, they got more evidence.

I would like to point out that I don't know the specifics of this case either. I will say, however, that in the US, raids and seizures like this are subject to judicial review. Probable cause is shown and permission is granted or denied. It's not as if the police can just walk in there and take what they want. I also don't feel that police work needs to be held up in the face of new technologies. As the public's access to technology increases, so must law enforcements access to tools to investigate crimes. This is not to say there should not be checks and balances, but that getting a warrant already is a check.


>An ISP is a legal entity that has a certain relationship with its customers. This includes identity and at least some form of monitoring (logging and cooperation with authorities).

This a truth that is really bad for society, and goes against every form of common carrier principles made over the last few hundred years (ever since the postal service started). Is't it a bit odd that as soon humanity was able to identify and monitor everyone, it suddenly became the moral obligation to do so?


Here's a notorius austrian court-appointed linguistics "expert" who became infamous during the trial of animal rights activists accused of forming a terrorist group:

http://images.derstandard.at/t/12/livebericht/1297818651208/...

He claimed to be able to prove with near certainty that one of the defendants wrote some letters and articles whose real authors were named in the trial, by using contrived (and obviously error-prone) text analysis methods some real linguistics experts called absurd.

The defendants were all acquitted by the judge, who was subsequently moved to a much less prestigious job, while the prosecutor was promoted.

So yes, there are show trials in Austria and the defendant in the Tor case hopefully wasn't a political activist.


That's not what I meant. Given the chronic technophobia of the legal system and the current laws, they practically don't have a choice. He's not a telecom company, so he'll be responsible for whatever his IP address hosts. The seedy nature of Tor doesn't help here either.


>He's not a telecom company, so he'll be responsible for whatever his IP address hosts.

I would challenge you to point to a specific law that actually says that. I'm not saying you can't (there are a lot of countries in the world with a lot of ridiculous laws), but what you're saying would prohibit internet cafes, public libraries with computer terminals, coffee houses or hotels with wifi, etc., because none of them are telcom companies and they allow unauthenticated or poorly authenticated members of the public to use their IP address.

The truth is complicated. But if we're trying to get things to work how they should work, raiding Tor exit nodes just because they're Tor exit nodes is not in the cards. Even if the existing laws are defective in some jurisdictions, they can be fixed, and in the meantime police and prosecutors are very often allowed the discretion to not go out of their way to harass potentially innocent suspects. I may be asking too much asking for them to actually exercise it.


If the police are sophisticated enough to track illegal activity to this guy's IP address, then they ought to be sophisticated enough that they will also perform some digital forensics on his computers (not to mention, smart enough that they can probably understand vaguely what Tor does). If he's really involved in something, they will expect to find some evidence of that on his machine. If it's coming from other users, through Tor, then the evidence ought to demonstrate that.


If the guy has a halfway competent lawyer, that is not what the judge will think. This grossly oversimplifies the exigencies of law enforcement versus the courts. Law enforcement is forced to take down things like exit nodes because they have no other way of tracking down the originators. Whether that will stick in court is an entirely different matter.


In all likelihood...

What are you basing that on, exactly?


It's the primary reason why running an exit node on your own is considered an unwise move. That guy is responsible for the IP addresses he uses. A telecom company, on the other hand, wouldn't be.

https://www.torproject.org/eff/tor-legal-faq.html.en


I don't see how that answers my question. A non-zero risk does not mean "In all likelihood" things would unfold as you have depicted them.


It’s a separate issue, but raids and seizures itself are very problematic. The police will usually take everything with them and keep it for months.

That made sense some decades ago when they took mostly binders with paper, now it in itself can act a lot like a punishment. Computers are not just vessels containing data, they are also tools. It’s unreasonable for the police to take away tools for months.


It's probably part of the police mentality of "He's a suspect, that means he's guilty, but if we can't prove it in court we know he'll get off."

So they punish him extrajudicially by taking as much stuff as they can, delaying as long as they can sending it back, and sending it back in as poor condition as possible.

If they Google him and realize he's begging for legal defense funds online, they'll know he's not strong enough to sue them.


That precedent will also need to be tested. Taking someone's equipment, especially when devices are becoming more and more concentrated, is beyond reasonable search of focused investigations. Think about it; when you take someone's laptop, tablet, and smartphone, you are also taking their camera, filing cabinet, scanner, copier, mailbox, picture frames, flashlight, catalog, telephone, gaming console, accounting records, financial documents, pens, wallet, cash money, watches, personal records and records, random people's belongings, keys, notebooks, drafting table, ... and on and on.

What the government in this case, just like all similar cases is doing is essentially as if the FBI came busing into your house and had goons investigating and randomly milling around your house continuously for months if not years. It, at least in the USA, does not hold up against Constitutional protections of reasonable search and seizure. I just don't think it has been tested thoroughly enough.

There is a reason you are not legally just allowed to seal off and load up someone's house, office, business, and cars and keep them hostage indefinitely because some random person may have committed a crime on your property. The precedent for physical evidence has been set and it equally applies to the digital, if tested properly, whether gov't or their corrupt henchmen can wrap their puny, deranged, atrophied, and primitive minds around it or not. Why don't we just go back to the "BAD.....SMASH!" system of legal jurisprudence if blanket taking of everything plus the kitchen sink is ok.


Wouldn't it help if exit node were run by associations renting some office space instead of individuals ?

I mean, the president (and other members) of the association can still be charged with criminal offence, but having a legal structure might help. At least they should raid the association's office instead of the member's homes.


What is the reasoning for taking anything more than the Hard drives?


There's a lot of conversation in this thread about how they take the whole computer.

I can say that in 2006, in San Francisco, the police took just the hard drives out of a tower PC in my apartment. They left the tower itself. (They were after my roommate, but since I had hardware in the "shared spaces", it was impounded along with all of his stuff. It sucked.) They also took all of the laptops whole (including my girlfriend's).

The police held on to the equipment for months. We tried everything short of hiring a lawyer to get it back, but they would not release it until they actually finished the case against the guy and he got out of jail. Then, magically, our hardware was available to come pick up.

Given that they had been working the case for months, I imagine that they were just sitting on the hardware long after forensics was done with it. Punitively, I suppose. Luckily, my employer at the time was very gracious and loaned my girlfriend and I hardware so we weren't completely out of pocket.

When the hardware was returned to us, we had to go pick it up. The guy handing it back over made some asinine comment about "you shouldn't be copying music", and we were free to go. Everything was in bad shape. There was tape all over things, one power adapter never came back, and my girlfriend's external hard drive enclosure was cracked and clearly had been dropped.

Pro tip: if you share space with someone, make sure your hardware lives in your private space. Don't leave your computers in the living room, or they will become confiscated if the people you live with get in trouble.


Don't live with someone who is likely to get raided, either. I've seen the quality of training of local police; if they come in with guns drawn, it doesn't matter as much that you're not even listed on the warrant; you might get shot.


Encryption keys in a TPM? RAID configurations which depend on physical cabling setups? Storage that can't be physically removed? There are a thousand ways that taking the "hard drive" from a computer will end up losing information that would be recoverable with the whole device. It's not really reasonable to expect police departments to do IT foresics on site during a search.

That doesn't mean that the seizure is "justified", but there are no simple answers either.


Amusingly, the time police raided my stuff (well, they went after my roommate, and my stuff was in the living room and got taken along for the ride) -- they took the hard drives out of my media server. It was a software RAID-5 setup.

I imagine that they have the technology to rebuild the drives, but I have always smiled at the thought of some tech sitting there trying to rebuild this and wasting weeks of his time trying to figure out exactly how everything went. (It was actually a really terrible partitioning setup that was non-intuitive, with a "dead" partition that wasn't part of the RAID and used for reduced redundancy storage.)


I have no experience whatsoever in forensics, but here's why I would want all the hardware if someone asked me to analyze a system as a generally tech-savvy guy:

1) Some raids take PCs while they're still on, in order to preserve things like encryption keys in memory or cached passwords. It's possible to transfer a running PC over to a battery-powered outlet for transport, then to lab power for analysis. This would be very useful if the machine was using full-disk encryption.

2) Having a full disk image gives you the data, but the easiest way to see how the data behaves is to actually boot up the machine (after imaging the drives, obviously) and see it as the suspect would. There might be subtle differences in behavior if you use lab hardware rather than the actual hardware, and there's even a chance of something crazy like the suspect using a modified Linux kernel that wipes his drives if it detects different hardware.

3) It's a pain in the ass to remove hard drives in some guy's living room when you can just haul the whole thing back to the lab and do it there. I suspect that laziness generally wins over the inconvenience to a potential suspect.


What needs to be established, is government's requirement to have forensic experts do onsite justifications for what should be taken and then duplicate only relevant data (i.e., not pictures of your girlfriend's booty if not relevant to the case) and make an even stronger case for seizure of hardware based on deep relevance to the matter at hand, which should already have been thoroughly established beforehand (beyond "take anything that has operates on any kind of form of electricity).


But how do you determine what data would be considered relevant? It is possible for incriminating data to hide in plain sight, such as in an image file that looks like a picture of your girlfriend's booty.


The people doing the taking are not technical. Thus, "take anything" is safer than "take these things but don't bother with these other things".

Hopefully the irrelevant stuff can be returned quickly.

It'd be good if forensic images could be taken quickly and then all the equipment returned.


Actually they searched with an expert in my flat, so this would have been possible.


If I'm remembering correctly, when they 'investigate' they ensure that the setup is identical to it's original form - including the same mouse and keyboard.


Depending on the specific laws in Austria, being an exit node operator may make him as guilty as whomever was actually perpetrating the crime. Even if this specific case works out, governments in general won't take Tor or similar services lying down. For every privacy innovation, there is a lawmaker with the will and the means to destroy it.

As Tor becomes a part of more and more investigations, courts and lawmakers will begin to address the issues such networks present. Based on the unsavory reputation of the Tor network as a whole, prosecutors will begin arguing that the exit node operators know of the strong likelihood that they are enabling criminal activity, and will start asking juries to convict them as co-conspirators. If that doesn't work, they will begin lobbying their lawmakers to codify criminal responsibility for them.


It wouldn't be that big of a deal if the cops just searched his computers/hard drives, concluded he wasn't involved in the child porn, and gave him his hardware back with a "sorry for the inconvenience".

But it doesn't happen that way. If Austria is anything like the US, he will never get his property back. So it isn't a temporary inconvenience, he's been punished permanently before even getting a trial. And when this case does go to court, even if he wins he'll be very lucky to get his property back.


I absolutely agree that seizure rules need to be SEVERELY reformed, and that the way that seizures are currently carried out is unacceptable. However, I don't think that it fundamentally changes the situation in this case. Until seizure rules end up getting reformed, law enforcement plays with the hand they've got, not the hand we wish they had. If the choices are between "permanent" seizure or just walking away from a suspect, they'll go for the seizure every time.

Seizing equipment for at least some period of time is absolutely necessary for any kind of forensic examination. It's part of the cost of having laws, and the imperfect nature of human justice means that that cost will occasionally be paid by the innocent as well as the guilty. I agree that that cost should be lower so that innocent people are not unduly punished, but there will always be a cost.


It is reasonable if the government wants to kill the tor network and start censoring internet, by scaring people off running tor nodes. If they succeed in this case more countries may follow, so it is important to win this.


So given that attitude, how do you deal with the problem of exit node operators possibly performing illegal activities themselves? Should running an exit node give you blanket protection from any kind of investigation due to traffic coming out of your network?


I am a TOR exit operator and I strictly follow the guidelines established by the EFF. I never connect to my exit nodes for any purpose other than routine maintenance and when I do, it's well documented: times, purpose, etc. By minimizing my access, I remove myself from suspicion for any activity done through my node.


We either have freedom or speech: sending any data to anyone or we do not.

"He who sacrifices freedom for security deserves neither." -- Benjamin Franklin

I choose freedom.


I believe the quote is "Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.", and it's not clear what essential liberty is being compromised here.


From the Supreme Court ruling excerpted at https://www.eff.org/issues/anonymity :

> Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society.


In what democratic discourse are child porn traders engaged in? Protest over age-of-consent laws?

The idea that some particular speech is protected in the interests of democracy does not mean that all speech is in the democratic interest.


In what democratic discourse are child porn traders engaged in? Protest over age-of-consent laws?

I don't think that is as clear cut as you make it out to be.

But yes, child porn, hate speech and a few other things might not be "essential for democratic discourse". I'm still not convinced censorship is the best tool to help fight the underlying problems. And I do believe the underlying problems (hate, violence, in some cases mental disease) should be dealt with -- I'm unconvinced the media files actually do much harm on their own -- due to the nature of their contents in general.

Now we need laws to limit speech that attacks and harms people (such as being able to prevent people from (legally) distributing pictures and film on the Internet against our will) -- and it is natural that government does that on behalf of those that are not adult and/or have guardians that can do it for them.

But there is a difference between that, and a blanket ban on media based on the imagery contained within.

Child porn would at least be relevant as evidence in a trial, and possibly (with victims not recognizable) in media cover of such a trial.


Right, because facilitating that is the only reason someone might want to operate a Tor exit node....

The relationship between speech, particularly political speech if the distinction matters to you, and Tor should be plain.


Child porn is not a legitimate exercise of the first amendment anymore than shooting sprees are a legitimate exercise of the second amendment. The government has a legitimate interest in stopping such speech, just as it has a legitimate interest in prevent sprees.

So far, the people on your side of the argument have only been able to draw lines in the sand and insist that ISPs and exit nodes are the same. They, and presumably you, claim without justification that "bad" speech cannot be pursued without chilling "good" speech. Your comment adds no real world understanding of this fact: people don't want child porn to be traded over the Internet. Your case that political speech cannot be free unless child porn is free, is uncompelling and lacks nuance.


> Child porn is not a legitimate exercise of the first amendment

>They, and presumably you, claim without justification that "bad" speech cannot be pursued without chilling "good" speech.

> Your case that political speech cannot be free unless child porn is free,

Sigh. Yet another senseless, dangerous, and borderline libellous misrepresentation.

Allow me to strongly state this in no ambiguous terms: I do not oppose laws banning the production, distribution, or possession of child pornography. People who participate in any of those acts should be arrested and given a fair trial by a jury of their peers. I support these laws. I am not, IN ANY WAY, saying, suggesting, or attempting to appear as though I am suggesting, that I think child pornography is protected speech.

Is this clear now?

What I am arguing [snip]

Edit: You know what? Forget it. I am not participating in this discussion at the risk of being so thoroughly misunderstood. Not with this topic. It is not worth it.


Well, you started off with such a contemptuous and condescending tone, but you missed a crucial distinction: nobody is saying that you don't support outlawing child porn, the question is whether or not you prioritize the preservation of hypothetical free speech (the case where speech is so constrained that Tor is the only/best avenue for free speech) over the enforcement of the laws which you feel compelled to declare support for.

So, less yelling, less sanctimonious wailing over how you're so misunderstood -- say how you think your priority of theoretical free speech isn't a de facto endorsement for transmission of child porn.


Endorsing it? What the hell?

I support the reasonable enforcement of the law. You accuse me of endorsing illegal activities for throwing in the word "reasonable"?

I am not defending myself further against your absurd and vile allegations.


http://en.m.wikipedia.org/wiki/De_facto

I'm not saying you support it, I'm saying your position has the effect of defending or perpetuating its mode of transmission.


It does not have the effect of defending, nor the effect of endorsing.

It does have the effect of meaning that some bad guys will get away, but that is how we as a society have agreed that our justice system should work. This is not a de facto defence of crime, nor endorsement.

Imagine how much easier catching bad guys would be if we did not require warrants before searches. Would you accuse someone who insisted that warrants were necessary of in effect endorsing or defending crime?

This is the real world, not a cop movie. We don't get to catch all the bad guys, and we don't get to break the rules to try to catch all the bad guys.

Recognition of this reality is neither a de facto defence nor a de facto endorsement of crime. People calling for proper conduct and moderated response to crime are not, unlike the internal affairs guys or judges who throw out cases for technicalities in movies, secondary antagonists.

I don't mind if you disagree with me when I say that in this case there is a line that should not be crossed without great care. That is a statement of opinion. Justice is an imprecise art, disagreement is to be expected. What I do have an issue with is you accusing me of endorsing or defending the crime, in a "de facto" manner or otherwise. I simply am not, and with this particular crime allegations like these can be incredibly damaging. It is not a joke to me, I have to take it seriously.


A) Chill.

B) You haven't shown that there is something gained by letting child porn traders go, which is worth the cost. With due process, courts and warrants, we know what the upside is -- it's not clear what real benefit Tor provides us in exchange for letting this kind of activity go on. (Well, to me it's clear what the supposed gain is, and that it's not a fair trade)


it's not clear what real benefit Tor provides us in exchange for letting this kind of activity go on

How about letting people in countries like Iran and China have a fighting chance of getting the word out about what's really going on there? Does that count?

How about letting people who are being stalked by creepy ex-spouses or ex-significant others have a chance of doing things online without being tracked? Does that count?

How about letting people who are afraid of reprisals speak inconvenient truths without being silenced? Does that count?

Basically you are saying these kinds of benefits aren't worth the chance of letting someone distribute child porn using Tor. That seems ridiculous to me.


So long as you are no longer accusing me of endorsing crime, I am satisfied with you disagreeing with me.


I never said you endorse it. I said the position which you take has the effect of endorsing it. At the least, the position you appear to support requires a person to ignore this particular crime, or accept it as a necessary consequence. So far you have not explained why this particular feature is something society should accept.

In my opinion saying that there is something so valuable to be preserved that we should countenance the perpetration of a crime to achieve it, is endorsing that crime as a necessary component of the goal. People who endorse due process admit that allowing criminals to escape justice is a necessary feature, and in some sense are endorsing a system where some criminals avoid capture. So are free speech purists endorsing the necessity of a means for conveyance of child porn, so as to facilitate other speech.

That's not the same as saying that free speech purists endorse the porn itself, only the necessity of the freedom to transmit it.


You should have the freedom to transmit it and to face the penalties law imposes.

Free speech does endorse the freedom to commit a crime, but does not endorse the criminal activities themselves.


Yes, as Franklin. But earlier under the alias Poor Richard, it went:

"Sell not virtue to purchase wealth, nor Liberty to purchase power."

http://en.wikiquote.org/wiki/Benjamin_Franklin

I've always found it oddly fascinating that that was originally published under an alias.


As is said on other parts of the Internet, SO BRAVE.

Absolutism on this issue is nothing more than intellectual cowardice. Turning the other cheek.


You don't have freedom of speech. You don't have freedom of speech in the US and you certainly don't have it in Austria.


What does the reality of what freedoms we actually enjoy have to do with what freedoms we should expect others to demand?

I may not have freedom of speech in the US, but I sure as hell can demand it. I expect to be given that freedom, even though I do not expect that will ever happen.


> What does the reality [...]

People have a choice. A person can demand freedoms while obeying existing laws, or they can ignore existing laws and demand freedoms while they're in jail.

Absolutist freedom of speech is not, even in the US, something that everyone wants. Most people are reasonably comfortable with governments restricting access to some items. The list of items and the amount of resistance varies, but restricting speech by preventing people distributing images of child sexual abuse is pretty much established.


I believe you are mischaracterizing the concerns people actually have. I am not particularly concerned about the absolute rights of pedophiles, but I am concerned by what I perceive to be the abridgement of the rights of innocents for the purpose of pursuing the distasteful elements of society. Law enforcement becomes much much easier when you are willing to inflict collateral damage. Uncompromising voices of opposition to that are a welcome foil to those who would see no end to the powers of authorities.


> Is it reasonable for the police to investigate an exit node operator for traffic coming from his node, even if they know he's an exit node operator?

In theory, you are right and the police would probably need to examine his servers to determine whether Tor was involved in this. In practice, they will probably just harrass people in the hope that they will confess and keep his servers for a long time (or forever) because they lack the expertise for such an investigation.


I think the root problem is that modern governments aren't trustworthy with our freedom of speech, which leads people to try to hide their perfectly legitimate free speech activity, but criminals want to hide too so it's an inherently dodgy proposition. The only really good solution is to fix the governments so we can have an era where people can feel free to exercise their freedom of speech without repercussion from barbarians.


No, the root problem is not modern governments, it’s modern social norms. Which, frankly, aren't a problem, they just are. That is why anonymity and security are important, despite the government's position (which will often reflect social norms). Try to engage in unpopular speech and then later apply for a job. Or simply try to be a public figure whilst trying to have some privacy.

There will always be a place for these tools because there will always be people not just governments, who disagree with you and are willing to show you how much.


So, you actually think that social norms are not a problem? Seriously? What about the norms that led Galileo to house arrest, or many to being burned at the stake, etc. etc.?


I think it's a pointless exercise. They just "are", simple as that. Problem or not, there's no point in trying to judge a society by some arbitrary set of rules that really don't understand how it got there or why those norms exist.

My point is that if you feel they are a problem then you need tools to protect yourself while you work to change those "root causes".


It's not "arbitrary" to decide e.g. that German society should not put Jews into a gas chamber. Your ideas here of not judging norms are just deranged and you should fix that, just like societies that have accepted deranged norms should fix them. You may think my standards here are arbitrary but you need to fix that.


The Nazis made sure to eliminate anyone who would obviously be opposed to their goals well before they implemented them on a national scale. That had two important effects: it silenced the voices that would decry them, and had a chilling effect on the rest of the populace.

Hence, why anonymous speech is important. You cannot influence the norms of a society that will kill you or otherwise ostracize you for voicing opposition to them.

Also, if you feel the best way to make your point is to Godwin the topic, it's time to take a step back.


Also, if you feel the best way to make your point is to Godwin the topic, it's time to take a step back.

What pure unmitigated bullshit. Read this article:

http://www.salon.com/2010/07/01/godwin

I never said anonymous speech wasn't important so I don't know whose arguments you think you're addressing.


The thread is deeper than two posts.


We need a community fund that can be used for things like this. The equivalent of a hardship fund with an aim of protecting our internet freedoms. It's good for the world, it's good for us individually, and it's good for business.

Everyone throws a few €£$ in a pot and a few volunteers administer it and do a bit of due diligence to ensure cases are valid. I guess in the US this is the EFF, but there are plenty of cases outside their remit.

It'd be like social security but for legal battles - but I don't think contributing/not should entitle or exempt anyone from funds.


Agreed.

I think one of the biggest benefits of such a fund is that it could employ a lawyer who could look at cases like this to determine who is "worthy" of receiving funds.

I don't want to be that guy, but all I know about this is that a guy claims that the child porn that was found was due to him running an exit node.

I don't want to say the porn was his, but it's possible that the porn was his.

I'd feel better about donating if I knew a lawyer had investigated and found his story to be credible.

Hypothetically, what if it was his porn, and then internet raise 1000's of dollars for him and then have this info come out. I'd imagine most people would be like me and never donate to people like this again. After all who wants to knowingly help someone escape justice when they actually deserve jail time.


There are already quite a few funds like that, torservers.net and noisetor.net are examples of that, both have lawyers on stand-by. I recommend donating to these folks to keep exit nodes online!


I did not know that.

Thanks


If TOR was used for sharing illegal files, would you stop supporting it? Seems like you would be against most technology with that mind set.


This comment confuses me. I never once took a stand for or against TOR.

All I said was: 1) it would be useful to have independent verification of this and similar claims 2) The reason is that if people were fooled into supporting a child pornographer then they'd be less likely to donate to worthy causes in the future.

I don't see how that's in anyway a debatable point:)

Tor did not once come up in my reply. You really seem to be reaching for something to argue about here. Calm down:)


A criminal operating through their own exit node, or even running an exit node at all, is a nonsense misunderstanding of how TOR works.

Combined with your jumping to the "think of the children!" example of a child pornographer, and your framing your argument in the form of concern trolling, it's hard to assume good faith of any kind on your part.


> A criminal operating through their own exit node, or even running an exit node at all, is a nonsense misunderstanding of how TOR works.

I assure you there is no misunderstanding on my part.

> Combined with your jumping to the "think of the children!" example of a child pornographer, and your framing your argument in the form of concern trolling

Umm, this was from the article, not me:)

> it's hard to assume good faith of any kind on your part.

Wow, I have no words..... just wow...


How do you see this playing out? "So, Mr.Node operator. Is that your child porn?"


I don't see it playing out well for exit node operators.

That's why I thought that a group to help pay legal fees for people like this was a good idea.

I fully support TOR and would like to support people who run exit nodes and get sued by the government just for hosting exit nodes.

What I don't want to support is people who personally collect and distribute child porn.

Which is why independent verification of the claims by this new entity would be beneficial.

I'm not sure how much clearer I can make this:)


I think we need to rethink our society because if the average person can expect to have their lives nearly ruined by a legal battle in which they did nothing wrong, we have a very defective legal system. Not saying we shouldn't do this, but that we shouldn't have to.


So you think it's fine to allow someone to use your computer to transfer child porn and other illegal stuff with no consequences?

While tor might have some legitimate uses, I think 99% of the time it's used for trolling or illegal stuff. It's a pain in the ass for me because I have to keep reblocking it when the ips change.


Are all the network carriers (who arguably profited from carrying the traffic) also charged?

I'd very much like to see some protection for carriers, be they network operators, or "softer" Tor etc operators.

Yes the most heinous things on the Internet will crawl through. I'm not a supporter of child pornography -- but shouldn't we focus on finding those making porn, actively abusing kids, rather than those distributing it?

Is there even a real economic incentive to distribute that filth?


> Is there even a real economic incentive to distribute that filth?

I'm not a predator, and I'm not really trained or experienced in criminal justice or psychology, so everything I say about how they think is pure speculation.

But I'd suppose that there is economic incentive:

(1) Direct payment. I'm sure some people are probably willing to buy such content. I'm also sure that, if somebody else can figure out how to charge buyers and receive money, without leaving a trail back to themselves, some people are willing to sell such content.

(2) Reciprocation/barter. Instead of trading money for content, they could trade content for content between individuals. For people who publish to message boards and the like, I assume they're trying to reciprocate for value they receive from others' posts. Or encourage others to post more, perhaps even saying they'll post an image from their collection for every image posted by someone else.

(3) Enjoyment of the act of posting itself. One of the reasons people choose a criminal lifestyle -- or any extreme lifestyle, really -- is the pleasure of taking risks. Distributing illegal content is risky and some people may enjoy it for that reason.


I suppose a more sinister (and perhaps) real profit is that it serves as commercials/advertisement for child sex rings/human trafficers. If by nothing else boosting demand.

But then that would have to be conclusively proved (another possibility is that paedophiles are less likely to prey on real children if they have access to child porn. Based on studies of porn in general, I'd doubt that, however).


> shouldn't we focus on finding those making porn, actively abusing kids, rather than those distributing it?

False dichotomy.

Regardless on how you stand on distributing child pornography, a person actively distributing it from their connection and a person allowing others to route CP via their connection are logically equivalent in my opinion.


> a person actively distributing it from their connection and a person allowing others to route CP via their connection are logically equivalent

False equivalence.

Someone can simultaneously support anonymous communication without supporting CP (philosophically, if not practically).

They're not specifically allowing distribution of CP, they're allowing distribution of all anonymous communication.


That makes it totally okay then. Whew, I was worried they were specifically allowing Child Pornography. Thankfully, the distribution of pictures of naked kids is just a byproduct of their freedom.


The distribution of illegal drugs to greater distances is just a byproduct of public transit or automobile sales.


I like how you say "logically equivalent" as if that magically makes it a rational position.


Then it is fine to charge the ISPs with distribution as well. Oops, now you broke the internet.


ISPs keep track of who does what on their connection and will tell law enforcement if somebody does something dodgy. If they didn't, it would break the internet.


You can't be serious. There's no civilized country where ISPs are even allowed to look at their users traffic. Observing traffic for suspicious behavior would also be completely over their head from a technical perspective. The only instance where ISPs are taking action by themselves is when network abuse occurs (as in DoS attacks).


Try again. That is exactly what is happening in the UK with deep packet inspection to "traffic shape" torrents, Phorm to inject targetted adverts, various child-porn filtering systems which route traffic to second-level firewalls based on suspicious IP addresses. See:

http://en.wikipedia.org/wiki/Cleanfeed_(content_blocking_sys...

http://www.thinkbroadband.com/news/4841-bt-given-14-days-to-...

http://www.techweekeurope.co.uk/news/isps-defend-new-porn-fi...


I'm well aware of these things and none of them has anything to do with ISPs proactively snitching on individual users for the purpose of reporting suspicious activity to law enforcement, which was what my parent and my comment was all about.

(Though I agree that Deep Packet Inspection and Ad Injection may technically be considered a form of "looking at users traffic", albeit an automated one.)


In the US, the ISPs responsibilities and actions in this regard are considered a state secret.

http://www.aclu.org/blog/national-security/government-confir...


Lol. Break the Internet?!?


Do you feel the same way about someone operating an open wifi access point? To me the active distributor is quite a bit worse than someone operating an open wifi connection or a Tor exit node.


I didn't mean to set them up as mutually exclusive -- but surely what we want to stop is the abuse of kids? While I don't have a problem with banning child porn (which would be what? Younger than 21 in the US, younger than 16 in Norway and younger than 12 in the Netherlands? Who would decide? Does it include all pictures of naked kids? Artists renditions ?).

The real offence is the making of porn that involves kids.

Also; I think it is really weird that possessing (or distributing) any media file can carry a minimum 6 year sentence. That's more than manslaughter. If for no other reason that it pretty much renders everyone vulnerable to blackmail by very easily planting evidence.


Might I remind everyone that trading in snuff films (where someone is murdered and taped) is legal.

The act of murder is illegal.

Why is this different for child molestation films? I think we can put both murder and child abuse as horrible crimes.


"Trading in snuff films" is not legal in all regions. But, even ignoring that, there's a difference.

Murder is rare. Films of actual murder are even rarer. Brutal snuff type films can be faked.

Child sexual abuse is not rare. Films and photographs of child sexual abuse are not that rare. Films and photographs of children being abused are hard to fake.

People who are caught with images of child sexual abuse tend to have large collections - tens of thousands of images. People need images to trade with other collectors. Researchers think that the collecting aspect drives creation of images of child sexual abuse.


This topic needs merged out.

What is a picture of child exploitation? Perhaps, a picture of a baby naked? Or how about a kid doing somewhat lewd acts fully clothed? Or how about pictures by others of those child beauty pageants?

Who actually describes lewd? Or is it in the eyes of the beholder of the picture for those gray areas?

Next, "child porn" pictures are a possess-only crime, no mens rea required. So, how do we tell if a picture is a legal 18 yr old, instead an evil completely morally corrupt (but legal to fuck) 17 year old?


Even better, sending CP to every single politician should automatically make them all felons. Possession is what is illegal, so I'm just waiting for an internet virus that spreads CP onto millions of computers.


According to US courts, "possession" requires knowledge.

via http://www.nycourts.gov/ctapps/Decisions/2012/May12/70opn12.... and quoted in more depth elsewhere in this thread.


Is that only in NY? I know in MA and NH, there were some huge sexting scandals. Girl's were texting naked pictures of themselves to their boyfriends. The girls were getting charged with distribution of child pornography, but they were going to charge the boyfriends for possession as well.

Notice when the controversy is about our "normal" kids, all of a sudden everyone thought the law was too harsh. For everyone that thinks any criticism of CP possession laws is support for pedophiles, do you support every 17 year old girl becoming felons for sexting their boyfriends?

Text messages are push, so how would you defend against this as a receiver?


The decision cites federal law: "to possess the images in the cache, the defendant must, at a minimum, know that the unlawful images are stored on a disk or other tangible material in his possession".

Text and pic messages are push, but (at least on my phone) pictures aren't downloaded until you access the message, at which point it's marked as "read". So at least one valid defense is to have not accessed the message -- you can't knowingly possess it in that case.

What if you've already accessed it? US CP laws explicitly allow an "affirmative defense" [0] if you possess only a small number of images and, upon discovering this possession, either immediately destroy them or immediately turn them over to law enforcement [1]. So if you receive a sext message from someone underage, quickly deleting it should shield you from prosecution (IANAL TINLA [2].)

[0] http://en.wikipedia.org/wiki/Affirmative_defense - in essence, affirming the facts of the case, but offering a justification/excuse that demonstrates one is not culpable.

[1] http://www.law.cornell.edu/uscode/text/18/2252A section (d)

[2] http://en.wikipedia.org/wiki/IANAL


To make "distribution of child pronography" even more weird...

SCOTUS ruled* that children photographed not engaged in lewd acts does not commit a crime.

In other words: Children nudists are legal to photograph. Kids in bathtub are legal to photograph. A 13 year old "seductively" sucking on a banana, fully clothed, is illegal. ? A guy fapping to pictures of legal children nudists makes those pictures illegal?

So... What rules would be appropriate for the spirit of the law?


To echo lotharbot, English law requires "knowledge" for a offence to have been committed.


Part of the US legal theory is that each viewing of the offending media is an affront to the victim(s), causing them further harm.

I personally don't agree with this line of thought, as that line of thinking leads down a dark road. I think Jessie Slaughter, the Star Wars Kid, and relatives of those beheaded/executed publicly abroad likely suffered measurable emotional damage from the spread of those videos, but we'd be idiots make that illegal. The mass media in general profits immensely off of the embarrassment and emotional suffering of individuals, and while the practice is abhorrent, censoring such media is not the right thing to do.

So far as I know, there has been at least once case where the victim of child porn successfully sued a person for damages because he was in possession of her photos and videos. I don't know the case name, but I read about it on the "cyb3rcrim3" blog, which I highly recommend for people wanting/needing to know about the law plays out with regard to such issues.


I am personally OK with the laws as they are.

Why? Because I don't see viewing bad stuff as a crime. But I believe that most people who want to see a snuff film are not murderers, while I believe that most people who are interested in child porn are pedophiles who likely offended.


> So you think it's fine to allow someone to use your computer to transfer child porn and other illegal stuff with no consequences?

Are loaded questions like these really necessary? As opposed to your misinformed comment below, ISPs are generally not required to keep logs in many jurisdictions and even if they are and fail to do so, they aren't made responsible for the crime that was committed over their infrastructure. The same standards should apply to Tor operators.

> While tor might have some legitimate uses, I think 99% of the time it's used for trolling or illegal stuff.

This number is pulled out of thin air.

> It's a pain in the ass for me because I have to keep reblocking it when the ips change.

Exit node IPs are documented on a public list for exactly that reason.


> So you think it's fine to allow someone to use your computer to transfer child porn and other illegal stuff with no consequences?

You mean you'd like to shutdown all of core routers on the internet?


Ah, I have no rights to encryption either then since ... you know ... child porn.

Or UPS for that matter.


No, you misunderstood. My point is that someone else's child porn is going through your computer when you operate a tor exit node - that isn't the case when you just use encryption and transfer it yourself.

Also UPS maintains logs of who sends and receives stuff, so they can easily track down anyone sending child porn or whatever through their service.


Someone else's child porn is going through your computer when you operate a ISP.

Someone else's child porn is going in your taxi when you are a taxi driver.

Someone else's child porn is being recorded at your house when you rent your house to someone unknown to you.

By your line of logic we should all sit still and do nothing because otherwise we may be helping a pedophile.


The big difference is ISPs keep track of users' ip addresses and they give that information to the police when they get a warrant. tor doesn't keep that information, so basically the exit node is all that the police have. The trail stops at the person running the tor node. Likely the police won't find the actual perv here, but you can't blame them for trying.

Interesting how many downvotes I got here...


> Interesting how many downvotes I got here...

Maybe you should stop spreading misinformation then: ISPs are not generally required to log IPs, neither on global scale, nor on European scale, nor on Austrian scale. The last two ISPs I've used, for example, were both exempted from the recently passed data retention law.

The irony is that the raided guy owns an ISP himself that (as far as I know) wouldn't be required to log IPs. If the data would have been distributed directly over that equipment, he would not be liable. Even if I'm wrong and he would have been required to keep logs and didn't, he could only be charged with that particular offense. But since the traffic went over Tor he is now at risk to getting his life ruined.


A surprising amount of people seem to be just flat out defending child pornography itself, actually. The fact that everyone talks about it so nonchalant is frightening.

People seem to care more about this guy's life being ruined than all the kids' lives ruined.


If people are so worried about the "kids' lives ruined" maybe people should be more angry when real, high level, child abuse rings are exposed, then the police that expose them are fired, and the politicians and royalty associated with the perpetrators cover it all up. One example from Europe: The Marc Dutroux case. Another example from the US: The Franklin Coverup.

The real child pedo rings, the ones that are the real danger, are composed of powerful people who work in corporations, levels of government, the judiciary, and royalty. As they say, this one goes right to the top.

Sorry to ruin your day, but the global pedo ring will never be stopped until the the system allows powerful and connected perpetrators to be prosecuted. Busting some ISP Tor supporter, guilty or not, is going to do nothing to the real global child crime networks.


Your post is a disgusting appeal to emotion, and a useless one at that. "Think of the children!". What would you have us do? Crucify this guy who may not be guilty of anything but protecting free speech?

You can go on spouting your nonsense about Tor just being for CP and downloading media, but the internet is getting more and more censored every day. Someone went to jail in India for clicking "like" on a post that spoke out against a politicians. How long until this comes to your country? Things like Tor are the only thing that will keep the internet free over the long term, if it can be done at all.

But no, let's just shut the whole thing down and go back to smoke signals because some asshole out there might otherwise see a picture of a naked kid that was taken 20 years ago.


The civil liberties encroachments perpetrated in the guise of "stopping child porn" do a hell of a lot more damage to a hell of a lot more people than all the child porn ever produced.


I honestly can't tell if you're being serious or not. I'd like to know how you measure the damage done to a child who is raped on film, much less all of them. "A lot more damage"...

I guess you're right though. Children being victimized is a small price to pay for free movies on bittorrent.


>Children being victimized is a small price to pay for free movies on bittorrent.

If you're going to go straight to the "hurr this is just about piracy" stupidity there's no need to waste any time talking with you.


The real screwed up part about all this is the fact that naming of bills has you somehow convinced that child pornography isn't a big deal. You think it's about jerking off to a picture?? That's sickening.

The fact that some politician out there has tried to push a bill that he shouldn't under the guise of protecting children has NOTHING to do with a raid on a Tor operator here.


You replied to the wrong post, there.

>has you somehow convinced that child pornography isn't a big deal

How the hell did you draw that conclusion? Where did I say it wasn't a big deal? I said that civil liberties are a bigger deal than child abuse (which is a statement I absolutely stand by) for a couple of reasons.

First, you'll never get back a lost right whether that be privacy or freedom of speech or bearing arms or what have you - once its gone, it takes a revolution to claw it back. And the fact that government overreach is usually passed in the guise of flag or child safety makes losing civil liberties a real threat that deserves to be objectively evaluated.

Second, a child that's been molested will grow up with some serious issues, granted - then they become an adult with fewer rights than their grandparents, ostensibly to protect other children. If you're following along at home and want to count the injustices, overreach + abuse is worse than abuse alone.

>The fact that some politician out there has tried to push a bill that he shouldn't under the guise of protecting children has NOTHING to do with a raid on a Tor operator here.

Except for the fact that it's "some politician" or "some detective" following their emotions when enforcing the law instead of following common sense which causes these bad raids in the first place. An exit node is a public service used by other people. You don't fucking seize someone's means of communicating (and very potentially livelihood) with that knowledge in mind. It's shoddy police work at the absolute least, and downright malicious (great way to discourage Tor nodes) at worst.

How about you answer the question I asked you in the other post? Are you willing to silence an undefined number of innocent people to make a failed attempt at banning the transfer of data (not the abuse of children, which will continue even if the internet were to go away tomorrow)?

Make sure you understand that, please, even if you disagree with everything else I've said here. Even if you go full reductio ad absurdum, raiding every person on this planet who has ever downloaded an image of child abuse still isn't going to stop child abuse. With that knowledge in mind, you should ideally take a more balanced look at the law and its unintended consequences.


You downplayed child pornography as just someone "jerking off to a picture." So yes, you apparently don't see the other consequences of it, and don't think it's a big deal. That's what you don't seem to understand: It's not the 'transfer of data'. Abuse of children might still happen, but this promotes it. You're creating a 'market' for it, where as before it might not have existed.

Now, would I get rid of the internet if it meant getting rid of Child Pornography? Obviously not. I wouldn't get rid of handguns if it meant attempting to stop murder in the United States as well.

Here's the issue with your outlook: You act as though it is one or the other. You must take down the internet entirely or you must allow all child pornography to flow freely through your computer. Your outlook on the law isn't balanced at all. You won't give up any civil liberties because you feel you shouldn't compromise on it.


> Abuse of children might still happen, but this promotes it. You're creating a 'market' for it, where as before it might not have existed.

Supply emerges to meet demand. There are people out there who want child porn, and others who provide it to them.

Governments clamping down on Tor exit nodes doesn't affect that demand, but it does have a harmful effect on our means of private communication online.

There's practically no privacy left on the Internet anymore. Everything we do is logged and analyzed somewhere somehow (Google, Facebook, NSA, local ISPs and governments etc), and we're being gradually stripped of our rights everywhere.

It really is important that there's at least some privacy-providing tool available to all of us online. Child porn being transferred through the same tool is not really even a "price to pay" for that privacy, because as long as there is demand, it will get transferred somehow in any case.


You still didn't answer my question.

>It's not the 'transfer of data'. Abuse of children might still happen, but this promotes it. You're creating a 'market' for it, where as before it might not have existed.

Downloading (not buying) CP doesn't facilitate its production anymore than downloading a blockbuster movie facilitates its production.

>You won't give up any civil liberties because you feel you shouldn't compromise on it.

You think I should? How and why? You seem to think that curtailing the use of an anonymous communications tool because evil people use it is a reasonable solution, and I think that's preposterous.


Oh really? Why don't you tell me exactly what is you won't give up to stop the rape of a child. Go ahead. And none of this "civil liberties" cop out. Give me a specific thing you could do with Tor that you can't otherwise that is worth more to you than stopping the molestation of children.


Get off your high horse.

Me? Personally? I don't have a use for Tor. (Yet.) I can't speak for any other user though. I've never had some information that I wanted to get out that could get me in serious trouble or needed to access some information my government deemed punishable for accessing. I haven't ever required anonymity beyond what a simple proxy can provide.

What about people in oppressive regimes? China? Korea? Various middle east countries? Do you really think you can speak for every user in the world?

More importantly, are you ready to silence an unknowable amount of people to prevent people from jerking off to a picture? Do you really think that if some AI was spun up tomorrow that could completely erase child porn from the internet transparently, that children would stop being abused?

I like how you handwave "civil liberties" too. Really if you're a user of this site you should be well aware of the expansions of government power attempted and passed in the cloak of "stopping the molestation of children" (which is a bit like stopping piracy actually, in that both are endless battles that can't be won).

Want to drastically curtail civil liberties or give police a ton of power? Name your bill the "anti child abuse and pornography prevention act" or similar and it becomes untouchable.


But one can "blame them for trying" because they know, as you pointed out, "likely they won't find the actual perv".

Many police use Tor on a day-to-day basis in their investigations. It's just as useful for the police to need anonymity as it is anyone else. Tor provides an easy-to-use system to identify the exit nodes.

Ignorance of the reality is no excuse.


It's up to the user to prove that the child porn isn't on his computer. As someone pointed out earlier, you could just download a bunch of child porn with a tor exit node running on your computer and say it was someone else.


> It's up to the user to prove that the child porn isn't on his computer.

You're abandoning central pillars of modern law here, namely the presumption of innocence as well as the right not to incriminate oneself.


No, not exactly. Perhaps I didn't word it correctly. A crime has been committed using the user's internet connection, so in most civilized countries (i.e. places I would like to live in), that means the police have the legal and moral right to investigate that crime. Until proven otherwise, the 'tor' user is a suspect - watch a few episodes of CSI if you want to get a rough idea how it works.


> A crime has been committed using the user's internet connection, so in most civilized countries (i.e. places I would like to live in), that means the police have the legal and moral right to investigate that crime.

I agree so far.

> Until proven otherwise, the 'tor' user [operator?] is a suspect

The burden of proof lies with the police, not with the suspect. If the police fails to come up with reasonable evidence, the operator is to be acquitted, furthermore the operator has to do nothing to aid the police. It's definitely not up to him to prove the child porn isn't on his computer.

This is an important point. Consider what happens if the seized hard drives were encrypted (I don't know whether this is the case). Then it's virtually impossible for the police to prove that the operator was downloading the data himself. The operator on the other hand is not required to give up his passwords. In the end it all comes down to the question of whether relaying data via Tor is in itself enough to constitute an offense. And this is the question we all care about so much, because it will have implications for all exit node operators in the area.

> watch a few episodes of CSI if you want to get a rough idea how it works.

Oh come on.


Agreed. The issue is that people are getting upset with the police seizing the computers, which would seem to be reasonable in the given situation.


>watch a few episodes of CSI if you want to get a rough idea how it works.

Please don't watch CSI if you want to see how anything works. CSI is bullshit from top to bottom. If you want to see reality, watch "The Wire".


It's past time for a contrarian viewpoint.

How about we legalize child porn? The vast majority of the time when it gets brought up is in the context of using it as a pretext to attack civil liberties of law abiding citizens.

When there is a child porn arrest it almost always ends up being a honey trap run by the FBI using decades old photos, so it's not like there are many children being protected by these laws.


Do you have numbers to back that up? I don't have that impression. But maybe our equivalent of the FBI is not as active in setting up honey traps.


Sounds like a paedophile's rationalisation...


You spelled paedophile the right way. sounds like you know a lot about it...


Thanks.


I don't know if it's applicable here or wether they'd help out in austria, but such a fund exists in germany since a couple of month. Their main area of expertise is free speech for bloggers, but running a TOR exit node might just qualify. And they might have legal contacts in austria.

http://www.kanzleikompa.de/2012/07/02/verein-speakers-corner...


This is called insurance. Who wants to start a company insuring internet users against civil and criminal penalties?

EDIT: ok, it's almost insurance.


I think I have seen insurance against speeding tickets being sold. I haven't heard about that company for a while though.


Uh, no, it isn't. Insurance requires you to pay a premium to be eligible for pay-out. A fund does not.


> Everyone throws a few €£$ in a pot and a few volunteers administer it and do a bit of due diligence to ensure cases are valid.

You are fairly optimistic about the ease of administering a charity which gives out free money.


How about a Kickstarter for legal defense funds? Is there one out there?


>Yesterday i got raided for someone sharing child pornography over one of my Tor exits.

Reason #1 why I will never run a tor exit node. I don't want to make it easier for child predators to get off nor do I want the legal issues they bring.


I always find it odd that people often tend to focus on pedophiles "getting off" rather than pedophiles hurting children. If we really want to protect children, we'd do well to find harmless ways for pedophiles to get off. It's pretty well established that giving people benign sexual outlets is an effective way to prevent them from seeking harmful ones.

I mean, yeah, don't run a TOR exit node because of the legal risk - that makes sense. Or because you're afraid it makes it easier to hurt kids... well, I don't know if it really does, but at least your heart is in the right place. But what business is it of anyone else who gets off?


Fun fact: People care more about hurting paedophiles than they do about protecting children. It's why communities rally around protesting against sex offender treatment centres or cheer about prison rape like more sexual abuse somehow won't make offenders more deviant.


More precisely, people care most about signalling to others that they want to hurt pedophiles. People’s next highest priority is probably protecting children, and actually hurting pedophiles is lowest.


Are you seriously defending child pornography right now? First off, the "harmless outlet" concept is absolutely not "well established." Pedophilia is a paraphilia. The desire grows as it is fed.

Furthermore, the reason you hear of child porn rings is because those are what form - people share it with each other in a tit-for-tat sort of way. It absolutely incentivizes the production of more, which means more abused kids.

God damnit HN, I should have known a thread on a Tor node being shut down would bring out all the child porn apologists. Funny how that happens, eh?


I definitely don't like child pornography, I think it should be stamped out as much as possible. However:

> Are you seriously defending child pornography right now?

Please don't do that. There's rarely hard and fast boundaries between what is X and what isn't X (e.g. what about someone who looks like a child, but is a perfectly normal adult in all other respects), so one must be able to discuss issues without it escalating into every party involved proposing tougher and harder punishments for more and more borderline cases. http://lesswrong.com/lw/ls/when_none_dare_urge_restraint/

> Pedophilia is a paraphilia. The desire grows as it is fed.

[Citation needed.]


"The desire grows as it is fed."

[citation needed]

"Furthermore, the reason you hear of child porn rings is because those are what form - people share it with each other in a tit-for-tat sort of way. It absolutely incentivizes the production of more, which means more abused kids."

You believe in driving pedophiles in corners, and are then surprised that they group together in said corners you just drove them into. I'm not sure how that was an unexpected result?

"God damnit HN, I should have known a thread on a Tor node being shut down would bring out all the child porn apologists. Funny how that happens, eh?"

I should have known a thread on a TOR node being shut down would bring out all the irrational witch hunters. Funny how that happens, eh?


>Are you seriously defending child pornography right now?

Where did I defend child pornography? I advocated finding harmless sexual outlets for pedophiles. Not the same thing.

Here's a really good rule of thumb you can use when examining your own reasoning: if you find yourself attacking a point because you think it could serve as a premise in an argument for a conclusion you don't like, then your objectivity has been compromised. Arguments must be judged on the merits of their premises, never the other way around.

In any case, research (e.g. http://link.springer.com/article/10.1007%2Fs10508-010-9696-y) suggests that legal possession of child pornography is linked to a decline in child sexual abuse rates. That does not imply that we should legalize the possession of child pornography, but it does strongly suggest that benign outlets for pedophiles are helpful in reducing child abuse.

In contrast, the only evidence available that such outlets would encourage child abuse is a number of longitudinal studies on convicted child molesters. Such studies are incapable of establishing a direction of causation, and it is extremely likely in this case that the relationship is spurious (http://en.wikipedia.org/wiki/Spurious_relationship). Both child molestation (A) and consumption of child pornography (B) are caused by the lurking variable of pedophilia (C).

But this is crucial: real child pornography is not a benign outlet, and I never suggested that it was. What I said was that the problem is children getting hurt, not pedophiles getting off.


Well how is it that you can legally have a video of two dudes stabbing another guy to death, chopping his head off and eating the body, and yet in some countries like US you can actually go to prison for longer for possession of child porn than for actually abusing a child sexually?

This does not make sense. A video of a crime != crime. And no, I am not defending pedophiles - but I am defending the stance that you should not be sent to prison for any kind of video you might have in your possession, as long as its not a video of you committing a crime,in which case, well, it's just an evidence against you.


> Furthermore, the reason you hear of child porn rings is because those are what form - people share it with each other in a tit-for-tat sort of way. It absolutely incentivizes the production of more, which means more abused kids.

I'd imagine it's like any other prohibited material or substance; drugs, counterfeit goods, pirated works, etc. Of those implicated, a small minority are involved in production, while the vast majority are simply consumers.

I assume you are willing to at least acknowledge the existence of the latter group; people who simply consume child pornography and play no part in the production, or any sexual abuse of children for that matter.

Do you really think it is appropriate to ruin these peoples' lives — splash their names across the newspapers, lock them in jail, destroy their career, their relationships, make them a social pariah — for mere possession of child pornography? For having a certain sequence of 0s and 1s on their computer?


>and play no part in the production, or any sexual abuse of children for that matter.

Their demand of it CAUSES IT TO BE MADE.

Jesus, I've never seen so much bending overbackwards over CP. Hey guys, we still have the first amendment and SCOTUS always rule sensibly on speech issues. No one is going to start a police state over CP enforcement. The slippery slope doesn't always happen, in fact, its rare that it does.


>Their demand of it CAUSES IT TO BE MADE.

I mean, you can shout it in all caps, but I don't know if we can really say that's established as fact.

But it's pretty disingenuous to claim that people in this thread are defending CP. The issue is far more nuanced than that, but we all agree that people taking pictures/video of themselves hurting children is terrible. It's just that from there the discussion moves into pragmatism and how we should actually be dealing with it as a society. Pedophiles are a fact of life, and it's better for everyone if we can find ways for them to satisfy their urges without hurting anybody, instead of waiting for them to do something horrible so that we can punish them for it.

Just to be very specific because people love to misinterpret me on this point: legalizing CP is not a solution that I am advocating. A benign outlet" will, by definition, have to be something that does not harm children.

>Hey guys, we still have the first amendment and SCOTUS always rule sensibly on speech issues.

Seriously?


I don't view CP as a free speech issue, I just think its prohibition is an arbitrary, puritan social construct.

Same applies to indecent exposure laws, I guess. At what point did we decide the human form is indecent in its unclothed state, and people should be deprived of their freedom for exposing their natural form in public?

At what point did we decide people should be deprived of their freedom simply for looking at images of children in their natural, unclothed state?


This actually touches on another issue, which is the definition of "pornography". Weirdly, most people these days seem to make an exception for artistic adult nudes, but consider any image of a nude child to be pornographic. This is insane, of course. If you take a cute picture of your toddler playing in the bathtub, that is not pornography, yet a lot of people would lump it in under that definition, including many governments.

But when we're talking about images and video depicting child abuse, that's a different situation altogether.


> The slippery slope doesn't always happen, in fact, its rare that it does.

So what happens if a spammer sends millions of CP images to inboxes? What do you think of a situation that instantly makes millions of people felons? Is that a reasonable law?


I like how you jump from not being well-established to being definitely wrong. Everyone is telling you that citation is needed because it very much is. On topics like this a lot of people have strong opinions, far fewer have well-informed ones. We want the latter.

Here is my, I believe, moderately informed opinion.

As http://anthonydamato.law.northwestern.edu/Adobefiles/porn.pd... makes clear, evidence that we now have says that widespread availability to porn has coincided with a massive decrease in rapes. Caused? Very hard to prove (as with most social statistics). But definitely coincided and there likely is some causal effect.

If that happens with regular porn, the natural expectation is that it is likely to happen with specific kinds of porn as well. If so, even though we don't have proof (and proof will be very hard to come to), we should be inclined to believe that the "harmless outlet" concept is likely valid.

Moving on, let's address your "paraphelia" comment. My opinion is that paraphelias are sexual orientations that we dislike for fairly good reasons. However all evidence that I'm aware of says that sexual orientations exist, have poorly understood causes, and are permanent. Penalizing homosexuality did not stop it, nor did allowing it create more. When we didn't have operations to allow transgendered people to become their mental gender, they still wanted it just as much. And so on and so forth.

Pedophilia is just another sexual orientation. (Actually many subdivisions exist, some are interested in girls, some in boys, some in both, some also are attracted to adult women, etc.) You aren't attracted to men or women, you're attracted to children. As with homosexuality, it isn't likely to ever be cured. Unlike homosexuality, there can be no possible consent, and expressing it is fundamentally against our moral values. Unfortunately sex is a very strong urge, and denying tends to fail in the long run.

There is no evidence that any sexual orientation is affected by availability of stimulating materials. Therefore it is unlikely that child porn contributes to the existence of pedophilia. As for incentivizing - anyone who thinks that sexual beings need to be incentivized to try to do what they are wired to do doesn't understand sexual drives. Full stop.

I give it better than even odds that if you get to this point, you'll think that I'm a "child porn apologist". You'd be wrong about that.

Why?

Because, as I said, child porn is interesting to pedophiles. Evidence that I've seen says that pedophiles actually will abuse children. Repeatedly. If you can track them down through child porn, and book them for that, you're probably doing the world a service.

It is kind of like going after Al Capone for tax invasion. It is not exactly what we didn't like him for, but it was what we could get him on.

Incidentally my opinion on whether child porn should be criminalized will change very quickly if I ever run into evidence that some combination of therapy and availability of child porn can allow pedophiles to remain in society and abuse at an acceptably low rate. (The idea of an "acceptable" risk of child abuse is revolting to many, but public policy accepts the idea of an "acceptably low" risk of all sorts of things, like death, dismemberment, etc. And, honestly, we're implicitly accepting that there is an acceptable risk of abuse every time we underfund programs to find and help people who are at risk...)


> "all evidence that I'm aware of says that sexual orientations exist, have poorly understood causes, and are permanent"

Evidence suggests that sexual attractions undergo changes throughout life. Different specific urges can strengthen or weaken or shift in focus, based on various inputs. People only rarely go from "attracted to men" to "not attracted to men", but it's pretty common to go from "primarily attracted to 12 year olds" (when you're 12) to "primarily attracted to adults" (when you're an adult).

There is some truth to the claim that "outlets" correlate to reduction in violent crime; there is also truth to the claim that "outlets" can increase desire for specific types of stimulus. As far as I know, there aren't any studies that explore the net effects of "outlets" on pedo/hebe/ephebo-philia or sexual abuse. So we don't really have evidence one way or another as to whether legalizing CP or other "outlets" would increase or decrease abuse. (Virtual CP could be considered a harmless outlet, but it's illegal in both the US and EU, and appears to be unstudied as a treatment option.)

One of the most unfortunate things is that possession of CP, even if it's virtual or fake, can result in larger penalties than actual abuse. While I understand nailing Capone for tax evasion, it would be inappropriate for tax evasion to be a more severe crime than multiple execution-style murders.


I agree with all of this.

I also note that sometimes people only belatedly come to accept their attractions. For instance I know multiple lesbians who were able to live heterosexual lives well into adulthood before first experimenting. In the cases that I know, afterwards they claimed to have always had the attraction, but never followed up on it.

To me also there is a world of difference between "attraction to people with adult bodies" (even though young) and "attraction to sexually immature people". A grownup who strays with a 15 year old girl has committed a crime, and it likely should be a crime, but that's likely not a person who will commit crime after crime. But a person who has sex with a 10 year old boy, probably is going to be a serial criminal, and should be treated very differently in my opinion. However in US law the two are treated the same.


A 15 year old girl usually doesn't have a fully adult body, though some are close. I agree with the larger point about there being a world of difference between near-adults and true children, though IMO the level of physical development is less relevant than the relative ability to consent. Having sex with a 17 year old who was just starting puberty would IMO be a less severe crime than having sex with a 12 year old who'd been developing for three years.

I would add that there's a world of difference between "attracted to" and "has sexual contact with", regardless of the level of development. This ties back to the question of whether there are ways to create safe outlets for those with strong attractions to young people -- can the attraction be indulged in a way that reduces abuse? Can the attraction be treated by harmlessly redirecting it away from real children?


A 15 year old girl usually doesn't have a fully adult body, though some are close. I agree with the larger point about there being a world of difference between near-adults and true children, though IMO the level of physical development is less relevant than the relative ability to consent. Having sex with a 17 year old who was just starting puberty would IMO be a less severe crime than having sex with a 12 year old who'd been developing for three years.

In terms of whether it is a crime, I am inclined to agree. But then we get into thorny issues such as whether people who are mentally retarded can ever consent.

In terms of biology and mental wiring, the level of physical development matters a lot. I personally cannot be attracted to a woman without breasts. I separately could not stomach the idea of a relationship with a 15 year old, but I can notice that one is attractive. My mental block for, "Never have any hint of a sexual response," is missing.

Complicating everything is that youthfulness is strongly associated with attractiveness, particularly in women. Most men would prefer a 25 year old woman who looked 18 to a 25 year old woman who looked 32. This may be biological and might have important consequences on our history. For example read http://www.davidbrin.com/neoteny1.html (go on to parts 2 and 3 as well) for some reasonable speculation on this.

I should also note that there is a huge disconnect between what I'd cite as facts, and emotional reactions. And emotional reactions vary a lot by person. For instance I personally am disturbed that so many men want women to not have pubic hair - a characteristic that only naturally occurs in prepubescent females. To me that is uncomfortably close to pedophilia. However I believe that most of the American public does not see this desire as particularly grotesque.

I would add that there's a world of difference between "attracted to" and "has sexual contact with", regardless of the level of development. This ties back to the question of whether there are ways to create safe outlets for those with strong attractions to young people -- can the attraction be indulged in a way that reduces abuse? Can the attraction be treated by harmlessly redirecting it away from real children?

I have heard of no efforts into redirection. (Not that I would have.) But we definitely do try to reduce opportunity. This is the point of the existence of laws forcing convicted sex offenders to be in a public register, not work with children, and to live away from schools. Unfortunately "convicted sex offender" and "pedophile" are two different things. Also we wind up with problems like the only legal place for sex offenders to live being under a bridge. (See http://en.wikipedia.org/wiki/Julia_Tuttle_Causeway_sex_offen... for confirmation of that.)

There is a well-known saying among lawyers that difficult cases make for bad law. Unfortunately everything about this topic is rife with difficult cases, and the law that has sprung up reflects this. :-(


> "I personally cannot be attracted to a woman without breasts."

I personally cannot be attracted to men. I think dudes are icky. But I don't think this gives me a valid claim to say that nobody else should be, or that those who are have something wrong with them (indeed, I'm glad my wife does not share my aversion to males.) As you say, emotional reactions vary a lot by person. They don't form a very solid basis for law or morality.

Some people are attracted to children. Regardless of how gross that seems, it is reality. And the major problem with this reality isn't that the attraction is gross, but that it places children in danger. So how do we best prevent abuse? Certainly reducing opportunity is a part of it, both through (better) sex-offender laws and through policies that make it hard for adults to be alone with single children (many schools, scouts, etc. have strong policies to this effect.) Having strong legal punishments for such abuse might also be valuable. It seems important to also identify and treat those with such sexual attractions, and there are a few options [0][1], but it appears they're not terribly successful. At least one prominent researcher thinks there could be greater success if the medical community put more resources into it [2]. But society has been trying to "cure" other types of sexual attraction for quite some time with limited success, so I'm a bit dubious.

The end result is that we have a fairly bad set of laws, and little in the way of effective treatment, for something that tragically affects far too many children. So I must agree with your final statement -- :-(

[0] http://whyfiles.org/154pedophile/2.html

[1] http://www.minddisorders.com/Ob-Ps/Pedophilia.html

[2] http://en.wikipedia.org/wiki/Pedophilia#Limitations_of_treat...


> Pedophilia is just another sexual orientation.

No, it is a mental illness. I claim that there are zero pedophiles who were not subject to heavy abuse as children, and that this abuse was almost certainly sexual.

(I'm talking about attraction to young children in particular; there's a world of difference between 2 and 16 years old.)


Speaking from personal experience, your claim is certainly wrong. There are pedophiles who were not themselves abused as children.

Yet it is true that pedophiles often come in families with a history of pedophilia.


[deleted]


You absolutely and completely misunderstand the nature of my personal experiences. To share the example that I was specifically thinking of there, my first girlfriend's father did not come from a family with any history of abuse, yet he sexually abused her as soon as she hit puberty.


>I claim that there are zero pedophiles who were not subject to heavy abuse as children, and that this abuse was almost certainly sexual.

[citation needed]


hey look at all those fucking words you wrote defending child pornography. I didn't read any of it, but you should forward it to your family, I'm sure they'd be very proud.

Glancing up I caught the phrase "just another sexual orientation." There's no point in arguing with this crap.

You people need to get out of this virtual bubble where child pornography is somehow a divisive issue and into the real world, where real children suffer real abuse at the hands of real people so they can get their rocks off. The lack of empathy is just stunning.


Hey, look how you seem incapable of arguing politely and convincingly, just because the issue is child pornography.

Pedosexual acts are forbidden because there is no possibility of free, informed, consent. There is an asymmetric power relationship between an adult and a child that the adult is probably not aware of. For this reason, and this reason alone, pedosexual acts are forbidden.

It's entirely reasonable to believe an adult and a child could have a healthy sexual relationship and some people will testify they had such relationships as children. The crucial point is that it is never possible to ascertain this was actually the case and is ever actually the case. If you are a pedophile in a sexual relationship with a child, it is entirely unreasonable to believe your relationship is a healthy one. To be on the safe side and because we cannot possibly differentiate, there is a blanket ban on such relationships.

Pedophilia is not forbidden. Like homosexuality, it is a minority sexual preference. However, unlike in the case of homosexuality, society is unlikely to ever allow relationships in which the physical acts to which this preference leads can have a place. As such pedophiles need to learn to ignore their feelings. They need help in doing that and we should support every single one that acknowledges his problem and seeks help.

Pedophiles are not people that abuse children. People that abuse children are criminals. Usually they are also pedophiles, but that doesn't mean you may interpret it the other way around. Most thieves are heterosexuals.

Now as to the issue of the Tor exit node. The fact that this instance deals with child pornography is entirely irrelevant. It may as well have been illegal medicine sales, exchanging stolen information or other illegal activities.


"Man is least himself when he talks in his own person. Give him a mask, and he will tell you the truth." - Oscar Wilde

Coincidentally, most of opinions here are being expressed with the help of the (optional) pseudo-anonymity allowed by Hacker News. Few would be willing to have such discussions with the same level of honesty offline or on Facebook given the public's level of hysteria. It would put a person in real physical danger.


You clearly did not read the end where I made it very, very clear what my opinion is on prosecuting child pornography. And why. Hint: it isn't what you think it is.

I should also note that I have personal reasons for having investigated this topic. Details are private. But I would be moderately surprised if you, for all your righteous outrage, have as much relevant background on this topic...


I'm sorry, I can't get past you comparing pedophilia to the gay or trans* experience. That's just despicable.


It is very easy to label something as despicable, and then refuse to think about it.

It doesn't make that thing wrong.

A sexual orientation is simply, "This pattern sets off the circuits in my brain telling me to get turned on." You can have an orientation that results in normal heterosexual relationships. You can have one that results in unusual relationships that harm nobody. You can have one that results in a desire to do very, very bad things.

The outcomes of those orientations are very different. But, fundamentally, they are similar feedback loops. And therefore our expectations for what causes them, and how difficult they are to change, should be similar.


People who want to rape children are not the victimized group here. Get help.


It would help if you started responding to what was actually said, and not what you think was said. The two bear only a distant relation, and all the parts you're objecting to only were said in your imagination.

Before disagreeing, review my words and find where I've said anything indicating that I consider pedophiles a "victimized group". Please don't miss the part where I said that I personally am OK with criminalizing child porn because most of the people you find consuming that material are likely to be pedophiles, who probably have offended.


This type of discourse isn't welcome in this community. Please be civil.

http://ycombinator.com/newsguidelines.html


You don't seem emotionally mature enough to discuss this subject.

I personally view pedophilia as a mental disease, but beating the shit out of them or burning them on the steak isn't going to fix anything. If people didn't react like you do when it comes to pedophilia maybe we'd have an easier time working with them to isolate what goes wrong to create this and begin to work on a fix.


I assumed mistercow was talking about things like drawn erotica, not actual CP.


I say this as someone who has been in the unfortunate position of defending a pedophile in court, please stop defending child pornography and pedophiles.

Child pornagraphy is not an abstract concept. Child pornography isn't outlawed simply because it's obscene. Child pornography is outlawed because it is depraved, frequently violent imagery or videos of real children actually being violated. This is not speech. This is one of the most horrific, most sadistic acts that a human being is capable of perpetuating against another. It is worse than murder; these victims usually survive what happens to them. (There are a few situations where images are faked, i.e., by photoshopping children's faces on adult bodies, but this represents a drop in the bucket.) This idiot was dumb enough to run a anonymizing network that he knew could be involved in illegal activities. He ran several nodes despite this, knowing and accepting that the Tor network would shield the identities (for the most part) of the actual criminals using his systems as through-ways, leaving behind his IP address as the sole traceable link.

Will he be convicted of possessing and/or distributing child pornography?

Probably not. Tor is not as anonymous as people think it is; an FBI forensics team will probably be able to track down the real criminal. In such case, this idiot will probably be off the hook. But if they are unsuccessful in backtracing to the real criminal, he will be the sacrificial lamb offered up by the prosecutors for this crime. His conviction (and trust me, there will be a conviction if this goes to trial) will serve as a warning to others: if you want to use Tor, make damn well sure you aren't a pass-through for child porn.


> please stop defending child pornography and pedophiles.

Please reread my comment and tell me where I defended either of those things. You seem to be saying that you're a lawyer. I'd have thought that line of work would require a modicum of reading comprehension skills.

>It is worse than murder; these victims usually survive what happens to them.

Oh for fuck's sake. Do you know how incredibly demeaning and psychologically harmful it is to victims to tell them that they'd be better off dead?

>This idiot was dumb enough to run a anonymizing network that he knew could be involved in illegal activities. He ran several nodes despite this, knowing and accepting that the Tor network would shield the identities (for the most part) of the actual criminals using his systems as through-ways, leaving behind his IP address as the sole traceable link.

Yes, because there are obviously no legitimate and noble reasons to have anonymizing networks.

>if you want to use Tor, make damn well sure you aren't a pass-through for child porn

I'm not sure you understand how Tor works.


I'm calling bullshit on you being a lawyer. Someone is an idiot for running Tor, one of the last hopes for long term free speech on the internet? I guess you must think the founding fathers were pretty fucking stupid too, since the broke the law as well, eh?


How do you suppose one should make sure the exit node you run won't be used for sharing of child porn? And how is he automatically an idiot for running a TOR exit node? All node operators run them knowing they could be used for illegal activities, and that it could bring them some legal trouble.


Jacob Applebaum: "The Four Horsemen of the Info-pocalypse: child pornography, terrorism, money laundering, and The War on Some Drugs." - Cypherpunks, p43. O/R Books. http://www.orbooks.com/catalog/cypherpunks/

The book (and The World Tomorrow interviews at http://assange.rt.com/ from whence it spawned) go on to explain why these arguments are extremely bad for the internet. We have to protect the freedom of speech for everyone, or there is no freedom of speech.


I think we can support censorship of child pornography, and also support protection of anonymity and network neutrality.


Everyone wants to dance around the subject, but you can't have your cake and eat it too. True anonymity makes the criminalization of the transfer of child pornography unenforceable.

Making bad laws unenforceable is the point of anonymity. But you've got to take the end of good laws along with the bad.


You can wish for both things.


What you think can be done is irrelevant by itself; you have to explain or suggest _how_ it can be done.


Police work.

The same way we've been catching criminals for years. Surveillance, warrants, legal due process, etc.

I really don't feel that some reasonable tools in the hands of law enforcement but also checked by the justice system need to encroach on anonymity, TOR or any existing technology. Because despite these technologies, it's remarkably easy for a person to get caught if law enforcement is determined to catch him if they use the same tools they’ve used for generations.


Media made from victimizing children is not "free speech" in my book.


No, certainly not. However, in Germany "child porn" was extended to encompass any (fictional) written narrative [1] as well as paintings or renderings - including manga - or any video involving adult actors that look like minors. So there's a case to be made that not all material that might seem interesting to a child porn consumer produces victims. I'm not an expert in that field, but constantly extending the covered topics is certainly not helpful.

[1] Kubricks Lolita could be illegal in germany now http://www.imdb.com/title/tt0056193/


No, but a possession of any kind of media should not be a crime by itself. Nobody is harmed by a video/picture sitting on your hard drive. If you say that it might encourage anyone to do anything - then why is it perfectly legal to have videos of murders and gore?


Right, you may not even know that you have such media sitting in your browser's cache. All it takes is clicking on some link in a spam message, for example. Even if you immediately close it, the damage is done and you don't even know it.


This. Punish those who cause harm.

Possessing a certain sequence of 0s and 1s does not cause harm.


There are plenty of legitimate uses for Tor.


You don't find yourself in litigation for the legitimate uses of Tor.


This is not a valid argument. Anything can be used for evil, but that doesn't mean we should avoid or outlaw everything.

A knife can be used to cut a chicken, it can also be used to kill someone. You would not deny your neighbour when he asks to borrow a knife because "you could kill someone with it".


The OP doesn't want to enable the bad uses of Tor, nor do they want to get into legal trouble for it. It's demonstrated that by running a Tor exit node, you are at a high risk of the former and at least some risk for the latter. Both carry significant costs. By not running a Tor exit node, you eliminate these risks to yourself.

The risk that your neighbor will use your knife to kill someone is far lower by comparison. Additionally, the risk that there is a legal threat should they choose to do so is also quite low.


Depends on your location and your definition of "legitimate". If you define "legitimate" by what your particular government says is OK, then no, you won't find yourself in court for those uses. Unless you get extradited to a government that has different opinions.


I wonder what proportion of Tor is used for legal purposes? I personally hold an extremely low estimate for that figure.


Really, you can't imagine anything? You can't imagine a good thing someone might want to do over a network that is (well, is meant to be anyway) completely anonymous? Seriously, right now with Arab Spring going on, Syria shutting off the internet, China having the biggest firewall, other countries fiddling around with censorship, people going to jail for tweets or clicking "like" on facebook and you can't think of a valid reason one might want to be able to hide their online activities from prying eyes?


What about email encryption? Should it be banned, too?


Here is a good link, with more information.

https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutC...


Tor can be used for good and for bad. It's the very same problem that Cory Doctorow talks about in his lectures about the War on General Purpose Computing, and it's not an easy problem to solve.

I'm an admin on a social/gaming site (a MUD with appendant forum, blogs, and other community elements), and we have had to make a few decisions about Tor in the last couple of years.

Some background: the site is quite old, and we have historically encouraged users to sign up without needing to provide a unique ID such as email address. They _can_ provide one, but don't have to. In the last few years we have had the problem of occasional griefers log on and cause whatever social havoc they can.

Now, my personal feelings about Tor are generally quite positive, and I like the freedoms it provides people who are otherwise restricted by their ISPs or governments from accessing legitimate resources. Like many others have said, Tor is a tool that, while it can be used to do illegal things, is also used to provide a very useful service to people who need it to get on with things you and I take for granted.

Now, back to our griefers: We have a number of banning mechanisms based on IP or domain, and they tend to be successful because griefers usually get bored when they can't access the site for a couple of hours. However, because a tiny minority of griefers are more persistent, more technically adept, and figured they could use Tor to damage our community, we did a little bit of analysis and found that few if any legitimate users of our site came from Tor exit points, and we chose to block them. The alternative was to require a unique identity during the sign-up process, and frankly we wanted as few hurdles as possible to new users (anyone who knows the MUD community knows that it's in decline, and low-friction signups are pretty desirable). So we blacklist Tor exit points from our signup process.

The unfortunate fact is that some Tor users do bad things with the fantastic tool at their disposal, and end up spoiling it for the legitimate (and extremely valuable) use cases that make it such an amazing tool. Yet its very anonymity means that there is no easy way to allow one set of uses while disallowing others. This is a hard problem, and one I'm not smart enough to solve.


This problem may very well grow as IPv6 gains adoption. IP address won't be a viable indicator of identity.

What we need is a distributed, pseudonymous reputation system. In this way, honest users would have no problem signing up for services such as yours, but griefers would have much more trouble, because there would be a very real cost each time they destroyed one of their pseudonymous identities.


I'd be interested to know what MUD it is. :)


I fully support TOR and I think that overall it's a good thing for the internet but legally I don't know if he has a leg to stand on. Being an exit node operator carries these risks which he knew about so the court system has him there. The danger if he is tried and convicted is that all it sets a dangerous precedent for the rest of the TOR network.

Who's to say where the blame stops? Can the relay operators passing the packets along be convicted too? I hope for the sake of the TOR network that he gets off on the charges because if he does not, less and less people will be willing to be exit nodes which essentially means the end of the TOR network.


Without knowing and understanding Austrian law you can't make such speculations. In the USA he wouldn't be breaking any laws.


Really? This surprises me. Do you have any research, evidence, articles to support this?



Unless I missed something, they don't touch legality of Tor, other than: "Further, we believe that running a Tor relay — including an exit relay that allows people to anonymously send and receive traffic — is lawful under U.S. law."

This doesn't say anything. I can "believe" anything that I want, but it doesn't make it so. I'm looking for articles with sound legal rationale and previous case outcomes that argue on the legality of a defendant's culpability as it pertains to a crime being committed on said defendant's Tor exit node.


No-one has ever been prosecuted for running a Tor node in the U.S., so the information you're looking for simply doesn't exist.

That's why we have to go on the beliefs of lawyers familiar with the area, instead. You could read about things like the Safe Harbor provisions of the DMCA to see why Internet service providers are generally not considered responsible for their users' actions, in the U.S.


The DMCA safe harbor (OCILLA)[1] protects against copyright issues. I don't have time to find the laws that apply more broadly. Any laws that protect service providers are going to apply. Tor is just a proxy.

I don't know why you'd think it wouldn't be protected just like an ISP from users who view kiddie porn or FedEx for shipping drugs. So long as you cooperate when the law comes knocking you should be fine.

[1]: http://en.wikipedia.org/wiki/Online_Copyright_Infringement_L...


I have friend here is the US with loads of bandwidth (he has a hosting business) and has talked about running a tor exit node, but fears that he puts his business at risk if he does that.

I'm interested to see why you don't think he'd be breaking any laws.


If he owns the equipment and runs the service, he could put his business at risk, yeah.

If he leases the hardware to a third individual and that third person/organization runs an exit node, then he is at a safe harbor.

I have experience running Tor nodes and can help if he is interested.


The Software Freedom Law Center has stated that in their legal opinion it is legal, however this does not mean that you won't get raided or harassed by law enforcement, it simply means you probably won't go to jail.


>> it simply means you probably won't go to jail.

...for a super long time. My bet (admittedly founded on nothing) is that they book you regardless.


What I would be worried about, especially in the US, would be the FBI joining the Tor network, blasting around CP and then arresting some random person to make an example of them. Given that we presently have laws and executive orders being enforced that seem to contradict the constitution, etc., I don't have a lot of confidence in what a lawyer thinks might happen if this went to trial. Once it's a hot button issue, everything pretty much goes out the window.


it simply means you probably won't go to jail.

Well, not go to prison. You go to jail while you're presumed innocent, right?


Your friend is smart.

If you want to run a tor exit node, create a new corporate entity for only that purpose, put it in its own cabinet, and put your lawyer on the corp documents.

If you can't do these things, just run a relay and be done with it - an exit node is not for you.


The legal theory here is that he should have common carrier status, like an ISP.

ISPs aren't generally liable for the things that their customers do over their network.


I will need to wait for his local news to confirm the story before I will donate. I trust him, but you can't just say I need all of your money without proof, that's like a certain Nigerian prince.

I really hope this is fake because its really sad to see people like William get caught in the middle of a situation like this. However, with my gut feeling this is real, I will be waiting for confirmation to submit my donation.


William has a long history on LET, he runs a hosting company and is among the most well-known users on the site.


What's next? If someone walks across my lawn with a backpack full of child porn DVDs I'll be liable for aiding a felon? I'm sure the authorities would agree that's absurd, yet it's fundamentally identical to this case.


Wouldn't a closer analogy be someone suing FedEx because you used them to ship a DVD of child pornography?


I think a combination of the two would be a better analogy:

A complete stranger knocks on your door and asks you if it's ok for FedEx to deliver an unmarked parcel of DVDs to your house, and he will collect them from you later.

You do not know his name or address. The package arrives. You open it and examine the DVDs, but find that they are encrypted. You pass them on as agreed.

Next day the feds knock on your door, saying they have a tip-off that some child porn, bomb-making manuals and stolen bank account details were delivered to your address. You tell them exactly what happened. They seize your laptop and search it for said materials, but find nothing incriminating.

Have you committed a crime?

I hope not (in both cases) but at the same time I think if the tor exit node operator is protected from prosecution for illegal material passing through the node, then the person passing on the mysterious package should have exactly the same protection.


The validity of that analogy strongly depends on whether local activists make a habit of passing packages with encrypted contents through your place, to avoid prosecution of a tyrannical government.


What if the guy had an open Wifi router? And the neighbors downloaded a movie? This goes to show law enforcement does not know what they are doing.

I run a node as well and noticed other (far less severe) downsides of doing so. Registering on certain forums won't work and purchasing games on Steam doesn't work. These parties just blacklist the entire list of IPs published running exit nodes.


Should law enforcement just say "Oh, you have an open Wifi hotspot/you're running a Tor exit node, I guess this is a dead end, thanks for your time"? Investigating (including seizing equipment) to determine whether the traffic in question actually came from the Tor network seems like a reasonable idea. Otherwise, anyone running an exit node would have a blank check to do whatever they'd like and simply claim it was just traffic they were passing through.

I know that people like to pretend otherwise, but as long as there are crossover points between the Tor network and the public internet, there will be non-anonymous people in the real world who will have to deal with things like this. "I'm running a Tor exit node" is not (and should not be) a magical pass that makes you immune to any kind of investigation.


This is a great point. It needs to be investigated.

But, if he is found guilty and the traffic did come from tor than this is a lot like sending drugs through the mail and convicting the post office.


I agree on the general point, and don't think that he should be found guilty if he was just relaying traffic. However, I think that you have to be very careful about analogies like that because there's a wealth of subtleties. I'd like to investigate a couple of them here.

Most of us would probably agree that convicting the post office would be crazy, yet there's an entire continuum of package delivery services including the government postal system, private delivery services like UPS, professional couriers and asking your friend Steve to drop something off on his way home from work. If Steve gets caught delivering a package that contains drugs, his claim of being an unknowing "relayer" would likely be viewed with more suspicion than the same claim coming from a UPS truck driver.

That reasoning makes sense to us because we know how package delivery systems work, and have a vague idea of the probabilities involved. However, Tor is new and niche enough that you can't rely on an arbitrary person (or even a police officer or judge) knowing enough about it to make those same judgments. They don't know whether Tor is more like Steve or the postal service, and it'll take time before that knowledge is assimilated.


Unfortunately, in Germany, someone has already been arrested over using something that works in a similar way to Tor (routing traffic through multiple computers):

http://torrentfreak.com/anonymous-file-sharing-ruled-illegal...

The laws need to be changed so that you're not responsible for someone routing something through your PC if you're not aware of what is being routed, and it should be done at the EU level. I hope at least the Pirate Party starts working on pushing for this law.


Where I live you can get punished for stuff people do with your open Wifi network.

I think the authorities know exactly what they doing: they don't want people to anonymously surf the internet, so the prevent it by making it impossible to run Tor nodes or Wifi networks. I don't like it...


Same here. If you don't secure your wifi then you are legally responsible for what people do on your internet which I kind of understand but where does the line get drawn? If my computer gets hijacked and is used in a DDOS attack against some website, am I responsible for that too? At best this is all a legal gray area.


A greyhat should write a virus that hijacks computers and makes them Tor exit nodes. Anyone can run it voluntarily and claim ignorance. And people that get hijacked would have been hijacked by something anyway, so they will at least be supporting free speech with this one.


Way to make politicians even less sympathetic towards Tor. It's now a "hackers' tool" as well as a "kiddy fiddlers' tool"

BTW plenty of IRC-based botnets already do something similar, though usually without proper encryption.


While I don't totally agree with it, I think the requiring a password on your wifi is not a gray area compared with having a computer virus or a hacked computer. A more comparable analogy would be a hacked Wifi vs a hacked computer - in either case i doubt you'd be liable. That's probably their reasoning in requiring a WiFi password.


I agree with Tichy - I think LE authorities know exactly what they are doing.

If it weren't "think of the children", it would be "al Qaeda was organizing anonymously". They need a reason to create a hostile climate for privacy and anonymity.


Well, here's the thing with that tactic. If I wanted to organize anonymously, I'd have my co-conspirators gather on .onions sites, most likely an address run and known only by us. If anti-TOR shit gets real, then I believe we'll see non-trivial growth of the various darknets out there.

If every tor exit node vanished today, tor's darknet half will thrive and the network would still be valuable. It's trivial to set up a hidden service. If you want to whistle-blow to the media, you'd set up a http or ftp share and drop the .onion URL in the mail to your journalists of choice.


Good point.


I can't empathize. With great power comes great responsibility. If you're protecting someone else's privacy by publicly running an exit node for Tor under your name, that's expected.

The open Wi-Fi analogy doesn't fly here. It's more than pure unawareness, you need to purposefully install Tor and route anonymous traffic to the internet. That entails being held accountable for what this traffic is used for.

If an analogy is needed, the right one is giving the key for your P.O. box to anyone with a mask, then complaining you're being charged because they've found child pornography there.


You're begging the question. Why does routing someone's traffic make you accountable for the traffic? Because someone needs to be accountable?

I'm not sure analogies are very helpful.


> Why does routing someone's traffic make you accountable for the traffic? Because someone needs to be accountable?

The evidence is on him now, so he has to prove it wasn't. Given Tor's anonymity, that's rather difficult, but it's his problem. Which is stupid in the first place, because he dug himself on this hole, and that's why I can't empathize.


If this guy isn't held responsible for the content, you would be creating a loophole in the law.

If I wanted to distribute illegal content safely, I could just run a Tor exit node and claim that the illegal content originated from somewhere within Tor instead of from my machines.


I think a more reasonable analogy would be someone selling drugs in your stores parking lot. Your opening a private resource up for public use and someone is using that resource to break the law. However, I have no idea what the case law is and while I suspect the owners are left alone in the vast majority of cases, there may be some culpability.


>you need to purposefully install Tor and route anonymous traffic to the internet. That entails being held accountable for what this traffic is used for.

This is utterly ridiculous. An ISP has to go to a hell of a lot more effort than that. Does that also entail being held accountable for what the traffic is used for?

The guy most likely installed Tor imagining helping groups like wikileaks, not Jimmy Savile.


This is William of Edis.at, the company offering the free Raspberry Pi hosting deal posted here a few weeks ago.


Wow.

William has received more than $1300 in Bitcoin donations in the past 3 hours.

http://blockchain.info/address/1CPKAMtD4bcLrh8SRHfSxBBMmQQ5c...


Yea, um, trust me i didn't expect that - In fact i didn't even look until i read this now and it's true: balance 124BTC (I had around 7 before)...

Now i need to think how i can pay Bitcoins back when this is done (as i don't know if the source addresses are valid then still (if they ever were and not just a proxy source) and who sent what amount at mass sends...) Tricky, probably can't pay bitcoin back :(


Yeah, if they paid you directly from an online wallet, sending funds back to the address you received them won't necessarily get deposited in their account. And if they don't hold the private key, they can't sign a message to you with it...

You probably can't pay them back.


Personally, I have 2Tb, and it's not legal (but not immoral). I can't imagine what legal uses an individual could have for 100Tb of storage.


It's mainly server backups (encrypted by PGP even) (50% of storage), Movies, Music, Documentaries, Apps (legal and/or free/opensource) (30%), and empty space i had added a few weeks ago for more backups (switching from daily to 3hourly)


This line of reasoning is very troublesome.

Your argument seems to be: "Don't make waves. Don't do anything out of the ordinary."

To many people, having Linux installed on a computer is something that people have no legitimate reason for.

No innovation or individuality. Everyone has to be exactly the same.

Also, your line of reasoning goes against presumption of innocence. The suspect doesn't have to explain why he has that much storage. The police/prosecutor have to explain what criminal acts he's doing with that storage.


He owns one large ISP in Austria and has multiple personal projects. And no judge has ever said that running a Tor exit node isn't legal AFAIK.


I'm pretty sure he's an employee of the company (edis.at) not the owner (http://www.firmenabc.at/edis-gmbh_EBkc).


Correct, i don't own it - I just work there.


If you do anything with video/photo's and many other types of things the space adds up quickly. I had 2TB filled with just games that I had purchased. Just my steam folder alone is pretty massive. Files are getting a lot larger with the amount of storage we have access to. Just compare a floppy disk to a CD to a DVD. You've only used floppy's and someone comes up to you and shows you a CD... "WOW! what legal use could you POSSIBLY have for that!"


> I can't imagine what legal uses an individual could have for 100Tb of storage.

An example:

Raw captures (e.g., digitized home movies) can take up a lot of space, even if they're losslessly-compressed with a codec like Huffyuv or Lagarith.

I have five raw captures of the same 2-hour VHS movie sitting on my HDD, as I plan to average them to reduce the appearance of artifacts due to tracking differences. Each capture is losslessly-compressed with Huffyuv and approximately __50GB__.

That's ~250GB right there.


I know little about the Tor community, but is there any verification of these sort of claims?


I briefly looked for other information about this and I found this thread on the tor-talk mailing list. The thread mentions he contacted the torservers.net team for a recommendation about a lawyer. The thread also mentions someone is going to provide better proof soon.

https://lists.torproject.org/pipermail/tor-talk/2012-Novembe...


All tor node addresses are public. (Except for secret entry nodes.) I imagine this information could be used to verify claims.


Well ... go on authorities. These pirate parties need votes. They are only at 5-6% now. Let's ensure that they can get at least 20% on the next elections.


his twitter account with some further information http://twitter.com/str0AT [german]


I'd honestly like to know how he paid for all this stuff: up to 30TB/day traffic according to arstechnica (costs surely more than 1-2k euro/month), loads of servers - all with the salary of a 20 years old ISP employee?


I'm a 15 year old 'kid` that has been pushing 30TB/day traffic thru a few Tor exits for months just fine, because I truly believe in freedom of speech.

You know, money isn't that hard to get. For me, a few weeks of coding got me a few thousands of euros. He was running an ISP apparently, and selling VPSs. I've been sysadmining a few boxes for a few VPS hosting companies and got enough money to run a few Tor exits pushing over 2Gbps for months.

(Also, I think that it's hilarious that me having my 15-year-old girlfriend pics is considered illegal, thanks to CP laws. )

I truly believe in this: http://datalove.me/


A TB of traffic will cost at least around €2-3 from most european (and other) ISPs with VPS so you basically claim to have enough spare change lying around at the age of 15 to pay €2000-3000/month just for Tor traffic because you're an idealist and after buying all the stuff a 15 year old normally buys first? ;-) I call BS, or rich parents.

(and btw., WW was not running the ISP, he wrote somewhere in this thread that he is just a normal employee)


> A TB of traffic will cost at least around €2-3 from most european (and other) ISPs with VPS

The average bandwidth price I got from all the ISPs I used in the past was ~1 dollar/megabit. The ISPs I used for my Tor relays were ISPs I was using already for bandwidth-intensive HTTP hosting, so I already had quite a few deals for dirt cheap bandwidth.

I've been paying ~600€ per box (1Gbit, of which I was using at least 60% 24/7, getting to 100% during day hours).

> you basically claim to have enough spare change lying around at the age of 15 to pay €2000-3000/month just for Tor traffic because you're an idealist

Yep. I got it mostly by selling iOS Tweaks on Cydia Store, private consulting with a few companies, freelancing, and sysadmining.

> and after buying all the stuff a 15 year old normally buys first? ;-)

The only thing apart from my tech equipment and servers that I'm interesting in buying is weed anyway.

> (and btw., WW was not running the ISP, he wrote somewhere in this thread that he is just a normal employee)

Thanks for clarifying that he was not running the ISP. I misread it, probably.


I feel like I should post this here too:

https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutC...


People are working to verify that this isn't a scam.


http://raided4tor.cryto.net/ and http://arstechnica.com/tech-policy/2012/11/tor-operator-char... (has scan of the search warrant) should be good enough for now :)


So can an ISP be raided because child porn went over its network at some point? I didn't think so...so I don't see the difference here.


You should not be running a ToR exit node from your home.

Dumb. Dumb. Dumb.


The exit in question was located in Poland - Not in my home, i never had any exit running at home. The server used in Poland was however (naturally) registered on my name.


Why?


If you go to a bank, rob it, and then walk outside to a waiting taxi, and have the taxi drive you home, is the taxi driver an accessory? I think that in the US you'd really have to make a case that the taxi drive had knowledge of what had transpired.


If you go to a bank, rob it, and then hand the money to your friend for hiding, then your friend is an accessory. (Possession of Stolen Goods at the least)

Did he rob the bank? No. He may have just been at home, not involved in planning at all, you show up with $50,000, ask him to hide it and tell him it's stolen.

He was just used to transfer the goods, but he's still breaking the law.

Likewise laundering the stolen money is illegal, even though you didn't steal it.


Your scenarios are about knowingly transferring illegal goods. The Tor operator didn't know that illegal data was being transferred over his equipment. In the same way a webhoster isn't liable for the data his clients are hosting.


The thing is, if you're operating a TOR node you should have full knowledge that people are going to use it as much for illegitimate uses as much as legitimate uses.


And if you're operating a cab, you should have full knowledge that people are going to use it as much for illegitimate uses as much as legitimate uses.

Your point being?


For Tor, the ratio of legitimate to illegitimate is perhaps 1:1, whereas for taxis it's like 1000:1, or higher. At least that's how I read "as much as".


Sources for those ratios please.


I did use the words "perhaps" and "like", and the definition of "as much as", to me, is 1:1.


Also your factual statistics compared to your made up statistics is perhaps 1:1,000,000,000. I can think of about 10 people I personally know that use Tor (off the top of my head). 10 of those people use it legally. So 0 in 10 people sure it for legitimate purposes. Therefore, 0 in 1,000,000,000 actually use it for legitimate purposes.


Even a ballpark estimate makes no sense without at least a vague source. You're trying to define statistics for a network that is designed to make it infeasible to gather statistics...


Alright, I wasn't being clear.

My real objection was groby_b stating something that is almost certainly incorrect (taxi ratio is 1:1) - I would bet money on this - as a means to refute something that is perhaps incorrect / unknowable (Tor ratio is 1:1).

I have no idea what the Tor ratio is, but it is "perhaps" 1:1. And what does legitimate mean anyway? Some of the work on Tor is funded by the US government so that people in oppressive states can speak out, which means that in those countries that speech is "illegitimate" whereas in the US it is not. Or did we mean morally illegitimate? Whose morals are we talking about? Or did mean we mean child pornography? And is that still illegitimate in all of the nation states that repress speech?

I think my ballpark estimate for taxis is reasonable, and that if motivated you could certainly find a lower bound on that ratio from taxi rides per capita per annum, crimes per capita per annum, and the assumption that all crimes used a taxi driver as an accessory.

If you had written your response here to swalsh, who defined a statistic of 1:1 for Tor, I wouldn't have anything to post.


You don't know that for certain. There can be a taxi which is exclusively used by mafia ->therefore(following your argument) all taxis should be banned.


The nature of Tor is such that you'll never, right? I suppose you could keep logs and analyze them, but that kind of defeats the purpose.


Possibly that the exit node is NOT his means of subsistence and the legal status of taxi driving/Internet Provider.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: