> Put simply: running a Tor exit node is not a crime
In Russia? You sure about that? I wouldn't be, if I lived in Russia, and I'd be much less so today than yesterday. It wouldn't surprise me if this prosecution were intended to make a point, in the characteristically subtle style of the modern Russian government, that regardless of what any potentially relevant legislation might say, running an exit node, and by extension acting in ways that help conceal communications potentially of interest to the state, isn't a very good idea if you cherish whatever stability and comfort your daily life affords.
The modern US government, on the other hand, has tended to be rather less blunt about making such points, and to choose different such points to make.
Well, whether it's legal and whether it's a right - itself a concept of law, with no meaning outside that context - is up to the state, and the state doesn't seem thus far inclined to decide the question in their favor. Perhaps they will convince it otherwise.
Right. I meant that potentially they consulted lawyers / evaluated the law before making the claim. I have no idea if it is legal in Russia (and they may not either) but the quote seemed to be a statement which if levied at RU; hopefully has something backing it up
I read that as a normative, not a positive, statement. If there's anything at all to suggest it be taken otherwise, I'd love to see a cite, because I've looked for one and not found it.
Sure, if you're discussing the matter with someone who subscribes to the same system of ethics you do. Otherwise, if it matters to you that your interlocutor agree with you on whether and which ethical rights apply, you've got some convincing to do.
edit: please comment as opposed to downvote -- HN's value is civilized debate and information.
I value privacy and support VPN use, but for some reason this seems different to me. Maybe something to do with a VPN being a company using servers to create an obvious layer of identity protection that police can generally subpoena when of importance.
By running a Tor exit node, this individual was consciously allowing his IP address to be used for potentially malicious purposes. Why can't it easily be compared to someone making a cover for or assisting a criminal they don't know the identify of, which would be a crime if committed in person? Investigations lead back to him because he put himself in that position.
analogy: VPNs seem like concealing your ID from everyone, however police can sometimes work to see it if a court deems it justifiable and necessary. Individuals running Tor exit nodes seem like being given someone else's ID instead, with no trace otherwise.
Untraceable VPNs (ones unaffected by subpoenas) are somewhere in the middle, but the primary issue I see with this is the Tor system's use of someone else's ID rather than hiding your own (investigators are aware when they find a VPN service's IP).
There really isn't much to debate. Your stance is very myopic and makes assumptions that fail in a global context.
For example, you assume the police are legitimate and not the tools of an oppressive government.
For example, you are completely ignoring non-"malicious" purposes for disguising origin, say whistleblowing.
Finally, you are equating providing a legitimate service that may be used for a crime with actual facilitation of crime. We should lock up telephone company execs on this theory.
There's a lot to debate. If you're running a TOR node, you have child porn traversing your system. You also have a whistleblower's traffic who might be beaten or tortured if found.
Does the existence of the latter negate the former?
To claim that is an answered question is myopic to me.
Also, Criminal activity has repeatedly fallen the 3 letter agency attacks. So the claim that criminals are just getting away with stuff is also false. Its harder, but not unbreakable.
I agree that it fails in some countries, yes, but to say it fails in a global context... The same argument could be made for the opposing viewpoint; police are more often legitimate than illegitimate, and on telephone company execs: if they purposely assign the identity of someone else to a person who then uses this identity for wrongdoing.. Yes, possibly? Otherwise, it's a company, and doesn't fall under the complaint.
Complaint: Individuals as tor exit nodes presents a fake identity as opposed to a lack of an identity. Fake identity seems problematic.
- Internet freedom around the world declined in 2016 for the sixth consecutive year.
- Two-thirds of all internet users — 67 percent — live in countries where criticism of the government, military, or ruling family are subject to censorship.
- Social media users face unprecedented penalties, as authorities in 38 countries made arrests based on social media posts over the past year. Globally, 27 percent of all internet users live in countries where people have been arrested for publishing, sharing, or merely “liking” content on Facebook.
Wifi seems different in that it's somewhat traceable when necessary, and the person or institution would likely help with that in cases of serious issues, unlike willingly putting your personal identity at the end of an anonymized network you can't control the actions of.
I support privacy in almost every case, but this even prevents actual subpoenas of serious magnitude or importance, and makes that individual the final point of contact, you know?
IP addresses of what is connected to can be hidden by proxies or anonymizing networks, or even just TLS. MAC addresses are spoofed routinely. It's wireless so fat chance it's reachable from places not under your surveillance, if you have any of that in the first place.
I also don't agree that an IP address is your personal identity, I think that's a very harmful idea. I am not a computer and I just barely control part of what my machines do.
Do you believe in the possibility of a risk-less society?
> I also don't agree that an IP address is your personal identity, I think that's a very harmful idea. I am not a computer and I just barely control part of what my machines do.
A wifi network would likely involve a physical location with security cameras or some trace/hint on the network, although you make valid points there regarding how that could be inaccurate or useless. The individual hiding their own identity in that case shouldn't be the fault of the operator of the wifi, though.
I agree with you that an IP shouldn't, in every case, be your personal identity and that legal situations should take context into account. Everyone from advertisers to the government uses your IP address as a personal identity for you, though. It unarguably leads investigators to your person, and that's our only real method of dealing with cybercrime. Leading investigators to an incorrect individual seems different than to an obvious wall, such as a VPN, that would require a lot of effort and justification on the investigator's part to break through.
Risk-less society in what way, if you could rephrase?
How so? Technically & legally they can find out that the IP address belongs to you / your computer, and will investigate (not that it necessarily means guilt).
I highly doubt that an individual who commits a serious crime over the internet without masking their IP won't be investigated.
Many consumer ISP's use an IP pool, and do not store logs in a tamper-proof way.
Wifi routers are insecure and often can't be flashed with more transparant/secure software, so in practice anyone within 100m with a directional antenna can connect to your wifi.
People let guests on wifi, and students tend to share internet connections.
Some devices randomize their MAC address by default (Apple stuff I think) and MAC addresses are trivially spoofed.
If I'm on your wifi router I can probably spoof the MAC addresses of any and all of your devices, and I definitely can if you've ever connected to an AP managed by me.
Lastly, ISP's can spoof everything and fabricate logs with ease.
So no, technically there is no proveable link between IP address and person or device. Perhaps legally but that has no bearing on the technical reality.
If you provide a tool to a criminal that they use in commission of a crime, you are assisting them and should generally be prosecuted unless a good reason exists to counter.
Is providing a public service a "good enough" reason?
If you provide free classes on bomb-making, should you bear any responsibility for how your students use the knowledge? Just because you're offering a public good/service doesn't absolve you of responsibility.
What about roads? And cell phones? And paper? Should the public schools teachers be held accountable for everything they taught any criminals that they used in the commission of any of their crimes?
You're right, these aren't easy questions. Your examples are good ones.
If my land had a trail through it that I knew was being used for human trafficking but also for natural resources preservation, I'd still have a problem with that "road".
And, yes, it doesn't really matter what setting the bomb-making class is held in the teacher arguably should bear some accountability.
The debate begins to parallel the right to bear arms debate. Anonymity is powerful weapon against the abuses of the state, but that anonymity can also be used to harm fellow citizens.
If you rent out a building on airbnb and it's used in a scam by a renter that covers all her tracks and successfully evades the police, are you responsible ?
Would uber be if one of it's self driving cars is used in a crime and they cant provide the real identity of the user ?
If anything, he's a victim. Someone used a public service he offers in a way contrary to its (implied) TOS.
If you're going to run a Tor node at home make it a relay, not an exit. There is practically no risk to running a relay. Exits have risk because of situations like this.
If you want to run exit nodes use a hosted server. It separates it from your normal traffic and makes it clear that it has a specific purpose.
You'll also get the occasional website that blocks or reduces services for you because they (or their IP reputation provider) doesn't understand Tor and grabs the entire list of relays.
Notably, BrightCloud (Webroot) is such an ill-informed provider, and Dan's DNS blocklist offers both exit and relay lists (the latter is an attractive nuisance). Care2 is a consumer that blocks intermediate relays, although only on their http: traffic, not https:. (I'm guessing their SSL termination proxy messes up their IP detection!)
The odd thing is that the Tor Project provides an easy to parse, up-to-date list of exits (https://check.torproject.org/exit-addresses) but these providers go to a lot of trouble to harvest bad data themselves.
This is disturbing, but this is how the buck stops, isn't it? All of these cryptographic dataflow concealer technologies have one very unpleasant failure mode: somewhere they have to interface with the physical overworld, where they're subject to all the unpleasantness of both their home jurisdiction (in this case, Russia), and in some cases, the jurisdictions of those who are intent on their laws applying worldwide (such as governments like the United States -- who are absent from this particular case, but not others).
No amount of condemnation on part of the EFF and declarations that "running an exit node is not a crime" is going to help Bogatov, where the Russian government has decided it will do what it takes to prove a point. This is how chilling effects work: when it endangers your own freedom and livelihood, you are forced to suddenly re-evaluate your priorities between big abstract issues like freedom of speech and whistleblower protection, vs. holding your head down and hoping you don't get caught up in something much bigger than yourself.
It also proves that these anonymizing networks only function in a free society, and break down in the exact situations where they would be most needed.
wont change the fact that the originating IP is still the exit node. If you use tor and spam some https website the source IP will still be the exit nodes IP. Secure protocols cant hide the source IP(which is way more complicated, requires compromised router for a man in the middle attack, if TCP)
Ok I see, your saying it's not just spying on clear text, they just wait for subversive propaganda to appear the force the site where it's posted to cough up the ip address.
Maybe it would help if site took pains to not keep logs, but sometimes even that is difficult.
In Russia? You sure about that? I wouldn't be, if I lived in Russia, and I'd be much less so today than yesterday. It wouldn't surprise me if this prosecution were intended to make a point, in the characteristically subtle style of the modern Russian government, that regardless of what any potentially relevant legislation might say, running an exit node, and by extension acting in ways that help conceal communications potentially of interest to the state, isn't a very good idea if you cherish whatever stability and comfort your daily life affords.
The modern US government, on the other hand, has tended to be rather less blunt about making such points, and to choose different such points to make.