I hope they are going to be deploying exit nodes as well. It's not very safe to run an exit node but I doubt the FBI will be raiding Mozilla and other big companies for them if this practice continues.
Part of the problem of running an exit node is that it's unclear how "safe" it actually is, and as a result there is a lot of rumor and paranoia. Every country has different laws that affect the legal status of an exit node operator.
For example, an Austrian man was arrested in 2011 for running an exit node and charged with being an accomplice to crimes that were carried out over Tor using his exit node. He was ultimately found not guilty, but a law was passed as a result that effectively makes it illegal to run a Tor exit in Austria. [0]
Meanwhile, in the US no one has ever been arrested simply for running a Tor exit node (at least to my knowledge). Anecdotal information suggests that the most difficult thing is finding someone to host the node (many cloud VPS providers, for example, will not) if you don't host it yourself. A Reddit commentator and operator of Tor exits suggests that running Tor exits is protected under U.S. law, although I'm not sure if this has been tested in court [1].
I think Mozilla should take the (relatively small, due to their presence in the U.S.) risk of running Tor exit nodes. They could even turn it into a project of its own, to explore the common problems and develop some best practices for running Tor exits. I could imagine this being a fruitful collaboration with the EFF, for example!
The case is Austria was complicated because the court found chat protocols from him:
„You can host 20 TB child porn with us on some encrypted hdds“
The judge argues that this is more than just providing infrastructure, it is advertising illegal content / behavior. So this case is not representative for evaluating the risk of running a tor exit node.
I work at Mozilla, and the folks at Torservers.net were extremely helpful in helping us get up to speed quickly. We're hoping to contribute to the public body of knowledge on how to operate servers efficiently, both in terms of effort and cost.
IANAL, but would this just require someone incorporating or starting an LLC and then paying for the exit nodes in the name of that entity? Would that be sufficient protection?
Also not a lawyer, but you can still be charged criminally in the USA:
"Charging a corporation, however, does not mean that individual directors, officers, employees, or
shareholders should not also be charged. Prosecution of a corporation is not a substitute for the
prosecution of criminally culpable individuals within or without the corporation"
tor exit is effectively a proxy. nobody should run an open proxy. that's just common sense.
on the other hand it may be a good feature if implemented correctly. for example, sites explicitly saying they allow tor exit connections would be a good start.
Its much easier to raid a big company because they have a clear physical prescence and a strong interest to focus on their core buisness. For example, some people in the company may defend their tor node, but managers will look to the interests of the company as a whole, concluding that the loss of dozens of jobs is not worth risking over something that is not a core competancy.
It seems like you're arguing from a pure realpolitik perspective. The FBI is going to raid your Tor node because they know it will make your boss unhappy.
Even under that assumption, what is the FBI's motivation for doing this supposed to be? They can obviously only do this for Tor nodes within their jurisdiction, but that's where they want them to be because it's easier to capture their traffic. It's not like exit node operators have any actual connection to the crimes the government may be investigating. The main thrust of the other Tor article on the front page[1] is that the primary source of criminality on Tor is hidden services that don't use exit nodes.
Indeed, but this perspective comes from the large number of people that make up an enterprise and the interwoven net of responsibility. One person can choose to fight for liberty and risk ruin, but its much harder to justify risking the other hundred people in your company.
It is plenty safe to run exit nodes. If your host complains, there is even form letters to send. The government knows that seizing an exit node will not help them in anyway (one can go online immediately.)
Do you think Amazon gets raided? Do you know how many exit nodes are in AWS? My guess is lots because I know 2 people who have them and I don't know a lot of people.
I've ran an exit node in my home for several years and the worst I've seen as a result of it is several DMCA notices and one polite call from the police in another state.
Even that is too much contact for some people. A sane average person wants as little contact with the legal system and authority types as humanly possible, and for good reason.
Even if so far everyone has that exact worst case experience, that doesn't mean tomorrow you won't be arrested for somebody viewing illegal material through your exit host. I know people who've sold drugs and never had any problem, it doesn't mean I'm going to start doing it presuming its safe based off their anecdotes.
That is very much like saying you shouldn't express your political views because you don't know if tomorrow they'll be made retroactively illegal.
And the criticism of anecdotal evidence is that it may not be a representative sample. So what is the actual percentage of Tor exit node operators who have been incarcerated for it in the US then? Is it not 0%?
That's why you want to rent your server as anonymously as possible. It's also why most hosting providers don't like anonymous customers. And those that are cool with it often charge more.
Has that ever been proven? I suspect it's as unproven as the theory that Tor operators are "common carriers" and as liable for the traffic that passes over their connection as an ISP is for the traffic that passes over its connections.
which was written by my colleagues at EFF. (It doesn't mention particular legal theories that may help exit node operators, though I think CDA §230 and DMCA §512 might be among the laws you're thinking of that have historically protected ISPs, since ISPs have resisted being classified as common carriers in the U.S.)
At the very least, you can get your computer and networking equipment seized. Tor's own FAQ says you shouldn't run exit nodes at home:
"Should I run an exit relay from my home?
No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection."
If you have a VPS spare bandwidth, I encourage you to set up a relay, too. It is very easy to do and a great way to contribute to the Tor project.
Is Mozilla planning to set up a hidden service for mozilla.org? I didn't see anything mentioned. The more sites that support hidden services, the less need for exit nodes (which are arguably one of the least secure parts of Tor.)
> If you have a VPS spare bandwidth, I encourage you to set up a relay, too. It is very easy to do and a great way to contribute to the Tor project.
I run three relays right now. I agree that it's pretty easy to setup, especially on Ubuntu, but the documentation could really use improvement. It makes it sound much harder to setup than it actually is.
To anyone who is thinking of running a relay, here are the basic steps:
1. Add the Tor repo to your package manager [1]
2. Install Tor
3. Edit the config file to set a name, your contact info, bandwidth limit, and exit policy. This is all pretty well documented in the config file.
4. Start Tor (eg `sudo service tor start`)
If you want to run an exit node you should read the Tor docs about the topic and decide which ports to open.[2][3]
It's good practice to discuss plans with your hosting provider, so that you and they both know what to expect. Stealth doesn't cut it, especially if there's real money at risk.
Also, keep in mind that relay IPs, and perhaps even subnets, may show up on various blacklists. Other services (perhaps those of other hosting customers) may be affected.
I recall seeing this on tor-talk or tor-relays within the past year or so. Someone started running an exit, and their hosting provider nuked their account, claiming that other customers were being affected by bans. I'll see if I can find it.
Edit: Here's one example, posted by Zack Weinberg on the tor-relays list.[0]
CMU network operations has decided to move the Tor exit node that my
group operates (tor-exit.cylab.cmu.edu) to an isolated subnet in order
to minimize consequences for the rest of the campus network. For
instance, apparently there have been several cases where third parties
blacklisted the entire CMU IP space in response to malicious traffic
from the exit node. This is currently scheduled to happen Tuesday (Nov.
4). The new IP address will be 204.194.29.4.
It is quite expected if you run an exit node. However this was in regard to a relay node, which is something else entirely.
I've seen a few references to these supposed problems with running a relay nodes lately, but the poster never replies with any information where this have actually happened. This behaviour is new. It wouldn't surprise me if it's coordinated, considering what else we've seen lately.
It happened to me when I ran a tor relay (not an exit) on the same ip as a mailserver. There is one rbl that automatically adds you if you do this. Mind you, I've never found a mailprovider using this list (can't remember the name).
We haven't made a decision on either running a hidden service or exits. We do plan to come back and do the analysis and legal review, however we don't have a timeline for this yet. Right now, we're just wading in and will see what we learn.
However, it's my impression that there is a surplus of entry and middle nodes, and a serious shortage of exit nodes, especially fast ones. Also, I've read that the geographic diversity of exit nodes is inadequate. I base these comments on discussions on the tor-talk and tor-relays lists, and from posts on the Tor Project blog.
It's actually better if 1000 different people each run a 40Mbps exit node than if one ISP runs a single 40Gbps one. You don't want to centralize control over the exit nodes because it increases the chance that party could control every node in a circuit.
If you know which nodes they control you can easily avoid using them in the same circuit. But how are you supposed to know that? There is a configuration option to list other nodes you operate for exactly this purpose, but someone staging an attack is obviously not going to use it.
Is Tor broken? I've heard that its anonymity was proven to be broken, but I'm not sure how reliable my source was. I'm interested in getting involved but hesitant to do so until I have some solid info one way or the other.
There's something like 2k-8k exit nodes, and all that is needed to compromise it is 51% of those. Given that the CIA started tor and the government has significant interest in breaking it, I would find it harder to believe that they didn't have a few thousand computers lying around.
Also all of this is from memory, but I hope none of it is wrong. Feel free to correct me if so.
> We chose to make use of our spare and decommissioned hardware. That included a pair of Juniper EX4200 switches and three HP SL170zG6 (48GB ram, 2Xeon L5640, 21Gbps NIC)
In other words, Mozilla has enough money that a 48GB ram machine is otherwise a paperweight...
Well, if they were in any way savvy (which I believe they are), they would sell a machine like that or donate it to another project. In this instance, I imagine, instead of selling/donating they repurposed.
Yes there is in most jurisdictions. The company can write off the value of the hardware against their taxable profits. However the Mozilla Foundation is a non-profit, so I'm not sure that applies.
Obviously apples and oranges, but between this and Facebook's Tor Hidden Service we're starting to see adoption of real privacy tools among major companies.
A great deal of the data Facebook has must be derived outside of things you have posted yourself. They build and hold a lot of data you do not explicitly consent to share.
Facebook really wants your activity to be based on your real identity, and making associations between you and other people.
Facebook shouldn't be used as a tool for organizing political rallies if there is concern for privacy. Connecting to FB via Tor does not isolate you from much.
According to their report, they haven't received any data requests from Saudi Arabia, Syria or Burma, but they did hand over data to the governments of 57 countries in the first half of 2014 alone [1].
It appears content was also censored at the request of the Saudi government.
Mozilla is a political organisation. Aside from the fact that developing free, privacy-focused software is an inherently political thing to do, they have the Mozilla Manifesto[0], which states (the relevant bits here being singled out):
> The Internet is a global public resource that must remain open and accessible.
> Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.
> We will [...] use the Mozilla assets (intellectual property such as copyrights and trademarks, infrastructure, funds, and reputation) to keep the Internet an open platform [and] promote the Mozilla Manifesto principles in public discourse and within the Internet industry.
The Mozilla Foundation regularly leads or joins in political action relevant to its mission. For example we campaigned against SOPA/PIPA and CISPA [1], submitted a Net Neutrality proposal to the U.S. FCC [2], and have testified multiple times to the Librarian of Congress and elsewhere in favor of DMCA exemptions and DMCA reform [3].
They better tell their employees not to buy any drugs or use TOR for illegal stuff, because now they'll be representing the whole TOR project and The Free Web.
So it's like, they don't just represent themselves anymore, and an arrest will be a political tool to smash everything into corporate/government control.
Any government agency that wants to trash-talk Tor is already doing so, and already has plenty of ammo for the propaganda machine. They're not going to wait for some Mozilla employee to download a movie torrent, especially since that wouldn't actually change anything.
