I hope they are going to be deploying exit nodes as well. It's not very safe to run an exit node but I doubt the FBI will be raiding Mozilla and other big companies for them if this practice continues.
Part of the problem of running an exit node is that it's unclear how "safe" it actually is, and as a result there is a lot of rumor and paranoia. Every country has different laws that affect the legal status of an exit node operator.
For example, an Austrian man was arrested in 2011 for running an exit node and charged with being an accomplice to crimes that were carried out over Tor using his exit node. He was ultimately found not guilty, but a law was passed as a result that effectively makes it illegal to run a Tor exit in Austria. [0]
Meanwhile, in the US no one has ever been arrested simply for running a Tor exit node (at least to my knowledge). Anecdotal information suggests that the most difficult thing is finding someone to host the node (many cloud VPS providers, for example, will not) if you don't host it yourself. A Reddit commentator and operator of Tor exits suggests that running Tor exits is protected under U.S. law, although I'm not sure if this has been tested in court [1].
I think Mozilla should take the (relatively small, due to their presence in the U.S.) risk of running Tor exit nodes. They could even turn it into a project of its own, to explore the common problems and develop some best practices for running Tor exits. I could imagine this being a fruitful collaboration with the EFF, for example!
The case is Austria was complicated because the court found chat protocols from him:
„You can host 20 TB child porn with us on some encrypted hdds“
The judge argues that this is more than just providing infrastructure, it is advertising illegal content / behavior. So this case is not representative for evaluating the risk of running a tor exit node.
I work at Mozilla, and the folks at Torservers.net were extremely helpful in helping us get up to speed quickly. We're hoping to contribute to the public body of knowledge on how to operate servers efficiently, both in terms of effort and cost.
IANAL, but would this just require someone incorporating or starting an LLC and then paying for the exit nodes in the name of that entity? Would that be sufficient protection?
Also not a lawyer, but you can still be charged criminally in the USA:
"Charging a corporation, however, does not mean that individual directors, officers, employees, or
shareholders should not also be charged. Prosecution of a corporation is not a substitute for the
prosecution of criminally culpable individuals within or without the corporation"
tor exit is effectively a proxy. nobody should run an open proxy. that's just common sense.
on the other hand it may be a good feature if implemented correctly. for example, sites explicitly saying they allow tor exit connections would be a good start.
Its much easier to raid a big company because they have a clear physical prescence and a strong interest to focus on their core buisness. For example, some people in the company may defend their tor node, but managers will look to the interests of the company as a whole, concluding that the loss of dozens of jobs is not worth risking over something that is not a core competancy.
It seems like you're arguing from a pure realpolitik perspective. The FBI is going to raid your Tor node because they know it will make your boss unhappy.
Even under that assumption, what is the FBI's motivation for doing this supposed to be? They can obviously only do this for Tor nodes within their jurisdiction, but that's where they want them to be because it's easier to capture their traffic. It's not like exit node operators have any actual connection to the crimes the government may be investigating. The main thrust of the other Tor article on the front page[1] is that the primary source of criminality on Tor is hidden services that don't use exit nodes.
Indeed, but this perspective comes from the large number of people that make up an enterprise and the interwoven net of responsibility. One person can choose to fight for liberty and risk ruin, but its much harder to justify risking the other hundred people in your company.
It is plenty safe to run exit nodes. If your host complains, there is even form letters to send. The government knows that seizing an exit node will not help them in anyway (one can go online immediately.)
Do you think Amazon gets raided? Do you know how many exit nodes are in AWS? My guess is lots because I know 2 people who have them and I don't know a lot of people.
I've ran an exit node in my home for several years and the worst I've seen as a result of it is several DMCA notices and one polite call from the police in another state.
Even that is too much contact for some people. A sane average person wants as little contact with the legal system and authority types as humanly possible, and for good reason.
Even if so far everyone has that exact worst case experience, that doesn't mean tomorrow you won't be arrested for somebody viewing illegal material through your exit host. I know people who've sold drugs and never had any problem, it doesn't mean I'm going to start doing it presuming its safe based off their anecdotes.
That is very much like saying you shouldn't express your political views because you don't know if tomorrow they'll be made retroactively illegal.
And the criticism of anecdotal evidence is that it may not be a representative sample. So what is the actual percentage of Tor exit node operators who have been incarcerated for it in the US then? Is it not 0%?
That's why you want to rent your server as anonymously as possible. It's also why most hosting providers don't like anonymous customers. And those that are cool with it often charge more.
Has that ever been proven? I suspect it's as unproven as the theory that Tor operators are "common carriers" and as liable for the traffic that passes over their connection as an ISP is for the traffic that passes over its connections.
which was written by my colleagues at EFF. (It doesn't mention particular legal theories that may help exit node operators, though I think CDA §230 and DMCA §512 might be among the laws you're thinking of that have historically protected ISPs, since ISPs have resisted being classified as common carriers in the U.S.)
At the very least, you can get your computer and networking equipment seized. Tor's own FAQ says you shouldn't run exit nodes at home:
"Should I run an exit relay from my home?
No. If law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer. For that reason, it's best not to run your exit relay in your home or using your home Internet connection."
