What happened when the FBI subpoenaed Boing Boing over our Tor exit node


#1

Originally published at: http://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html
We’ve run a Tor exit-node for years. In June, we got the nightmare Tor operator scenario: a federal subpoena (don’t worry, it ended surprisingly well!)


#2

So wait, is it the terrorists who won this round, of the child pornographers? Or is some new evil-doer demanding freedom and stuff?


#3

Thanks for sharing the details, it could help someone else.

Is there some public interest law firm or organization which is committed to representing operators of exit nodes who receive these kind of legal demands?

It seems like a lot more people would be brave enough to run exit nodes (in the US) if it was widely known that you can count on legal support in the unlikely event of a visit from the authorities.


#4

Terrorist child pornographers, of course.


#5

EFF works to help people find counsel, though not necessarily pro bono counsel.


#6

Absolutely, this will become part of a portfolio I have to take to my IT director to convince him to let us install an exit node in my library.

This is a tremendous help.


#7

quote-citizens-unquote.

Their evil never ends…


#8

Heck, just having that landing page on an exit node is great.
If any editors are reading this thread, could a Creative Commons license be attached to that page?
It’s nicely presented, would be convenient for anyone considering running a node to have. :smile:


#9

How were they able to identify you as an exit node in the first place, or did they know because you have publicly declared it?


#10

I’m curious how you know it ended (well). Was there a follow-up on the request?

tia


#11

Tor Exit Nodes in Libraries - Pilot (phase one)
https://blog.torproject.org/blog/tor-exit-nodes-libraries-pilot-phase-one


#12

When you run the exit node, you can provide public information about who you are as the operator. The Tor network encourages this, as it helps know the exit is trusted, and not malicious. Also, since the endpoint website or service can trace the IP back to the Tor exit, then that IP can be correlated to whoever is paying for the box or the network connection.

Some more useful information here:
https://www.torproject.org/eff/tor-legal-faq.html.en
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment


#13

Child-Terrorist Pornographers.


#14

Rule 34, I guess?


#15

No - I mean, the pornography is just regular old vanilla stuff, but it’s financed by underage terrorists.


#16

It’s all so hard to keep straight.


#17

“So then what happened?”

“I showed them my exit node and they lost interest.”


#18

A very similar thing happened to USU. We received a summons from Homeland/ICE to produce 3 months of records (plus identifying info) for an IP that was one of our TOR exit nodes.

I eventually managed to contact the Special Agent in charge of the investigation. He turned out to be a reasonable person. I explained that the requested info was an extremely active TOR exit node. I said that we had extracted and filtered the requested data, it was 90 4 gig files (for a total of 360 gigs of log files) or about 3.2 billion log entries. I asked him how he wanted us to send the info. He replied that all he needed to know was that it was a TOR exit node. I then asked again if he wanted the data. He said something like: “Oh God no! Somebody would have to examine it. It won’t tell us anything. It would greatly increase our expenditures. Thanks anyway.”

And that was the end of it.


#19

Can I file a FOIA request to see the unredacted version of that subpoena? For the public good, of course.


#20

As I learnt the hard way, if you run a relay node (ie one that just passes traffic, not an exit) in the UK, then your IP address will be blocked from BBC iPlayer.
Apparently they’ve contracted with an outside firm to block the addresses of VPNs and TOR nodes, but the external company doesn’t distinguish between exit nodes and relays.
In the end it turned out to be quicker to change our IP rather than convince Auntie that we weren’t running an node any more.