Part of the reason I sadly stopped running any exit nodes was law enforcement harassment.
I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.
The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.
Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).
The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.
Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.
I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.
> There are obviously still people working in German law enforcement today, who think that harassing a node-operator NGO would somehow lead to the de-anonymization of individual tor users.
This is not why.
> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.
This is why. It's basically a textbook example of a chilling effect.
The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.
I'm not sure how a Tor exit node could operate legally. Tor is widely used for illegal activities. Like drug sales and CSE media. If a government goes on Tor, downloads such material they'll easily see the exit node as the last hop in the chain. It's a clear-cut case that the exit node operator facilitated illegal activity.
My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.
Would be happy to hear from someone who is more knowledgeable in this area.
edm0nd ·126 days ago
I ran a few exits for about about ~5 years. In those 5 years, my hosting provider (DigitalOcean) received 3 subpoenas for my account information.
The first two were random. The 1st one was someone sent a bomb threat email to a university. The 2nd one was someone sending a phishing email.
The last and final subpoena was the most serious one. Some nation-state hackers from Qatar had ended up using my exit IP to break into some email accounts belonging to people they were interested in and spied upon them and stole some info.
Thankfully both the Tor Project and the EFF were able to help me pro-bono. The EFF lawyer that was assigned to me helped me fight this subpoena but ultimately we had to turn over my account information to the DOJ + I had to give an affidavit stating that I was simply just an operator and nothing on the server in question would be useful to their investigation (by design).
The stress of having to deal with law enforcement, lawyers, and having to entertain the possibility of having my home raided over something so silly ultimately led to me finally shutting down my exits.
Even though I had all of my exits using a reduced exit policy and I would blacklist known malicious IPs and c2/malware infra from being able to use it, I was still a target.
I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.
I one day hope to resume running exits as I find it rewarding to be able to help people from around the world in a small way.
Show replies
hwbehrens ·126 days ago
This is not why.
> As a consequence, I am personally no longer willing to provide my personal address&office-space as registered address for our non-profit/NGO as long as we risk more raids by running exit nodes.
This is why. It's basically a textbook example of a chilling effect.
Show replies
walrus01 ·126 days ago
"Why you need balls of steel to operate a tor exit node"
http://web.archive.org/web/20100414224255/http://calumog.wor...
The above is within the context of a western legal system, and certainly since it was written domestic law enforcement has become even more militarized and aggressive. I would be absolutely unsurprised if the same thing happened today and it resulted in a battering ram on the door at 0400 in the morning, flashbang grenades and the house being rampaged through by a SWAT team.
Show replies
Manuel_D ·126 days ago
My assumption is that Germany has some sort of common-carrier privileges for Tor node operators. In America, telecoms can't be sued for facilitating illegal activity. But they do have to assist law enforcement with finding criminals when requested.
Would be happy to hear from someone who is more knowledgeable in this area.
Show replies
iamnotsure ·126 days ago