Every paragraph of this piece has me yelling "NEVER TALK TO THE POLICE" at my monitor. Had they wanted to, it would have been incredibly easy for the FBI to spin any of the many quotes in this article into a "false statement" and an insta-felony, just out of spite.
If you're going to run an exit node, find an attorney beforehand. You don't necessarily need to put them on retainer, but figure out who you're going to call instead of walking into an FBI field office like, frankly, an idiot.
It reminds me of the astounding naivete of Aaron Swartz's girlfriend (or whatever she was at the time) in talking to the FBI and then being surprised that they were just looking for shit to pile on him and nothing else.
Not everybody subscribes to the super cynical worldview, you'd be surprised how many people live their whole lives in exactly that state of naivety. We're all brought up with platitudes like 'the police is your best friend' and 'we live in a state with fair justice'. Given that it's no wonder that people will actually try to cooperate with police expecting justice to be done. You're essentially blaming the victim here.
Your definition of 'common sense' is not all that common, that's the problem here. Whole generations would essentially agree with the statement that 'the police is here to help you'.
It's the police that is in the wrong here, not those that believe in slogans such as 'protect and serve'. That's how I was brought up and the way my parents viewed 'the law'. Quite a few people of that generation are still around and are still instilling their values into others regardless of how misguided that is in light of the developments since they grew up.
In my country there is very little crime, and the police very much only exist to serve the population and they are always trying to help.
Common sense here is that it would be foolish to think that the police are not trying to help, and I am very glad that the US's relation with the police is not an entirely global problem.
The cultural aspect is the view of the police, and not the terrible things they are up to. You and your countrymen are simply as naive as Arron Schwartz's girlfriend.
yea, I learned too late in life, and I still am caught off guard. Times have changed, and I don't trust government, nor law enforcement. But, then again I can honestly state as I got older there's only a few people I trust.
This meme bugs me because it is possible to heed the advice while still speaking to the police. I find that the only people who parrot it are those who have never been on the other end of the table. I've seen random people run over and advise a witness to "not talk to the police" while they were describing what happened to an officer at the scene of an accident. You can't package deeper context with something simple like "don't talk to the cops" and expect people to understand it. I think this general advice does more harm than good because of the way it's delivered.
The correct conclusion to come away with from the advice is to be vigilant when interacting with those who have the power to prosecute you, and often that means invoking your right to remain silent -- but not always. You should also know when you need a lawyer -- again, not always. If the cops knock on your door because they're looking for a lost kid, calm down and get over yourself, they're not looking for you.
Sadly, you and me get that, but others take the advice to the extreme and I've seen both of my examples firsthand.
As a guy that had his name run for bench warrants while being a witness to a traffic accident, you can speak for yourself. In some cases nothing good comes about speaking to police, especially in minority/poor communities.
As a guy who spent four months in county pretrial detention on three felonies and a misdemeanor and no bail, I do speak for myself. I didn't speak to the police and lawyered up and I spent 119 days in jail. The next time, the FBI came; this time, I was suspicious but not actually involved, and I carefully spoke to the FBI without a lawyer and remained a free man. It's almost as if there's more to it than the Fifth Amendment.
And yeah, if you're riding a warrant, you probably shouldn't give your name to a law enforcement officer. That's called being stupid, and if you think it's shady to have your name run when a peace officer interacts with you and knows your name, you have some case law to read. That's their job. Witness details go in the same exact system.
I get the gist of the advice but I'm tired of seeing knobs on YouTube with their phone out recording an officer while shouting "I invoke my rights!" over and over again, and I think part of it is the way this advice is interpreted.
The key is to be polite but assertive. If you yell from behind your door "Hell no PIG! You're never coming inside and it is my RIGHT to say no!!" then it may arouse suspicion. If instead you say " I'm sorry, I wasn't expecting company and my place is a mess. Lets talk outside instead." they will likely not think twice about it. If you treat a cop like the human they are they will probably be more trusting. Funny how that works...
That's exactly right. When the above piece of advice was told to me, the suggested phrasing was something like "If you don't mind, I'd rather discuss this out here with you," and as you say this, pull the door closed behind you.
Exactly. This piece caused endless sighs throughout. It's especially unfortunate for someone running an exit node to not have his wife and himself up to speed on their civil rights, not knowing to say anything but a polite maximum of wanting a lawyer. Anything you say or do may be used against you... Those aren't random words to frighten. They mean it.
> Had they wanted to, it would have been incredibly easy for the FBI to spin any of the many quotes in this article into a "false statement" and an insta-felony, just out of spite.
Here's the part of "don't talk to the police" that scares me. A LEO that would spin you into a felony would probably completely lie about what you say to pin a felony on you too. Moreso if you irritate by being silent.
It's worth noting that if you want to support Tor exit nodes but do not want to run your own, you can donate to the Noisetor project. Noisebridge, a 501c3 nonprofit, has sponsored an exit node for several years now:
http://www.noisetor.net
This is actually a good piece. It sticks to the facts without an evident attempt to push an agenda either for or against Tor.
The operator ("Richard") seems relatable to a fellow tech like myself, and by the end of reading this I found myself thinking, "Maybe I should run an exit node too, since I have used Tor quite a bit".
It did. And the State Department & CIA use it to promote subversion activities in other countries. And the FBI and NSA try to crack it & discourage its use to monitor everyone's traffic.
"The government" isn't a monolith; it's made of quasi-independent agencies often operating at cross purposes.
it's just strange to me that on the one hand parts of the government would be trying to "crack" this system that ... other parts of the government came up with
wouldn't it render the system not-as-useful if it were to be "cracked" or weakened?
> For this reason, and others listed on the Tor Project website, operators are strongly advised to only run their exits remotely, by renting out server space.
Better yet, do that anonymously. Always work via Tor. Use a false identity. Pay with well-mixed Bitcoins. Observe good OPSEC.
That doesn't sound like a good idea. When law enforcement come knocking, your position is less defensible if you seem to be trying to hide your tracks.
I get your point, but it's more of an ideological battle here. Those people want to be legally allowed to run an exit node, not to use a compromised box & hide their tracks.
That's a great ideal, and I wish them success. I'm more pragmatic. Raids are life-changing experiences, even if nobody gets killed, or ends up in prison. And where I live, freedom to legally run Tor exit nodes is limited, with poor prospects of increasing.
I am not recommending the use of compromised servers. I'm recommending anonymous leasing from legitimate providers, which are located in jurisdictions that are unlikely to freely cooperate with your home jurisdiction. Ideally you run Tor-ramdisk, and store the node's credentials in another anonymous server, so there are no logs.
This is rather like preemptively not talking to police except through your attorney.
You are wise not to. Not everyone who is an exit is on your side. It is better to assume that they are going to do everything nasty possible to you and your data.
Well, except the backbone has no alternatives, and the whole point of something like Tor is to mitigate one's lack of trust in the people running the backbone. If Tor is insecure, all you're gaining by using it is letting a bunch of three-letter agencies know that your traffic is potentially more interesting than the average.
I think the idea is, yeah, we can have untrustworthy exit nodes, but that's already anticipated as a potential threat so everyone should know better and use https as much as possible, among other means of encrypting exit data. Doesn't Tor at least try to encrypt even exit data as much as it can? Like the browser bundle even comes with https everywhere.
It's a moral responsibility to cooperate with law enforcement when they are trying to track criminals like pedophiles, terrorists or similarly malicious persons. I don't think there should be any argument there, Tor operator or not.
However, we have every right to anonymity and to encrypt our communications and data such that only those we want to see it can. So what to do?
Perhaps Tor operators can perform some act of vigilantism and expose criminals like the above without incriminating themselves through booting out and releasing the data of the pedophiles, terrorists and what have you.
Being a revolutionary and a lover of freedom is not a crime, and the criminals who give us a bad name are making it one.
> It's a moral responsibility to cooperate with law enforcement when they are trying to track criminals like pedophiles, terrorists or similarly malicious persons.
It is a moral responsibility only when you agree that what the criminals are doing is morally wrong. For many current overreaching definitions of "pedophile" or "terrorist", for instance, I would disagree with this, and I would find it morally wrong to cooperate with law enforcement.
(This is talking about morals, not the law. Cooperating may, of course, be a legal obligation.)
Somewhere else in this thread I also note that I understand the definition of "terrorist" and "pedophile" may mean different things to different people in different countries, from both a legal and personal moral standpoint. However, does that then mean your moral obligation to cooperate with law enforcement should still not kick in once you personally feel something wrong is happening? The thing is, I am not speaking about a "legal" obligation here.
I support offensive hacktivism which is illegal in most respects, though not all. My "legal" obligation is to give up good people who are trying to exact moral justice for crimes they have knowledge are occurring, but for which no "legal" justice can be obtained, for whatever reason. However, I would not feel personally morally just in giving up those hacktivists. But if the persons in question the police are pursuing are criminals who partake in child pornography, or terrorist activities against innocent people - and my personal definition of both these terms falls both within American legal definitions and within my own personal definitions - then again, I believe it is my moral obligation to cooperate with law enforcement.
I accept the complexity of human beings and the difficulty of fully defining right and wrong, but I also know that helping bring criminals who can bring nothing positive to humanity and are also performing hurtful acts against innocent people is a necessary process within the ecosystem of human social evolution.
> does that then mean your moral obligation to cooperate with law enforcement should still not kick in once you personally feel something wrong is happening
My point was that some of the definitions of "terrorism" and "pedophilia" used nowadays do not match something which I personally feel is wrong. More precisely, they match things that I personally would never want to do, but for which I do not consider it good that they be forbidden.
For instance, in some countries such as the UK, "partaking in child pornography" is interpreted as "watching drawings or computer-generated imagery of sexual acts among minors", a victimless crime, which I do not feel is morally wrong. While I am not myself interested in this, I believe people have the right to create, exchange and consume such material, and I find it immoral to limit their right to do this, or to help law enforcement doing so.
In other countries such as France, "terrorism" can be interpreted as "expressing support for acts such as the Charlie Hebdo terrorist attacks, or posting djihadist propaganda online". Once again, I believe people have the right to express such opinions, and that it is morally wrong to prosecute them for it, or help law enforcement do so.
Further, in many situations, cooperating with law enforcement to track illegal or immoral acts means supporting mass surveillance measures which are both inefficient for these goals and extremely dangerous for individual freedoms. So, even in situations where the acts are unquestionably morally wrong, helping law enforcement is extended to a very broad meaning with which it is possible to disagree.
I'll argue against that point. I don't live in a system where I can trust that helping the police won't be turned around on me because they're just looking for somebody to pin charges on or because of bullshit laws that shouldn't be a law to begin with.
I have assisted the police exactly one time, when I witnessed a kidnapping, but I had to be extremely cautious because my roommate was a marijuana smoker before the state I lived in at the time had legalized it, and he had his stupid paraphernalia all over the apartment. The cops wanted to come in to ask me questions but I couldn't let them in the house because I didn't know what shit was lying around, so I had to make up a ridiculous excuse to do the entire questioning outside on flimsy lawnchairs in the yard. I was put into the position of trying to decide if I should risk fucking over my friend or not report a kidnapping.
You just admitted to lying to law enforcement which is most likely a crime in your jurisdiction.
Just to reiterate, yes the police are not on your side. My dad had his arm broken by police purely for not obeying a voluntary evacuation order (forest fire).
That's why it is important to always refuse to talk, refuse to let enter, refuse consent to searches. Do it as a matter of habit so that you don't end up lying.
Perhaps I should add a provision, then, that states that if you know you yourself or those associated with you will be harmed in the process of cooperation in a fashion that outweighs the need to bring the offender to justice, and you have at your disposal other means to help bring the persons to account (ties to hacktivist resources, or some other form of "non-traditional" justice such as vigilantism, etc), then you also have the option to take action in that way.
In other words, the moral obligation is at its root to eliminate the threat to society, but in a way that keeps others from being brought down with that person.
Yes, this is all hard to untangle, especially in today's American and European legal systems, but as more and more people are arrested and go to jail for fighting for what they believe is "right" for human society, the more aware those in power to make changes to those legal systems will be, and hopefully will move to see that change implemented sooner than later.
> It's a moral responsibility to cooperate with law enforcement when they are trying to track criminals like pedophiles, terrorists or similarly malicious persons. I don't think there should be any argument there, Tor operator or not.
The sage advice is to help but at your lawyer's discretion. Never talk to law enforcement without a lawyer. It is dangerous and never in your interest. https://www.youtube.com/watch?v=6wXkI4t7nuc
There is a moral responsibility to help your fellow citizen against unreasonable prosecution, especially when police works under the incentive to get higher "stats".
As a citizen, we also have a moral responsibility to demand more efficiency from our government. Tracking criminals should be done under the scrutiny of cost-benefit, which mean they shouldn't focus on getting logs from software which do not log. They should not spend time chasing people when they lack evidence, and whose intent is publicly know (tor exit nodes does this). An IP address is neither DNA, fingerprint or a photo, but rather an address. If you saw a criminal going into a hotel, or going towards a specific road, you don't send the army and pull out everyone who lives there early in the morning. You knock doors, ask for witnesses and behave respectful until further evidence is gathered.
As professionals, we have any additional moral responsibility to protect innocents. We don't share logs, we don't share records, and we don't share journals. Administrators, medical personal, priest, help-lines, lawyers, and so on need to take a stand for people in their care. At times we can't tell the damage that careless behavior can cause, and innocent bystanders might get killed while chasing a criminal.
And then you balance those moral responsibilities and try to do the right thing.
I don't disagree with you. That is why I believe the onus is on the owner of the ecosystem where illegal activities are occurring to take action, to boot out the users attached to the activity and, if it makes sense to do so, to put their materials out where it can be found.
There is no simple answer, I know. Maybe for an Admin to do this without being 100% sure to whom the data belongs is tantamount to framing someone, should the data have been placed by another party. I just can't see _nothing_ being done; if not handed over directly to the authorities, then at least personally do the most your own conscious dictates.
The difficulty of the scenarios is not lost on me...
> That is why I believe the onus is on the owner of the ecosystem where illegal activities are occurring to take action, to boot out the users attached to the activity and, if it makes sense to do so, to put their materials out where it can be found.
That's very wrong. This implies that said owner is the one who decides what is and is not legal, which is moving away from a position of ignorance to one of facilitation for those cases where the law of the land does not exactly overlap with their actions. Besides being a breach of the privacy of those communicating using the node, which is what TOR is all about and which in turn could lead to records being kept and people losing their lives.
Not all TOR use is bad, and it's not up to the exit node operators to decide (but plenty of exit node operators should be assumed to be law enforcement of one form or another).
> Perhaps Tor operators can perform some act of vigilantism and expose criminals like the above without incriminating themselves through booting out and releasing the data of the pedophiles, terrorists and what have you.
If Tor allows the exit nodes to access that data, (1) it's not very secure, and (2) it won't be long before the ability to monitor that data will become an obligation to monitor it.
I was under the impression that all traffic was encrypted. It sounds like that's up to the users; they can encrypt their traffic, but they aren't required to. Of course, failing to encrypt illegal traffic would be as boneheaded as sending a ransom note on a post card, with a correct return address.
> I was under the impression that all traffic was encrypted.
Welllll....
IIRC, traffic entering the Tor network and traffic between Tor nodes is encrypted with TLS. This means that the only place an adversary that doesn't have a compromised entry node can read your traffic is when the exit node makes any non-encrypted requests on your behalf.
To summarize: if you use TLS (or some other encrypted transport) over Tor, your communications will always be encrypted (obviously).
If you use an unencrypted transport over Tor, then the exit node[0] will be able to read your traffic, in exactly the same way that your ISP would be able to read that traffic if you chose to route it over your home Internet connection. :)
Iirc, the middle node never has access to the data being sent.
I think only the last node might, and that is because they have to be able to send and receive it, and if the website you are connecting to doesn't support ssl or anything, then there's no way the exit node can send the information it needs to send , without having access to it.
But I think the entry and middle node have no information about the content (other than some bounds on its length)
> It's a moral responsibility to cooperate with law enforcement when they are trying to track criminals like pedophiles, terrorists or similarly malicious persons.
While I agree that it may be a moral responsibility to cooperate with the "good" of law enforcement, the issue is more complex.
For one, law enforcement is not always "good". Rodney King.Floyd Dent.Julian Assange.Aaron Swartz. The list is long.
Second, the moral imperative to cooperate with law enforcement is not the only moral obligation one has. An adult have a moral responsibility to his wife, children and family, as well. Even US law recognizes that the bond between husband and wife is stronger than cooperation with the law.
This exchange by far has been the most illuminating for me. I think I've done a decent job of explaining the root comment, but as of now the paragraph has a down vote to -4. So, I'm very curious: Is it the suggestion that Tor operators take some moral high ground in the case of users of their Tor infrastructure who are participating in the trafficking of children, or terrorists who are utilizing Tor near-anonymity to prepare for their next attack? Or, is it the idea that I am suggesting that any involvement be had at all?
Because, while I started the proposition as pointing to cooperation with law enforcement as the right thing to do if approached for questioning as a Tor operator when malicious persons are bring tracked on your network, I offered alternatives to that such as booting off the users, ejecting their data, so forth.
Does one simply create tools like Tor and then walk away, let the tools do what they do, and let others be responsible for dealing with the negative aspects?
I think this is an interesting conundrum and parallel in some fashion to the gun industry defense arguments here in America. Keep in mind, I am a builder of Tor servers - it is a software application, and like a gun, not illegal here in America. This difficult idea I'm presenting here of having some ownership of who uses your Tor infrastructure is not something I present lightly.
This is a valuable conversation and I'd love to hear more perspectives.
I'll reply to everyone at once here since the same concern for the most part is being conveyed. 1) Regardless your personal definition of "pedophile" or "terrorist" I believe there are crimes that a solid selection of persons across humanity can agree are not acceptable. But I realize there is no universality of beliefs, so I will be flexible here. I'm actually not saying you _should_ cooperate with law enforcement, only that, accepting that the law is _supposed_ to be upholding human decency, then we _ought_ due to moral responsibility help them. But... 2) if we do that, must we also sacrifice anonymity and the right to privacy? All the examples below illustrate that what we ought to do can often get us harmed; so the solution? 3) Vigilantism on the part of conscientious Tor operators; that is, boot the offenders, release the data to the public that they are trying to keep private, and let someone else deal with them. What, you believe that some sacred law among the cyber underground has now been broken? In prison, they kill pedophiles. This is not snitching but a combination of self-preservation (getting law enforcement off your scent) and universal justice (because there must be crimes "we" can "all" agree aren't conducive to a healthy life, a progressive universe and the continuation of the species as advanced.
Broadcasting the exact usage of Tor exit nodes would be a net loss for privacy. While everyone should be using HTTPS over Tor and treating the exit node as they would a massive public open WiFi spot, not everyone does so. Putting such users at risk publicly exposing accidental usages of HTTP doesn't help.
Furthermore, releasing the previous-hop starts to degrade the privacy of Tor, a little bit. That's not a good thing.
LE can figure out how to go after "pedophiles and terrorists" using other gumshoe techniques, instead of trying to downgrade everyone's opsec.
Not to mention this idea of vigilantism is... a terribly bad idea (to put it politely)? You're actually advocating that people go lynch/kill others based on Internet traffic logs. Nothing's stopping all sorts of sites from embedding links to "bad" content and framing people. Or, exit nodes can just fake the log information if they wanted to.
If you're going to run an exit node, find an attorney beforehand. You don't necessarily need to put them on retainer, but figure out who you're going to call instead of walking into an FBI field office like, frankly, an idiot.