Fingered by IP: Does it take chutzpah to run a Tor exit relay?

Tor helps protect your anonymity (if you configure it properly), but what does it take to run a Tor exit node? You can pretty much rest assured that there is a ton of unsavory traffic, some of which is downright illegal. An IP address is not a unique identifier, but it's a sad fact that too often law enforcement bases a warrant on an IP address as if that automatically fingers a criminal suspect. Tor is an important tool against censorship and in no way guarantees that Tor users are doing something illegal . . . but do you have the nerve to potentially be harassed by law enforcement due to your IP address being confused with one running through your box and then have your hard drives seized?

ICE mistakenly seized six computer hard drives from Nolan King as part of a criminal investigation. His alleged crime? Running a Tor exit relay. The EFF has tried to educate users and law enforcement that an IP address alone does not identify criminals, just as the EFF said we need an open wireless movement. "In the case of Tor," the EFF wrote, "the police can avoid mistakenly pursuing exit relay operators by checking the IP addresses that emerge in their investigations against publicly available lists of exit relays published on the Tor Project's web site. The ExoneraTor is another tool that allows anyone to quickly and easily see whether a Tor exit relay was likely to have been running at a particular IP address during a given date and time."

While the EFF believes running a Tor "exit node is legal," its Tor Challenge stated, "Exit relays raise special concerns because the traffic that exits from them can be traced back to the relay's IP address." Furthermore, the EFF does not recommend running an exit relay from your home, since it's realistic that someone will use it "for illegal purposes" and warns that if "law enforcement becomes interested in traffic from your exit relay, it's possible that officers will seize your computer." Instead, Tor exit relays should be run from commercial facilities. It's important to note, however, that during the EFF's recent campaign to increase the number of relays, 549 new public relays were created and 123 of those were exit relays.

You need not be a conspiracy theorist in regard to Tor as it was created by the government for open source spying. One of the original developers of the onion routing program, Michael Reed wrote, Tor's "*PURPOSE* was for DoD / Intelligence usage (open source intelligence gathering, covering of forward deployed assets, whatever). Not helping dissidents in repressive countries. Not assisting criminals in covering their electronic tracks. Not helping bit-torrent users avoid MPAA/RIAA prosecution. Not giving a 10 year old a way to bypass an anti-porn filter."

Harvard Business Review suggested that "porn accounts for about a third of the Internet." The idea of Tor and cloaking online activity appeals to many people, but one Tor exit node operator's IP showed up in child porn server logs and his computer was seized. He reported being "overwhelmed by horror to be implicated" as a pedophile. "I was desperately worried about my family. One of the officers had told my wife that Social Services would be informed as a matter of course and there was a possibility that my children would be taken into care."

At that point, the Tor-talk list discussion determined that you need "balls of steel to operate a Tor exit node."

In another such bust, a Tor exit node operator was suspected of placing a bomb threat on a German forum. The cops were clueless about Tor and "searched everything" from attic, office, car, even dug through his wife's underwear. "Basically, EVERYTHING was suspicious....The consequences: I've shut down my Tor-server. I can't do this any more, my wife and I were scared to death. I'm at the end of my civil courage. I'll keep engaged in the Tor-project but I won't run a server any more. Sorry. No."

Swedish hacker Dan Egerstad "infiltrated a global communications network carrying the often-sensitive emails of scores of embassies scattered throughout the world." It was too easy. He did it in "just minutes" by running an exit node. He was also arrested. Egerstad told the Sydney Morning Herald, "If you actually look into where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because they're using lots of bandwidth, they're heavy-duty servers and so on. Who would pay for this and be anonymous?"

People in Anonymous who think Tor makes them safely anonymous might consider Egerstad's statement. Who is running the exit relay?

A recent conversation on the Tor-talk list about running an exit node included such statements as: "As a legal taxpaying US citizen, I can attest to the fact that 'innocent until proven guilty' is a fiction... If you are willing to risk having to prove that you are innocent, fine, take that risk."

Another of my favorites suggested, many people would "gladly take that risk. Because even with all the trash that flows like a river through their box, that one fleeting morsel of world-changing-good that does pass through is all the reason they need."

I believe in Tor and support it, but what does it take to be an individual who runs an exit relay? Patience to educate law enforcement and serious chutzpah.

Copyright © 2011 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon