324

Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node (lowendbox.com)

submitted 11 months ago by L4s@lemmy.world to c/technology@lemmy.world

58 comments fedilink hide all child comments

Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node::undefined

top 50 comments

sorted by: hot top controversial new old

[-] Raisin8659@monyet.cc 124 points 11 months ago* (last edited 11 months ago)

They convicted him on "supporting the transfer of underage pornography", i.e. he ran an exit node that "allowed" the upload of CP to an Austrian image hoster. Apparently, he wasn't protected because he ran the exit as an individual, not a registered company. Most likely, the Austrian authority checked who uploaded the images, and found his IP address, which became the basis for convicting him. He didn't have any of the materials because all those stuffs were encrypted in transit.

He mentioned that law that was used to prosecute him was changed a few weeks later to protect individuals as well. He apparently now ran Tor exits under an offshore company.

In summary, from what he said, he just happened to run an unrestricted exit node that some people used to upload CP.

[-] AgentCorgi@lemmy.world 14 points 11 months ago

Does he/people get paid for running the exit node?

[-] Raisin8659@monyet.cc 28 points 11 months ago* (last edited 11 months ago)

There are 7,000+ Tor relays, and 2,000+ bridges being run by entities including individuals, orgs, corporations, and most likely governments. (https://metrics.torproject.org/networksize.html) So, the answer is yes, no, and something in between. He himself didn't say, but the article portrayed him as being an individual who believed in free speech, an activity which Tor does help support.

[-] gleph@lemmy.world 40 points 11 months ago

He was convicted (and given probation) for supporting the transfer for Child Porn, not for accessing it or creating it.

[-] housepanther@lemmy.goblackcat.com 15 points 11 months ago

This is why I won't do anything of the sort. With the increasingly authoritarian state that Amurica is turning into, I will tread very carefully. Including using VPN. I don't know much about Tor and perhaps I should learn more but my understanding is the traffic is largely plain text and not encrypted. Please correct me if I am wrong.

[-] BadRS@lemmy.world 80 points 11 months ago

It’s encrypted, encrypted many times over, it’s completely anonymous… as long as you’re staying inside the network. An exit node connects to the regular internet and that’s what’s going to start showing up on logs. This was completely secure for the people actually dealing in cp.

I can’t believe this stuck, it’s the equivalent of arresting a business owner because someone distributed cp while connected to their Wi-Fi.

[-] wackster_fapster@lemmynsfw.com 26 points 11 months ago* (last edited 11 months ago)

CP laws (in the US and probably other places) fall under a doctrine called strict liability, which basically means that you're guilty regardless of intent or even knowledge of an offense.

It's fucked.

[-] BadRS@lemmy.world 5 points 11 months ago

There isn't a crime worse than hurting children. Does that mean we should allow law enforcement infinity leeway to punish these crimes and persue the offenders? I hate to ever give law enforcement any leeway as abuse is so common, but if someone is hurting children I don't care how you stop it.

Is hosting a tor exit nods with the knowledge that doing so might help pedophiles hurting children? That feels like too many layers to me. Too esoteric.

[-] TechnoBabble@lemm.ee 8 points 11 months ago

I hate to ever give law enforcement any leeway as abuse is so common, but if someone is hurting children I don't care how you stop it.

Is this satire? Because that's exactly the excuse government has been giving for hundreds of years, to take your freedoms away.

It's never about the children. The Catholic church operating with near total immunity, after all these millennia of abuse, is proof of that.

[-] BadRS@lemmy.world 2 points 11 months ago

You're right and I agree completely. My ACAB hat slips when they bring up kinds. Which is, of course, their intent.

load more comments (1 replies)

[-] ryannathans@lemmy.world 2 points 11 months ago

Yet isps aren't affected

[-] housepanther@lemmy.goblackcat.com 19 points 11 months ago

It's quite possible he had either a public defender or a poor attorney. I am friends with an attorney who works with the poor, indigent, and people otherwise unable to fight for themselves. I help him out for free when he has questions related to technology and IT. I really need to read up on Tor because there might come a time when I'll need to assist my friend in a similar matter. It's quite chilling that the state could potentially punish a business owner for providing a free service like WiFi. I have another friend who runs a the neighborhood sports bar and she offers WiFi to her customers. I think I need to implement some content filtration for her so as to prevent her from potentially getting blamed for a crime she did not commit.

[-] db2@lemmy.one 9 points 11 months ago* (last edited 11 months ago)

Which has probably happened. It's (shady uses, not necessarily this use) one of the reasons there was a big push to get consumers to put a password on their wifi back in the day.

[-] Motavader@lemmy.world 11 points 11 months ago

Surprise! It has: https://www.registercitizen.com/news/article/Man-mistakenly-charged-with-child-porn-after-12077668.php

[-] db2@lemmy.one 6 points 11 months ago

Yep. Routers used to come wide open out of the box, you had to actively secure them. They come with reasonable initial security now probably because of things like that.

[-] FoxBJK@midwest.social 9 points 11 months ago

In this context (running a tor exit node) none of that would matter. You can't choose to run an exit node and then try to feign innocence or ignorance. It's why I have deep respect for anyone willing to run an exit node because you're taking on MASSIVE risk for absolutely no reward.

[-] abraxas@sh.itjust.works 2 points 5 months ago

"used to". Xfinity includes a public access point on my router that I'm not able to turn off. They used to lie about it and deny it until too many people caught on.

[-] sloppy_diffuser@sh.itjust.works 8 points 11 months ago

Not completely secure. If the same entity controls the entry and exit nodes (any maybe also relay?), it is my understanding that traffic can be traced back. Low probability, yes, but not completey.

[-] TechnoBabble@lemm.ee 3 points 11 months ago

And guess who's got a lot of funding to run honey pot nodes?

[-] astral_avocado@programming.dev 23 points 11 months ago* (last edited 11 months ago)

Tor

is largely plain text

Lol maybe do the barest amount of researching before commenting on something you know nothing about?

[-] Jamie@jamie.moe 15 points 11 months ago

The high majority of websites are HTTPS, which means that the contents of requests are end to end encrypted. Technically if it's just HTTP, it's plaintext, but basically no sites operate outside of HTTPS anymore.

All that stuff about everything you do being in the clear is outdated, and basically just VPN propaganda. The only parts of typical web browsing that aren't encrypted are DNS resolutions, but DoH and encrypted DNS are starting to be a thing. In which case, your ISP/gov will know you're accessing your bank's site, but not what you're doing on there because everything else is encrypted.

Tl;Dr: Everything being plaintext is really outdated and is basically VPN propaganda. The majority of network traffic for most users is end to end encrypted already.

[-] housepanther@lemmy.goblackcat.com 9 points 11 months ago

That is not completely true. Often the payload is encrypted but not the metadata. It is the metadata that usually is the cause of privacy issues.

[-] Jamie@jamie.moe 5 points 11 months ago

I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they're not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.

Except, VPNs and Tor aren't even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.

[-] beatle@aussie.zone 8 points 11 months ago

The Server Name Identification (SNI) standard means that the hostname may not be encrypted if you're using TLS. Also, whether you're using SNI or not, the TCP and IP headers are never encrypted. (If they were, your packets would not be routable.)

https://stackoverflow.com/questions/187655/are-https-headers-encrypted#187679

[-] sloppy_diffuser@sh.itjust.works 3 points 11 months ago

There is work to hopefully improve this situation for SNI at least: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/.

[-] Blamemeta@lemmy.world 2 points 11 months ago

It was Australia

[-] tvbusy@lemmy.dbzer0.com 15 points 11 months ago

I read in one of VPS rental service Discord that someone rented a VPS to run tor exit node and HDDs of the server were confiscated without prior notice.

[-] nyakojiru@lemmy.dbzer0.com 12 points 11 months ago

I don’t care if he was guilty or if the government whatever, the post title makes me sick already.

[-] dunestorm@lemmy.world 7 points 11 months ago

This is insane! It's like prosecuting a postman for delivering child porn content to a customer.

[-] Proofofnothing@sh.itjust.works 7 points 11 months ago

Sorry I am not very techy, can someone eli5 what is an exit node? What is the point of running an exit node? Should the user have known his exit node (not sure if i am using the term right) could be used for cp?

[-] Helluin@feddit.de 30 points 11 months ago* (last edited 11 months ago)

if you join the tor network other tor users proxy their trafic through a chain of tor users and therefore maybe though you, sometimes youre the exit node that then actually sends the request to the server in question, sometimes you just pass it on to another tor user.

so the person in the OP did technically send the reques to the server that served CP, but he didnt really have anything to do with it nor could he have even accessed the data.

[-] regular_human@lemmy.world 19 points 11 months ago

Just to clarify, running an exit node is not something that happens automatically when you browse via tor. It's something intentional that you configure

[-] ryannathans@lemmy.world 7 points 11 months ago* (last edited 11 months ago)

One would not expect an exit node to be used for cp. A relay node would be more likely used for cp as one would expect the request to be internal to the tor network. A tor exit node is only used to access sites on the regular internet, not the "dark net"

load more comments

this post was submitted on 24 Jul 2023

324 points (99.7% liked)

Technology

55692 readers

3596 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

L4s@lemmy.world