New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Raided for running a Tor exit - Accepting donations for legal expenses
This discussion has been closed.
Comments
So, you're not paranoid again now
If I want to hide my identity I have other means, other IPs, other identities.
Using Tor doesnt work as immediately raises a red flag in places where they try to spy on you protect from criminals, so better have nonexistant identities to throw at them, who would come to romania to check and if they do, what will happen, didnt do anything illegal, I broke their ToS they can suspend my service if they feel like it and keep my money, my fake identity wont sue or chargeback.
IF, I break the law, the police can trace me back without a problem, but not the provider and I do not wish to hide from police, but from summer hosts that, even when honest, still dont know how to protect my real data and even if they know, the software they use has flaws that can be exploited, and even if it doesnt, they can be social engineered to give out passwords or they can have a rogue employee, whatever, better safe than sorry
TL;DR I am paranoid still :P
hahaha
Been away for a few days, but I did see this in the news. Didn't realise it was @william - that's REALLY fucked up. I wish the powers that be would just understand how technology works.
Just passed on @Liam's contribution from a domain auction. I hope that between all of us he feels the community support and a lightened financial burden. If I had a better ISP I'd probably run an exit node in protest. Wonder if kimsufi would ban me for life?
True. I feel like I'm a little safer in the US for the time being. Plus I'm not above packet inspection for child pornography. Does that work with TOR or is the traffic all encrypted at the exit node point? I've spent very little time reading up on that, I confess. I tried to do a little bit of that previously while working with a client to figure out if we could run an exit node that wasn't getting blacklisted constantly, didn't have much luck but I also didn't have all the time in the world to work on it.
@jarland so the tor project doesn't like exit node operators monitoring the exit node traffic (don't have a reference to hand). Also: how would you recognize cp via automated monitoring...use known domain lists or?
My original thought was the lists from emerging threats.
http://rules.emergingthreats.net/
Am I in over my head even thinking about such a thing? This isn't an area of expertise for me. I've only attempted to run snort with cherry picked rules from emerging threats.
@jarland I would suggest hitting up the tor project direct - I would be really surprised if they would feel comfortable with any traffic analysis/content monitoring.
I can understand why, but unless their software would exclude the exit node from listings by catching it, I'd feel no remorse about blocking content that is unquestionably related to child pornography and nothing else. If such a thing could be achieved, that is.
I'd love @joepie91's input on the thought.
You can block domains, but that will f**k up the network, will label yours as bad exit.Dunno which is the treshold for this, i mean how many failures can be before you are considered a bad exit, probably it will not happen if you block only CP sites as traffic there is quite low and unlikely to trigger that.
https://trac.torproject.org/projects/tor/wiki/doc/badRelays
However, the plain CP sites are rare and the really dangerous CP is stored within the network on hidden .onion addresses. Nobody will ever know if your node will be used for that, but it is unlikely for an exit node to service anything else than exit requests because the exit bw is precious and the network cant afford to waste it with entry and relays.
Probably most effective. I imagine CP sites aren't popping up every 3 minutes like fake blogs. I'm really getting a bit interested in seeing if I can run one that provides the safety and anonymity expected, while completely screwing over anyone who is seeking child porn, with no room for error.
One problem I keep having is the IP showing up on http://cbl.abuseat.org for containing malware. Obviously this could be anyone, at any level. I don't know if it's an infected viewer or a distributor. Any advice on that?
I'm not even above creating an exit node template that contains all the right tricks to keep it running and doesn't present a problem for any legitimate use. Brainstorm time. I don't mind riding the line here, I just have to be sufficiently satisfied that my clients are at least as safe as they are sitting next to someone running bittorrent (which could get a server taken down just like anything else, depends on who they piss off). Just kicking around ideas.
@jarland you can't run an exit node at OVH. You will get a few abuse notices and get suspended. They don't allow Tor since police raided a few servers from them years ago.
You will need to research much more to find a cheap high bandwidth ISP for a Tor exit. Even if you get SWIPed IP space and handle the abuse, you can get listed at some BL and they will notice.
About the CP: as @Maounique said, you could filter clearnet sites, but I believe most people who uses Tor for that shit connects to hidden services and that's encrypted end to end.
Hmm. So pretty much a deadend there.
Yeah. And same for the BLs. If you run a Tor exit, even with a reasonable limited exit policy, you will get blacklisted. You simply have to assume that and block port 25 and the likes so your ISP doesn't have bigger problems.
Are you sure? I think that Switzerland is still outside EU.
http://en.wikipedia.org/wiki/Shengen_zone
Switzerland is considered Intra-Schengen, hence no need for a passport.
its part of Europe. its not in eu27. to be honest i wouldn't even know where to start with blocking cp. i don't imagine there being mainstream sites because they would be shut down ? seems like its forever renewing website lists ip's ?
As I said, very few sites with clearnet, the others are encrypted and hidden in other layers above the regular layer7 internet.
If you run an exit node, it is highly unlikely to be used for .onion sites, however, for port scanning, cracking scripts, low end shit that script kiddies try, it will certainly happen.
A real criminal will not use Tor, nor any "respectable" hacker, his peers will laugh till they would drop.
Falling for the scripts that are used over Tor is probably a big mistake someplace done by a stupid or careless admin, or unprotected windoze machines that will become zombies in minutes anyway.
Also, not all exit nodes will get blacklisted, unless in specialized Tor exit nodes lists which is unavoidable as the network is built to be in the open.
It depends what you let out, i leave only mail over SSL (465) while pop and IMAP I allow in cleartext too, which is not really good, but if ppl are using Tor I guess they know the risks and consider it is safe enough and if not my node, there are others that allow everything, the goal is to lower the burden on those so they service http/https which I dont dare.
Add to this IM protocols and this is about it.
There are specialized organizations that gather donations and can afford lawyers and everything like this one: https://www.torservers.net
They have own address space, they announce subnets of their own, not simple swip.
I am merely happy to run relays on providers to take out load from the exit ones as well as a bit of exit from home.
Doing so and contributing a bit to those guys is a lot better than risking an exit node on your own, especially if you are not sure how it is done properly.
I am not saying William did something stupid here, on the contrary, he is fighting it extremely well and will probably manage to set out a precedent so i am able to run my own full exit node without fear at least at home (since a provider will probably not understand it even if there is a clear law that allows it, since many are fearing relays too...)
Best of luck through this, @William! Donated 15EUR.
Maybe just authorizing Facebook/Twitter and a blog site will help to eliminate CP ?
No. I was not refering to setting up a TOR node, I was refering to the idea of setting up a TOR node to mask yourself.
My point is that there are far more effective ways to find producers (instead of wasting time on TOR nodes) that do not have the ridiculously large chance of a "false positive".
I'd rather see a dangerous precedent than a continuous waste of time, effort, and money on a witchhunt that is not going to turn up anything anyway. We don't live in a theoretical world.
DPI on a TOR node is useless, since even if you can detect the traffic, there's no way to figure out who sent it. Considering most of the sites you'd probably like to "block" are .onion sites, it's entirely useless, because traffic to .onion sites is encrypted all the way.
Blocking known cp hosts is better than not doing so (regardless of inability to determine who sent it). I would go further and block known pr0n sites - purely for practical (bandwidth/purpose) rather than any moral reasons. I suspect there are a bunch of peeps that would run tor exit nodes if they felt they had some way to influence/prioritise its use for the noble reasons that have them considering this in the first place. BUT, from reading the tor FAQ, not sure blocking a bunch of sites is practical/scalable with the way exit policies need to be shared. Anyone?
EDIT: just to be clear - I don't want to inspect traffic payload at all.
It is not possible. Blocking anything that has more than a few sites will make your node bad exit and no traffic will be sent through it.
@maounique can you share where it says that as I couldn't find it explicitly stated (could well be missing something)
I already linked some place.
@maounique sure and read that (twice) when you posted it. Which specific part are you basing your statement on?
The tor directory authority operators who vote on the 'BadExit' flag have the last say on what constitutes being a bad exit. In general we'll flag for the following...
Tampering with exit traffic in any way. This is often accidental (for instance filtering by anti-virus).
Sure so tampering with traffic. And sure enough a bunch of bad exit nodes ran sslstrip...their example refers to AV which uses content based blocking - both are tampering with the content of traffic (aka the payload).
I'm not talking about modifying/tampering with content, I'm talking about blocking sites based on destination host - not based on content inspection or modification. Host blacklists only.
Thoughts?
KnightVison BadExit 213.247.98.204 --- 1/5/11 mikeperry **403 responses for arbitrary URLs **