Man Found Guilty of Child Porn, Because He Ran a Tor Exit Node::undefined

  • Raisin8659@monyet.cc
    link
    fedilink
    English
    arrow-up
    124
    ·
    edit-2
    1 year ago

    They convicted him on “supporting the transfer of underage pornography”, i.e. he ran an exit node that “allowed” the upload of CP to an Austrian image hoster. Apparently, he wasn’t protected because he ran the exit as an individual, not a registered company. Most likely, the Austrian authority checked who uploaded the images, and found his IP address, which became the basis for convicting him. He didn’t have any of the materials because all those stuffs were encrypted in transit.

    He mentioned that law that was used to prosecute him was changed a few weeks later to protect individuals as well. He apparently now ran Tor exits under an offshore company.

    In summary, from what he said, he just happened to run an unrestricted exit node that some people used to upload CP.

    • Puzzle_Sluts_4Ever@lemmy.world
      link
      fedilink
      English
      arrow-up
      75
      arrow-down
      18
      ·
      1 year ago

      In summary, from what he said, he just happened to run an unrestricted exit node that some people used to upload CP.

      I mean… that is the big issue with things like tor and the decentralized youtube alternative everyone wants.

      You either need INCREDIBLY strict moderation, or you actually think it is sane to say things like “he just happened to run an unrestricted exit node that some people used to upload CP”

      Tools like tor are INCREDIBLY useful for avoiding government suppression (even if there are quite a few questions regarding how private things actually are and how easy it is to compromise…). But I personally can’t support anything where “Oh well, I guess I accidentally supported the proliferation of CSAM”.

      Like, the joke back in the day was always that if you ran an unsecured FTP server, russian porn would magically appear. And I knew a few people in undergrad who did that because of “the lolz”. And then they actually saw what was on their server and pretty much burned those drives and never went back. And while there are theoretical benefits to having public usable drop sites with minimal tracking… I am gonna more than side eye anyone who knowingly does that.

      • Quacksalber@lemmy.world
        link
        fedilink
        English
        arrow-up
        31
        ·
        1 year ago

        I mean… that is the big issue with things like tor and the decentralized youtube alternative everyone wants.

        This is an issue on Lemmy as well, one that very few so far seem to have wisened up to. If you host a server and federate it, your server will pull, store and display the content your users are watching for all to see. So you could be on the hook for distributing illegal material if you don’t preemptively defederate from instances potentially hosting content that is illegal for you to possess.

        • Puzzle_Sluts_4Ever@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          6
          ·
          1 year ago

          Yup. Can’t find it any more, but one of the bigger instances apparently defederated from lemmynsfw over that. Not at all surprised since I think I first knew they existed when the admin (?) made that post that could be summed up as “Okay, I know I said we would allow all the loli hentai out there but a bunch of people called me a pedophile so we aren’t doing that anymore”. Didn’t really check back in, but sounds like they continued that boundary pushing and the folk who would have called Chris Hansen noped out already.

          And that is really the problem. Moderation is a thankless and incredibly time consuming job to begin with. NSFW content is a multiplier on the time and psychic damage while also meaning you have almost zero chance of monetizing that to justify a second job. So you tend to get the same crowd who are 'free speech absolutists" and don’t really understand what they are getting in to.

          It sucks because… porn is awesome. But people are crazy for getting involved with any “decentralized” service where they are storing content they themselves did not actively curate.

      • Asifall@lemmy.world
        link
        fedilink
        English
        arrow-up
        29
        arrow-down
        1
        ·
        1 year ago

        I mean you could say the same thing about any entity hosting public wifi, but I doubt the local cafe owner has to worry when someone breaks the law on their guest network.

        This feels really inconsistent is the main problem.

        • Puzzle_Sluts_4Ever@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          arrow-down
          3
          ·
          1 year ago

          I mean, they do. DMCA “requests” go to the ISP and the customer and that is just as easily a starbucks as it is a residential home.

          And I speak from (my niece’s) experience: Cops have no problems walking up to the counter in the middle of lunch, forcing their way past all the customers, and very loudly telling the pimply faced teenager that they need to speak with the manager about a child porn investigation. I was not privy to the actual discussions but… they lost a lot of business that day and, when I go back to visit family, I still hear that coffee shop referred to as “the pedophile place”.

          This is WHY any sane public wifi is behind a captive portal and likely has a LOT of security and spyware running in the background.

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        1 year ago

        But I personally can’t support anything where “Oh well, I guess I accidentally supported the proliferation of CSAM”.

        Does this mean you’re opposed to, say, roads, because they can be used to transport child porn? How about postal services—they’ll even pick it up and deliver it wherever you want!

      • Raisin8659@monyet.cc
        link
        fedilink
        English
        arrow-up
        28
        ·
        edit-2
        1 year ago

        There are 7,000+ Tor relays, and 2,000+ bridges being run by entities including individuals, orgs, corporations, and most likely governments. (https://metrics.torproject.org/networksize.html) So, the answer is yes, no, and something in between. He himself didn’t say, but the article portrayed him as being an individual who believed in free speech, an activity which Tor does help support.

    • lenninscjay@lemm.ee
      link
      fedilink
      English
      arrow-up
      25
      ·
      edit-2
      1 year ago

      AFAIK you should never run one on your personal IP

      Edit, wasn’t a personal IP. I mistook it when I read his apartment got raided. Advice still stands tho.

      • cyberpunk007@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        There will still be a trail. Even if you’re renting a server. Who’s CC is on file? Unless you want to waste your time buying prepaid visas. And even at that, they could track it to the retailer and find out which CC was used to order that. And even if you went in person, there’s likely video footage. Etc etc etc. It’s incredibly hard to remain hidden nowadays.

  • gleph@lemmy.world
    link
    fedilink
    English
    arrow-up
    40
    arrow-down
    1
    ·
    1 year ago

    He was convicted (and given probation) for supporting the transfer for Child Porn, not for accessing it or creating it.

  • tvbusy@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    I read in one of VPS rental service Discord that someone rented a VPS to run tor exit node and HDDs of the server were confiscated without prior notice.

  • dunestorm@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    This is insane! It’s like prosecuting a postman for delivering child porn content to a customer.

  • Proofofnothing@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    Sorry I am not very techy, can someone eli5 what is an exit node? What is the point of running an exit node? Should the user have known his exit node (not sure if i am using the term right) could be used for cp?

    • Helluin@feddit.de
      link
      fedilink
      English
      arrow-up
      30
      arrow-down
      1
      ·
      edit-2
      1 year ago

      if you join the tor network other tor users proxy their trafic through a chain of tor users and therefore maybe though you, sometimes youre the exit node that then actually sends the request to the server in question, sometimes you just pass it on to another tor user.

      so the person in the OP did technically send the reques to the server that served CP, but he didnt really have anything to do with it nor could he have even accessed the data.

      • Regular Human@lemmy.world
        link
        fedilink
        English
        arrow-up
        19
        ·
        1 year ago

        Just to clarify, running an exit node is not something that happens automatically when you browse via tor. It’s something intentional that you configure

    • ryannathans@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      1 year ago

      One would not expect an exit node to be used for cp. A relay node would be more likely used for cp as one would expect the request to be internal to the tor network. A tor exit node is only used to access sites on the regular internet, not the “dark net”

  • nyakojiru@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    11
    ·
    1 year ago

    I don’t care if he was guilty or if the government whatever, the post title makes me sick already.

  • HousePanther@lemmy.goblackcat.com
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    46
    ·
    1 year ago

    This is why I won’t do anything of the sort. With the increasingly authoritarian state that Amurica is turning into, I will tread very carefully. Including using VPN. I don’t know much about Tor and perhaps I should learn more but my understanding is the traffic is largely plain text and not encrypted. Please correct me if I am wrong.

    • BadRS@lemmy.world
      link
      fedilink
      English
      arrow-up
      80
      ·
      1 year ago

      It’s encrypted, encrypted many times over, it’s completely anonymous… as long as you’re staying inside the network. An exit node connects to the regular internet and that’s what’s going to start showing up on logs. This was completely secure for the people actually dealing in cp.

      I can’t believe this stuck, it’s the equivalent of arresting a business owner because someone distributed cp while connected to their Wi-Fi.

      • wackster_fapster@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        26
        arrow-down
        2
        ·
        edit-2
        1 year ago

        CP laws (in the US and probably other places) fall under a doctrine called strict liability, which basically means that you’re guilty regardless of intent or even knowledge of an offense.

        It’s fucked.

        • BadRS@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          18
          ·
          1 year ago

          There isn’t a crime worse than hurting children. Does that mean we should allow law enforcement infinity leeway to punish these crimes and persue the offenders? I hate to ever give law enforcement any leeway as abuse is so common, but if someone is hurting children I don’t care how you stop it.

          Is hosting a tor exit nods with the knowledge that doing so might help pedophiles hurting children? That feels like too many layers to me. Too esoteric.

          • TechnoBabble@lemm.ee
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            I hate to ever give law enforcement any leeway as abuse is so common, but if someone is hurting children I don’t care how you stop it.

            Is this satire? Because that’s exactly the excuse government has been giving for hundreds of years, to take your freedoms away.

            It’s never about the children. The Catholic church operating with near total immunity, after all these millennia of abuse, is proof of that.

            • BadRS@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              You’re right and I agree completely. My ACAB hat slips when they bring up kinds. Which is, of course, their intent.

          • abraxas@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            Every person and business that has any wifi or server on the internet “might help pedophiles hurting children”. Amazon S3? Could hypothetically be used in CP (actually almost definitely is used for CP by somebody).

            Your email address? Could be used by somebody malicious for CP. Which means if you think it’s that important to stop pedophiles hurting children, you should shut it down.

            And in fact, Lemmy is decentralized and can absolutely be used (let’s be honest, somebody probably already is somewhere) to distribute CP. We should be openly opposing Lemmy now, right?

            …boiling down to the real problem. There are so many uses for Tor that have nothing to do with CP and so few Tor users that deal in CP. Privacy is a valuable thing and we should not be murdering privacy for all people in hope it might stop 1 or 2% of child predators.

      • HousePanther@lemmy.goblackcat.com
        link
        fedilink
        English
        arrow-up
        19
        arrow-down
        2
        ·
        1 year ago

        It’s quite possible he had either a public defender or a poor attorney. I am friends with an attorney who works with the poor, indigent, and people otherwise unable to fight for themselves. I help him out for free when he has questions related to technology and IT. I really need to read up on Tor because there might come a time when I’ll need to assist my friend in a similar matter. It’s quite chilling that the state could potentially punish a business owner for providing a free service like WiFi. I have another friend who runs a the neighborhood sports bar and she offers WiFi to her customers. I think I need to implement some content filtration for her so as to prevent her from potentially getting blamed for a crime she did not commit.

      • db2@lemmy.one
        link
        fedilink
        English
        arrow-up
        9
        ·
        edit-2
        1 year ago

        Which has probably happened. It’s (shady uses, not necessarily this use) one of the reasons there was a big push to get consumers to put a password on their wifi back in the day.

      • sloppy_diffuser@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Not completely secure. If the same entity controls the entry and exit nodes (any maybe also relay?), it is my understanding that traffic can be traced back. Low probability, yes, but not completey.

    • astral_avocado@programming.dev
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Tor

      is largely plain text

      Lol maybe do the barest amount of researching before commenting on something you know nothing about?

    • Jamie@jamie.moe
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      The high majority of websites are HTTPS, which means that the contents of requests are end to end encrypted. Technically if it’s just HTTP, it’s plaintext, but basically no sites operate outside of HTTPS anymore.

      All that stuff about everything you do being in the clear is outdated, and basically just VPN propaganda. The only parts of typical web browsing that aren’t encrypted are DNS resolutions, but DoH and encrypted DNS are starting to be a thing. In which case, your ISP/gov will know you’re accessing your bank’s site, but not what you’re doing on there because everything else is encrypted.

      Tl;Dr: Everything being plaintext is really outdated and is basically VPN propaganda. The majority of network traffic for most users is end to end encrypted already.

      • HousePanther@lemmy.goblackcat.com
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        That is not completely true. Often the payload is encrypted but not the metadata. It is the metadata that usually is the cause of privacy issues.

        • Jamie@jamie.moe
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          1
          ·
          1 year ago

          I think you might misunderstand what metadata is. The type of metadata you might be referring to are simply tracking methods employed on webpages by the likes of Facebook, Google, and other advertisers. But those are encrypted as well, they’re not open to view by anyone in the middle because they also utilize HTTPS. The vulnerability they pose is the potential for that data to be given up, or subpoenaed on the database end. There is no magic unencrypted data sent when dealing with accessing a website except, as mentioned, possibly the DNS query, which can be easily encrypted via DoH.

          Except, VPNs and Tor aren’t even magic bullets for privacy. The moment you log into a service, you lose your veil of privacy if your activities can be reasonably linked. To really remain private, you would need to use Tor Browser, likely over a VPN, preferably on a live booted system like Tails, and forego any usage of JavaScript or account logins. Doing anything different exposes you to tracking methods. Which removes you from using the majority of the Internet.