Skip to content
Naked Security Naked Security

Couple hosting Tor exit node raided by cops investigating child abuse

Two privacy activists were raided by police after child abuse traffic was allegedly traced from their house, where they run a Tor exit node.

Jan Bultmann and David Robinson, a married couple from Seattle and well-known privacy activists in that city, were awakened early one morning last month by police with a search warrant for their home.

The detectives from the Seattle Police Department demanded passwords to access the couple’s computers, saying they were investigating child abuse imagery, according to The Stranger, a Seattle alternative newspaper.

The couple consented to the search and gave their passwords to police, who found no child abuse imagery, didn’t seize any equipment, and made no arrests.

But Bultmann and Robinson were “petrified” and felt “violated” by the encounter, Robinson told The Stranger.

Police obtained a warrant after tracing the illegal imagery to Robinson’s home IP address, but police also knew that Bultmann and Robinson host an exit node for the Tor network, according to NPR.

đź’ˇ LEARN MORE: What is… Tor?

Tor is short for “The Onion Router,” and it helps you be anonymous online by encrypting your network traffic and bouncing it around amongst a number of relays, also known as nodes, in tne Tor network.

Instead of coming from your own IP number, traffic routed via Tor appears to come from the last relay (the exit node) in the randomly-chosen chain of Tor relays used for your connection.

There are currently about 1000 Tor exit nodes, out of a total of about 6500 nodes in the whole network, which is run by volunteers around he world.

Although many exit nodes are run by institutions such as MIT and public libraries, or on rented commercial servers, Bultmann and Robinson hosted a Tor exit node in their own home.

According to the Tor Project, Tor relay operators have “no records of the traffic that passes over the network and therefore cannot provide any information about its origin.”

Nonetheless, exit node hosts have been subpoenaed or even charged with crimes in several cases, including the tech blog Boing Boing, which fought off a subpoena from the FBI with a sternly worded letter.

Kate Krauss, director of communications and public policy at the Tor Project, told me over encrypted peer-to-peer chat that law enforcement action against Tor exit node hosts is “rare,” but the Tor Project recommends that “people who want to run exit nodes sit down with law enforcement ahead of time and explain how Tor works.”

Bultmann and Robinson explained to law enforcement that they were running a Tor exit node, and had nothing to do with child abuse imagery passed over the Tor network.

Seattle police were aware that the couple hosted an exit node, and investigators know how Tor works, but a Seattle police spokesperson told NPR that running an exit node “doesn’t automatically preclude the idea that the people running Tor are not also involved in” the alleged criminal activity.

I contacted Bultmann and Robinson on Twitter, and Robinson said that the couple has closed down their Seattle Privacy Coalition website and email, and are in the process of rebuilding or replacing all their equipment.

“I had no choice but to assume all my machines were compromised,” Robinson told me.

Given the legal risks, why would Tor volunteers want to put themselves in the sights of law enforcement by hosting an exit node?

Krauss said the mission of the Tor Project is to support human rights, freedom of speech and privacy, and volunteers “understand the value of Tor to democracy, to free society.”


Image of police on keyboard courtesy of Shutterstock.com.

25 Comments

This made sense until I got to the word “compromised.” Compromised how? It sounds like Tor is working normally.

I think Mr Robinson is inviting us to assume that the cops installed some kind of malware on one or more of the devices that they looked at during the search, to enable some sort of ongoing surveillance or to ensure that Tor doesn’t work normally in future.

You don’t think the cops will install malware or give themselves access to a person or companies computers? They’ve been doing it for years and will continue. The cops here have even been known to put illegal files on computers then arrest the owners for downloading and possessing those files.

One can only hope their fervor is not crushed by this and they will install new equipment and reinstate their Tor node.
Lest governments get the idea that all that is required is systematically raid every exit node, without the need to arrest/prosecute, in order to effectively shut down the Tor network.

Good article, good content, but you did hit on a little bugbear of mine – using a clichĂ©e you don’t understand, and getting it wrong!

“in the sites of law enforcement” – no!

In the SIGHTS – it is a gun metaphor! It refers to the sights on a gun – if you are in a sniper’s sights, they can take a shot.

Like I say – just a little bugbear – at least you didn’t say “changing tact” instead of “changing tack”, or talk about any “damp suids” instead of “damp squibs” :)

Chillax :-) It was a typo. I fixed it.

PS. It’s “clichĂ©”, more usually just written “cliche”.

Free and open communication also means it is free and open to evils. This is a lesson people need to learn, to be free comes with some troubles. Accept it and fight it where it is found, but do not squash the freedom to deal with the troubles. Squash the troubles.

Krauss said the mission of the Tor Project is to support human rights, freedom of speech and privacy, and volunteers “understand the value of Tor to democracy, to free society.”

This would have more weight with me if examples were given of how Tor helped democracy and a free society.

If one takes a nation-centric view of the question, and lives in a country where freedoms are not routinely trampled, one might not see the value of a tool like Tor. In many places in the world, however, one can be jailed or “disappeared” for the simple act of disagreeing with the current regime on a relatively mundane topic. In those cases, the value of privacy is obvious.
Even in free countries like the U.S., police agencies often abuse their power, such as in the case of property seizure laws, which allow money or property to be confiscated if it is suspected of being used in a criminal activity, with no charges being brought against the suspect. They are supposed to return the property if the suspect isn’t charged, but if the victim doesn’t have the resources to challenge them in court, they can, and frequently do, lose their property. My point in bringing that up is that law enforcement agencies can’t always be trusted to behave in ways that are consistent with the intent of the law.
I think it is unlikely that the Seattle Police placed spyware on the server in question, but I don’t think it would be responsible to simply assume they didn’t. We have to remain vigilant to protect our freedoms.

In order to get a warrant signed there must be an appropriate amount of circumstantial evidence. If a tor exit code is used the only way to get this evidence is by installing a sniffer at the exit. So yes. They were compromised. And the police do have the tools thanks to the military sharing their technology.

In this case, there already was a warrant and it didn’t depend on a sniffer at the exit node. If you use HTTPS for the connection that you route through Tor in the first place, a sniffer won’t help (unless you happen to have a trusted TLS certificate you prepared earlier).

Amusing that you talk about “the military sharing its technology”, given that Tor started life in the US Navy :-)

KEN wrote “This would have more weight with me if examples were given of how Tor helped democracy and a free society.”

Easy. TOR provides a safe means for whistleblowers to disclose situations that could otherwise affect their lives or careers.

Krauss gave me some examples I neglected to include in the article, but Tor is useful for accessing websites in countries where the web is censored (e.g., China), and protecting the anonymity of activists and bloggers in places where they may be arrested for speech (e.g., Iran). You can find other examples on the Tor Project website.

There are plenty of other examples that are much less dramatic, but no less important. Something as unexciting as doing a bit of “due diligence” on a website, for instance. If you’re worried that a website might be a phish, say, or if you’re trying to trying to track down a company you have a good reason to distrust, it’s handy to be able to take a first look without using your real IP address or your regular browser. Why should you reveal anything about yourself – your town or country, for example, or any tell-tale browser fingerprints, or cookies that – when you could protect yourself. Tor makes it quick and easy for almost anyone to do that. (But beware: truly crooked websites can match visitors against the current list of Tor exit nodes, given that there are only 1000 or so of them, and vary their content accordingly.)

Here’s a practical example: when you get unsolicited phone calls, despite being on the “do not call” register, you might feel like finding out a bit more about the company that’s pestering you. Let’s say that a bit of search engine work gives you an idea who owns the number that keeps calling…wouldn’t you feel much more comfortable taking a look around their website via Tor that via your own home network? Even if the company is run by mere charlatans rather than outright crooks, why give away even the tiniest suggestion who you might be? A rejected call to a number in area code X followed 180 seconds later by an online visitor from town X browsing straight to the “About us” page of your website…go figure.

Think of this sort of use of Tor as a way to prevent what you might call “the death of 1,000,000 privacy cuts.” Simply put, if you really *do* have nothing to hide then there’s no point in anyone looking out for it, is there, and therefore no need for you to reveal it if you don’t want to.

Having said all that, I do sometimes wish that serious Tor advocates would act a bit less surprised when the dark side (in moral and legal terms) of the dark web (in terms of visibility and searchability) comes up in conversation :-)

Those posts really help Paul & John. Especially for some readers who are looking at issues like these from various angles.

This is one of the few defensible positions for Tor…. I really do hate when people act like I should agree with their politics ergo Tor is good. Many times, I find I disagree quite fervently with all the political statements and hate how xenophobic and fascist people sound by talking about how their values are better than other people’s values, ergo their values should be forced on everyone.

Tor is not a civil rights issue… Tor is a service… and Tor is a tool.

Tor itself is quite separate from all the politics that follows it.

The same goes for torrent clients and torrent search engines.

I find it quite amusing that youtube is currently entirely guilty of everything napster was accused of but it certainly isn’t going anywhere.

Once people stop acting like everything is a civil rights issue (which often falls under lame pathos arguments) we can actually talk about whether things need to be done and what actions are viable for everyone.

I personally believe that we really should stop pretending that the notions of a global culture or global government are feasible. When we take Tor as a service it becomes open to country specific legislation which the breed of Tor Advocates I know would be appalled at and seek to circumvent that legislation.

Circumventing leads to what? Extremism, including more country specific firewalls, more seizing Tor exit/entry nodes… more oppressive legislation that has Tor Advocates screaming even more about how Tor is needed.

We live in a world of extremism, here we have an example of police potentially placing monitoring software on an exit node under the provision that that exit node is in their jurisdiction and is being used for illegal activity. In a world of centrism instead of extremism we might be willing to talk about what kind of monitoring software would be permissible, or even work with the police if we felt morally obligated to hunt down paedophiles.

It’s always all or nothing though, extremism (also known as fascism) is quite ugly in my book.

People who quote the founding fathers on liberty in reference to the internet crack me up..The founding fathers could not even conceive of light bulbs let alone the internet. There are 800 sites on tor that traffic for perverts. Any person that does not know that the traffic on tor is hugely, not all, banned by federal regulation in the united states, is ill informed, and should not run a relay. If you choose to run a relay, with major illegal content going through your server or computer, then you should expect a knock on the door eventually. By federal law one illegal image passing through your computer justifies the warrant and the knock on the door.
The person running the relay has got to know that much of tor use is done for illegal purposes. The entire world knows that. BTW it is illegal to use the post office for any of the illegal activity that goes through tor.
Hey he should be happy, the FBI did not throw him in jail.
You lay down with pigs, people using tor for illegal purposes, you get pig stink on you by association

don wrote “Any person that does not know that the traffic on tor is hugely, not all, banned by federal regulation in the united states, is ill informed, and should not run a relay.”
Citations for this statement, please.

And don continued “There are 800 sites on tor that traffic for perverts.”
Citations for this statistic, please.

If you disagree about privacy, then please use the internet without any encrypted protocol. Better yet, can disclose all of your information. Thank you.

John Zorabedian wrote “Seattle police were aware that the couple hosted an exit node, and investigators know how Tor works, but a Seattle police spokesperson told NPR that runiong an exit node “doesn’t automatically preclude the idea that the people running Tor are not also involved in” the alleged criminal activity.”

Pretty clever to sneak “onion” into an article on TOR. But shouldn’t it be “ronioning”?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?