William Weber, a LowEndTalk member, was raided by Austrian police in 2012 for operating a Tor exit node that was allegedly used to distribute child pornography. While he was not arrested, many of his computers and devices were confiscated. He was later found guilty of supporting the distribution of child pornography through his Tor exit node, though he claims it was unintentional and he was simply supporting free speech and anonymity. He was given a 5 year probation sentence but left Austria shortly after. Though some articles portray him negatively, it is debatable whether he intentionally supported child pornography distribution or simply operated in the legal grey area of Tor exit nodes.
We oughtta arrest the people who pave roads because human traffickers use them to commit crimes.
I wonder if the ISP got charged as well lol
The charges usually end up falling onto the last one who can’t stick them onto someone else.
Like, a carrier can blame the ISP, who can blame the VPN, who can check its logs and blame an address owner, who… better keep their own logs capable of identifying someone else if they’re letting random people do random stuff using that address. And a good lawyer, and will and money to fight it.
Removed by mod
Is there really a realistic way to do it differently? Situations ending up in court are complex and ambiguous. It’s never a simple “if this then that” kind of thing. So in the end it’s about making arguments and convincing each other. Different people have different skills and depending how you match up, arguments are lost or won. There will always ever be a limited amount of extremely skillful people. Even if you would make sure that money isn’t a barrier, time/availability will still be and so still most people will end up with inadequate council.
If a justice system is so hard to use that only a small portion of the trained professionals can do it adequately it needs a massive overhaul. This of course is basically impossible and won’t happen. The US is a particularly bad case because of the sheer outdatedness of its constitution an court procedures.
I think most laws started out simple. Reality isn’t simple, however. And I would bet that any attempt to simplify it will be adjusted over time and will end up being just as complicated again.
I mean, the law could be simple in the sense that it basically says “don’t to stupid shit”. But then it just becomes more subjective which in the end will be even less fair.
All the complexity in the law comes from the attempts to make it as fair and objective as possible.
Removed by mod
but your question assumes capitalism is here to stay.
It does not. In my last sentence I specifically said “Even if you would make sure that money isn’t a barrier”, which rules out capitalism. So in a system where everyone has equal access to everything, you still only have a limited amount of skilled people with the right profession. If there are currently 1000 first-degree-murder cases where life sentences are on the line, and you only have 10 extremely good lawyers … 990 people will still end up worse than the 10 that had the luck (!!) to get these 10 good lawyers assigned.
From the article…
Yes, as they had to give me the minimum sentence. By law they were right as the law only protected registered companies, unlike in Germany for example. The law was changed a few weeks later to include private persons and sole traders as protected lsps, not just companies, but they had to convict me. No choice in the end.
So, ISPs in Austria actually have legal protection from liability here, rightfully so, and also rightfully so, that protection was extended to private persons as well. A rare story of a legal system apparently working well, with regard to the marriage of privacy and technology.
The law was changed a few weeks later to include private persons and sole traders as protected lsps, not just companies, but they had to convict me. No choice in the end.
I am not sure I would consider this “working well”. It is the job of the court to determine if and how to apply law. Laws are never perfect and should be applied per intention, and not word-for-word. If the latter would even be possible, we wouldn’t need judges in the first place, because it would be a “simple” decision tree. But it’s not. And we have judges and the court processes for a reason.
If the law was amended a few weeks later, it shows, IMO, that the intention of the law was different than what was written down. Therefore the judge should have ruled that way by acknowledging that while the law does not exempt private individuals, its intention shows that it clearly should (simply because it doesn’t make much sense otherwise).
In other words: if the system really worked well, the judge would have sentenced (or rather not sentenced) within the intention of the law, and not within the strict writing.
(Worst case is that something like that gets escalated to the highest court who then either also accepts or overrules it.)
Yep given this is Austrian jurisprudence they should be able to apply Radbruch. Could it be overturned on appeal? Sure, but the judge also wouldn’t look stupid on appeal. German courts are using it in instances like conjuring a Romeo+Juliet exception out of thin air (in the “sex on your 14th birthday with your SO who is still 13” kind of sense), directly contradicting written law, saying “yep they overlooked that corner case”. Law didn’t even get updated as application of the formula is so uncontroversial.
In particular, this letter-of-law interpretation ignores equality before the law – that between natural and juridical persons. You need a proper reason to do such a thing. Quoth Radbruch:
Where there is not even an attempt at justice, where equality, which forms the core of justice, is deliberately betrayed in the laying down of positive law, then the statute is not even merely ‘flawed law’—rather, it lacks completely the very nature of law. For law, including positive law, cannot be otherwise defined than as a system and an institution whose very meaning is to serve justice.
Removed by mod
Can’t have jury nullification if you don’t have juries.
Shouldn’t all social media, ISPs, Apple, Google, etc also be found guilty of the same crime then? What about CDN?
you see, they are companys and they make monzees that they dont pay taxes on, so its fine. But that guy was a terroristic web activist, subverting the order of the free world by providing free tools to a community of which some used it for illegal purposes.
The article explains that this was basically a flaw in the way the law was written
Removed by mod
Reading the article, it’s not just distributed CP. Someone also used his Tor Exit to hack into a NATO facility in Poland that dealt in chemical/biological weapons. Like, yeeesh.
This “someone” sounds an awful lot like a nation-state actor.
Yikes 😬
I am from austria and honestly I feel ashamed. What honestly gets my blood boiling is the fact, that there is a high chance the people that connected through his exit node are probably still free.
It is like jailing the postman for delivering a letter containing CP. Anyway I hope the people actually actively distributing and using CP get what they deserve.
Here the crime is privacy, which is the same thing many countries are trying to curtail, including France, which is clamping down hard on encryption.
With time we will see services like protonmail or vpns vilified in order to make them inaccessible to the public.
You shouldn’t feel too ashamed, in the end Weber got 5 years of probation on the sentence of “support of general distribution”, and shortly after the law was amended to give private persons like Weber the same protection from liability that ISPs enjoy from how people use their network. At least, according to Weber.
I’m surprised this doesn’t happen more often. Home routers are trivial to compromise, and compromised home routers can also be used to distribute illegal content.
I always read this is why you run a relay as an individual not an exit. Some one has to run a exit at some point though.
You don’t need an exit node to browse Tor hidden sites. Acting as a relay middle node is also not a problem.
Exit nodes are kind of a “plausible deniability” thing for Tor users from places where using Tor might be frowned upon, but otherwise you can find anything you may want to use Tor for, on hidden sites themselves.
For as much as I’d like to help the Tor network and the idea of free speech, articles like this are why I’d rather let the CIA and other national sponsors take the brunt of running those exit nodes.
But someone somewhere has to be an exit node. Not you, necessarily, in order to browse, but somebody has to be running them. Right?
Tor hidden sites are hosted on Tor nodes, so you don’t leave the Tor network to browse them.
Anyone with a Tor node can host a hidden site, and there are some more or less famous ones around. Some open web sites keep a hidden one as an alternative in case their domain gets taken down or blocked for whatever reason in whatever country.
Only to connect back to the normal internet. Entry nodes are different (no clue if you can do both on the same server or not.
This is equivalent to a criminal running into a crowd to get away from police, and the police just stopping, arresting, and charging the first person in the crowd that they see for not doing anything to stop them.
Btw, what’s the current judicial status of exit nodes around the world? Why was he charged, yet the isp wasn’t? Would the isp be charged if it ran a similar exit node, or is it strictly because it was a private entity?
Rule of thumb: You get the blame.
TL;DR: Ask a lawyer.
You can compare them to VPNs for the severity of restrictions (in 2020):
For some more historical info, there is this list on Wikipedia: https://en.m.wikipedia.org/wiki/Tor_(network)#Reception,_impact,_and_legislation
For a more US-centric FAQ, you can check: https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/
Still, most countries don’t like random people to let other unidentified random people to do random stuff, most police officers are ill equipped or educated to deal with it, legislation hasn’t been tested in most places, and you’re running a hard to define, changing, and sometimes random level of risk.
Child pornography is in no way acceptable and cannot be rationalized as normal. He got what he had coming to him as far as I am concerned.
He wasn’t searching for it or knowingly distributing it. The way Tor exit nodes work is that you’re hosting a machine that lets other people on the Tor network communicate with the internet. You’re essentially routing a portion of the entire network’s traffic through your machine. You can’t really control who is using it or what it transmits at that point.
He got punished because somebody else shared CP, using his equipment to do so. It’s like being jailed for having your car stolen and being used to hit a pedestrian.
Ah, okay. I probably should have read closer. I will delete my comment.
Please don’t, the misunderstanding is common, and it just reinforces the point of the rebuttal. I’ve seen sooo many anti CP laws trying to be forced through congress, but most of it is just bullshit surveillance or drm stuff but it gets the support from people like you who (understandably) hear about the propagation of CP and support stopping it via those laws.
Thank you!
Thank you for being as mature as you are, so many people are not able to learn from their mistakes! be proud of yourself!
You’re a legend mate.
I find it infuriating when people refuse to be wrong at all costs, and just delete their comment when they are found to be indisputably wrong.
It’s nice to see someone who can just acknowledge that they misunderstood, as do we all at times.
It would be better for you to leave the original comment, use markdown to strike it through*, and create an edit showing that you realized it was wrong.
It shows humility and reflects positively on you, but it also allows the history of this conversation to remain preserved.
*not sure if this is possible on Lemmy yetEdit: it is :)
It very much is
It’s like being jailed for having your car stolen and being used to hit a pedestrian.
Exactly this, except that nobody stole your car. You are providing free and no-questions-asked open access to your car for any member of the public who needs to use it. Many other people also used the car that day for legitimate business or for fun, but then one guy got in it and ran over 32 people in a furious rampage.
Clearly the driver is at fault here, but a case can be made (and apparently, was) that this would not have been possible had you not provided access to the car to the perp in question.
Clearly the driver is at fault here, but a case can be made (and apparently, was) that this would not have been possible had you not provided access to the car to the perp in question.
This is the equivalent of holding gun manufacturers culpable if someone buys a gun from them and then uses it to commit murder - right?
Well, if weapons manufacturers were handing the guns out literally for free to anyone who has a pulse, I could definitely see them getting in trouble
Why does it make a difference that gun manufacturers charge for their weapens. They make them accessible for basically every adult. If they didn’t sell them to basically everyone, many shootings would not happen, as world wide statistics show. Earning income on what they provide makes them even more responsible, because they profit off from the selling. I don’t see why they are not being charged for selling it to people that use it to commit crimes, and someone providing an exit point does get charged because he lets people use it while he has no control at all over who uses his access point.
I mean, car manufacturers do this. And it’s much easier to buy a car than a gun.
That’s a bit more of a stretch, but barely. It’s in the same spirit, yes.
Please do note that I’m not necessarily agreeing with the ruling here, only trying to draw a more accurate analogy. The problem with equating those two though - the tor node ruling vs gun manufacturers being liable for deaths - fundamentally comes down to a few facts, that guns are sold with the intention of killing people, that guns are sold by corporations with lots of money and power, and that governments don’t want tor in the hands of citizens. Tor node keepers are easy to prosecute in many countries, as individuals hosting software that is frequently used for illegal action. Gun manufacturers are not.
Gun manufacturers have special protection, specific legislation at the federal level singling them out to not be liable.
This logic holds the ISP and backbone providers liable as well, does it not?
Somewhere else in the comments it was said that ISPs have legal protection. The laws were changed afterwards,so that individuals could also be recognized as ISPs so that they’d have protection, for situations like these.
It’s like being jailed for having your car stolen and being used to hit a pedestrian.
Kind of… only you parked the car in front of a jail, left the door open, keys in the ignition, and a “FREE TO USE” sign next to it.
Hey, maybe the next guy will just use it to go buy some groceries… maybe.
I hate this analogy. Its more like you parked it in a very public space and said “free to use” and someone who had been to jail used it. There are all kinds of legitimate reasons to use TOR that aren’t child porn, and acting like because it can be used to view child porn makes it truly horrible and hosting hardware to use it makes you part of the problem shows a misunderstanding of what its for.
Let me pose it to you this way. Do you use a VPN? Do you know someone who has used a VPN? Have you watched a YouTube video that was sponsored by a VPN? Do you remember the reasons to use a VPN? Those are all things Tor does well. Better even. And for free. Meanwhile, hosting VPN hardware comes with all the same “people could use it to host child porn” downsides as TOR exit nodes
In my personal life, I use Orbot all the time for things like keeping my Syncthing traffic secure and quickly anonymizing my traffic. I also host a relay because Iranian women and Ukrainian soldiers are currently using the Tor network for life and death circumstances.
Its more like you parked it in a very public space and said “free to use” and someone who had been to jail used it.
Iranian women and Ukrainian soldiers
As much as I sympathize and approve of that… try to take a step back and look at it from the side: you’re still saying you do it to help others “break the law”, it’s just someone else’s law that you don’t agree with, and hopefully it doesn’t break the law where you live (stay safe, although running a relay is not the same as running an exit node… but still). My analogy tried to capture that.
BTW, I do use Tor, and may also host a relay or two, but still no exit nodes.
Orbot all the time for things like keeping my Syncthing traffic secure
I thought Syncthing already used encryption with a dual public key system to do the syncing? Is there an extra reason to add Orbot to it?
you’re still saying you do it to help others “break the law”, it’s just someone else’s law that you don’t agree with
I don’t quite understand this. How is this different from this case: a substance is prohibited in a country X, but not in yours. You sell the produce in your country, and people from country X come to visit your store and buy the produce. They might take it back home, and hence, break the law. Or they might use it down the street.
How are you to blame for this? Though in OPs case the produce is given away.
It’s not different, and many countries have established laws against “drug tourism”, “sex tourism”, “abortion tourism”, or other stuff punishable under their law that people would seek to do in other more permissive countries.
Those laws often include punishments for the enablers, so while Iran may not be able to punish you in your own country, beware of ever visiting Iran, or any other country whose laws you may be helping people to break… or getting doxxed for some “extreme law defending enthusiast” to pay you a visit (see cases like Charlie Hebdo).
Those laws often include punishments for the enablers
I did not know this but I guess it makes sense. But yes many countries do have these kinds of laws. Then sure, it is a good idea to know the laws regarding this of the country you are visiting.
And you’d rather have Iranian women and Ukranian men not being able to voice their opinions because you don’t agree with helping them “break” laws?
Did you create a new account just to misinterprete a year old comment of mine? That’s amazing.
Pray tell me how I misinterpreted it? If running an exit node is going to help marginalized communities bring forth their voice (even the fringe cases that I don’t agree with, because I believe technology should be accessible to everyone), why shouldn’t one do it? Other than mortal risks like jail time because stupid senators can’t be bothered to get their heads out of each others asses.
The reason to use Orbot is to obfuscate the IP
Edit: I’m a different guy from the one you responded to earlier
This is the first I’ve heard of it. Why would someone willingly host an exit node when the risks are so high?
Because they believe in what tor represents. It absolutely is used for terrible things, but it is also a pretty critical resource to a lot of people in a lot of dangerous parts of the world where thought crimes get people killed.
But yeah, no way am I running one. The potential costs are way too high.
Because Iranian women deserve to tell their stories. Because Ukrainian soldiers need the most secure relays for their messaging services possible. Because the Chinese government’s great firewall is designed to keep people from seeing reality. Because Facebook, Amazon, Netflix, and Google want to control the future of the web, and that future includes willing participation in incomplete police action that gets minorities and people of color killed. Because control of your personal identity is a matter of grand security when it comes to preventing the most successful kinds of attacks: social engineering. Because all of these things can either be accomplished with a paid VPN owned by a corporation who might ALSO be complicit in all of the problems above, or they can be acheived on donated computing time, and be more effective in their application.
Child porn happens on the internet. I don’t see anyone clamoring to shut down the whole thing. So which do you want? To destroy every single tool that can be used to acquire it, or to foster a more fact and policy based government that performs root cause analyses and works to make a better society rather than doling out punishment and asking quearions later
You can even add half the USA with their anti abortion laws to your list! Remember people, what you have to hide is not yours to decide.
The feds in multiple countries have used the tactic of hacking someone’s computer, putting charlie papa content on it, and then using that as a reason for arrest. I’m with you that partaking in it is completely unexcusable and sick, however that fact is why it’s used by governments to gain more control. “Think of the children.”
I have heard of this happening. It is why I have a healthy distrust and dislike of law enforcement. Law enforcement serves the wealthy, powerful, and the interests of the state itself. It is almost like the wealthy have their own paramilitary to do their bidding for them.
In Capitalism, police protect capital.
Police protect both monetary and political capital. They’re dogs licking the boots of their masters. Caveat: I am ex-cop. I was fired because I refused to arrest someone for smoking pot peacefully and not bothering anybody. This was in the late 90s.
Why can’t I downvote this?
I just noticed that lemmy doesn’t have downvotes lol.
It depends on the instance you signed up with. Mine, and it looks like yours, doesn’t have downvotes. It’s the host’s decision. Annoying at times like this, huh?
Oooh a fellow lemmyone user 😁🙋♂️
Lemmy has downvotes, but some specific instances (servers) do not allow them.
I did it
we should have separate dark web(no CP) and dark web(CP)
Yes we should. How would you go about doing that?
Put it in the dark web’s terms of service.
Imagine trying to enforce such a thing on the dark web. What would you call the people who would end up with that job?
Start two dark webs, fill one with CP… and all the CP users will go to that one? Or something /s
Put a CP detector at dark web(no CP) exit nodes and throttle the speed to shit when triggered?
Oh yeah, packet sniffing exit nodes in a privacy oriented network will surely go down well and will have no unforeseen consequences
It’s been working fine for 20+ years already, with consequences foreseen from the beginning:
- Don’t trust exit nodes, they get the final packets and can do with them whatever they want.
- If you put identifying data in an unencrypted packet, the exit node will know who you are.
- If you send identifying data (encrypted or not) to a website, the website will know who you are.
- Trust destination websites only barely more than you’d trust them normally, and only as long as you keep the NoScript enabled.
- If your entry node colludes with your exit node, they might analyze data traffic patterns to try and identify you.
If you want to hide your porn habits from your techie flatmate with a logging router, Tor works great. If you’re a CIA agent in Iran wanting to send some report back home without getting found out, Tor works great. If you’re a whistleblower wanting to send an anonymous tip to the Washington Post, Tor also works great. If you’re curious to see that foreign mercenary group’s website that’s blocked in your country… SWIM had to try some different circuits, but Tor also worked there.
What do you mean? The exit nodes runners are doing the heavy lifting here. It’s fair for them to do everything technically possible to avoid unwanted raids.
Lol
I mean it’s an exit node and the open web you don’t really get to complain about lack of privacy when leaving Tor.
OTOH, there’s a simple problem: That traffic is still likely encrypted. It’s not like Tor exit nodes do the TLS handshake, do they? That would indeed be much stranger than applying traffic shaping.
Sure, but preinstalling packet snooping on exit nodes as a feature still doesn’t sound like a great move, nevermind how stupid the idea is exactly because, like you said, HTTPS is a thing
How would that possibly work?
A good read, thanks for sharing