[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] William was raided for running a Tor exit node. Please help if you can.

On 1/12/2012 10:49 AM, Naslund, Steve wrote:

If he is claiming that the traffic to the forum came through the Tor
node, that IP would lead them to the hosting company of the Tor node.
Not his residence.  If they had an IP that led to his home, that would
have to mean that the traffic did not come from his Tor node at the ISP.
I suppose you could get your own block of addresses and get the ISP to
advertise them for you to host your server but I don't think you would.

If they got his address from the hosting company, I suppose that might
lead them to his house but it also would have told them that the Tor
node was not AT his house.  Why go there?  I think they have something
else.  There are lots of terabytes for them to look at.  Who wants to
bet what is there?

Steven Naslund

The only information I've read about the matter is what's on http://raided4tor.cryto.net/ , and it doesn't provide much regarding the length or complexity of the investigation. From that webpage, the information I find relevant is:

(1-1) the exit node was located in Poland, and therefore outside the jurisdiction of the LKA; (1-2) William had already been questioned by Polish LEA about activities coming from the exit node; (1-3) the exit node was moved to a different ISP after the troubles with the Polish LEA;
(1-4) the exit node wasn't turned back on.

What we _do_not_ know is:

(2-1) what country the clearnet forum (that the child porn was posted to) is located in; (2-2) who reported the child porn to LEA, or if LEA was already monitoring for the child porn;
(2-3) if Polish and Austrian LEA are cooperating on the investigation;
(2-4) when the investigation was initiated;
(2-5) which LEA initiated the investigation.

Given the information above, it's a completely reasonable scenario that the child porn was reported by the clearnet forum owner, or discovered by some LEA, at which time the offending forum user's IP was determined to belong to the Polish host of the exit node. When compelled, the Polish host provided the details of William Weber. The LKA are then able to raid William on the suspicion of child porn distribution, and they seize everything that could be used to store the material.

You (Steven Naslund) question why no LEA seized the exit node. This is explained by the fact that the exit node was moved from the Polish host _after_ the child porn was posted to the clearnet forum. It's completely reasonable that LEA may not have been able to determine where the server was moved to.

You also question the reasons for the LKA to raid his private residence when the exit node's last known location was a Polish host. Surely you aren't suggesting that LEA shouldn't raid a suspect's private residence because the last known location of a (missing) server (that is confirmed to belong to the suspect) wasn't the same address?

Your opposition to this matter is moving into land of the crazy conspiracy-theorist. You're looking so hard for something more sinister to the story that you're ignoring reason. We should only take positions on the evidence we have, not the evidence we don't have.

tor-talk mailing list