[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: court trial against me - the outcome
On Sat, 17 Nov 2007 12:26:07 -0500 "Wilfred L. Guerin"
<wilfredguerin@xxxxxxxxx> top-posted, so as to make it more difficult
to understand what he was referring to:
>I am sincerely concerned about the following issue:
>"address and identity used are from the cow town next door"
>Please explain for us the failures of your tor implementation to
>properly mix and distribute the content, and why (moreso how) such an
I thought Mirko made it perfectly clear. He has been running an
exit server. Some credit card fraud artist did his/her thing via that
exit node, providing stolen identity information to amazon.de, which
logged the IP address of the exit node. The exit node operator, Mirko,
was then accused of committing the fraud. The court was uninterested in,
and/or incapable of comprehending, explanations of why Mirko was as
innocent as his ISP.
>I will assume at this point that an IP identification, (each session
>should be on seperate nodes by design), would be compared to a
>database of exploitables and thus select a local proximity target.
>In all, this is completely assinine. Under no circumstances except an
>idiot implementation that has all nodes in the same room, could this
What the hell are you writing about? Just go back and reread
Mirko's description of what happened. You might also read some tor
documentation before spouting off like that.
>Please explain further how your machine was the sole liability, the
>mail.box was set up using the exact same node, and how the responding
>ip (which i recall is NOT reported?) was gleaned from the amazon
As reiterated above, the source IP address from which amazon.de
and the prosecution claim that the fraudulent transaction originated
was, in fact, not the true source, but rather Mirko's exit server's
IP address. (Note that it is an IP address, not an "ip".)
>These coincidences, unless you were entered locally with a very small
>mixer, are not plausible unless there is a very explicit route / exit
>node, external proxy which forwarded "illegitimate packets" or
Define "mixer". In terms of computer software, "mixer" to me means
a program that allows one to control volumes of audio inputs and outputs.
>please show us a technical diagram (flowchart) of how this process
>occured, and what is known about the use of the gift card / final
>On Nov 14, 2007 9:22 AM, Mirko Thiesen <Mirko.Thiesen@xxxxxxxxxxxxxxxx> wrote:
>> Good morning,
>> I've been operating a Tor node (NetWorkXXIII) for quite some years now
>> (although it was down for several months as it was facing repeated DDoS
>> attacks earlier this year).
>> In June the local police informed me about preliminary proceedings against
>> me by asking me (by mail) to "visit" them. The letter mentioned computer
>> fraud (actually it was "Computerbetrug in Tateinheit mit Faelschung
>> beweiserheblicher Daten gemaess Paragrafen 263a, 269, 52 StGB"), but since I
>> hadn't done anything I followed the general advice in such situations: You
>> have the right to remain silent. Use it. So I decided not to go to the
>> police - if you haven't done anything and you don't even have a clue what
>> they are talking about, it usually can only get worse. Apart from that, the
>> day they wanted me to come I was not even in town.
>> In early September I received a penalty order ("Strafbefehl") - from the
>> court. A judge found me guilty of having ordered a gift voucher (value: 51
>> EUR) on amazon.de, providing address details of a living person (but not
>> myself obviously), and using a Web.de email address registered specifically
>> for this purpose. I was sentenced to pay a fine of 500 EUR.
>> Because I hadn't ordered the voucher, I appealed ("form- und fristgerechter
>> Einspruch") to that penalty order, which led - according to German laws - to
>> an actual trial. This trial was held today.
>> While the penalty order listed four witnesses (the person whose address
>> details had been used, a police officer in a cow town near that person's
>> home hometown, a local police officer, and an employee of amazon.de), the
>> summoning ("Ladung") to the actual trial didn't list any witnesses at all. I
>> had been a lay assessor ("Schoeffe") for four years in Germany (but in a
>> different part of the country), so I knew that this usually would be a good
>> sign as the judge(s) during the actual trial wouldn't have much more than
>> the defendant's testimony (and of course the records) to rely on.
>> Well, it turned out to be the exact opposite of what I had expected. They
>> had absolutely no doubts that I was at least somehow guilty. I explained in
>> great detail what Tor is and what it is used for, and the judge asked me:
>> "Is this illegal?" Wow - shouldn't she know?! I replied "No, of course not.
>> Otherwise I wouldn't do it."
>> The judge and the public prosecutor realized soon that I probably wasn't the
>> originator of the transaction in question. But instead of realizing the
>> faults of the police and the public prosecutor's department (German laws say
>> that they have to investigate *all* aspects of a crime and not just find
>> someone that seems to be somehow guilty at first sight), they tried to
>> construct a case of aiding and abetting ("Beihilfe") - they insisted that I
>> most probably set up my node in order to help people committing crimes. Or
>> at least I accepted that people would commit crimes using my Tor node. I
>> asked "What about a postal service that delivers i.e. a bomb or a blackmail
>> letter? Do they help people committing crimes as well?" They said that these
>> two things could not be compared as a postal service offers transportation
>> services whereas I offer anonymization services.
>> To make a long story short: The judge as well as the public prosecutor
>> refused to accept that I didn't do anything criminal, that I didn't and
>> still don't want to help anyone committing a crime (at least not more than
>> i.e. <put a random
>> telco/ISP/postal service here> does), and that they should have investigated
>> the issue further beforehand.
>> They offered me to dismiss the actual court trial according to paragraph 153
>> StPO which is not the same as an acquittal (no "Freispruch") which I
>> eventually accepted. It means, however, that I won't have to pay for the
>> trial. They also repeatedly said that this time I got off with just a slap
>> on the wrist - next time it wouldn't be that cheap.
>> Yeah, and that's it. I am completely disappointed by the way this court
>> trial was held. I don't know if this is how they usually do it here in
>> Southern Germany. When I was a lay assessor, we always treated the
>> defendants with some kind of respect - not only but especially if there was
>> no actual evidence that they had committed a crime. But the public
>> prosecutor as well as the judge both repeatedly showed me their disrespect -
>> because I didn't confess anything, because I was not thankful for their
>> offer, because I still operate this criminal thing they obviously had no
>> clue about.
>> Okay, signing off for now.
>> Bye, K&K,
>> |Mirko Thiesen "We're with you all the way, mostly"|
>> |Mirko.Thiesen@xxxxxxxxxxxxxxxx | http://www.kyb.mpg.de/ |
>> |MPI for Biological Cybernetics | Phone: +49-7071-601-638|
>> |Spemannstr. 38, D-72076 Tuebingen | FAX: +49-7071-601-616|
Scott Bennett, Comm. ASMELG, CFIAG
* Internet: bennett at cs.niu.edu *
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *