Although Richard, 57, assumed the call was related to his exit, he still didn't know what specifically the FBI was investigating as he started the drive home."A child porn ring had been busted? Or a hacking attack? Or a bomb threat called in? I had no idea what it was," Richard later told me over the phone.When someone uses Tor, his IP address is that of the exit node he has been randomly assigned. This means that if someone emails a death threat, or sends a barrage of spam, it is the exit node's IP that appears when the authorities start investigating the digital fingerprints of the crime. Richard's exit could have been implicated in just about anything.However, Kurt Opsahl, the deputy general counsel of the Electronic Frontier Foundation (EFF), believes that running a Tor exit is legal, at least under US law.But if an operator runs an exit from his or her home, and on their own internet connection, "they may be confused with being the source of the traffic, instead of an exit node of the traffic," Opsahl told me. To anyone looking at activity flowing from the exit—whether that's child abuse material, or an attempt to hack a website—it looks one and the same as the operator's own personal usage. This could lead to a raid on the operator's house, even though running an exit is arguably legal.
Richard's exit could have been implicated in just about anything
Sometimes, an operator's home isn't raided, but her exit node is either shutdown, seized, or somehow tampered with by law enforcement. After noticing some strange activity on his exit, Thomas White, a UK based activist, took to a Tor mailing list."Having reviewed the last available information of the sensors, the chassis of the servers was opened and an unknown USB device was plugged in only 30-60 seconds before the connection was broken," White wrote in December. "From experience I know this trend of activity is similar to the protocol of sophisticated law enforcement who carry out a search and seizure of running servers."When I asked White to elaborate on what exactly had happened, he said couldn't without facing legal consequences.However, he did tell me that law enforcement have taken around 14 of his 40-something servers, and analysed many more."I suspect the reason behind most seizures or trouble is they want to be seen to be doing something," White continued. "Law enforcement are given quotas and in this day and age, cybercrime is on the up and up. Why spend millions on a large operation to catch a hacker when they can just seize a server and add another notch to the tally on their quotas?"This month, another operator claimed that he or she had been issued a subpoena in order to track down a Tor user, despite the operator not being able to do that.
"Law enforcement are given quotas and in this day and age, cybercrime is on the up and up"
"I'm allowing people to communicate ideas. And I don't feel I need to apologise for that"