Yesterday, I posted word from a BoingBoing reader in Germany that police had seized a number of Tor servers in the course of a crackdown ops on internet child pornography. This was correct, but there's more to the story.
Today, I spoke with
BB: What happened? Is Germany trying to stamp out Tor because of a perceived connection with child porn?
Shava Nerad, TOR: Absolutely not.
Last week, a few Tor exit-node servers were seized by the German police in a
massive sting against child pornography. From our friends on the ground in
Germany, we hear that dozens and dozens of machines may have been seized.
So far as we know only six of those were Tor servers. We have heard from the
server operators. None of them has been charged.
This is not a "crackdown" on Tor, as has been widely reported. We
expect and hope that the volunteer Tor server operators in Germany will get
their equipment back after this has blown over, and there will be no action.
BB: So Tor was not the target here?
Shava Nerad, Tor: Correct. Basically, investigators took every IP address that hit a server, and tried to grab the associated computer. Someone later went in to the police offices and asked, "Do you know what happened to these 6 servers?" It took them five or ten minutes, going through reams of paperwork, to track them down. Child porn, not Tor, was the target.
For those of you who are unfamiliar, Tor has many laudable uses. From the tor.eff.org website:
Tor is a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet. Using Tor can help you anonymize web browsing and publishing, instant messaging, IRC, SSH, and other applications that use the TCP protocol. Tor also provides a platform on which software developers can build new applications with built-in anonymity, safety, and privacy features.
Update: Ryan Singel at Wired News has a related item: Link.
Previously on BB: German Police Seize TOR Servers
Reader comment: Jamie McCarthy responds to a suggestion I made that Tor can assist users blocked by government censorship. Tor's a helpful tool for many things, he argues, but not this. "Tor's a fine solution to many privacy-related problems, but if your
adversary is your government, that's, as the FAQ notes, 'a really
hard problem,' and not one that it claims to solve." Full response follows.
Three problems with that. First, censorship by government is not a
problem Tor is designed to solve. Second, it doesn't solve it very
well, at least not right now.
And third, suggesting Tor as a solution to users with this problem
can get them killed.
Here's the Tor FAQ on this:
Tor could be a platform on which a Chinese-firewall circumventing
system would run. But no such system exists yet, and Tor's not a
solution by itself. The short version is that Tor's list of servers
is completely public. To get the list, just install Tor on any
Debian system -- the details of every participating server will be in
the file /var/lib/tor/cached-directory. The Chinese government can
simply block every machine on that list, and Tor ceases to function
Worse, the Chinese government can set up Tor exit nodes (just like
anyone else can). If dissidents are communicating to non-HTTPS
websites or sending unencrypted email over Tor, then over time, as
their exit nodes are used, the government may learn enough about them
to find out who they are.
I'm using China as an example here because, while Germany was the
country in question in this story, you mentioned "undemocratic
governments," and whatever its faults regarding censorship, Germany
is certainly a democracy. But these points apply in China, or
Germany, or any country that has control over the packets crossing
its borders and its backbone routers.
Tor's a fine solution to many privacy-related problems, but if your
adversary is your government, that's, as the FAQ notes, "a really
hard problem," and not one that it claims to solve.