William Weber, a LowEndTalk member, was raided by Austrian police in 2012 for operating a Tor exit node that was allegedly used to distribute child pornography. While he was not arrested, many of his computers and devices were confiscated. He was later found guilty of supporting the distribution of child pornography through his Tor exit node, though he claims it was unintentional and he was simply supporting free speech and anonymity. He was given a 5 year probation sentence but left Austria shortly after. Though some articles portray him negatively, it is debatable whether he intentionally supported child pornography distribution or simply operated in the legal grey area of Tor exit nodes.

  • Metaright@kbin.social
    link
    fedilink
    arrow-up
    321
    ·
    1 year ago

    We oughtta arrest the people who pave roads because human traffickers use them to commit crimes.

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        79
        ·
        edit-2
        1 year ago

        The charges usually end up falling onto the last one who can’t stick them onto someone else.

        Like, a carrier can blame the ISP, who can blame the VPN, who can check its logs and blame an address owner, who… better keep their own logs capable of identifying someone else if they’re letting random people do random stuff using that address. And a good lawyer, and will and money to fight it.

          • Excrubulent@slrpnk.net
            link
            fedilink
            arrow-up
            23
            ·
            1 year ago

            It sure is weird how a political system based around who has the most money always ends up hurting the people that don’t have money. Nobody could’ve predicted that.

            • aksdb@feddit.de
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              Is there really a realistic way to do it differently? Situations ending up in court are complex and ambiguous. It’s never a simple “if this then that” kind of thing. So in the end it’s about making arguments and convincing each other. Different people have different skills and depending how you match up, arguments are lost or won. There will always ever be a limited amount of extremely skillful people. Even if you would make sure that money isn’t a barrier, time/availability will still be and so still most people will end up with inadequate council.

              • lol3droflxp@kbin.social
                link
                fedilink
                arrow-up
                8
                ·
                1 year ago

                If a justice system is so hard to use that only a small portion of the trained professionals can do it adequately it needs a massive overhaul. This of course is basically impossible and won’t happen. The US is a particularly bad case because of the sheer outdatedness of its constitution an court procedures.

                • aksdb@feddit.de
                  link
                  fedilink
                  arrow-up
                  5
                  ·
                  edit-2
                  1 year ago

                  I think most laws started out simple. Reality isn’t simple, however. And I would bet that any attempt to simplify it will be adjusted over time and will end up being just as complicated again.

                  I mean, the law could be simple in the sense that it basically says “don’t to stupid shit”. But then it just becomes more subjective which in the end will be even less fair.

                  All the complexity in the law comes from the attempts to make it as fair and objective as possible.

              • Excrubulent@slrpnk.net
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                Don’t have a society that gives all the power to people who have the most imaginary tokens. Don’t assign and apportion legal counsel according to money but instead according to need. Like, obviously I’m criticising capitalism, but your question assumes capitalism is here to stay.

                Of course, under capitalism this will never happen, because the legislature is thoroughly captured by capital, and they are quite happy with lawyers being extremely expensive and siloed away in massive corporate legal teams.

                Now of course none of what I am suggesting is going to be easy, quick, or absolute, which I mention just to head off the inevitable critcisms along those lines from people who find it easier to imagine the end of the world than the end of capitalism. As Ursula K le Guin said, “We live in capitalism, its power seems inescapable – but then, so did the divine right of kings.”

                • aksdb@feddit.de
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  edit-2
                  1 year ago

                  but your question assumes capitalism is here to stay.

                  It does not. In my last sentence I specifically said “Even if you would make sure that money isn’t a barrier”, which rules out capitalism. So in a system where everyone has equal access to everything, you still only have a limited amount of skilled people with the right profession. If there are currently 1000 first-degree-murder cases where life sentences are on the line, and you only have 10 extremely good lawyers … 990 people will still end up worse than the 10 that had the luck (!!) to get these 10 good lawyers assigned.

      • JakenVeina@lemm.ee
        link
        fedilink
        arrow-up
        66
        ·
        edit-2
        1 year ago

        From the article…

        Yes, as they had to give me the minimum sentence. By law they were right as the law only protected registered companies, unlike in Germany for example. The law was changed a few weeks later to include private persons and sole traders as protected lsps, not just companies, but they had to convict me. No choice in the end.

        So, ISPs in Austria actually have legal protection from liability here, rightfully so, and also rightfully so, that protection was extended to private persons as well. A rare story of a legal system apparently working well, with regard to the marriage of privacy and technology.

        • aksdb@feddit.de
          link
          fedilink
          arrow-up
          20
          ·
          1 year ago

          The law was changed a few weeks later to include private persons and sole traders as protected lsps, not just companies, but they had to convict me. No choice in the end.

          I am not sure I would consider this “working well”. It is the job of the court to determine if and how to apply law. Laws are never perfect and should be applied per intention, and not word-for-word. If the latter would even be possible, we wouldn’t need judges in the first place, because it would be a “simple” decision tree. But it’s not. And we have judges and the court processes for a reason.

          If the law was amended a few weeks later, it shows, IMO, that the intention of the law was different than what was written down. Therefore the judge should have ruled that way by acknowledging that while the law does not exempt private individuals, its intention shows that it clearly should (simply because it doesn’t make much sense otherwise).

          In other words: if the system really worked well, the judge would have sentenced (or rather not sentenced) within the intention of the law, and not within the strict writing.

          (Worst case is that something like that gets escalated to the highest court who then either also accepts or overrules it.)

          • barsoap@lemm.ee
            link
            fedilink
            arrow-up
            7
            ·
            edit-2
            1 year ago

            Yep given this is Austrian jurisprudence they should be able to apply Radbruch. Could it be overturned on appeal? Sure, but the judge also wouldn’t look stupid on appeal. German courts are using it in instances like conjuring a Romeo+Juliet exception out of thin air (in the “sex on your 14th birthday with your SO who is still 13” kind of sense), directly contradicting written law, saying “yep they overlooked that corner case”. Law didn’t even get updated as application of the formula is so uncontroversial.

            In particular, this letter-of-law interpretation ignores equality before the law – that between natural and juridical persons. You need a proper reason to do such a thing. Quoth Radbruch:

            Where there is not even an attempt at justice, where equality, which forms the core of justice, is deliberately betrayed in the laying down of positive law, then the statute is not even merely ‘flawed law’—rather, it lacks completely the very nature of law. For law, including positive law, cannot be otherwise defined than as a system and an institution whose very meaning is to serve justice.

    • you see, they are companys and they make monzees that they dont pay taxes on, so its fine. But that guy was a terroristic web activist, subverting the order of the free world by providing free tools to a community of which some used it for illegal purposes.

    • Big P@feddit.uk
      link
      fedilink
      arrow-up
      31
      ·
      1 year ago

      The article explains that this was basically a flaw in the way the law was written

  • Fizz@lemmy.nz
    link
    fedilink
    arrow-up
    98
    ·
    1 year ago

    The absolute balls on the man to continue after being raided. It’s unfortunate that the private internet requires people like him to risk their safety so it can continue to operate.

  • Dirt@kbin.social
    link
    fedilink
    arrow-up
    84
    ·
    1 year ago

    Reading the article, it’s not just distributed CP. Someone also used his Tor Exit to hack into a NATO facility in Poland that dealt in chemical/biological weapons. Like, yeeesh.

  • Jears@social.jears.at
    link
    fedilink
    English
    arrow-up
    69
    ·
    1 year ago

    I am from austria and honestly I feel ashamed. What honestly gets my blood boiling is the fact, that there is a high chance the people that connected through his exit node are probably still free.

    It is like jailing the postman for delivering a letter containing CP. Anyway I hope the people actually actively distributing and using CP get what they deserve.

    • massive_bereavement@kbin.social
      link
      fedilink
      arrow-up
      26
      ·
      1 year ago

      Here the crime is privacy, which is the same thing many countries are trying to curtail, including France, which is clamping down hard on encryption.

      With time we will see services like protonmail or vpns vilified in order to make them inaccessible to the public.

    • JakenVeina@lemm.ee
      link
      fedilink
      English
      arrow-up
      18
      ·
      1 year ago

      You shouldn’t feel too ashamed, in the end Weber got 5 years of probation on the sentence of “support of general distribution”, and shortly after the law was amended to give private persons like Weber the same protection from liability that ISPs enjoy from how people use their network. At least, according to Weber.

  • argv_minus_one@beehaw.org
    link
    fedilink
    arrow-up
    44
    ·
    1 year ago

    I’m surprised this doesn’t happen more often. Home routers are trivial to compromise, and compromised home routers can also be used to distribute illegal content.

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      25
      ·
      edit-2
      1 year ago

      You don’t need an exit node to browse Tor hidden sites. Acting as a relay middle node is also not a problem.

      Exit nodes are kind of a “plausible deniability” thing for Tor users from places where using Tor might be frowned upon, but otherwise you can find anything you may want to use Tor for, on hidden sites themselves.

      For as much as I’d like to help the Tor network and the idea of free speech, articles like this are why I’d rather let the CIA and other national sponsors take the brunt of running those exit nodes.

      • skulblaka@kbin.social
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        But someone somewhere has to be an exit node. Not you, necessarily, in order to browse, but somebody has to be running them. Right?

        • jarfil@beehaw.org
          link
          fedilink
          arrow-up
          18
          ·
          edit-2
          1 year ago

          Tor hidden sites are hosted on Tor nodes, so you don’t leave the Tor network to browse them.

          Anyone with a Tor node can host a hidden site, and there are some more or less famous ones around. Some open web sites keep a hidden one as an alternative in case their domain gets taken down or blocked for whatever reason in whatever country.

  • teawrecks@sopuli.xyz
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    This is equivalent to a criminal running into a crowd to get away from police, and the police just stopping, arresting, and charging the first person in the crowd that they see for not doing anything to stop them.

  • fearout@kbin.social
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    Btw, what’s the current judicial status of exit nodes around the world? Why was he charged, yet the isp wasn’t? Would the isp be charged if it ran a similar exit node, or is it strictly because it was a private entity?

  • HousePanther@lemmy.goblackcat.com
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    1 year ago

    Child pornography is in no way acceptable and cannot be rationalized as normal. He got what he had coming to him as far as I am concerned.

    • Chozo@kbin.social
      link
      fedilink
      arrow-up
      106
      ·
      1 year ago

      He wasn’t searching for it or knowingly distributing it. The way Tor exit nodes work is that you’re hosting a machine that lets other people on the Tor network communicate with the internet. You’re essentially routing a portion of the entire network’s traffic through your machine. You can’t really control who is using it or what it transmits at that point.

      He got punished because somebody else shared CP, using his equipment to do so. It’s like being jailed for having your car stolen and being used to hit a pedestrian.

        • Addv4@kbin.social
          link
          fedilink
          arrow-up
          56
          ·
          edit-2
          1 year ago

          Please don’t, the misunderstanding is common, and it just reinforces the point of the rebuttal. I’ve seen sooo many anti CP laws trying to be forced through congress, but most of it is just bullshit surveillance or drm stuff but it gets the support from people like you who (understandably) hear about the propagation of CP and support stopping it via those laws.

            • DogMuffins@discuss.tchncs.de
              link
              fedilink
              English
              arrow-up
              8
              ·
              1 year ago

              You’re a legend mate.

              I find it infuriating when people refuse to be wrong at all costs, and just delete their comment when they are found to be indisputably wrong.

              It’s nice to see someone who can just acknowledge that they misunderstood, as do we all at times.

        • Lanthanae@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          30
          ·
          edit-2
          1 year ago

          It would be better for you to leave the original comment, use markdown to strike it through*, and create an edit showing that you realized it was wrong.

          It shows humility and reflects positively on you, but it also allows the history of this conversation to remain preserved.

          *not sure if this is possible on Lemmy yet

          Edit: it is :)

      • skulblaka@kbin.social
        link
        fedilink
        arrow-up
        28
        ·
        1 year ago

        It’s like being jailed for having your car stolen and being used to hit a pedestrian.

        Exactly this, except that nobody stole your car. You are providing free and no-questions-asked open access to your car for any member of the public who needs to use it. Many other people also used the car that day for legitimate business or for fun, but then one guy got in it and ran over 32 people in a furious rampage.

        Clearly the driver is at fault here, but a case can be made (and apparently, was) that this would not have been possible had you not provided access to the car to the perp in question.

        • Kleinbonum@feddit.de
          link
          fedilink
          arrow-up
          30
          ·
          1 year ago

          Clearly the driver is at fault here, but a case can be made (and apparently, was) that this would not have been possible had you not provided access to the car to the perp in question.

          This is the equivalent of holding gun manufacturers culpable if someone buys a gun from them and then uses it to commit murder - right?

          • interolivary@beehaw.org
            link
            fedilink
            arrow-up
            10
            ·
            1 year ago

            Well, if weapons manufacturers were handing the guns out literally for free to anyone who has a pulse, I could definitely see them getting in trouble

            • esaru@beehaw.org
              link
              fedilink
              arrow-up
              14
              ·
              edit-2
              1 year ago

              Why does it make a difference that gun manufacturers charge for their weapens. They make them accessible for basically every adult. If they didn’t sell them to basically everyone, many shootings would not happen, as world wide statistics show. Earning income on what they provide makes them even more responsible, because they profit off from the selling. I don’t see why they are not being charged for selling it to people that use it to commit crimes, and someone providing an exit point does get charged because he lets people use it while he has no control at all over who uses his access point.

            • Derproid@lemm.ee
              link
              fedilink
              arrow-up
              11
              ·
              1 year ago

              I mean, car manufacturers do this. And it’s much easier to buy a car than a gun.

          • skulblaka@kbin.social
            link
            fedilink
            arrow-up
            7
            ·
            1 year ago

            That’s a bit more of a stretch, but barely. It’s in the same spirit, yes.

            Please do note that I’m not necessarily agreeing with the ruling here, only trying to draw a more accurate analogy. The problem with equating those two though - the tor node ruling vs gun manufacturers being liable for deaths - fundamentally comes down to a few facts, that guns are sold with the intention of killing people, that guns are sold by corporations with lots of money and power, and that governments don’t want tor in the hands of citizens. Tor node keepers are easy to prosecute in many countries, as individuals hosting software that is frequently used for illegal action. Gun manufacturers are not.

          • Da Bald Eagul@feddit.nl
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            Somewhere else in the comments it was said that ISPs have legal protection. The laws were changed afterwards,so that individuals could also be recognized as ISPs so that they’d have protection, for situations like these.

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        It’s like being jailed for having your car stolen and being used to hit a pedestrian.

        Kind of… only you parked the car in front of a jail, left the door open, keys in the ignition, and a “FREE TO USE” sign next to it.

        Hey, maybe the next guy will just use it to go buy some groceries… maybe.

        • The Cuuuuube@beehaw.org
          link
          fedilink
          arrow-up
          10
          ·
          1 year ago

          I hate this analogy. Its more like you parked it in a very public space and said “free to use” and someone who had been to jail used it. There are all kinds of legitimate reasons to use TOR that aren’t child porn, and acting like because it can be used to view child porn makes it truly horrible and hosting hardware to use it makes you part of the problem shows a misunderstanding of what its for.

          Let me pose it to you this way. Do you use a VPN? Do you know someone who has used a VPN? Have you watched a YouTube video that was sponsored by a VPN? Do you remember the reasons to use a VPN? Those are all things Tor does well. Better even. And for free. Meanwhile, hosting VPN hardware comes with all the same “people could use it to host child porn” downsides as TOR exit nodes

          In my personal life, I use Orbot all the time for things like keeping my Syncthing traffic secure and quickly anonymizing my traffic. I also host a relay because Iranian women and Ukrainian soldiers are currently using the Tor network for life and death circumstances.

          • jarfil@beehaw.org
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Its more like you parked it in a very public space and said “free to use” and someone who had been to jail used it.

            Iranian women and Ukrainian soldiers

            As much as I sympathize and approve of that… try to take a step back and look at it from the side: you’re still saying you do it to help others “break the law”, it’s just someone else’s law that you don’t agree with, and hopefully it doesn’t break the law where you live (stay safe, although running a relay is not the same as running an exit node… but still). My analogy tried to capture that.

            BTW, I do use Tor, and may also host a relay or two, but still no exit nodes.

            Orbot all the time for things like keeping my Syncthing traffic secure

            I thought Syncthing already used encryption with a dual public key system to do the syncing? Is there an extra reason to add Orbot to it?

            • AnonStoleMyPants@sopuli.xyz
              link
              fedilink
              arrow-up
              2
              ·
              1 year ago

              you’re still saying you do it to help others “break the law”, it’s just someone else’s law that you don’t agree with

              I don’t quite understand this. How is this different from this case: a substance is prohibited in a country X, but not in yours. You sell the produce in your country, and people from country X come to visit your store and buy the produce. They might take it back home, and hence, break the law. Or they might use it down the street.

              How are you to blame for this? Though in OPs case the produce is given away.

              • jarfil@beehaw.org
                link
                fedilink
                arrow-up
                1
                ·
                1 year ago

                It’s not different, and many countries have established laws against “drug tourism”, “sex tourism”, “abortion tourism”, or other stuff punishable under their law that people would seek to do in other more permissive countries.

                Those laws often include punishments for the enablers, so while Iran may not be able to punish you in your own country, beware of ever visiting Iran, or any other country whose laws you may be helping people to break… or getting doxxed for some “extreme law defending enthusiast” to pay you a visit (see cases like Charlie Hebdo).

                • AnonStoleMyPants@sopuli.xyz
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  1 year ago

                  Those laws often include punishments for the enablers

                  I did not know this but I guess it makes sense. But yes many countries do have these kinds of laws. Then sure, it is a good idea to know the laws regarding this of the country you are visiting.

            • Findmysec@infosec.pub
              link
              fedilink
              English
              arrow-up
              1
              ·
              4 months ago

              And you’d rather have Iranian women and Ukranian men not being able to voice their opinions because you don’t agree with helping them “break” laws?

              • jarfil@beehaw.org
                link
                fedilink
                arrow-up
                1
                ·
                4 months ago

                Did you create a new account just to misinterprete a year old comment of mine? That’s amazing.

                • Findmysec@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  4 months ago

                  Pray tell me how I misinterpreted it? If running an exit node is going to help marginalized communities bring forth their voice (even the fringe cases that I don’t agree with, because I believe technology should be accessible to everyone), why shouldn’t one do it? Other than mortal risks like jail time because stupid senators can’t be bothered to get their heads out of each others asses.

                  The reason to use Orbot is to obfuscate the IP

                  Edit: I’m a different guy from the one you responded to earlier

      • atocci@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        This is the first I’ve heard of it. Why would someone willingly host an exit node when the risks are so high?

        • conciselyverbose@kbin.social
          link
          fedilink
          arrow-up
          20
          ·
          edit-2
          1 year ago

          Because they believe in what tor represents. It absolutely is used for terrible things, but it is also a pretty critical resource to a lot of people in a lot of dangerous parts of the world where thought crimes get people killed.

          But yeah, no way am I running one. The potential costs are way too high.

        • The Cuuuuube@beehaw.org
          link
          fedilink
          arrow-up
          5
          ·
          1 year ago

          Because Iranian women deserve to tell their stories. Because Ukrainian soldiers need the most secure relays for their messaging services possible. Because the Chinese government’s great firewall is designed to keep people from seeing reality. Because Facebook, Amazon, Netflix, and Google want to control the future of the web, and that future includes willing participation in incomplete police action that gets minorities and people of color killed. Because control of your personal identity is a matter of grand security when it comes to preventing the most successful kinds of attacks: social engineering. Because all of these things can either be accomplished with a paid VPN owned by a corporation who might ALSO be complicit in all of the problems above, or they can be acheived on donated computing time, and be more effective in their application.

          Child porn happens on the internet. I don’t see anyone clamoring to shut down the whole thing. So which do you want? To destroy every single tool that can be used to acquire it, or to foster a more fact and policy based government that performs root cause analyses and works to make a better society rather than doling out punishment and asking quearions later

          • AWildMimicAppears@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            You can even add half the USA with their anti abortion laws to your list! Remember people, what you have to hide is not yours to decide.

    • vlad@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      The feds in multiple countries have used the tactic of hacking someone’s computer, putting charlie papa content on it, and then using that as a reason for arrest. I’m with you that partaking in it is completely unexcusable and sick, however that fact is why it’s used by governments to gain more control. “Think of the children.”

      • HousePanther@lemmy.goblackcat.com
        link
        fedilink
        English
        arrow-up
        10
        ·
        1 year ago

        I have heard of this happening. It is why I have a healthy distrust and dislike of law enforcement. Law enforcement serves the wealthy, powerful, and the interests of the state itself. It is almost like the wealthy have their own paramilitary to do their bidding for them.

          • HousePanther@lemmy.goblackcat.com
            link
            fedilink
            English
            arrow-up
            13
            ·
            1 year ago

            Police protect both monetary and political capital. They’re dogs licking the boots of their masters. Caveat: I am ex-cop. I was fired because I refused to arrest someone for smoking pot peacefully and not bothering anybody. This was in the late 90s.

        • astraeus@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Imagine trying to enforce such a thing on the dark web. What would you call the people who would end up with that job?

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        16
        ·
        1 year ago

        Start two dark webs, fill one with CP… and all the CP users will go to that one? Or something /s

        • interolivary@beehaw.org
          link
          fedilink
          arrow-up
          47
          ·
          1 year ago

          Oh yeah, packet sniffing exit nodes in a privacy oriented network will surely go down well and will have no unforeseen consequences

          • jarfil@beehaw.org
            link
            fedilink
            arrow-up
            10
            ·
            edit-2
            1 year ago

            It’s been working fine for 20+ years already, with consequences foreseen from the beginning:

            • Don’t trust exit nodes, they get the final packets and can do with them whatever they want.
            • If you put identifying data in an unencrypted packet, the exit node will know who you are.
            • If you send identifying data (encrypted or not) to a website, the website will know who you are.
            • Trust destination websites only barely more than you’d trust them normally, and only as long as you keep the NoScript enabled.
            • If your entry node colludes with your exit node, they might analyze data traffic patterns to try and identify you.

            If you want to hide your porn habits from your techie flatmate with a logging router, Tor works great. If you’re a CIA agent in Iran wanting to send some report back home without getting found out, Tor works great. If you’re a whistleblower wanting to send an anonymous tip to the Washington Post, Tor also works great. If you’re curious to see that foreign mercenary group’s website that’s blocked in your country… SWIM had to try some different circuits, but Tor also worked there.

          • lowleveldata@programming.dev
            link
            fedilink
            arrow-up
            6
            ·
            1 year ago

            What do you mean? The exit nodes runners are doing the heavy lifting here. It’s fair for them to do everything technically possible to avoid unwanted raids.

          • barsoap@lemm.ee
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            I mean it’s an exit node and the open web you don’t really get to complain about lack of privacy when leaving Tor.

            OTOH, there’s a simple problem: That traffic is still likely encrypted. It’s not like Tor exit nodes do the TLS handshake, do they? That would indeed be much stranger than applying traffic shaping.

            • interolivary@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Sure, but preinstalling packet snooping on exit nodes as a feature still doesn’t sound like a great move, nevermind how stupid the idea is exactly because, like you said, HTTPS is a thing