[zepearl]

Is something like this unexpected? I personally never ever thought so (which is the reason why I never ever even considered running a TOR exit node).

As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

> I feel law enforcement realizes this is a big weakness they can target since a lot of Tor exit operators are individuals with not a lot of resources to fight them. They can use the legal system to scare operators into shutting down.

On one hand I admit that that might be the case, on the other hand even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).

In my opinion it's obvious that the current situation of solutions is in general bad: too much pressure on services that provide privacy because it's too easy for crime to misuse them :o(

[Sebb767]

> As much as I can respect the idealism about privacy and liberty etc..., I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution, therefore I did not want to provide indirectly any help.

Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

[Peteragain]

During The Troubles bombs were sent via the Royal Mail. Nobody blamed the post office. Indeed any infrastructure is a tool of terrorism as we rely on it (I am not going to make a list for obvious reasons). I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk. The question is whether or not the same applies to free speech - you're right there is no win-win solution, but it still might be worth it.

[blitzar]

However if you start "Peters no questions asked hand delivery service, shipping direct from Ireland to London so reliably you can set a timer by it" - and you deliver 3 bombs to politicians you might find yourself being asked a few questions.

[petertodd]

At the time that's exactly what the Royal Mail was. Requiring identification to send packages is a much more recent development. Society just accepted that bad actors could do this and solved the root problem instead.

[watwut]

> Society just accepted that bad actors could do this and solved the root problem instead.

You ... do not read much about history, I guess from this.

[_ph_]

There are quite a bit of differences here. The mail services transport physical goods, and the whole path can be tracked. Every letter or parcel is registered by the postal office where it was submitted to for transport. And usually there is quite some physical evidence with everything you do mail.

[penultimatename]

The poster wasn’t blamed, he was investigated, just like the post office was. Police didn’t just throw up their hands and walk away.

[lolinder]

> I think the reason we tolerate this problem with infrastructure is that the benefits outweigh the risk.

The thing is, we absolutely don't tolerate this with infrastructure. We have entire systems in place to make sure that we can find people who use our infrastructure to kill people. The USPS has its own entire law enforcement branch whose sole job is to track down people who misuse the mail. I'm sure there are processes in the UK for the same.

With our infrastructure there's some non-zero amount of abuse that we acknowledge we won't be able to prevent in order to make everything work without infinite enforcement cost, but we don't just close our eyes to the abuse and not even try to do anything about it at all.

The difference between the post office and Tor is that Tor is very specifically designed to make tracking a sender of a bomb threat impossible. State-run postal services at least try to have an audit trail for what they send.

[atemerev]

Well, many (if not most) exit nodes are ran by three-letter agencies, so at least there is some infrastructure in place.

[II2II]

> depending on which side of the Israel/Palestine conflict you are on

Here's the thing: I am not on either side of that conflict, or likely any other conflict you could use as an example. There are atrocities committed by both sides. There are victims on both sides. You could argue over who committed the worse atrocities or over who is the biggest victim until your face turns blue, it isn't going to end the cycle of violence as long as there are people facilitating that violence.

And no, I am not naive. I know there are people out there who care nothing about causes beyond their own self interest and who care nothing about their victims. I realize that these people are impossible to combat without the innocent coming in harms way. Yet the moment we fail to be ashamed of the harm we cause in the name of the cause, the moment we fail to acknowledge who is being harmed in the name of the cause, is the moment we become no better than them.

[Ferret7446]

Here's a better example then. Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?

Lots of horrible dictators have used rhetoric like yours to rationalize/facilitate their actions.

The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.

You have to pick a stance and live with the harm that comes out of it (yes, whichever stance you pick, will cause harm).

[II2II]

> Publishing the truth or publishing opinions about political leaders is illegal in some jurisdictions. Would you be unwilling to provide help to these "bad actors"?

Realistically, I am unlikely to help since I am unlikely to understand the circumstances and I am especially unlikely to understand who I am aiding. Revolutionaries often look noble (or try to look noble) until they are in power and show their true colours.

Operating an exit node is something that I would be unwilling to do since it goes beyond possibly facilitating those who would want to do harm, it is pretty much a guarantee of facilitating those who would do harm.

> The fact of the matter is, there really is no absolute objective moral compass; and yes, that includes "we should just stop facilitating violence" because you absolutely can be enabling others to take advantage of that to cause more harm.

While I agree that there is no absolute objective moral compass, we each have a moral compass. We have to live by them. Will other people exploit those morals to their advantage. Undoubtedly. That doesn't mean we ignore those morals. Personally, I draw the line at facilitating violence.

[szundi]

Oh just because you are not affected yet, you might be in the future, most probably if no one is there to help against people with obscene power and they start to easily win

[tzs]

> Well, what would be considered a "really!!!" bad actor for some might be a hero for others. Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

Stepping back though neither side in that conflict needs Tor. They both have numerous supporters in other countries where that support is legal. They can send and receive information through trusted outside supporters including some outside governments. They just need secure communication channels to a few representatives among those supporters rather than something is general as Tor.

[lolinder]

> In the end, this really comes down to whether you value freedom or state protection more

If we're talking about the decision to actually run an exit node, I disagree with this breakdown of the ethics. I can value freedom more than state protection in the abstract while at the same time not feeling that helping support freedom in Russia and China and Iran is worth the cost of simultaneously helping to shield perpetrators of violence closer to home.

In most people's ethical frameworks choosing not to run a Tor node does not make me culpable for the actions of a state suppressing its people, but choosing to run one does make me at least somewhat complicit in shielding the perp of a bomb threat.

[saikia81]

how is this different from running a postal service? would you be against that?

[lolinder]

The USPS has an embedded law enforcement agency [0] whose full time job is to track down people who are using the postal service to commit crimes. Tor is very specifically designed to make an equivalent impossible.

[0] https://en.m.wikipedia.org/wiki/United_States_Postal_Inspect...

[cm2012]

There's enough truly bad actors out there, not everything is shades of gray. Cartels, North Korea, ISIS, etc.

[hsbauauvhabzb]

‘Truly bad’ still relies on the perspective of the participant though. Parents point is that ‘bad’ is a matter of perspective, and that right or wrong, at lease some cartel/nk/isis operatives believe their actions are justified for some greater good, Palestine/Israel opinions and belief are obviously a more easy to understand perspective, but the point still stands.

[eptcyka]

NK operatives feel incredibly lucky they get to not starve. Unless they got to where they are at due to nepotism.

[snapcaster]

You don't know that, you've never been there or probably spoken to a north korean. Not saying you're wrong (i can admit i have no idea), but i'm annoyed you're swallowing narratives from warlords who have been known to lie to start wars as if it's assumed default true

[hsbauauvhabzb]

I have no idea about nk politics, but if the media continually pumps out ‘the west is the reason we’re starving, join the military today!’ then they might feel lucky to both be fed, and to be serving their country.

[watwut]

Hitler thought he is a good guy. Stalin thought he is good guy. Everyone thinks he is a good guy from the own perspective.

[wwtrv]

Really? Some cartel operatives believe their actions are justified for some greater good? Well unless you count filling your own pockets a "greater good" then they are objectively extremely deranged and delusional which possibly makes them even more dangerous.

> relies on the perspective of the participant though > Parents point is that ‘bad’ is a matter of perspective, and that right or wrong,

Not really, though. Some things are just 'bad' (you or the perpetrator might not agree but that doesen't change that fact).

[johnisgood]

Nothing is inherently right or wrong, see moral nihilism. At any rate, cartel operatives may have other intentions than just simply fill their own pockets. Maybe they are selling medical marijuana to people in need because they would love to help people, and get money doing that, how about this?

[blitzar]

Are we the baddies?

https://www.youtube.com/watch?v=ToKcmnrE5oY

[roenxi]

You're naming things that are in the grey zone though. For example I can find polls [0] suggesting that North Korea is one of the least popular countries, but not strikingly different in absolute terms than someone like Russia or the USA. Internationally speaking they aren't unusually bad actors.

The problem with a "no shades of grey" stance is that in any large organised group there are going to be some good points and reasonable ideologies for why they have banded together to do what they do. They may be mistaken on important points, and it certainly may be necessary to put all empathy aside and try to ruthlessly crush them regardless of any good points they have - but in practice that approach almost always leads to terrible results compared to negotiating to emphasise the good and suppress the bad. Take ISIS - the reason we have groups like ISIS running around is generally because of a no-shades-of-grey approach taken to deal with their precursors. The US policy in the Middle East typically destabilises things (although they are hardly alone in doing that).

[0] https://en.wikipedia.org/wiki/Foreign_relations_of_North_Kor... - "Results of the 2017 BBC World Service poll. Views of North Korean Influence by country"

[nkrisc]

You have to ask yourself if the good is worth the harm.

[AnthonyMouse]

But the math on that looks like this.

The "really bad" people have no conscience. No qualms about compromising the device of some innocent victim and then using that as their "exit node" if Tor wasn't available. So if Tor doesn't exist, that's what they do, and that's worse. Because not only do the bad guys still get to be anonymous, now the owner of the compromised system takes the blame. Which is more likely to be someone less able than you to articulate what happened, and who has to claim they were hacked with perhaps scant evidence rather than being able to point to their IP address on the public list of Tor exit nodes. They also might not be in a country with due process. So what you're doing there isn't helping the bad guys, it's saving some of their innocent victims from being unjustly punished.

Meanwhile the "good guys" who use Tor do have a conscience, so they wouldn't do that to an innocent third party, and then without Tor they have nothing. So you'd be helping them too.

[qsdf38100]

We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Come on, Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false. You’re mostly enabling all sorts of criminal activities, from benign to major. Hosting a tor exit nod doesn’t make you a hero, quite the opposite actually.

[AnthonyMouse]

> We shouldn’t have keys then. Really bad actors are going to force your door anyway. Let’s at least save the doors.

Locks aren't for the really bad people, who are in fact going to break down the door. They prevent crimes of convenience.

But Tor is the lock, and the crimes of convenience would be e.g. mass surveillance of the population, in the event that ordinary people don't have it. So it's not clear what you're arguing here. That everyone should use Tor?

> Tor main use is child pornography and drugs. If you think you’re helping oppressed journalists, it’s 99% false.

Start here:

https://news.ycombinator.com/item?id=41507790

Add to this, the illegal stuff isn't accessed via exit nodes, which link into the ordinary internet. Those things use hidden services, which are internal to the network and don't use exit nodes.

But let's even explore the premise. Suppose a lot of the traffic is people trading in illegal materials. Well, that's not really a big problem; people do that stuff via several other existing channels and the societal cost of each instance of someone buying pot over the internet isn't very high. Whereas the societal benefit of one single whistleblower is massive. These things can change the lives of millions of people. So even if it's 99% contraband, the remaining 1% is ten million times as valuable.

[account42]

It's true that keys are mostly there to deal with minor bad actors and don't do much against determined adversaries. They are however not much of an obstacle to authorized persons which is why we use them.

You also may notice that in most civilized countries we do stop at somewhat weak keys and glass windows and don't bother with fortifying each house to withstand a full on assault from a criminal organization. That's because this will have a very high cost and we are better off dealing with criminals in other ways so this lack of protection is not a real concern.

[Ferret7446]

I would use that argument if I were an oppressive government that was troubled by journalists using Tor to expose me. It's only 1% right? Think of the children.

Quoth Fidel Castro: ¿Armas para qué? (What do you need guns for?)

Guess what he did after he took the people's guns

[qsdf38100]

If your weapon against oppression is 99% enabling child pornography to thrive, I fail to see what overall good you are making. How many lives ruined for how many articles read?

You try to paint me as a "purist" that would allow the world to fall into the worst abusive governments just to save 1 child, but if you look at it honestly, you are at least as purist as me, because you would enable arbitrary amount of crimes just to save 1 journalist.

Assuming my 99% is accurate, the numbers are really not in your favor, plus journalists are grown adults that make their own choices, while children don’t chose to risk being abused, filmed and exposed online.

[zepearl]

> In the end, this really comes down to whether you value freedom or state protection more...

This is again a forced binary "and/or"-decision, without anything inbetween.

It doesn't have to be like that - both can coexist, if both terms are not extreme.

(disclosure: my post is not related in any way to Israel nor Palestine and I'm personally not linked in/directly to anything related to Israel nor Palestine and this post is not related to the current conflict)

[User23]

> Just as an example, depending on which side of the Israel/Palestine conflict you are on, either side using your node for military intelligence might be an use worth fighting for or terrible abuse.

The problem is when you choose to involve yourself in nation-state conflicts they’re just not going to care about your protestations of neutrality and freedom. They’re just going to see you aiding their enemy.

[totetsu]

>In the end, this really comes down to whether you value freedom or state protection more; either of which can be abused by rogue actors or a malicious state, respectively. There is no win-win-solution, unfortunately.

I want to argue for freedom, on the grounds that most people know whats best for themselves better than others, so on balance there should be more people using that freedom for good, but then most people are busy, and not as motivated or knowledgable of how to use that freedom as the malicious actors are.. so is that even freedom in the end?

[nox101]

I don't think that dicotomy is quite right. bad actors can take away my freedoms (for example if they steal my bank account I'm no longer financially free as I'd have no money)

I don't know the correct balance. maybe it's just an impossible problem. I just don't think the two sides are freedom vs state protection.

[AnthonyMouse]

> even government organizations/departments/agencies can be "local" and scattered (e.g. similar IT departments for each "canton" in Switzerland) and not have huge amounts of resources/knowledge to track/identify perpetrators of all ongoing (sophisticated?) IT crimes => somebody somewhere might see the same IP involved in a lot of "bad" stuff not realizing it's just a TOR node.

Decentralization is not an excuse for negligence. Anyone working in cybercrimes should be aware that Tor exists and of what it is. The list of exit nodes is public. Harassing the operators can only be one of malice or incompetence and neither alternative is excusable.

[_ph_]

And it doesn't need to be a "really bad actor". I have been spammed by someone for years who clearly used a script to target an online service of mine. Always connecting from TOR, so banning an IP or a range wouldn't block that person.

This shows how easily TOR can be abused, even for small misdeeds.

[john_the_writer]

Agreed.. this " I could not ignore the fact that any "really!!!" bad actor could use the same infrastructure to avoid investigation/prosecution," could be dependant on what you personally see as bad actor.

Would being gay count? In some countries it's a death sentence, so using TOR is how they avoid being thrown off a roof or stoned. Talking about anything LGB is a crime.

What about someone who wants to read 1984.. Would you be okay with them committing that crime?

[zepearl]

> I hate the current general trend pushing a position of an either absolute "yes/no" for any theme...

[paperplatter]

Yes being gay is illegal in some countries, but those governments don't have the ability to raid a German citizen's home for it.

[AnthonyMouse]

The people who do live in those countries could, however, be using an exit node in Germany. It isn't the exit node operator who chooses who uses it.

[spurgu]

"I won't help building roads because criminals might drive on them"

Law enforcement are blaming the road builders, that's what's wrong with the picture.

[raverbashing]

> I hate the current general trend pushing a position of an either absolute "yes/no" for any theme, including this one (of encryption for privacy/etc vs. crime).

Exactly

Making an analogy, I feel these people are kinda the European ideological equivalents of the "sovereign citizens" in the US (though sure, they're usually more informed)

In one way, deeply concerned about very legitimate worries of free speech and privacy. In another way, very naive about what happens in the real world or how legal process works

Expectations: "We're helping people fight dictators!11" Reality: 80% malicious usage, 10% "just a prank bro", 5% people with legitimate uses and then the rest

[qsdf38100]

Agreed, except, what is especially European about this?

[raverbashing]

The idealism and rose-tinted/"self righteous" view of the world.

"Wir schaffen das"

[qsdf38100]

I'm not sure what you mean with this "Wir schaffen das" reference. By attempting to be host refugees, one is committing the fault of being self-righteous?

[raverbashing]

Think of it as a kind of "Hero Syndrome"

[raxxorraxor]

Idealism around privacy and liberty are quite important, otherwise you end up with a worse country and there is a reason for laws to usually grant people these rights.

The law failed here and it is a typical problem for Germany, that historically and still today has problems with liberties in general.

FUD doesn't mean we should do away with liberty. To say otherwise is naive idealism that requires infallible human actors in security related agencies. That is impossible.