Russian FOSS activist arrested in Russia for his Tor exit-node
Dmitry Bogatov, 25 years old, teaches maths in MFUA (Moscow Finance and Law University) was a free and open source software activist (https://sinsekvu.github.io/pages/about.html). Dmitry was administrating a Tor exit node (https://atlas.torproject.org/#details/2402CD5A0D848D1DCA61EB708CC1FBD4364AB8AE) from his house. In fact, the author of "incendiary messages" (called "Airat Bashirov") was using Tor, and, by lack of chance, he used the ip adress of Dmitry's exit node.
Dmitry's lawyer, Alexei Teptsov, presented videos from surveillance cameras, that proved that, during the moments when the "incendiary messages" were posted, Dmitry was away from his computer. He was coming back from a fitness center with his wife, Tatiana, a genetician, and then went to a supermarket, where cameras were also working. Moreover, "Airat Bashirov", the author of the provocative messages, continues to post on sysadmin.ru, while Dmitry is under arrest. The last post was seen on the forum on April 11.
Dmitry will stay in pre-trial detention center until June 8 at least. Now the Investigation is examining all his seized devices.
116 comments
[ 3.5 ms ] story [ 194 ms ] threadIt will be interesting to see if Russia adopts a network monitoring and censorship strategy as China has[0]. Of course, it would be tragic if they did.
[0] https://en.wikipedia.org/wiki/Great_Firewall
https://www.theguardian.com/world/2016/nov/29/putin-china-in...
Edit: Remember that a huge portion of this country is demanding a 2000 mi long wall be built along one border... don't underestimate stupid and scared.
http://www.finalcall.com/artman/publish/Perspectives_1/Chene...
Deep packet inspection is here today for Comcast and other ISP customers. The nominal reason for the surveillance is typical adtech panty-sniffing, but of course the data is also available for subpoena, assuming ISPs actually ask for one, or just freely given out (that's more of an ATT thing).
And given that we know the FBI recruits Geek Squad techs to become informants and collaborators[1], who really thinks the FBI, DEA or another TLA won't do the same/hasn't already started doing the same with, say, network techs at Comcast? The same come-ons that worked for the Stasi work just fine elsewhere.
The people down-voting this comment, if they're doing so out of the belief that "it won't happen here", are simply wrong.
The surveillance-entertainment complex was born in the US, and the tools are massively attractive to anyone who covets power. Anyone who doesn't think the world-empire of the day will use them is deluding themselves.
[1] https://www.washingtonpost.com/local/public-safety/if-a-best...
1) block SSL/TSL traffic and VPNs at the border
2) Man in the middle attack (this would needs browsers to accept certificates with a matching wildcard domain )
(1) would block internet commerce at the border - this is not acceptable in western countries were free trade is above everything else. (2) is a problem because the wildcard certificates will leak out and criminals will use them, this will eliminate trust and kill internet commerce internally (also it is quite resource intensive)
In any event a great firewall is a great tragedy: for Russia that would mean the end of any remaining freedom of speech and an end to the independent opposition - for example Navalny will no longer be able to mobilize anyone. Its a fact how freedom of communication directly translates into political liberties; block one of them and you loose the other... (it is also a Pyrrhic victory for the Russian state because limiting information results leads to ptechnological backwardness)
So for the meantime that means that a great firewall in a western country is very unlikely. Of course internet pundits said that of Russia at the turn of this century.... so the fact remains that it is impossible to predict anything.
TIL: the great firewall of china is called golden shield ( https://en.wikipedia.org/wiki/Golden_Shield_Project ) in Russia they might as well call it "stalin's pipe"
I would imagine that there is a level of capability that already exists beyond 2 years out.
And I'm not so sure that is true.
Leads are fine. Follow the lead, see where it goes. But if it goes nowhere, don't just lock a guy up until June anyway just because.
That's the idea of writ of habeas corpus, internet or no internet.
Certainly if law stated we should convict people based instead on 'virtually' conclusive evidence your conclusion is valid. I just hope they are real, real careful with that evidence! To prevent the worry of getting caught up when you are innocent, we (and other countries) choose instead to base decision on a criminal matter conversely by rejecting a criminal case on reasonable doubt.
With that understood; I ask you as a technical person (assuming you probably are as this is Hacker News); is it reasonable to say that an IP may not accurately tie to a particular individual in at least some non-extraordinary circumstances?
As a technical engineer I already know the answer it does not; and it can happen due to admin negligence at a minimum (admin wipes out the leases or changes the address pool then changes it back because it was a mistake). At least I certainly hope no one was convicted based on their IP in any network I have managed (or at least they had a good enough attorney to know to check in with me!).
The same thing happened to someone I know in the UK, a few years back. He was arrested at dawn and put in a cell for a whole day after an offence was committed from the IP address under his control.
He said the officer interviewing him admitted he understood that the offender and node owner were probably different people, but it was close enough to justify an arrest.
This was a high-profile case where they did actually find and arrest the actual offender, so they had real leads - could only conclude this was intimidation.
The first person of interest would most likely be the user of the IP address at that time.
It's unfortunate that operators of Tor exit nodes have a large amount of risk placed on them, but I don't think it's a situation borne of Soviet-era backwardness or unique to modern Russia.
https://meduza.io/en/feature/2017/04/10/mathematics-teacher-... (English, Tor is not mentioned yet)
https://geektimes.ru/post/287944/ (Russian)
https://zona.media/news/2017/11/04/home (Russian)
Liveblogs from the court (Russian):
https://zona.media/online/2017/07/04/2april (Day 1)
https://zona.media/online/2017/08/04/bogatov-2 (Day 2)
https://zona.media/online/2017/10/04/bogatov-3 (Day 3)
You are much less likely to be raided and arrested if a cloud server in a datacenter somewhere, leased by an anonymous LLC you control, is the subject of an investigation.
[0] https://blog.torproject.org/blog/tips-running-exit-node
so now you can email him anonymously over TOR, and pay his bitcoin invoices Shapeshifting some Monero
I also checked the Panama Papers and none of those entities they filed for me appeared in the leak, but even in the off chance they did, you wouldn't be associated.
GreenCloudVPS also takes cryptocurrency.
and finally, there is at least one jurisdiction in the world that still offers legit bearer share companies which require no registration. And your entity no longer needs a banking relationship to acquire goods and services.
what does this mean? what is a bearer share company? and which jurisdictions would that be?
A bearer instrument is an instrument which states that it is owned/controlled/usable/valid for the benefit of whoever possesses it, and normally doesn't rely on registering that ownership with an authority.
https://en.wikipedia.org/wiki/Bearer_instrument
A bearer share company is a company that doesn't know or register who owns it. If, at a particular moment, you own the physical certificates that connote ownership, you own the company.
[0]: https://en.wikipedia.org/wiki/Cryptocurrency_tumbler
For unlinking, Monero (cryptonote technology) is the private cryptocurrency to use today. The primary different between competitors is that Monero is private by default. Other 'private cryptocurrencies' are public by default with an optional privacy gimmick (see mixers, Dash, Zcash). Transparency is the optional gimmick in cryptonote.
You want to keep a balance of Monero, and use services like Shapeshift, over TOR, to pay for invoices priced in bitcoin.
Exchanges like Kraken allow you to buy Monero directly nowadays with USD. So bitcoin isn't part of this equation anymore, the network effects supporting bitcoin's incumbency were extremely overstated.
But if that infrastructure isn't yet available in your area, buy Monero on an altcoin exhcange after buying bitcoin. Or even shapeshift Bitcoin for Monero, just to top up your balance.
This is the separation of cash and state, so don't worry about what they think, this is a parallel infrastructure that doesn't leverage their financial institutions.
Admittedly, I guess data centers run this risk automatically by the fact of providing data storage/transfer services.
The main benefit of setting up a non-profit is not shifting the risk to “the poor saps in the data center”: the police isn't going to kick down the door of the datacenter any more than they would raid your ISP.
The main benefit is that you get listed as abuse contact, and you get contacted the same way an ISP gets contacted: you get a somewhat-polite email (or a fax <3) asking who that IP address belongs to. At that point, you can explain what Tor is and that you do not know the origin of the connection; somehow, it's more difficult to have that conversation when you are in an interrogation room, talking to someone likely believes you are guilty.
Just like in the Wikileaks threads when people go on about the abuses in other countries, and how unfair it is that JUST America's/ the DNC's/ the CIA/ the NAS's dirty laundry gets aired.
Repression and abuses of power should concern us all. One evil does not negate an other.
The other posts that refer the US are in response to comments stating/implying that it's a specifically Russian thing, pointing out that no, similar things occur in the US.
They're not trying to say one evil (Russian) is negated by another (American), but that both sides do evil.
If the US has even one instance of doing this, then questions arise such as:
1. Maybe this is unavoidable, and if so how much time/money should we spend chasing down an unavoidable issue?
2. Maybe there are specific circumstances where this is okay? Why isn't this one of those specific circumstances? We should trust the Russian government, just as American's give their own government the benefit of the doubt.
I also don't believe the "an IP address doesn't identify a person" mantra that's so widely used in the privacy-aware circles. Your ISP gives you an IP address for yourself, and if you let others use it, you know you can get yourself in trouble, the same you'd get yourself in trouble if you let anybody who asked you use a rifle of yours, or a car. Would you let someone you don't know at all drive your car? What if he runs over someone? Would you be responsible of it for letting him use your car? Would you risk going to prison?
The alternative is worse: I could be looking at pedophilia or terrorism sites all day and if they catch me say "well I also run a Tor exit node so how do you prove it was me!". Your IP identifies you, so be responsible!
And people in Russia have went to jail literally for pressing 'Like' on a single post.
You lost me here. This is more like letting someone make a call with your phone. Rifles are inherently dangerous, even gun enthusiasts agree on that. We're talking about information more broadly here.
And before you tell me Tor is nothing more than a privacy tool, remember that most sites ban Tor exits because the majority of users are troublemakers.
So... don't tell you the truth, because you've already decided that a bunch of anonymous people are "bad".
Have you ever considered a career in law enforcement or politics?
Do you believe those sites are in some kind of major plot to bother Tor users, or they simply are fed up with the abuse coming from Tor? Ockham's razor.
state actors are annoyed by whistleblowers. tor is useful to whistleblowers. tor is bad.
Because if it's the latter, then your sample suffers from rather extreme selection bias.
You gotta be kidding me. If that were the case nobody would ever use Facebook, or browse the web without an ad blocker and blocking 3rd party cookies. I also like privacy but we have to understand that nobody really cares about that. Maybe it's because they are not educated and don't know what the risks are, but whatever the reason, privacy is ignored by most people.
It already is, unofficially. If you download the right version.
If I'm doing some background research for my work, I don't want to have to wonder if my ISP will sell me out, allowing a competitor to know what I've been up to.
If I'm hanging around gear head websites and letting people know just what a drooling fanboy I am for the products of a particular car company, I really don't want my ISP to sell me out and let the local car dealer know.
This statement is actually wrong. The majority of users are probably normal people. The majority of the traffic coming from exit nodes, though, may come from scripts/bots ; but that is a really small percentage of users.
A shared IP address can be in use by me and my "friends" on Tor - at the same time. A rifle is only in the hands of one person at a time.
What if it wasn't a phone but a mailbox? A big chalk board? A bulletin board?
What if it weren't a mailbox but a free parking lot? Bob could put a thumb drive in his glove compartment, park his car, and then have Alice pick it up. Am I liable for what's on that drive because I provided free parking that was used as a medium for illegal information?
That why I think sharing things with strangers cannot logically make you liable for their speech and information.
Having a free-to-use shotgun and a box of shells in front of your house is an entirely different question. That's why I said the analogy was a poor one.
You're not gonna have a fun experience explaining that you lend your rifles to your neighbour at the time of the murder.
If someone uses my phone to make a threatening phone call, I'm probably first in line to be investigated. Just because it's not inherently dangerous, or would result in legal consequences for the phone owner, doesn't mean it is a risk-free thing to do.
Sure. There are practical consequences. But if it's a working phone booth on the sidewalk out front, the prosecutor can't prove much with "it was your phone". Of course, you could be put through the wringer or even convicted based on really flimsy evidence.
Why would that be a problem, looking at things on the internet?
But advocating to sacrifice anonymity is a problem. It makes those fighting governments very vulnerable and easily silenced. And gives a way for governments to take action against anonymity.
That last one is kinda inevitable. The internet, even the spied centralised version we see at Facebook and Gmail, has a flattening effect: for the first time in recorded History, people can write. And other people respond to them. Even the printing press failed to achieve that —mostly.
Sure, there are bubbles and such, but there no escaping the fact that public forums train people in public debates. This will have a political effect.
Now I can only hope the transition will not be too bloody.
>> That last one is kinda inevitable.
It allways is and was. Happened allready many times, it is called human history ;)
Personally, I'd prefer the law enforcement emphasis to stay on those creating/buying/selling/distributing child porn, but oh well.
As for child porn, I bet a good chunk (most?) of the content is directly paid. Such transactions do encourage the corresponding offer. This works for regular online stores, so it most likely work for child porn as well.
Now if the downloading or hoarding of the data doesn't imply any direct or indirect transaction to the benefit of the provider… that probably doesn't help exploitation one bit. But you have to be careful not to perform or facilitate such transactions —or just stay the hell away.
What I allways heard in this debate (from privacy activists) is, that most of the stuff is actually shared noncomercial in closed circels. And to get into such a circle you would have to provide them with fresh material (made by yourself).
But on a quick check, I could not find reliable numbers(or those claims), but I guess they would be hard to get in the first place.
Anyhow, I agree that total surveillance would for sure reduce horrible crimes ... But I rather have privacy and police focused on the actual crimes happening.
And the actual crime in this case is the production. And even though it does might lower the barriers for some if they can savely pay/consume for CP, and therefore increase production, I can imagine the danger is a kick for others as well.
And even if we could manage to ban all CP from the internet, then those people might want to get their kicks then in real life.
Anyhow, I think that is where society has to focus on - the actual fucked up people. And there are plenty of them around and they won't go away, because you lock them off from their sick internet kicks.
But on the other hand, yes, it might be easier for police etc. to keep track of them, if they are not anonymus. Unfortunately I think that most people wanting to eliminate privacy don't care at all about the children, but rather want plain power.
And there are good reasons to not trust governments who wants to know everything about the people but not wanting the people to know about what they are doing ...
I mean, we are even talking about russia here. Would you trust them?
Child porn may be similar. I don't know.
And of course total surveillance is too high a price to pay. I'd rather have some more child abuse and some more "terrorism" and a little bit more crime, if that's the price we have to pay for privacy (and I'm not even sure we do). As much as I don't like horrible stuff happening, total surveillance is much worse —if only because of the sheer number and comprehensiveness of the effects. I'll take torture over dust speck¹.
http://lesswrong.com/lw/kn/torture_vs_dust_specks/
"I'd rather have some more child abuse "
media would lynch you cheeringly and totaly ignoring everything after. Kind of a sad world we are living in, though ...
In practice though, these clinical cretins can throw you into russian jail for two months without taking counter-evidence into account. Just because.
If someone borrows my car and crashes into someone else, I'm not legally responsible. Same goes for companies that let anyone use their cars, like rental services.
I'm sure that some Tor supporters in the CIA are hot on taking down particular regimes. But I don't recall seeing that as an official Tor Project use case.
Regarding the example of North Korea, I'm sure that there are ways of hitting Tor. At least, if you can reach the Internet at all. Maybe it's not worth the risk, however.
2) If someone using your TOR node posts a message threatening to kill someone, YOU will be SWAT-ed first and only then police will find out you run TOR exit-node and maybe you are not the one who posted it. You implicitly accept risks associated with your operation.
do internet threats generally hold any credibility? what's the actualization rate?
But it also appears that some police departments are more easily convinced than others. So the real question is "does the police department in my area -- the one most likely to decide whether to raid my house -- believe internet threats are credible?"
If the actualization rate is any greater than 0%, police need to respond, because if it gets ignored and the person making the threat actually follows through, then people will go up in arms about how someone said they were going to kill somebody and the police did nothing.
Take another scenario. Some high school kid writes a tweet that he's going to shoot up his school tomorrow. Would it be fair for the school to get shut down and the kid taken into custody?
And if you're a cop, why would you dispatch a SWAT team to a Tor exit node at all? You can see if the IP is on the list and if so you'll have a hell of a time proving that the traffic came from the person running it even if they did (after all, why would they even use their own IP address when you could have used Tor?). At that point, you're basically punishing a random, innocent person for the (legal) act of running an exit node.
If we imply that TOR exit-node owners are innocent by default, what stops me from installing TOR node, posts threatening messages and when police comes say "hey i am humble TOR node owner, look somewhere else"?
> why would you dispatch a SWAT team SWAT was just an example.
Whatever law enforcement agency that investigate your case.
>You can see if the IP is on the list
You have to know there is such thing as TOR exists & see first part of the comment.
If you're savvy enough to run a Tor exit node and want to post threatening messages, why wouldn't you use Tor yourself?…
But anyway, at least in the United States, everyone is "innocent by default" - that is, until proven guilty beyond a reasonable doubt. If the presence of a Tor exit node, or an open proxy, or an open Wi-Fi network, or any number of other things makes an IP address insufficient evidence by itself, well, that's too bad. It may still be sufficient evidence to launch an investigation into the owner of the Internet connection, to gather more evidence - but even then, the standard is based on the likelihood that they committed the crime, not something about incentives to run exit nodes.
The presumption of innocence only applies to the jury. Even with it, you can be arrested and the prosecutor will make the best possible case against you. It does not apply to anything that has happened in this story so far.
I would suggest that anyone who is in the business of identifying people based on their IP, especially for criminal matters, should be aware of Tor. Doesn't have to be every beat cop, but whatever process allows a police officer to turn "this is the IP address the suspect used" into "this is an address/person associated with that IP address" should have "Be Aware - this IP address is the endpoint of an anonymizing service and so there's really no way to associate it to a single person."
Kinda like how if you are given a physical address and it turns out to be a public park or something, you think, "Oh, this is different in kind than a private house" rather than just finding whoever happens to be standing in the park and taking them down to the station for questioning.
So the best thing is, don't run a TOR exit node with a network connection registered with your name.
Because you are allowing them to speak on your behalf by running a tor exit nodes.
It's that simple.
This may be a little far-fetched - there's likely easier ways to generate pretext - but it might be something for owners of Tor exit nodes to be aware of.
From that perspective, your theory is not so far-fetched because it's not like the Russian government went through a lot of effort to frame this activist in particular. Any other Tor user would do.
But not only russian also a lot off countries are insufferably.
It is terrible that they arrest one foss activist and no all the others.
It sound as winds of change in the perestroika days, or one inverted version of it.