Tor is an anonymous routing technology, not a method for hiding the content of communications itself. When users access a desired webpage (like google.com) from their computer, additional relay points (nodes), such as other computers, are added to the communication path. This path encrypts all content except for the exit node (the final access point) to maintain anonymity.
Nodes are crucial for anonymous communication through Tor, operated by volunteers and organizations that support the Tor initiative. Recently, "ODN" learned that one organization running an exit node, Germany's "Artikel_5_e.V", reported on September 8, 2024, on the Tor Project forum that they were 'raided by the German police.'
In the official forum discussion group of the Tor Project, user "Artikel_5_e.V" posted a topic email stating that as an organization operating Tor exit nodes, their registered address and office were raided again by the German police.
The user mentioned that on August 16, 2024, the German police raided their organization's registered address and office once more. The first raid had occurred in 2017. It appears that there are still individuals within German law enforcement who believe that raiding operators of Tor exit nodes (non-governmental organizations) could somehow deanonymize individual Tor users, at least according to what the police have documented.
Fortunately, like the first time, the German police raid team was better educated and acted more reasonably than the non-technical officers who applied for the raid and the judges who signed off on it. Thus, no hardware was seized once again. Apart from a burnt-out relay node and some billing documents related to the exit node, the raid team left almost empty-handed after a search lasting an hour and a half. The organization plans to legally challenge and question the search warrant to prevent such incidents from recurring.
The user stated that this was yet another instance of spending an hour and a half in their private living room with armed police, being threatened to effectively destroy the livelihood and software business of a board member of the nonprofit (by hauling away a truckload of hardware) to coerce cooperation.
The user wrote that as long as the organization continues to run Tor exit nodes, they face the risk of more police raids. Consequently, he is no longer willing to provide his personal address and office space as the registered address for the nonprofit/NGO, stating that he no longer wishes to take on that risk.
"Artikel_5_e.V" has called for a general meeting of the organization on September 21, 2024. They are looking for new board members to take over, organize a new registered address, and continue running Tor exit nodes, or to discuss all alternative options. These options include "ceasing operation of Tor exit nodes" or even taking the most drastic measures, which would involve liquidating the entire organization and distributing the remaining budget to other German organizations (which must comply with their nonprofit charter).
The email concluded by stating that details about the meeting time and location can be found at "artikel5ev.de", although the website is currently inaccessible. The organization intends to provide a live video stream primarily for its members and interested individuals unable to attend in person. However, the event/live stream will be in German only. The details of the live stream will be announced on the website shortly before the event. Anyone planning to attend in person should send an email in advance to arrange a suitable room.
In response, user "edm0nd" posted on ycombinator explaining that one reason he stopped running any Tor exit nodes was harassment from law enforcement. He had previously operated some exit nodes for about five years. During this period, his hosting service provider (DigitalOcean) received three subpoenas asking for his account information.
According to "edm0nd," these subpoenas stemmed from three criminal activities where cybercriminals used the IP of his provided exit node: the first was someone sending bomb threats to a university; the second was someone sending a phishing email; and the last and most severe was when some state-backed hackers from Qatar used his exit node's IP to hack into email accounts of individuals they were interested in, monitoring and stealing information.
"edm0nd" said he was fortunate that the Tor Project and EFF could help him for free. His assigned EFF lawyer assisted in fighting the subpoenas, but ultimately, he had to hand over his account information to the Department of Justice and was required to provide an affidavit declaring himself merely a node operator, stating that any information on the server would not be useful for their investigation. The pressure of dealing with law enforcement, lawyers, and the potential for a raid over trivial matters eventually led him to shut down his five-year operation of Tor exit nodes.
"edm0nd" also mentioned that despite having all his exits adopt countermeasures and blacklisting known malicious IPs and malware C2 information, he still inevitably became a target for law enforcement. He believes this might be because law enforcement sees individuals operating Tor exit nodes as a significant vulnerability they can target, as many operators are individuals with limited resources to fight back against legal pressures. Law enforcement can use the legal system to intimidate operators into closure.
However, "edm0nd" hopes one day to resume operating Tor exit nodes because he feels that contributing to global privacy and freedom is a meaningful endeavor.
In the comments below this post, many users commented that while providing Tor exit nodes is considered a public service that brings ideals of privacy and freedom, it also allows "bad actors to use the same infrastructure to evade investigation/prosecution," and indeed, any Tor infrastructure can be seen as a tool for terrorism. "ODN" actually acknowledges this view, noting that the existence of Tor and the darknet has always been double-edged, depending on how one weighs the pros and cons.
Tor's relay nodes are vital, forming the backbone of the darknet network, but exit nodes are particularly crucial. As early as 2021, over 27% of Tor exit nodes were reportedly under the control of hacker groups monitoring darknet user activity. Germany is also a major provider of Tor nodes; in 2021, about 24% of all 6519 relay nodes were in Germany, 25% of all 3634 guard nodes, and around 23% of all 1195 exit nodes were located in Germany.