A man who operates an exit node for the Tor anonymity network in Russia has been arrested for posting incendiary comments on forums – under suspicion of trying to incite mass riots and terrorism. This move is a sharp reminder of the risks people face by helping to run the Tor network.
Dmitry Bogatov, 25, is a mathematics teacher for graduate and high school students who also develops free software and is a staunch privacy activist. To this end, he operates an exit node for Tor from his home in Moscow.
Police arrested Bogatov in early April and seized all the computer equipment in his home. They claim that he had been posting messages on the forum sysadmin.ru that were inciting violence, such as a message on 29 March that encouraged people to turn up at Red Square in Moscow on 2 April to protest... bringing bottles, fabric, gasoline, turpentine and foam plastic.
The Tor anonymity network (named after The Onion Router project) consists of software that shields and redirects internet traffic through a worldwide network of relays.
It is comprised of volunteers who set up their computers as Tor exit nodes, in order to offer at least three layers of encryption, whereby the source and the final destination of the Tor path is completely anonymised.
The network is used both by people who have privacy concerns and don't want governments and internet service providers (ISP) to be able to spy on their activities online, as well as by others who have nefarious purposes in mind – for example, people who want to obtain firearms, narcotics and counterfeit goods from secret underground marketplaces on the Dark Web.
Whatever anyone does, their activity points back to the exit node
The issue is that if you use Tor, then the IP address the website you post on sees is the IP address of whichever exit node your web traffic came out of. When the police traced the author of the messages, which were written by a user called 'Airat Bashirov', the IP address pointed at Bogatov's exit node.
On 7 April, Bogatov's lawyer argued in Moscow's Presnensky Court that he was innocent, and that the actual poster had been using the Tor network to shield his IP address. He also said that the court could not preemptively incarcerate someone who had not carried out an illegal action, as no riot had been carried out, according to Russian news site Meduza.
Judge Evgeny Naidenov agreed to release Bogatov, on the condition that he was not to travel out of the country. However, that night, Russia's Investigative Committee levelled two new charges against Bogatov, this time accusing him of trying to incite terrorist activities and using the internet for terrorism, so Bogatov's detention was extended by another 72 hours.
After being interrogated until dawn, Bogatov then appeared in court again on Monday 10 April, where he pled not guilty to the charges.
"I am innocent. On the day mentioned in the charges I was in a fitness club together with my wife. After that I went shopping," Bogatov said, pleading not guilty, according to Russian news agency Tass.
Bogatov to be detained for another two months
Despite CCTV footage seen by Bogatov's mother that shows he was shopping in the supermarket with his wife, and the fact that user Airat Bashirov has continued to post in the forum – his most recent post was on 11 April, meaning it can't possibly be Bogatov – the courts ruled that Bogatov be remanded into custody at the pre-trial detention centre for two months, until at least 10 June.
The idea is to give the Investigative Committee time to comb through the electronic devices they confiscated from Bogatov's home, in order to try to prove that he was the one posting the incendiary messages.
Ever since Tor became popular as a service for anonymising web traffic to preserve privacy, there have been numerous cases of people being arrested or raided in various countries including the US, Australia and Germany.
Law enforcement investigating embezzlement, child pornography and illegal drug trading trace IP addresses to the residences of Tor exit node operators and then conclude that they must be the criminal.
Anyone can become an exit node operator but, depending on where you live, it might be safer to host such a node in an external server, rather than allowing connections from your own PC.
You may be interested in: