Feeds

Victim of Tor-hidden revenge smut site sues Tor Project developers

But EFF lawyer says deep-web team 'no more liable' than web server makers

Internet Security Threat Report 2014

The Tor Project has found itself on the receiving end of a lawsuit that claims the privacy software's developers aided a revenge porn slinger.

An attorney at the Electronic Frontier Foundation (EFF) told The Register the allegations against the Tor team are baseless.

In a lawsuit, Shelby Conklin accuses the Tor Project of demonstrating "continued tolerance and endorsement" of PinkMeth, a cruel website that features nude photographs of women posted online without their consent.

Her court documents – filed in Denton County, Texas, seeking $1m in damages – allege the Tor Project was "hired" by PinkMeth's administrators "for the express purpose of escaping liability."

At the heart of the matter, Conklin claims "PinkMeth gained unauthorized access to nude photographs" belonging to her "and posted them on the world wide web."

The main website for PinkMeth is hosted within the anonymizing Tor network as a hidden service, meaning it cannot be reached without using a Tor client and its exact IP address is secret.

"They [the Tor Project] were named as a conspirator in the lawsuit based upon our belief that they were hosting PinkMeth or providing it with services that have allowed its operators to continue to escape justice," Conklin's attorney Jason Van Dyke said in a statement [PDF].

The lawyer noted that an Austrian man who operated a Tor exit node was this month convicted for allowing pedophiles' child sex abuse material to flow through his systems; exit nodes are the link between the Tor network and the public internet.

Van Dyke reckons that decision sets a precedent for finding the Tor Project liable. But the attorney suggested the Tor developers could be dropped from the suit before the matter is brought to court.

"We are still working to determine what degree of control, if any, Tor has over those who use Tor hidden services and to what extent they may be able to provide us information regarding those responsible for publishing PinkMeth," he said.

A spokesperson for the Tor Project declined to comment to El Reg, citing a policy against speaking on active cases.

Kurt Opsahl, deputy general counsel at the EFF, which has worked closely with the Tor Project in the past, believes that the development team is not liable.

"It is a software product that provides a valuable anonymity tool for online communications, and should be no more liable than any number of tools, from web servers to email clients, that may be used or misused by third parties," Opsahl told The Register.

"Alleging a conspiracy is not sufficient to create liability where there is none."

Revenge porn sites, which jilted lovers use to post compromising images and videos of their former partners without permission, are in the firing line after legal complaints by victims. This month, two members of the UK House of Lords introduced legislation to criminalize the posting of "intimate" images without consent. ®

Internet Security Threat Report 2014

More from The Register

next story
BIG FAT Lies: Porky Pies about obesity
What really shortens lives? Reading this sort of crap in the papers
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.