←back to thread

Man jailed for parole violations after refusing to decrypt his Tor node

(reddit.com)
988 points heavyset_go | 9 comments | 16 Sep 25 12:10 UTC | HN request time: 1.265s | source | bottom
1. 1970-01-01 ◴[16 Sep 25 13:31 UTC] No.45262018[source]
It's very important to get the official source on this one. Husband was legally restricted and being monitored by the FBI, so he decided to go install a VM to bypass the monitoring. It's not so much bravery against authority as it is hubris that got him 3 years.

https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...

replies(2): >>45262767 #>>45263274 #
2. NotMichaelBay ◴[16 Sep 25 14:31 UTC] No.45262767[source]
Since it seems to have been glossed over in the court transcript, can anyone explain how exactly a VM or client for remote VM could be used to bypass the monitoring?

Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?

replies(2): >>45263225 #>>45263261 #
3. nusl ◴[16 Sep 25 14:59 UTC] No.45263225[source]
A VM would bypass monitoring software installed on devices the person uses. A VPN would obscure their traffic such that it is encrypted and not easily monitored. Even something like SSH is encrypted and not straight-forward to monitor, so a VPN isn't required to do this anyway.

A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.

User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access

^ Monitoring is here, but may not capture the rest of the chain

Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.

There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.

replies(2): >>45263441 #>>45263869 #
4. Almondsetat ◴[16 Sep 25 15:01 UTC] No.45263261[source]
Monitoring software installed at the OS level can monitor both traffic and what applications generate it. But if the traffic is coming from a VM, it can only do the former.
5. MadnessASAP ◴[16 Sep 25 15:02 UTC] No.45263274[source]
Yeah, that is a significantly more damning then what was given by his wife on Reddit. While SPICE is a normal means to interact with VMs, the defense couldn't offer any legitimate reason for him to be using one. They didn't even make an attempt to. They only established that the monitoring company couldn't say for certain that it was used explicitly to bypass the monitoring.

Also that it occurred right after the search mentioned on Page 28. It's a really bad look.

6. NotMichaelBay ◴[16 Sep 25 15:14 UTC] No.45263441{3}[source]
Okay, that makes sense. But the monitoring software should capture the connection request to the VPN or Remote VM?
7. rnhmjoj ◴[16 Sep 25 15:48 UTC] No.45263869{3}[source]
> A VM would bypass monitoring software installed on devices the person uses.

Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.

replies(1): >>45274392 #
8. dns_snek ◴[17 Sep 25 11:23 UTC] No.45274392{4}[source]
It's possible to pass PCI devices directly to the VM at which point they don't exist as far as the host OS is concerned. You can pass an entire USB hub to the VM and anything plugged into it is invisible to the host OS (at least by default).
replies(1): >>45286378 #
9. rnhmjoj ◴[18 Sep 25 06:53 UTC] No.45286378{5}[source]
Ok, but you certainly need root privileges to do that, in that case you could bypass the monitoring software in many other ways.