Tor-linked nonprofit raided by police

On 20 June, at 6:00 a.m., German police knocked on the doors at the homes of three members of the board of directors for Zwiebelfreunde: a non-profit organization whose name, in English, translates as “Onion Friends” and which operates Tor services for

On Wednesday, the group said on its blog on – which is one part of a large, decentralized network of Tor nodes – that police seized most of the group’s electronic storage equipment: disks, laptops, PCs, GnuPG Smartcards/Yubikeys, and mobile phones.

In a coordinated set of raids, police also ransacked the group’s registered headquarters in Dresden – which is the group’s lawyer’s office – and the home of a previous board member.

Der Spiegel reported on Wednesday that police also seized a number of documents, including paper receipts identifying donors and membership lists for previous years. Police also raided the Augsburg headquarters of the Chaos Computer Club (CCC).

Well, so much for striving to promote anonymity, privacy and security on the internet.

As Der Spiegel notes, Onion Friends has for years been collecting donations on behalf of alternative and non-commercial providers whose confidential communication services are used by social movements worldwide.

That, obviously, is “the only reason why the German investigators went so far against the club,” the newspaper said.

The raids were reportedly sparked by the Munich Attorney General’s search for the authors of a left-wing blog, Krawalltouristen, which translates to “riot tourists.” Police claim that the blog called for violent protests aimed at the annual convention of the right-wing Alternative for Germany (AfD) party, the largest opposition party in the German parliament.

But German police didn’t bother to go after the email provider behind that email address, which was As Zwiebelfreunde tells it, the group has a partnership with Riseup Labs, a US non-profit focused on technological research, development, and education for the purpose of furthering social justice and supporting social movements. Onion Friends manages donations to Riseup Labs and says the two groups collaborate to spend the money on software development, travel reimbursements and Riseup’s Tor infrastructure.

From Onion Friends’ post:

None of us had even heard of [the riot tourists] blog before!

In lieu of raiding Riseup Labs offices all the way across the pond, German police went after people associated with Zwiebelfreunde, the group says.

When police rang the doorbell at the apartment of Onion Friends co-founder and board member Moritz Bartl, they told him that they wanted to find out the identities of the riot tourists blog authors. But as ZDNet reports, besides taking the computer equipment and storage devices, plus the paper documents revealing donors’ names, they also seized unrelated property, including Bartl’s wife’s unencrypted Android tablet with personal photographs and emails and an external hard drive storing photographs.

This is the list of things that Onion Friends believes was not affected by the raids:

  • any Torservers related infrastructure: Tor relays, mail servers, web servers.
  • any of Riseup’s infrastructure (Onion Friends has nothing to do with that, it says).
  • or other cryptoparty related infrastructure.
  • PGP keys, SSH keys, OTR keys, etc.

Police seized mobile phones, but Onion Friends said that even if investigators manage to break into the devices, the phones don’t contain login data or anything else affecting the group’s infrastructure or communications. Still, Onion Friends revoked its shared contact PGP key and intends to replace more keys and passphrases over time.

Here’s the list of what was affected by the raids:

  • Documents related to the group’s Riseup bank account (which police also seized from its bank), starting from January 2018.
  • All printed documents relating to its own and partner projects since the inception of the association in 2011. That includes the “highly sensitive” personal data of donors, the’ identities of activists who received reimbursements or payments, and a list of its members.

The upshot, according to Onion Friends:

If you have ever donated to Torservers, or Tails or Riseup via a European bank transaction, your data (IBAN account number, name of account holder, amount and date) is very likely now in the hands of the German police.

The group’s lawyers tried to get Onion Friends’ equipment back, including equipment that it doesn’t even own itself. Police refused, the group said. Zwiebelfreunde is taking the police to court over that and other issues, including a claim that police didn’t adhere to seizure of specific items mentioned in a warrant.

From the group’s post:

We argue that even the original warrants and seizures were clear overreach, and that this was used as an excuse to get access to member data and donor data. We have nothing to do with Riseup’s infrastructure. During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the “ruckus tourist” blog. None of us had even heard of that blog before!

Bartl isn’t a defendant in the case; rather, he’s a witness. He told Der Spiegel that he and others at Onion Friends have been unable to return to work since the raids:

Normal work has not been possible since then.

I had to take a vacation. We are still trying to process what happened.

German police declined to comment on the case when contacted by Der Spiegel. As far as the office of the Munich Attorney General goes, staffers told the newspaper that the people affected by the search weren’t suspicious, and that law enforcement is still evaluating the confiscated computers and data media.

Der Spiegel also reports that the raid on Bartl’s project, OpenLab, in Augsburg produced a bag of seized items that included an item created by a 3D printer. It wound up in a bag of seized evidence, labelled as “causing explosive explosions.” You can see it in all its nonexplosive non-explosion action on YouTube as it launches plastic rockets across the room.

You can see how police figured they shouldn’t take any chances when it comes to heading off terrorist acts: its inventors dubbed that cute gadget “OpenLab F-Bomb Launcher.”

Do the raids reek of prosecutorial overreach? Were they reasonable acts for investigators trying to prevent violence? Are they yet another assault on people’s attempts to maintain privacy, anonymity and security? …or are they all of the above? Readers, your thoughts are welcome, as always.