Coordinated raids of Zwiebelfreunde at various locations in Germany

Mi 04 Juli 2018 by moritz, juris, qbi

Update July 10th: Last week Monday, prosecution stated that they will keep our things for further analysis, even after explicitly confirming to journalists that they are aware that our only connection to Riseup is the collection of donations. This includes items belonging to our partners, and other third parties like companies we work for. That same Monday, after the AfD party convening, our lawyers filed for immediate sealing and suspension of analysis until a court decision. Everything else is pending on that, and for now it looks like there are no further legal steps we can take (yet). The two of us who have not been interviewed yet (because they were not present during the raids) have been asked to give further testimony, which they will do during this week, together with our lawyers. This is not over.


On June 20th, police raided five locations across Germany, nicely coordinated at 6:00 in the morning: The private homes of all three board members, Jens, Juris and Moritz, our registered headquarters in Dresden (a lawyer’s office), and the home of a previous board member.

Please check the bottom of this page for links to various press reports about these raids detailing what happened. We will update that section regularly.

The brief summary is that a German left-wing blog “Krawalltouristen” (ruckus tourists) called for protest actions around the right-wing AfD party convening in Augsburg, Germany. Law enforcement argues that this includes calls for violence.

The German police were interested in finding the authors of said blog, and deemed it appropriate to not ask for information or go after the email provider the blog happened to be using, riseup.net, but after the German entity Zwiebelfreunde.

Zwiebelfreunde has a partnership with Riseup Labs, a US non-profit, and manages donations via European wire transfers for the Riseup collective. We spend the money in collaboration with the collective on software development, travel reimbursements, and for Riseup’s Tor infrastructure.

We will update this post as the story evolves. For more details, please see publications by other media.

What data is affected, and how?

First of all, here’s a list of things we have strong reason to believe are not affected, and can still be considered safe:

  • any Torservers related infrastructure: Tor relays, mail servers, web servers
  • any of Riseup’s infrastructure (because we have nothing to do with that)
  • cryptoparty.in or other cryptoparty related infrastructure
  • PGP keys, SSH keys, OTR keys etc

They seized most of our electronical storage equipment (disks, laptops, PCs, GnuPG Smartcards/Yubikeys), but it is safe to assume that they will not be able to break the encryption (or the smartcards). They also took our mobile phones, but even if they were to break into them, no login data or anything else affecting our infrastructure or communications is stored on those phones.

We nevertheless revoked our shared contact PGP key, and will replace more and more keys and passphrases over time. Our new key is 0x74A312092938F2F0, signed by our previous key.

So, what is affected?

Apart from encrypted media, they had the legal right to seize documents related to our Riseup bank account starting from January 2018. They also went and got those from our bank, the GLS Gemeinschaftsbank. However, we have to keep records and receipts of all expenditures for tax reasons. These documents were “safely” kept in a secure fire-proof safe.

Despite our protests, they additionally seized all printed documents relating to our own and partner projects since the inception of the association in 2011.

This includes highly sensitive personal data of donors, identities of activists that received reimbursements or payments, and a list of our members.

If you have ever donated to Torservers, or Tails or Riseup via a European bank transaction, your data is very likely now in the hands of the German police. (IBAN account number, name of account holder, amount and date)

We did everything in our power to avoid a data breach like this, and are now doing everything we can to fight it:

  1. Our lawyers kindly asked for our equipment back. Most of the equipment does not belong to Zwiebelfreunde, and some of it is not even ours. They refused. We are now going to court over this.

  2. The warrant lists specific items. This was not respected.

  3. We argue that even the original warrants and seizures were clear overreach, and that this was used as an excuse to get access to member data and donor data. We have nothing to do with Riseup’s infrastructure. During the raids, the police forces clearly gave the impression that they knew we had nothing to do with either Riseup or the “ruckus tourist” blog. None of us had even heard of that blog before!

We are grateful for the quick and unbureaucratic financial support by Renewable Freedom Foundation, the logistical support of the Chaos Computer Club, and all the kind offers of help by various communities. Thank you!

If you’re not afraid to donate to accounts that are probably being monitored, you can still do so, at https://www.torservers.net/donate.html.

Press Coverage

English

Dutch

French

Portugese

Spanish

Japanese

Luxembourgish

Danish

Greek

German

Audio

Video


To comment use our mailing list or visit us on IRC (irc.oftc.net #torservers).