SoylentNews is people
SoylentNews
A federal judge for the Eastern District of Virginia has ruled that the user of any computer that connects to the Internet should not have an expectation of privacy because computer security is ineffectual at stopping hackers.
"Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public's reasonable expectations of privacy," the judge wrote. "Now, it seems unreasonable to think that a computer connected to the Web is immune from invasion. Indeed, the opposite holds true: In today's digital world, it appears to be a virtual certainty that computers accessing the Internet can—and eventually will—be hacked."
The judge argued that the FBI did not even need the original warrant to use the NIT [Network Investigative technique/Toolkit] against visitors to PlayPen, a hidden service on the Tor network that acted as a hub for child exploitation.
(Score: 1, Touché) by Anonymous Coward on Saturday July 02 2016, @08:28AM
"They" didn't break into his computer. "They" had a honeypot and monitored traffic.
But you know what? Fuck it! Declare yourself Superpatriot and get all hot and bothered instead of thinking through the line of reasoning and coming up with a reasonable counterargument.
That's so much better.
(Score: 0) by Anonymous Coward on Saturday July 02 2016, @08:38AM
My counterargument was a reasonable response to abject stupidity.
(Score: 3, Informative) by Anonymous Coward on Saturday July 02 2016, @10:05AM
In the previous story (this is a dupe) with a far more informative article:
https://www.helpnetsecurity.com/2016/06/24/fbi-doesnt-need-warrant-hack/ [helpnetsecurity.com]
The NIT also instructed Matish's and other suspects' computers to send information about the OS running on it, its name, its MAC address, and its active operating system username to the server controlled by the FBI.
Thus they did a lot more than traffic monitoring. The retarded/evil judge himself said it:
“Hacking is much more prevalent now than it was even nine years ago, and the rise of computer hacking via the Internet has changed the public’s reasonable expectations of privacy,” he opined.
Hacking is far closer to "Breaking and Entering" than peering into windows of a house.
(Score: 2, Insightful) by Anonymous Coward on Saturday July 02 2016, @03:27PM
If I read this article, it sounds like the Network Investigation Technique (NIT) does something like this:
1) Perp Attempts to access illegal image on WWW site that is controlled by the FBI with their NIT software installed.
2) NIT sends back some javascript or perhaps tickles a browser bug and instructs the browser to do something in a certain way that reveals public IP address outside of TOR and/or collects other identifying info. I am not sure what the black magic is here, but if it can be done.....
3) IP address and other info is sent back to WWW site where the illegal image resided.
If that is the way it went down, then I have no problem with what the FBI did. You really shouldn't have an expectation of privacy with respect to a WWW server if you are initiating connections to it. That is what privacy policies are all about....in theory any WWW site can put up a privacy policy that says "we will collect and use anything we can if you connect us".
Reading the TFA it doesn't sound like the computer was just sitting there minding its own business when the FBI came breaking in....
You wanna maintain your privacy, don't connect to WWW sites....just because you use TOR doesn't guarantee you a right of privacy.
(Score: 1, Touché) by Anonymous Coward on Saturday July 02 2016, @04:26PM
No, but I would have thought that a person who specifically uses the Tor browser might have an expectation of privacy.
(Score: 1) by kurenai.tsubasa on Saturday July 02 2016, @05:38PM
instructs the browser to do something in a certain way that reveals public IP address outside of TOR
This part is concerning. From a technical standpoint, how are they inspecting the computer's network interfaces, and how should I patch my browser so that it isn't affected? The article mentioned MAC address, which I understand may be used when generating a UUID [wikipedia.org]. I haven't dug into any UUID generation libraries—fairly certain version 1 isn't used widely—, but version 3 and 5 both mention using a DN which may contain the username that article says was retrieved. Version 5 uses SHA-1, which could be brute forced if I'm not mistaken. (Version 3 is MD5 so all bets are off.)
I'm pretty such just about every library hands out version 4 UUIDs. Those wouldn't disclose either MAC address or username/DN.
Here's a discussion about generating version 4 UUIDs in JavaScript. [stackoverflow.com] I'm trying to remember if Flash ActionScript had UUID generation (ugh, can't believe I still have a project written in Flex, made it just a couple years before HTML5 was ready). Looks like mx.utils.UIDUtil [adobe.com] would be the suspect. It generates version 4 UUIDs, but I'm wondering if UIDUtil.getUID(someObject) might return a vulnerable version. Meh, no way I'm bothering with setting up a Flex environment on the home computer to give it a test, will need to wait until Tuesday to see on the work machine.
Anyway, I'd have trouble finding a problem with firing off nmap -A. I would hate to think that this constitutes “hacking.” On the other hand, if Flash is the vulnerability, I guess ¯\_(ツ)_/¯. I still wouldn't tend to think it's hacking unless it's exploiting a browser bug. Wonder if we'll ever know for sure?
(Score: 2) by quintessence on Saturday July 02 2016, @05:48PM
The difficulty here is that the FBI were in control of and distributing child pornography. Big no-no as it wasn't a part of the original operation, as well as questions as to when/why the FBI gets to break the law.
The other part, if i recall correctly, is that the FBI have not revealed how they obtained the IP addresses, so there are questions as to the veracity of the evidence and even who actually accessed the site (see story here [soylentnews.org]with another court ruling that an IP address isn't enough to establish guilt).
Charges have already been dropped in several of the arrests since the FBI didn't attempt to obtain a warrant, so this seems like hail marry to see if the charges will stick.
And after all that, you can have the philosophical argument of police monitoring even though you are in a public space without just cause. It seems the police get very irate when the cameras are turned back on them, even though they are in a public space too.
I doubt the judge would take kindly to people peering into the windows of his house.