I think that regardless of the touchy subject, the question of the author is fair as stated in the article:
"Is there a limit on how many different places can be searched under a single warrant while still satisfying the requirement that the warrant describe the “place to be searched”? Can a single warrant justify a search of thousands or even (hypothetically) millions of computers, all used by different people who don’t know each other? At what point does the use of a single warrant to search many places make the warrant a general warrant that the Fourth Amendment prohibits?"
Using his analogy it seems more like you sent an invitation which the fbi returned to sender with a gps device. The FBI didn't search the unsent letters, they returned one that sent itself.
Where there not a similar case where then police bugged a car with a gps device, without a warrant, and the supreme court decided unanimously that police agencies must obtain search warrants before they can install GPS tracking devices on the vehicles of suspects?
It also seems to miss the point. If a person has a hidden identity and a stalker breakers into the post officer in order to obtain the protected address, is the stalker committing a crime towards that person or can they just claim that addresses "is public" because the sender "voluntarily shared the information". The fact that the sender has protected identity should give a strong hint towards their intentions, even if the knowingly used the postal service.
If the FBI used a sybil attack and only passively gleaned the information as the "letter" came past, rather than do a breaking and entering, would it change anything? We could still distill this legal issue as intentional protected information being knowingly intercepted without a warrant. It would be a interesting case, but first the court need to decide if planting malware on citizens computers need a warrant or not.
> Always be going through at least a burner VPN purchased with prepaid-card(bought with cash) or bitcoin.
While good advice on how to obtain a VPN for say torrenting, this won't really add anything over TOR. Modern anonymity breaks generally work by getting code to run on your local system, and extra layers of transport wrapping won't really change that.
> if absolutely necessary to be done in those locations use cash bought 3G
First, you should assume that phone companies are indefinitely retaining precise location logs (after all, they are historic state surveillance organs). Second, lesser police will have no problem getting a rough location and then using something like a stingray to hone in on your location.
There is no "absolutely necessary". Either the threat model is low enough to do it from your standard connection (like casual downloading), or you're going to have to leave the house. The one exception is finding some wifi you can access with a directional antenna, and even that you're most likely going to develop lazy opsec that will support you eventually being direction-found from the AP.
Of course this level of paranoia doesn't really apply to your average web browser, and they should take the easier steps to preserve their own anonymity against commercial surveillance. We need a lot more of this.
>Modern anonymity breaks generally work by getting code to run on your local system
Would you have any reference to specifics on this? Fine if not ofc, just genuinely curious.(and agree that you're right)
Yes though, I would not recommend using a local machine to browse/etc
E.g. contrived:
Local->VPN->ssh/vnc/etc to a temp box->tor->internet
In this scenario, if the box is found and compromised before it's wiped, the anonymity of the VPN is important.
Regarding using a sim, they can only get rough location from tower usage/signal strength(I wasn't talking about using a burner phone, just the sim+a dongle(careful buying these)). Agreed this can get more granular quite quick, depending on area between neighbors it could be specific enough right away.
Like I said, last resort, shouldn't happen. I should have stated destroy sim after use, don't get lazy and reuse.
>Of course this level of paranoia doesn't really apply to your average web browser.
Agreed heh, hope we have more general awareness/prevention of commercial surveillance as well.
Since we're in the mood for unsolited amateur advice on how to communicate with regard to criminal acts...
I generally try to leave organised crime to organised crime syndicates. And governments, of course.
If you have to do any anonymous communication, with people you can't authenticate the identity of, over the internet, you're doing crime wrong, should assume the other party is a government plant / agent / honeypot, and should quit while you're ahead. Preferably before you start.
This very case. From the first link of the article:
> According to the Playpen warrant, when a visitor logged in to the site with a username and password, the NIT would be secretly installed on the visitor’s personal computer. The NIT would then send the government identifying information about the user’s computer, most importantly the computer’s true IP address from inside the user’s machine.
The way this is worded, it could either be a sandbox exploit or just javascript taking advantage of eg defects in webrtc. But either way is local code execution.
I would be interested in any examples where this method wasn't used to track down TOR users. I know that lately there was some bomb threat at a university through TOR, and the university investigated the single user with outgoing TOR traffic at that time. But that feels like a rare exception.
I'm sure global passive adversary packet correlation attacks are being done by NSA et al, but domestic law enforcement isn't likely to see the proceeds of those. And if they were given a lead from them, the details would be parallel constructed anyway.
I may be wrong, but I don't necessarily see this as a place to give tips about doing our getting away with illegal activities, even if it is directly related to the article.
The main reason I posted this at all was because the article implies that properly configured TOR is safe. I personally would not trust it in the slightest against a well-funded, especially nation-state adversary.
To be perfectly honest I'm fine with the karma loss, even with a ban; it will just mean it's time to move on.
As far as countries that consider anything illegal well that's a problem but these precautions won't really help if you are caught using VPN where it is illegal it's a crime in its own.
Overall suggesting to use TOR for illegal activities is stupid, TOR has a bad enough rep as it is.
One of the main purposes that Tor is often touted for is for use by people in oppressive regimes that have different views on human rights than us.
This activity would very likely be illegal in those regimes.
Even in the USA there is a long history of activists engaged in activities that were illegal at the time but morally correct(when viewed in hindsight, since morals shift over time) -- would your comment 'Don't do illegal stuff period?' apply to them as well?
Well, ultimately it should be used for general purpose anonymous browsing (i.e not logged in or logged into an pseudo-anonymous identity) since those activities help shield those that truly need the security.
Oppressive laws might force fair people to use Tor, so it'll help other tor users to stay hidden.
What country has laws against Tor, anyway? I never heard anything about it. I know that some countries blocking Tor traffic, but not forbidding it specifically.
I don't have the data to know this for certain, but I find it hard to believe that this main purpose of Tor of which you speak is really true.
Surely the most numerous users of Tor are Americans and Russians downloading pirated media and porn.
Didn't the Tor Project only recently align itself with this purported main purpose and that people then argued it was a stupid move because Tor shouldn't have a politcal agenda as that just draws attention to people who might use it for political purposes.
>Surely the most numerous users of Tor are Americans and Russians downloading pirated media and porn.
Tor is extremely slow and laggy. It would be excruciating to try to watch a pirated video over Tor. Same with porn. Unless it's significantly illegal, both those activities would be better done over a VPN. As far as I know, no one has been arrested for just downloading pirated content.
Nothing I said precludes that, or recommends breaking the law.
I, of course, always act with the highest level of integrity in my day to day life; so nothing here applies to me :^), sounds like you're the same.
Generally agreed, most laws exist for good reason and should be followed.
>Overall suggesting to use TOR for illegal activities is stupid
Disagree, perhaps some illegal ones(e.g. drug buying referenced above), certainly not others. Illegal doesn't always mean evil, sometimes it's the opposite.
"Is there a limit on how many different places can be searched under a single warrant while still satisfying the requirement that the warrant describe the “place to be searched”? Can a single warrant justify a search of thousands or even (hypothetically) millions of computers, all used by different people who don’t know each other? At what point does the use of a single warrant to search many places make the warrant a general warrant that the Fourth Amendment prohibits?"