Cops Demand Google Data On Anyone Who Searched A Person's Name... Across A Whole City

Discussion in 'privacy general' started by Minimalist, Mar 17, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    7,370
    Location:
    EU • SLO
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,851
    This follows, I suspect, from precedents set in the PlayPen cases, allowing local judges to issue national warrants.
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,499
    It appears it is a broadband warrant for the entire city of Edina, Mn.
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    I find this interesting to the extent to which it appears to be quite narrowly framed. Perhaps the test of this is how many results would be obtained. If it were a handful, perhaps that's justifiable, though does rely on your trust that LE will properly exclude and expunge false positives. And the trouble is, given the behavior of the TLAs and LE (over-reach etc) - that trust is negative.

    On the other hand, this does have the strong whiff of general warrants.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    Darn, I hope I didn't search using that person's name. If I did they are hot on the trail of my tor exit node IP. LOL! In a more serious observation this is concerning. This makes me consider installing openvpn on my home router. A family member might click on, or query something thinking its curious only to trigger an investigation like this.

    I had a family router crap out on me and now I am in the situation of pro appliance vs upper home router (Asus merlin) setup. Advanced wireless speeds are critical as several devices use 5ghz AC with MIMO. Pfsense seems to be lagging on advanced wireless with MIMO. I will start a separate thread on this. Not trying to fracture this one. Just sayin.
     
    Last edited: Mar 18, 2017
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    @Palancar - yes, my attitudes have also undergone a sea-change to the extent that the risks of false-positives and the erosion of trust and even basic ethics makes it more dangerous than it was to avoid sticking out. The extra-territoriality of laws is also deeply troubling.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    I fully concur where/when a VPN is in play. At this point, I still feel raw TOR usage and "sticking out" (your term) is a greater danger than random false positives. To cloak that dilemma for myself, I simply always use VPNs, with SSL wrappers, in front of TOR. I gain the best of both worlds. MY ISP has no clue I use TOR.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,851
    Yeah, same here. Most people use VPNs for torrenting and streaming. It's good cover, and free entertainment.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    Well it's my view that, although VPN use isn't going to mean immediate demerit, it'll have the effect of degrading your LE "score". Who knows if they won't in future do a little auto-implant and scan if you use a VPN.
     
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852

    """ do a little auto implant and scan ''''' ?

    Were you meaning they would collect or database users that employed VPNs? The term auto-implant lost me, but that doesn't take much, LOL! To me the term implant would more indicate placing something upon my hardware and then using it to scan from within, so to speak. That would be way over the line, and in fact I would hope that I would notice, or at least they would get caught with a move like that.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    I mean, auto-hack. These days, their offensive tools are automated, there is nothing technical to prevent this. The trouble is, experience shows that what is technically possible, they will do, sooner or later.

    They could just treat it as a reconnaissance, maybe do a phishing attack, whatever, just to fill in their rating with a bit more data. The point being that human judgement is nowhere to be seen.

    I'm not sure you'd pick it up, or could distinguish it from any other bad actor.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,851
    Well, that's why you compartmentalize. Even if this VM was pwned, my other VMs would be OK. Unless they deployed a VM breakout exploit, which seems unlikely for broad use. Also, there's nothing on this host machine that links to my real identity. And the machines that I do use as my real identity are on a different LAN. And if I'm doing anything weird, I use a different host machine, or use a VPS.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    But Mirimir, your response ASSUMES they are coming at you through the exit node side. That is not really the way this thread reads, or even if I am wrong, doesn't always apply. If a mass VPN "dragnet" surveillance was happening they would be noticing VPN use on your ISP end. Now they are coming at you via the ISP side of the tunnel, and that may in fact be a more likely thing than the exit node side. Your ISP confirms a USA (example here) connection. If its a USA agency they would be better served than tracking an exit node side that could be anyone on the planet. I am just hoping that deBoetie has over-estimated the immediate capabilities of those guys, regarding a mass dragnet approach that can "walk through" any firewall without issues. Not a singular target where lots of time is spent and dedicated to penetration, but a mass collection.

    Following up on the nothing on the host linking to you: I use the exact same approach, and yet don't we ultimately have connections to our ISP, albeit it many hops back down the trail? Unless I have a supremely sensitive matter I don't drive to a hotspot.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,851
    I'm not worried about getting pwned on the ISP side. There are no open ports. Plus perimeter firewall and iptables on the host machines. So I doubt that anything malicious could get through. They could pwn the VPN provider, I suppose. But my primary VPN provider has been around the block a few times, and I trust them well enough.

    So the major threat for me is arguably malware in VMs.
     
  15. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    No question the exit node side of the tunnel is where most "crap" gets in on systems. I have been looking through my IP tables for a few weeks now, and while I agree that its unlikely for an ISP side attack, are we being remiss or just assuming we are OK at this point? I have spent hours trying to visualize and examine ways in from the ISP side. Once my system is up I don't see one either. The "3 letters" are so powerful though I wouldn't see anything until its too late. Not losing any sleep on this, just pausing once and awhile and giving due consideration that a tunnel has two ends. Know what I mean? LOL!
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    I think I was considering tunnel independent attacks rather than deconstructing the chain. Either because they own or can MiTM clearnet web servers (we know this is done through Quantum Insert for example), or else because they have taken over a hidden services & can do the same thing.

    As @mirimir says, this makes the integrity of the VM guest more important, but at least it's raised the bar.

    I think the prospect of the ISP-based attack is less likely, provided the chain and compartmentalisation is done well.
     
  17. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,096
    Location:
    UK
    Personally I couldn't give a ****, I don't carry out any criminal activities on or offline, if authorities can gain information to solve assaults, murders and frauds via google and such, good on them. I hope convictions via such methods lead to appropriate punishments.
     
  18. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,362
    Location:
    UK
    Clearly do not "give a ****" about false positives either.
     
  19. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    Compartmentalization is key. Part of how I define that for my personal use is compartmentalizing my partition of trust. The VM scenario is important, but what appears equally important is spreading access to the mother load (gaining a user's actual ISP raw connection, aka REAL NAME) among multiple providers. In addition to compromising the actual activity each and every VPN/TOR provider would need to be pwn'd before the pieces can be connected and/or find the aforementioned "mother load".

    I am not going to fight or argue with others on these types of threads, where there seems to be no concern about having oversight readily available. I don't grasp the notion of 100% acceptability to pull back the curtain on any user at any time. I never will, but to each his own. I feel this runs like Bitcoin threads. There is this underlying assumption that a user of BTC is always a criminal, just like those that want to remain "hidden" on the web. If someone takes the time and money to find me they will quickly realize they have found a boring individual, but one that loves privacy and secrecy just "because" I can.
     
  20. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,096
    Location:
    UK

    Of course I do, miscarriages of justice have been around long before the Internet..I'm saying I, me, personally have no problem with the government, police having information on ME. Its something of concern to some and isn't to others..I would be more than happy to voluntarily offer my DNA to the police right now, I would also like to see compulsory citizenship cards introduced in the UK:thumb:


    Anyway, I've said all I need too here, I'm out once the petty assumption and borderline insults start:argh:
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,852
    I respect and admire your opinion, just so you know. My DNA and fingerprints are already on file with several agencies. Carrying a weapon and other licensed activities required it. For that I had no issues. Lets not beat this up. If I had anything to do with your being "out" of this thread I apologize.
     
Loading...