US: Alaska man busted with 10,000+ child sex abuse images despite his many encrypted apps
arstechnica.com
Encryption alone won't save you from the feds.

All the recent dark net arrests seem to be pretty vague on how the big bad was caught (except the IM admin’s silly opsec errors) In the article they say he clicked on a honeypot link, but how was his ip or any other identifier identified, why didnt tor protect him.

Obviously this guy in question was a pedophile and an active danger, but recently in my country a state passed a law that can get you arrested if you post anything the government doesnt like, so these tools are important and need to be bulletproof.

  • SirEDCaLot@lemmy.today
    3·
    7 months ago

    All the crypto in the world won’t help if you do stupid stuff and have crap OPSEC.

    A big part of that is stay under the radar. If I were NSA I’d be running a great many TOR nodes (both relay nodes and exit nodes) in the hope of generating some correlations. Remember, you don’t need to prove in order to raise suspicion.

    So for example if you have an exit node so you can see the request is CSAM related, and you run a bunch of intermediate nodes and your exit nodes will prefer routing traffic through your intermediate nodes (which also prefer routing traffic through your other intermediate nodes), you can guess that wherever the traffic goes after one or two relay hops through your nodes is whoever requested it.
    If you find a specific IP address frequently relaying CSAM traffic to the public Internet, that doesn’t actually prove anything but it does give you a suspicion ‘maybe the guy who owns that address likes kiddy porn, we should look into him’.

    Doing CSAM with AI tools on the public Internet is pretty stupid. Storing his stash on cell phones was even more stupid. Sharing any of it with anyone was monumentally stupid. All the hard crypto in the world won’t protect you if you do stupid stuff.

    So speaking to OP- First, I’d encourage you to consider moving to a country that has better free speech protections. Or advocate for change in your own country. It’s not always easy though, because sadly it’s the unpopular speech that needs protecting; if you don’t protect the unpopular stuff you jump down a very slippery slope. We figured that out in the USA but we seem to be forgetting it lately (always in the name of ‘protecting kids’ of course).

    That said, OP you should decide what exactly you want to accomplish. Chances are your nation’s shitty law is aimed at public participation type websites / social media. If it’s important for you to participate in those websites, you need to sort of pull an Ender’s Game type strategy (from the beginning of the book)- create an online-only persona, totally separate from your public identity. Only use it from devices you know are secure (and are protected with a lot of crypto). Only connect via TOR or similar privacy techniques (although for merely unpopular political speech, a VPN from a different country should suffice). NEVER use or allude to your real identity from the online persona. Create details about your persona that are different from your own- what city you’re in, what your age and gender are, what your background is, etc. NEVER use any of your real contact info or identity info.

        • Artemis_Mystique@lemmy.mlOP
          0·
          7 months ago

          Honestly i believe there is no point in speculating whether there are backdoors installed in popular privacy and encryption apps; for all we know, the powers that are may already have a digital fortress’esque quantum computer decrypting everything from your signal messages to onion sites in a matter of seconds.

          I think(my personal headcanon) that there probably was a Manhattan project like top secret research project that has yielded some very fruitful results, now i guess we have to just wait for some whistleblower or a disgruntled employee to feed it a file that blows it up.

            • Artemis_Mystique@lemmy.mlOP
              1·
              7 months ago

              I didn’t deny it; its akin to a first year med student reading about all the subtle little ways that the body hints something is majorly wrong and noticing symptoms exhibit in them, I guess i am just not jaded enough to accept that online anons can just send a swat team to my house if i comment on the local weather online.

  • CheeseNoodle@lemmy.worldEnglish
    1·
    7 months ago

    Tor was always comrpomised, the point has never been to be uncrackable, the point is that tracking down an induvidual user is enough effort that it can’t just be done on mass like with normal internet traffic. If you draw direct attention to yourself then it isn’t going to save you.

    • IphtashuFitz@lemmy.worldEnglish
      1·
      7 months ago

      Exactly. Tor was originally created so that people in repressive countries could access otherwise blocked content in a way it couldn’t be easily traced back to them.

      It wasn’t designed to protect the illegal activities of people in first world countries that have teams of computer forensics experts at dozens of law enforcement agencies that have demonstrated experience in tracking down users of services like Tor, bitcoin, etc.