It’s unfortunate that you are getting downvoted. It’s difficult to say whether the “majority” of bad actors are using insecure communications but certainly a very large number of the ones who get caught are. Search any legal database for “Facebook,” or visit a criminal court, and you’ll find lots of examples of people who have been caught grooming children or discussing other crimes on insecure channels. Here’s is a typical child abuse example from Australia, two months ago: https://www.caselaw.nsw.gov.au/decision/5d95952ce4b0c3247d71...
A helping thought is that those that commit assault of children don't generally consider the possibility of getting caught and will use their personal phone and tools rather than technology that are safe from censorship and mass-surveillance. Sexual assault is not part of rational thinking.
The major problem is when someone want to earn money by becoming a distributor that sits between producer and consumer, like the one in the article, and those people usually do consider the risk of getting caught. There is however a silver lining in that those are quite few and tend to become major target for law enforcement and sooner or later the opsec will have a flaw. It is questionable if Internet can ever become so safe that a person can be one of a handful few that earn millions for years without giving out any clues to whom they are.
So to me this resolve conundrum. Neither criminal is likely to operate unimpeded even when the Internet become safer from censorship and mass-surveillance.
The Queensland police have form for overzealous prosecution. A couple of years ago they arrested and charged a man with publishing child-abuse material after passing on a viral video that had already been shown on national TV: http://www.smh.com.au/news/home/technology/net-video-crime-e...
Moral of the story: don't use the Internet in Queensland.
I think what's especially aggravating is the degree to which privacy and security are under assault to supposedly protect against something like this. Good people lose privacy and what not. Bad people just keep on doing terrible things and seemingly just getting away with it.
Hi Mike. I call it out specifically because crimes against children are a particular category of crime that deserves special attention from the community. Sextorting a business man with a picture of him having an affair and other $CRIMES 'should' be handled differently than the predator who drives a young teen to suicide or gets them to take pictures of their younger siblings, or face humiliation on a social network.
In the former (businessman example), a social network has a 'right' to refuse law enforcement and notify the user. In the latter example, it's my belief (which I understand isn't popular here!) that the network has a civic 'duty' not to inform the user and to assist how they can - as many of them do right now. My question has more to do with asking if social networks will examine the background of the $CRIME before notifying the user.
Phone companies recognize this distinction and, for example, will provide an emergency ping location when a child is in danger before any paper work is submitted, requiring in good faith that it will follow within 24 hours. If the following paperwork is not in order, they lose the ability to do that again.
It's a wonderful thing that the average HN reader doesn't have to deal with these issues, and disappointing honestly that real questions from someone who does are heavily downvoted. But hey, it's fine not to agree with my view.
Yes, giving access to all communications worldwide to the cops still won't help them catch the abusers that don't record and post their abuse online. Which I assume is the majority of child abuse cases.
No, here in Australia, director's information must be place of residence; although there is a process for suppression or replacement based on personal safety needs, for most that'd be closing the stable door after the horse has bolted. What's more, the information is still in the database, it's just masked in standard extracts; the data is one weak password away from exfiltration.
I believe it is most certainly victim blaming. The existence of terrible people may well induce one to recommend countermeasures, but the phrasing "stupid enough to put their personal details out there" is first-class (and thoroughly obnoxious) assignment of responsibility for bad behaviour to the victim of that behaviour. It's the same logical construction as blaming rape victims for their clothing.
As for "attract enough attention", the bar for that has been lowered in recent times to "one tweet".
These are not happy times to be a private citizen communicating online in anything but the most closed fora.
This is a specific instance of what I could see being a generalized incidence of cyberbullying now and in the future. You take X confidential information from a person and host it on a website in exchange for blackmail money. Our laws are going to have to adapt to this at some point very soon.
Unfortunately, it's extremely hard to prove allegations of abuse by skilled actors that know how to use their tools (tools that are really easy to use).
KF's lead admin states it plainly: use a VPN, because KF complies with subpoenas. If folks were committing high-end acts of terrorism against elected officials regularly, the baddies might not be safe.
But if you're a trans streamer with a small following, if the folks coordinating attacks on you are diligent enough to make sure they're doing so off-platform, behind a VPN, calling folks while obscuring their identities, and so on? There's no chance for you.
I led a team in infiltrating a small community that acted as KF does. Even with screenshots in hand, even being on Discord, the Discord T&S team couldn't do very much for us because we didn't have nearly enough evidence in hand. We had to do a public exposé with what we had in hand and basically bluff that these folks could get in trouble as a result. Only that, along with the fact that we had bits and pieces enough of their identities, got them to go away. There's absolutely no way that I can tell that anyone would be taking anyone else to court. The best we could do was make our group so hard to attack that it wasn't worth it.
How is anyone supposed to defend themselves from this?
When someone is in court on charges of child abuse, maybe we don't want them to know in case they (After serving their sentence) or their friends go for reprisals. Maybe the next child abuser might know their likely avenue of getting caught. Yet still we tell them the charges and evidence and give them a chance to defend themselves. Often in my country, given the damage such allegations could cause to both the victim and alleged (but not yet proven) perpetrator, we don't even reveal the identities of culprits until there's a guilty verdict.
If we can extend that courtesy to people accused of child abuse, surely we should extend it to people accused of internet spam?
Sure, but it's always much more frustrating and disappointing when those tasked with protecting the innocent end up ruining innocent lives. In particular, it's frustrating that better auditing procedures and transparency would prevent things like this from happening.
It's also scary how, due to the persistence of (mis)information on the internet, it is possible to end up with (either undeserved or at least excessive) notoriety that follows you across the world with little chance of escape. Who the hell is going to hire someone when a google search of their name mentions that they were arrested on pedophilia charges? Never mind whether they were innocent.
[edit: as another poster pointed out, it seems his partner was not the pedophile, but rather that their shared IP address, which was registered to her, was the incorrectly entered value]
This is a great response. And arguably, the argument.
A friend of mine is a policeman, and says exactly that. MOST criminals have a level of ineptitude that allows them to get caught. Except this isn't being sold as "we want to catch the guy who beats his wife". And if it were, why not just install a 'telescreen' in everyone's house and catch them in the act?
Regarding the _encouraging people_ to get a VPN, that shouldn't be the default. The police were already in a position where they can monitor anyone they suspect of a crime. This targets _everyone_, with the false promise of safety.
Adding to that, when you couple this with Claire Perry pushing (_again_) for 'adult' sites requiring 'age verification', you're on a very slippery slope.
The government is among the worst of the culprits. “We’re being accused of doing a bad thing? I know! Arrest the speaker and erase it from our version of the Internet!”
I expected this to be a piece about on-line piracy. In reality, it is about something that can be much worse.
It's profoundly disturbing that so many people have such a lack of perspective that they can seriously threaten violence against someone and their family just because that person did their job and tweaked some game mechanics.
Sure, most of the abusive people are probably kids, but that's no excuse. What kind of kid is old enough to be allowed unsupervised access to the Internet and yet so out of control that they can think this kind of behaviour is acceptable?
Some of the things described in this piece are surely criminal, but somehow I get the feeling that sending the cops round would just be a badge of honour to people who've gone that far off the rails already. I'm not sure how you fix this without change on a society-wide scale, and I'm not sure how you could even start to effect that change if you're in the the kind of position described in the article.
Plenty of criminals post their exploits on social media. And the police in the UK complain about it. The retardation on all sides is deep and pervasive.
The biggest problem is their coercive and brutal interrogation tactics, which result in false confessions.
There was a story a number of years ago about a cyber criminal who hacked victims computers to commit crimes, and then taunted the police about it after they forced false confessions from the hapless owners.
I get the sarcasm. But what is the solution really? Letting actual criminals hide behind online chat networks? Or making sure that there is always a valid reason for their communication to be read, so we don't have such abuse made against honest people?
If nothing else the last two decades have shown us that people planning harmful attacks tend not to use complex, digital methods of communication and innocent people tend to. I'm like a sardine on a train so I can't easily provide references now but that in itself should be enough to say 'YOU'RE NOT TARGETING VIOLENT CRIMINALS - YOU'RE TARGETING THE PUBLIC! (and likely corporate / political competition)' and that should be that.
reply