Unfortunately, it's extremely hard to prove allegations of abuse by skilled actors that know how to use their tools (tools that are really easy to use).
KF's lead admin states it plainly: use a VPN, because KF complies with subpoenas. If folks were committing high-end acts of terrorism against elected officials regularly, the baddies might not be safe.
But if you're a trans streamer with a small following, if the folks coordinating attacks on you are diligent enough to make sure they're doing so off-platform, behind a VPN, calling folks while obscuring their identities, and so on? There's no chance for you.
I led a team in infiltrating a small community that acted as KF does. Even with screenshots in hand, even being on Discord, the Discord T&S team couldn't do very much for us because we didn't have nearly enough evidence in hand. We had to do a public exposé with what we had in hand and basically bluff that these folks could get in trouble as a result. Only that, along with the fact that we had bits and pieces enough of their identities, got them to go away. There's absolutely no way that I can tell that anyone would be taking anyone else to court. The best we could do was make our group so hard to attack that it wasn't worth it.
How is anyone supposed to defend themselves from this?
That's not an exhaustive analysis. I recommend to look at risk vs reward.
The risk of getting caught is essentially zero: just use Tor and VPN
via an 'unfriendly' third country to send fake threats to yourself, or
get a friend to do that for you. Clearly the police is not going to
investigate, because all these cyberthreats are obviously not
serious. The upside on the other hand ... Sarkeesian made how much
last time by playing the damsel-in-distress? Wasn't it over $100k?
That's quite an incentive. And then there is the political effect: the
mainstream media, for various reasons, will
automatically sides with the damsels.
I spent quite a lot of time in activists' milieu and I smell attack
techniques in a Leninian mould, see e.g. Alinsky's "Rules for
Radicals".
It’s unfortunate that you are getting downvoted. It’s difficult to say whether the “majority” of bad actors are using insecure communications but certainly a very large number of the ones who get caught are. Search any legal database for “Facebook,” or visit a criminal court, and you’ll find lots of examples of people who have been caught grooming children or discussing other crimes on insecure channels. Here’s is a typical child abuse example from Australia, two months ago: https://www.caselaw.nsw.gov.au/decision/5d95952ce4b0c3247d71...
The article doesn't say there are crimes on KF, only that KF "provides a forum for gamifying abuse and doxxing". Magically, that abuse just happens without any planning of it appearing on KF, and then KF's users gossip about the results openly. The article says it supports prosecuting those missing-link people for crimes: "we fully support criminal and civil liability for those who abuse and harass others"
It does think companies should act on illegal speech; those "companies" are the people/orgs who run websites, like KF. "We should enact strong data privacy laws that target, among others, the data brokers whose services help enable doxxing". The EFF doesn't think other companies (network carriers, etc.) should act on illegal speech.
The government ought to take a more active role! Would you prefer the courts to affirm your legal rights, or for an oligopoly of private companies to brazenly deny you them, with no recourse?
Well first of all, for protected groups, you don't need to prove the reason, you need to prove "disparate impact". Don't need intent.
And even when you need intent, these people are like people who do insider trading. They tend to leave a trail. They think they're smart. Then they talk in detail about the crimes they are doing in logged chat rooms. It's hilarious.
They mention attempting it in the post. It didn't go anywhere one time, as it was a minor, and the other they don't have anything to tie the attack to a person. This is a pretty common problem for small games/services that experience outsized problems like this. It's incredibly time consuming to deal with and legal action typically costs money. If you want to go after someone and you think you know who it is you need a lawyer and you need to get a case into discovery so you can get a lawyer subpoena power to contact ISPs and such. Even if you have their real IP-- reporting to police, or ISP can result in no action, even if you put in a lot of work.
If you spend some time on the other side of it, it'll make more sense. I've done anti-abuse work before and you would not believe the number of people who due to greed, malice, or some sort of perverse glee will spend massive amounts of time working to abuse your service.
Especially when that service is free and effectively anonymous, it's just not possible to give each case a full and fair hearing. You know that you'll get false negatives and false positives. You can try to minimize them, but actual justice is expensive. Too expensive to pay for with ad sales, that's for sure.
I don't know anything about KF but they sound like a vigilante group and people are responding to them with vigilante tactics. The internet has some flaws that people take advantage of and I support ongoing research to mitigate these. The internet still seems like the Wild West in some ways.
I agree with the statement that oppressive regimes around the world abuse this, but I would argue it's up to peoples of those countries to fight back.
"They don't need to use PSN to communicate." but they do, and that's the issue. We know they use publicly accessible communication systems that law enforcement needs to have visibility over _when required and approved by a judge_. Therefore I think the issue is how do we make sure that law enforcement can access such data when they genuinely need to? What laws need to change in that regard, instead of what laws need to be made so we can obscure their visibility even more, and have the likes of ISIS or other organised cults / crime rings organise right in front of us. To be honest, although a very bad thing, i'd rather have one person falsely accused rather than 100 people dead because of a terrorist attack organised on the PSN network that we just wouldn't hand data over, so we can protect kids' privacy over making jokes about "yo mama".
no, but a 10YO troll in Brazil sure can get the FBI to raid the home of an American streamer they don't like.
Not saying it's even by any means, but it's better than zero human response. There will at least be some case in a govt. record should some bad actor keep getting reported, unlike Google.
They hide behind proxies, VPN, Tor. They obviously don't care about the harm they do to their victims, and the judicial system is mostly powerless to find, even less prosecutes these trolls online.
This is simply a reaction to an extreme that obviously doesn't care about the law, combined with a judicial system that is way behind the times technologically.
This is essentially just me shouting into the void but I really hate that for me (a common netizen) there is no realistic recourse against these constant attacks.
I understand the technical issues involved but it is really disheartening to me that when it comes to malicious actors attempting to access and abuse other people's property the entire net's general response is basically "shrug can't win, don't try"
By that I mean, I would not expect much to come of me submitting logs of constant penetration scans to the police.
I did, and it clearly says that other citizens were sending her information to post online. I don't know much about her situation, but presumably that wouldn't require her to be in the country.
And even if that's not the case, using Tor and not linking your online vigilante identity to your real identity (e.g. by having your whistleblower twitter account linked to your personal phone) is a very basic precaution.
I REALLY don't want to sound insensitive, but if people are going to use technology to fight people who wield the power of physical violence, they DO need to learn how to apply it properly.
I don't know the entire history here, but my understanding is that KF was a forum where doxing and swatting was openly pervasive. Sounds like a perfect example of society holding a site accountable and producing the correct outcome.
There was no government involved, so it's not a "free speech" issue.
I always talk about the wild west of the late 90's when the Internet was brand new. My colleagues and I all talked about the myriad sketchy ways we could make money. We chose not to. It's as simple as that. If you want to develop something you think is beneficial to society, don't support bad behavior and certainly not dangerous or illegal behavior.
This idea that a "dangerous idea" should somehow be a protected normality is ridiculous. Society has limits. Get used to it.
Law enforcement has not demonstrated a willingness to spend its resources on these concerns, and frequently will disregard threats of bodily harm and murder. Expecting them to respond to requests from a web forum, my go-to litmus test for solution viability, is laughable in the United States and I suspect most of the rest of the world as well.
The entity delivering service to the abusive customer is profiting from that delivery. Terminating service to that customer hurts their bottom line. They have strong incentives to not only refuse all requests for help, but to resist even the most serious of requests, in order to protect their bottom line.
I’m sorry to rain on your parade - it’s nothing personal! I wish I could be more supportive! - but there is overwhelming evidence that every entity that is positioned to help will do whatever it takes to avoid helping.
If this remains unsolved, we’re going to end up losing anonymity on the Internet. Several online food delivery systems in the US already permanently block Cloudflare’s 1.1.1.1 VPN product by IP, using Cloudflare’s own CDN protection tools! Because it turns out that effective anonymity for all comers protects abusers from accountability.
I beg of you all, stop with the immediate reaction of trying to figure a way to code around men with lawyers and assault rifles.
Think of where this leads, the current actors who have taken this route. Hosts are "bulletproof" operators sacrificing themselves until raided or de-peered for a low low(high) cost. Nights are slaved away making private end to end networks of proxies and vpns, built to buffer contact from your own servers. You end up paying people to buy your phones.
In the end most are jailed after 'parallel' investigations are made upon them. Associates are thrown in jail with violent offenders so they can be used as snitches when they flip. You are threatened with rape by men of law, "those boys will fuck you good."
Enough with the pathetic urges to code out of this. Please.
There are no torch-wielding mobs here. Nobody is attacking his physical person. They're excluding him from an organization.
What you are arguing is that, in the absence of a trial by a government, people have the active right to participate in an organization that doesn't want them. That goes against every bit of the ethos of a project like Tor. (And if you won't believe any other argument, keep in mind that it's not fair to him: why would the state be inclined to treat him fairly, for everything he's done to oppose the state?)
You claim there are problems among us that you need to solve. You use this claim as an excuse to invade our precincts. Many of these problems don't exist. Where there are real conflicts, where there are wrongs, we will identify them and address them by our means. We are forming our own Social Contract. This governance will arise according to the conditions of our world, not yours. Our world is different.
Yea I was wondering about the legality of this cyber self-defence, but like many crimes, if the victim (deserving or not) does not report it, you’ll probably get away scot free.
In the case of NK, they could probably even register a complaint and have it ignored, assuming the effort needed to locate the perp was greater than the fucks given by the appropriate authorities.
Hats off to the author but I would also caution them against broadcasting it publicly. The people who would appreciate this the most probably use secure channels anyway ;)
I agree. But how do you stop a foreign actor from doing the abuse? I think this is where we need to lay the responsibility at the feet of the social media networks that allow this to happen.
KF's lead admin states it plainly: use a VPN, because KF complies with subpoenas. If folks were committing high-end acts of terrorism against elected officials regularly, the baddies might not be safe.
But if you're a trans streamer with a small following, if the folks coordinating attacks on you are diligent enough to make sure they're doing so off-platform, behind a VPN, calling folks while obscuring their identities, and so on? There's no chance for you.
I led a team in infiltrating a small community that acted as KF does. Even with screenshots in hand, even being on Discord, the Discord T&S team couldn't do very much for us because we didn't have nearly enough evidence in hand. We had to do a public exposé with what we had in hand and basically bluff that these folks could get in trouble as a result. Only that, along with the fact that we had bits and pieces enough of their identities, got them to go away. There's absolutely no way that I can tell that anyone would be taking anyone else to court. The best we could do was make our group so hard to attack that it wasn't worth it.
How is anyone supposed to defend themselves from this?
reply