For whatever it's worth, the Reddit story here says that the federal courts used "fraudulent warrants to jail my husband again". Maybe! The other side of that story, via PACER, is a detailed parole violation warrant (you can hear the marshal refer to it in the video); the violations in that warrant:
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.
tptacek · 2h ago
OK, I think I found the original thing Rockenhaus was convicted of.
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
no_wizard · 48s ago
>He plead this case out, so these are I guess uncontested claims
In a technical sense, this may be true as part of the plea agreement.
In reality, a lot of plea deals are made because of various factors, which unfortunately is often not that the person accused is guilty, rather the risk of going to trial or especially the cost of going to trial is too large.
That said, in this particular case, the hard evidence suggests that indeed, the person accused committed the crimes they pleaded out for
petcat · 2h ago
If all of that is true, then that is a very serious CFAA charge. It makes sense that they would want to downplay it as "minor" and "not relevant". It sounds like the parole violations came later? In any case, thank you for researching. There is always more to the story.
mothballed · 1h ago
Weev 'violated' the CFAA for incrementing a GET request, with his overturned conviction only for wrong jurisdiction. So the government has put us in a position where it's hard to take the CFAA seriously.
We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
tptacek · 1h ago
As you probably know, it's everything that happened after they incremented that HTTP request that formed the basis for his charges. Message board discussions tend to want to distill "hacking" CFAA cases down to the specific shell script that ran, but these cases are almost always heavily situational and fact dependent.
Interestingly, Rockenhaus's isn't --- it's more or less exactly the circumstance foreseen by the authors of CFAA, who believed that even though existing law covered most hacking-type scenarios, they didn't form a clear basis for felony charges for purely destructive computer abuse.
Aurornis · 1h ago
This case has far more than the CFAA violation, though. There were multiple parole violations after the first incident, multiple attempts to evade the parole restrictions on Internet use, discovery of a pedophilia relate search query on his computer, a history of intentional damage to a company’s infrastructure to disrupt their operations, and more.
Being angry at the CFAA is one thing, but this case has no relation to modifying a simple GET request.
aw1621107 · 1h ago
> We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
Navy sailor was convicted of possessing machine guns and destructive devices.
The ATF for example put back together de-milled RPGs, which could be a destructive device
However the statute says the following:
(2) any type of weapon by whatever name known which will, or which may be readily converted to, expel a projectile by the action of an explosive or other propellant, the barrel or barrels of which have a bore of more than one-half inch in diameter, except a shotgun or shotgun shell which the Secretary finds is generally recognized as particularly suitable for sporting purposes; and (3) any combination of parts either designed or intended for use in converting any device into a destructive device as defined in subparagraphs (1) and (2) and from which a destructive device may be readily assembled.
The ATF took his demilled RPG, put another gun (owned by the ATF) inside of it, then fired it to prove it had a bore over 0.5 inch capable of expelling projectile.
But the state didn't tell him under what definition he was charged, so they didn't know if they were defending against the collection of parts the ATF took (falls under 3), or against the weapon the ATF claimed it was after they put the parts together (which falls under 2).
aw1621107 · 16m ago
Thanks for the reference! For the convenience of anyone else reading, the appeals docket is at https://www.courtlistener.com/docket/67566242/united-states-.... Note that there are two appeals briefs; it seems the defendant replaced their attorney at some point during the appeals process.
For what it's worth, I think this is the government's response to the argument you raise (on page 22 of the response brief, PDF page 30):
> Section 5845, captioned “[d]efinitions,” is a definitional provision, not a
criminal prohibition. As relevant here, § 5845(b) defines the term “machinegun,”
and § 5845(f) defines the term “destructive device.” These definitions do not create
additional elements of the offenses charged under §§ 5861(d) and 922(o). Therefore,
the government was not required to charge the applicable definition(s) in the
indictment. See, e.g., Robbins, 476 F.2d at 30 (holding that an indictment under
§ 5861(d) need not refer to the definitions in § 5845 to “fairly notify a defendant of
the charge against him”); United States v. Hoover, 635 F. Supp. 3d 1305, 1316
(M.D. Fla. 2022) (rejecting the argument that the government “was required to plead
the specific facts supporting its contention that the [firearms] at issue fall within the
definition of a machinegun”); cf. United States v. Pennington, 168 F.3d 1060, 1065
(8th Cir. 1999) (“The indictment’s failure to cite [18 U.S.C.] § 1346, a definitional
provision, and to use its specific term, ‘honest’ services, does not mean no crime
was charged.”).
And defendant's response, page 5:
> The question is whether the
indictment “fully, directly, and expressly, without any uncertainty or
ambiguity, set forth all the elements necessary to constitute the offence
intended to be punished” and whether the indictment complied “with the
necessity of alleging in the indictment all the facts necessary to bring
the case” within the intent of the statute. United States v. Carll, 105 U.S.
611 (1881) (emphasis added). The government’s failure to give any
specificity in the indictment cannot be remedied by wriggling as to
whether the missing information can be considered an “element” or not.
Even if the government were correct that the particular definition (or
definitions) the prosecution is proceeding under does not change
“elements,” it changes the “facts” underlying the scope of the statute.
I have no idea who is correct legally, and since oral arguments appear to have been held a few days ago I suppose I'll have to wait to see who is right.
stockresearcher · 1h ago
> his overturned conviction only for wrong jurisdiction
What are you getting at?
If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
mothballed · 54m ago
Yes there is, they can reargue the whole thing in another jurisdiction since he was never 'in jeopardy.'
Considering he was convicted in another jurisdiction, and they can retry him in the 'right' one, why wouldn't a reasonable person anticipate that might happen?
I don't think Weev is living in Ukraine/Transnistria to practice his Slavic languages.
And the reason why I brought up it was overturned, was because I knew someone would mention his case was vacated, and I wanted to make clear it wasn't vacated because there was something improper found about the legal question of the CFAA.
stockresearcher · 40m ago
They could start over in the correct jurisdiction. Yes. The case that was being appealed is gone. Gone.
I think that the type of person that excels at software development would also excel at lawyering. But they should probably go to law school and pay attention in class.
No comments yet
JadeNB · 57m ago
> > his overturned conviction only for wrong jurisdiction
> What are you getting at?
> If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
I think your parent comment meant something like "the case wasn't overturned on the basis of deficiencies in the legal theory of the crime."
stockresearcher · 54m ago
If it’s in the wrong jurisdiction, the court doesn’t get to the point where they look at the legal theory.
akerl_ · 1h ago
In this case you have the evidence of what he did and it does in fact look pretty serious.
ambicapter · 1h ago
What does "incrementing a GET request" mean?
kayge · 1h ago
As an example: Take a look at the URL of this page (https://news.ycombinator.com/item?id=45261163). Add 1 to that ID value (45261164) in your address bar. Hit Enter, your browser will GET whatever exists at the next ID.
rirze · 43m ago
Ok, that makes sense but why is this so serious? Is this a grave crime in some context?
tptacek · 36m ago
It's not about the actual HTTP request. Per se unauthorized access is just one predicate in these kinds of cases. It's about what the prosecutors claim you were doing when you made the access.
mothballed · 1h ago
He incremented a number in the query string of a get request
Okay but what information did he obtain by doing that? If I break into a mistakenly locked police station, surely I cannot use the excuse "I was simply turning a door knob"
VWWHFSfQ · 1h ago
The CFAA isn't super complicated. It basically boils down to:
Don't fuck with other people's shit if they don't want you to.
tptacek · 1h ago
The CFAA is in fact pretty complicated. The text of the law isn't, but the implications of that text are, and so is the jurisprudence. Rockenhaus's CFAA case does not appear to have been at all complicated, though.
boston_clone · 1h ago
Are you a lawyer by chance?
I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD
brookst · 5m ago
If those teenagers or children enter someone's house and vandalize or steal because the door (or window) isn't locked, is it no big deal?
petcat · 1h ago
It doesn't matter if you brute forced their crappy login with commonly-used credentials. You think it's OK for someone to rummage around in your garage just because they correctly guessed your keycode was 12345? Of course not.
account42 · 1m ago
You think walking through an unlocked door should result in federal charges?
RankingMember · 47m ago
Doesn't this posture also criminalize white-hat hackers, whose disclosures would protect you from the people who actually want to do damage?
dpassens · 37s ago
(I don't know enough about the CFAA to know whether this is true so I'll assume it is.)
To continue the garage door analogy, you wouldn't walk up to any random garage door and try code 12345 to help protect the owner's stuff, would you?
boston_clone · 1h ago
I'm more focused on the assertion that "The CFAA isn't super complicated."
Which raises sincere doubts about the commenter's credibility to make such a claim.
echoangle · 42m ago
How does „you’re not allowed to guess credentials“ mean it’s complicated?
codyb · 1h ago
I mean... if someone walked into your house cause you only closed the screen door while running to the store quick you'd still call the cops cause there was someone breaking into your house lol.
efdee · 58m ago
Breaking in in a system, whether or not the password was easy to guess, sounds like a crime to me.
ethbr1 · 25m ago
It is a crime!
But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.
If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.
That doesn't seem just or fair.
In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.
efdee · 18m ago
You have a point. But on the other hand you have no idea of what tools the intruder possesses, only (at best!) what they used.
I think intent probably matters a lot more than the technicality of how you succeeded.
NoMoreNicksLeft · 23m ago
It does sound like a crime to me too. But was it a password or other credential that was guessed, or was it just some sequential primary key? The latter is not an authorization system, and I do not believe it a crime to do that unless you have specific knowledge that it is likely to cause damage and/or the intent to cause that damage.
As far as I am concerned, I am allowed to send any traffic I wish to public-facing hosts, and if they respond with content that the owners would not wish me to see, I have no responsibility to refrain. The only traffic I am not permitted to send are credentials I am not authorized to use (this would include password guessing, because if I manage to guess correctly, I was still not permitted to use it).
So which was it?
efdee · 10m ago
Maybe as far as you are concerned, but not as far as the law is concerned ;-)
NoMoreNicksLeft · 1m ago
Well, I guess it's a good thing for me that they're unable to notice or care and in general incompetent.
I am still permitted to do this. None of the details of this case give me the impression that they're using CFAA in such a way as to offend my sensibilities. Sounds like he sabotaged a former employer and caused hundreds of thousands in (tort not physical) damages. I guessed the urls for some issuu.com links that aren't available in search, and downloaded the page images to make a pdf. I was never prompted for a password. Arrest me, I'm a notorious hacker.
ajsnigrutin · 2h ago
Yep...
Shutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
nerdponx · 1h ago
And yet fraudulent warrants, if they are indeed fraudulent, are still illegal and immoral and a violation of this criminal's rights.
DannyBee · 1h ago
As far as i can discern, the warrants aren't fraudulent.
Warrants (in the US anyway) require reasonable belief that the crimes listed were committed.
They don't have to be right, mind you (after all, that's what trial is for), they just need reasonable belief.
They also can't recklessly disregard the truth (IE deliberately write lies they know are wrong).
Again, it's okay for them to be wrong about their belief. It's just not okay to know they are wrong and write it anyway.
Here, reading the warrant, etc, there is nothing obviously fraudulent here.
Perhaps it is, of course, but i read everything i could find and it's completely non-obvious which part of the warrant is supposed to be fraudulent.
Even the sort of retaliation claim made here is strange - Arresting you when you appear to actually hvae broken the law is generally only considered retaliation if (among other things) the enforcement of the law is uneven - IE targeted at you and nobody else.
Given the arrest was for a parole violation and they arrest parole violations like this all the time, ....
Like if you are at a traffic stop becuase you ran a red light, call a cop an asshole, and they arrest you because you have 50kg of cocaine bricks in your back seat, it's not retaliation.
Retaliation would be if you call a cop an asshole on facebook, and they come arrest you for violation of an 1825 law that hasn't been used against anyone in 200 years.
heavyset_go · 8m ago
Here's what the wife says about that[1], for the record:
> The Origins of a Retaliatory Prosecution (Texas, 2019-2022)
> Early 2019: Conrad Rockenhaus, a supporter of free speech, runs Tor exit nodes used by journalists and activists. Federal agents demand he assist them in decrypting traffic; he repeatedly refuses, asserting his constitutional rights.
> The Coerced Confession: The case against him began when he was forced to confess to a non-violent CFAA (computer crime) offense while under the influence of prescribed painkillers and not lucid following a major surgery.
> The Pretextual Arrest: Just months before the 5-year statute of limitations was set to expire, the federal government arrests Conrad on the CFAA charge. The family alleges this was a pretext for his refusal to cooperate on the Tor matter.
All that is as may be, but the CFAA charge here isn't pretextual; what he's alleged to have done is pretty serious by any standard. I have no trouble believing that the prosecution was motivated by Tor drama, but all that tells me is that the DOJ had real cards to play, and they played them.
My guess is that things would have gone substantially worse for this person had he taken that case to trial.
Aurornis · 1h ago
Thanks. The overly aggressive arrest was not warranted, obviously.
However, I suspected there was a lot more to this story when the original post buried the actual reason for the arrest several paragraphs down and tried to dismiss it as “minor”. Intentionally damaging a company’s infrastructure with an intent to disrupt their operations is a very serious charge. Not a “minor” disagreement with a former employer.
kstrauser · 1h ago
Good grief. This is also part of the reason why I have a pact with my coworkers: if I’m terminated, kill my access immediately and universally, and I’ll do the same for them. I don’t even want to have the ability to look at stuff anymore. Remove any shred of possibility that I could get into shenanigans later.
dsr_ · 1h ago
That shouldn't require a pact, that should be part of the standard check list for ending employment. (The list is longer for those who have root, but it should still be a list.)
kstrauser · 1h ago
For sure, and I’m often the one who makes the list, and one with root. But the big thing is to do it quickly, like within the hour, and diligently. Don’t say, oh, I’ll give him a chance to access his email and download stuff, or whatever. No! Like, cut me off completely right now.
Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure.
(And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.)
everforward · 1h ago
I also follow the closely related addendum: I do not want standing admin access to your system, unless I need it often enough it really impacts my productivity. Doubly so if it's not hooked up to SSO. If the database gets breached, I don't want my name on the list of people who had the admin password.
Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug.
kstrauser · 1h ago
Same all around for me. I have a couple of longstanding accounts on local businesses I help out, but it’s all via VPNs that send the owner an email when I connect. I also refuse to do any work unless they ask me in writing. Text is OK, and I screenshot it. “Why did you give such-and-such rights to that employee?” “I have it in writing where the owner asked me to, Your Honor.”
This has never come up before, but it’s easy enough to be diligent about it.
Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.”
I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me.
Almondsetat · 58m ago
This is exactly what all big corporations (rightly) do, and when layoffs come around you see waves of people making sob stories about how nobody told them and suddenly their work laptop stopped working from one minute to the next, or they didn't even let them inside the office because they were terminated during their morning commute.
kstrauser · 22m ago
Yeah. That’s actually a favor in disguise. Now they can’t accuse you of stealing or destroying stuff on your way out.
BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent u employability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list.
Molitor5901 · 1h ago
So the post is really click bait and does not tell the whole story?
Aurornis · 38m ago
It’s a calculated appeal by a biased narrator (his wife) who knows how to exploit the anger and sympathies of a community that often doesn’t click links, read documents, or look for facts before passing judgment (Reddit)
busterarm · 20m ago
This is why in some corners of the internet we adhere to the "not your personal army" mantra.
fkyoureadthedoc · 9m ago
> "not your personal army"
4chan in 2010? Is this really ever even said anymore?
NoMoreNicksLeft · 18m ago
This may be overly cynical. I suspect that she's getting her biased account from the only person she knows who is technically savvy: her husband. She accepts this uncritically, and that some very large fraction of the spin originates with him. Some stuff (like ignoring that the drug use violates probation) might be hers, but the rest probably isn't.
segmondy · 2h ago
good find, there's often more than meets the eyes in these stories. folks forget that the court/case records will reveal hidden details.
ranger_danger · 2h ago
Yep, and people forget that news is often only news because it's not normal. Otherwise you simply wouldn't hear about it.
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
JTbane · 1h ago
Yeah this is why I tell hacker/cracker corporate types to not even joke about time bombs and backdoors in company software.
DharmaPolice · 2h ago
While I'm sure this is criminal behaviour it seems debatable that this dude is a danger to the public. But there may be more to it I guess.
(If you install the RECAP extension in your browser you can cache downloaded PACER docs and they will get linked from Courtlistener. Lay users can sign up for a PACER account and if you use less than $30 of document access charge per quarter it will be waived)
mikeyouse · 1h ago
Your second case was in the WD of Texas which is where he was arrested - it's just minutia to have him 'removed' to the ED of Texas to face charges where he was indicted - this is the main case there:
My recap is acting up a bit so I'll just copy/paste in case it doesn't grab docket entry 158 - the 'factual basis' for the plea:
1. That the defendant, Conrad Rockenhaus, who is entering a plea of guilty, is the same person charged in the Indictment;
2. That the defendant worked as a as a developer services manager, and later an infrastructure architect, for an online company providing travel booking and vacation services to customers (hereinafter, Victim Company );
3. That the defendant had access to and could control computer code located on Victim Company s servers throughout the country, including computer code that controlled business functions such as marketing, scheduling, and payment processing;
4. That on or about November 11, 2014, the defendant remotely accessed, without authorization, the Victim Company s servers from his residence in the Eastern District of Texas;
5. That on or about November 11, 2014, the defendant executed a computer code or command that shut down one of Victim Company s servers, which in turn caused several other Victim Company servers to crash;
6. That the defendant was retained by Victim Company to assist with the restoration of Victim Company’s servers;
7. That during the remediation efforts, the defendant, without authorization, disconnected Victim Company’s servers in Plano, Texas, in the Eastern District of Texas, causing further business disruption;
8. That the defendant’s actions cost Victim Company at least $242,775 in lost revenue and at least $321,858 in recovery and remediation costs.
major505 · 1h ago
well the whole thing tells the story of a man with lacks a lot of impulse control and serious anti-social behaviour.
I knew people like that, that where unnable to put their lifes togheter until they where fully medicated.
crazypyro · 2h ago
He was also placed under electronic monitoring program and immediately went about installing a VM to allegedly circumvent the monitoring software along with searching for a very controversial website relating to pedophilia...
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
whimsicalism · 1h ago
“very controversial website related to pedophilia” -> you are referring to NAMBLA? if so, i think that is not uncommon search for people interested in history/wikipedia deep dives, i don’t think you would search this if you were actually a pedophile as it is a historical thing.
No comments yet
scoopertrooper · 1h ago
Yeah, I read that transcript supplied in the Reddit thread and I was thinking to myself “why would you include this as evidence to support your case”?
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
8 Q. Due to the nature of the offense charged being a
9 computer-related crime, did he have specific
10 restrictions on his pretrial release as it relates to
11 his computer usage?
12 A. Yes. One of the conditions was that he must
13 participate in the Computer Restriction and Monitoring
14 Program.
15 Q. How is that program enforced?
16 A. That program is enforced -- the defendant has to
17 download a software program onto his computer or iPhone
18 or whatever, any type of device that has access to the
19 Internet. That information is -- the monitoring
20 company, they monitor -- they are able to monitor what
21 he is accessing on the Internet. And the Probation
22 Officer has been allowed to review weekly reports about
23 what sites he's accessing, things like that.
24 Q. And is the defendant notified and made aware and
25 provided with a document that states the terms of that
1 agreement?
2 A. Yes.
The use of an encrypted Tor node would likely be a violation of that restriction regardless of what is being accessed.
The chain would then appear to be: convicted of computer crime -> required computer monitoring software during supervision -> installed and used Tor -> supervision violation and revoked to prison.
tptacek · 1h ago
As I understand it --- I haven't read deeply enough to confirm this, it's what I've pieced together from the Reddit thing --- the Tor stuff came long before any of this. What I gather is:
1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
2. Some time after that, he became a high-profile Tor relay operator.
3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
4. In 2019 he was prosecuted for the computer offenses, and convicted.
5. In 2021, he was released on parole.
(I think there's a long string of parole issues after that, and then)
6. In 2025 he was accused by the probation office of violating his parole in a bunch of ways and taken into custody.
shagie · 19m ago
The setup of Tor has some specific dates in the transcript. Page 10
3 Q. So, Ms. Routh, having been acknowledged of his
4 obligations to monitor and pay for the service on
5 August 29th, can you please tell the Court how
6 Mr. Rockenhaus complied or didn't comply with the terms
7 of his release?
8 A. Yes. On September 22nd the defendant did
9 successfully download the monitoring software program
10 on his computer. On October 11th Officer Ramos
11 contacted the defendant regarding his lack of computer
12 usage. So he reviewed some reports and realized that
13 nothing was appearing, indicating that he was using his
14 computer.
Page 11 and 12
22 So Mr. -- Officer Ramos spoke to Phillip
23 Danford with IPPC Technology and he stated that, yes,
24 the defendant had downloaded the software. They showed
25 that on September 22nd he said that the defendant --
1 they see that the defendant looking at, it's called the
2 TOR Network website on September 23rd, which is where
3 you download software to access the dark web.
If I read this correctly... in August he was required to install the monitoring software (likely within 1 month).
On September 22nd, 2019, the monitoring software was downloaded. On September 23rd, Tor was installed. No internet activity was detected for the remainder of September or October by the monitoring software.
I don't believe that 2 or 3 come into play in terms of the parole violations (including the subverting of the monitoring software).
tptacek · 2m ago
It would have been extraordinarily dumb for someone on parole electronic monitoring to install Tor, but my understanding of Tor's role in the bigger story is that it's about stuff that was happening many years ago. There's nothing about Tor in the parole violation warrant; just that he had an unauthorized iPhone, and when they did a forensic inspection of it, there were no further violations discovered on that phone.
nerdponx · 1h ago
The funny thing about rights is that you have them even if you've done other bad things. The thinking on display here ("the guy was a criminal anyway") is the primary slippery slope to tyranny that we have seen in the past 100 years.
Seems like he was legally eligible to be arrested for a variety of reasons. The FBI is still not allowed to use fraudulent warrants to that end. The rule of law is no such thing unless it applies to everyone equally.
tptacek · 1h ago
Help me understand where you're seeing the "fraud" here? The warrant I'm reading is off PACER. It was very definitely approved by a judge.
echelon · 53m ago
> "the guy was a criminal anyway"
He violated 6 or 7 criminal things.
I'm on the civil rights and free speech maxxing side, but this was clearly a criminal in the act of actively criminaling.
The danger here is in crying wolf when this isn't a case of rights being violated for a non-perpetrator. This guy was willfully breaking laws left and right.
Don't cry wolf. We need that energy elsewhere.
Asooka · 46m ago
The part where he sustained a head injury during arrest and was denied medical help is definitely a violation of his rights. The rest ... yeah
ranger_danger · 57m ago
It gets worse... both the wife and (either their husband or a previous partner) have their own threads on kiwi farms and are closely tied to both Encyclopedia Dramatica and Ethan Ralph. There's videos posted of them showing signs of severe mental illness.
Saying this only because I'm probably speaking for a lot of people here, but: I have no idea what any of that means.
sersi · 18m ago
Kiwifarms is a forum for harassing people. Famously Near (the developer behind BSNES/Higan emulator) committed suicide in part due to the abuse he received from that forum. And people on kiwifarms celebrated his death.
Only reason I know of it is from the thread at the time on HN.
blueflow · 16m ago
orchestrated harassment campaigns happening. I'm being intentionally vague on who is the perpetrator in this situation because usually its just a chaotic pileup with no reasonable persons involved.
My recommendation: ignore and swipe under the rug anything where KF is in play. Whatever it is, visibility feeds it.
ranger_danger · 47m ago
I think it means we have very good reason to believe OP/adezero is severely embellishing the story and is simply lying (and has a documented history of it), even without all the actual evidence pointing directly to that.
fwip · 35m ago
Kiwifarms is a forum that mainly is about chronicling the life events of people it can laugh at, often those suffering from mental illness.
Oftentimes, kiwifarms users directly harass or manipulate their targets to try to provoke more weird behavior, usually directly making the target's life worse in the process.
I can see why it's entertaining for folk (kind of like watching reality television), but overall it seems to have a pretty negative effect. And if you hang out there too long, it seems like you tend to lose human empathy.
tptacek · 25m ago
What does it mean to be "closely tied to Ethan Ralph"?
psunavy03 · 49m ago
. . . which means what, exactly, for those of us who are not Very Online?
nelox · 2h ago
Yeah, but apart from that …
Asooka · 48m ago
While the abuse by the system needs to be dealt with, if you are going to be a TOR exit node operator (or a thorn in the FBI's side in general), don't do the above. I sympathise with him in spirit, but this is a severe tactical blunder.
ivape · 2h ago
We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud. Criminals move a certain way and just because you are a nerdy tech dude doesn’t also mean you’re not a gangster.
Edit:
Reminds me a lot of the lives of people in this saga:
The poor wife, “can you stop being a criminal for like, one month, please?”.
Aurornis · 34m ago
> We have to consider that crime on the internet is as real as crime in real life. Funny to say it out loud.
According to the court documents his crimes extended into “real life” as well, with intentional damage to his former employer to shut down their operations.
zoeysmithe · 1h ago
I mean this is how the law enforcement part of the federal government uses its weight, Aaron Swartz's prosecutor-style to bully people.
Cannabis is harmless and a lot of people use it as medicine, even if they think of it as recreational. "Oh I need it to relax." Then its an anti-anxiety drug, not a 'party' drug. Limiting this is just cruelty and an easy 'win' for LE. Same with justifying the slaying of Philando Castile and others (he had pot, or pot in his system, thus a criminal undeserving of rights or due process).
Once the federal government is onto you with a case like this, all your money is gone. Either to lawyers or your bank accounts are frozen and things like that. Failing to make payments is a feature, not a bug, in this system. I'm not going to tell everyone here how to live, but its ideal to have money that's squirreled away in a place hard to be frozen because tomorrow this can be any of us. You host a vpn on a vpn somewhere? Use tor? Said the wrong opinion online? Heaven knows, but the hammer falls on a lot of people and there's no mercy to it.
Lines of credit, again, fits in with the above. People need to feed themselves, pay rent, pay lawyers, etc. I've never been accused of a crime but I've done a lot of legal stuff in my life with lawyers and such, and everything about this system is unbelievably slow and expensive. It isn't like Hollywood portrays it at all. The money needed here is more than more people can muster just to remotely get a fair trial or deal. Especially when a lot of charges against you are 'stacked' if not entirely dishonest on the assumption of 'well, we're going to court anyway or making a deal so better add some nonsense on top for negotiation.' I can't find the cite, but I've read that if you get a federal arrest, you're looking at $1m starting to begin. How many of us here have $1m they can access, and even if you do, is it accessible if the feds freeze your accounts on 'suspicion?'
Probation stuff, who knows, but he was already being sieged by LE, so who knows what is happening here. There's no shortage of probation horror stories like one's officer cancelling at the last minute or changing location, and other things to guarantee missing meetings. And eventually you can break a man entirely and he'll stop being functional, and he'll fail at a lot of basic things. The stress here can trigger extreme mental illness. I'm a fairly delicate person and if this happened to me, the stress would entirely break me. I'd fall into deep depression. So there's complexity with "he missed x appointment" and "he missed x payment," that's worth exploring.
The government telling you that you can't use a computer of any kind without a keylogger is insane and should be fought entirely. Computers are like paper nowadays. "Everything you write and do should be sent to LE" is unacceptable. Computers arent optional anymore. Everything we do is computer or app based. Also we dont know his motivation for making a private vm or using an iphone. Keeping valuable information about himself from LE for example or hiding a medical condition or heaven knows what else. This is why privacy and speech and rights between you and your counsel are so protected but "We get all your computers" sidesteps many of those protections.
Yes, he's a criminal but he doesn't deserve to be treated like this. These, and his past, are simple white-collar crimes, but he got the bully treatment.
Yes these are 'standard' because they maximally oppress working class people (note very wealthy people just buy themselves out of the above) with the thin veneer of legitimacy. The wealthy, capital owning class, etc if arrested like this just shrug this stuff off usually, and uses its connections and wealth to get ideal terms, but nobodies like this have no chance. The federal government conviction rate is over 90% not because of merit, but because of this kind of bullying and dishonesty and oppression. Imagine if we were discussing near any other nation with a 90+ percent conviction rate, you'd balk and know its corrupt, but we're the same in this regard.
I wish digital culture was more liberal-libertarian like it used to be, than the hard-right turn its made in the past 15+ years. LE does not need a 'devil's advocate.' The accused do. I dont care if liberalizing the above makes more criminals get away with. I'd rather this guy go free, even if he's super guilty, than accept the above as acceptable in our justice system. All this for what's essentially mostly-harmless white collar crime.
Not to mention the incredible violence here for a non-violent crime. Armed LE more or less besieged his home. I'm not sure why people knee-jerk to defending any of this. I hope a new liberal-libertarian movement emerges in tech because I feel like we've lost our way.
tptacek · 1h ago
No. He wasn't convicted of a cannabis offense. He was convicted of a fairly grave computer fraud/abuse claim, and part of the contract of his early release from federal custody was a set of terms that included monitoring and sobriety. He allegedly violated those terms, and you stipulate those violations here. Like any parolee, he's being put back into custody.
zoeysmithe · 1h ago
Why is that added, there's an agenda there. Why does "sobriety" matter in a computer crime? This is oppression and this (plus the other conditions) simple set up people like this for a fall.
steveklabnik · 1h ago
Not a fan of this kind of thing, and I think that weed should be legal, but don't forget that federally, it is still illegal, and "don't do illegal stuff while out on parole" at least has a pretty basic logic to it.
NoMoreNicksLeft · 8m ago
Booze is legal, and parole can limit your drinking. By law.
If you don't like the terms of parole, you are permitted to refuse it and remain incarcerated for your full sentence, at which point you are release and there are no parole restrictions at all. Parole is "you agree to behave and they release you early". And "behaving" is whatever they want it to mean.
tptacek · 57s ago
I mean, he was also forbidden from opening up lines of credit (he was in the middle of negotiations with DOJ on making restitution to his victims), something that is perfectly legal and benign --- nonetheless, he was not allowed to do so as a condition of parole.
Aurornis · 32m ago
> Why does "sobriety" matter in a computer crime?
The sobriety violation was against his parole terms. People on parole are required to remain sober as drugs like cannabis impair judgement.
He agreed to the parole terms and then violated them.
Regardless, you could strike the cannabis part from this completely and it wouldn’t change anything. He has numerous other parole violations.
tptacek · 1h ago
Sobriety is a boilerplate parole term. Everybody gets it. If you don't want to comply, you don't accept parole, and you serve your sentence.
iLoveOncall · 2h ago
You forgot to mention that in the hearing linked on the Reddit post it is shown that he made a search about a pedophile association as well right before downloading Spice.
Okay, and? That ain't illegal, and in fact has many benign explanations (like “I just watched South Park and was curious about whether there really is a North American Man/Boy Love Association like in that one episode”).
cure_42 · 1h ago
Or "I just saw it in a reddit comment, have never heard of it, and want to know what it is before I dismiss this person as a pedo"
whimsicalism · 1h ago
i’ve made the same search multiple times before late at night and i am not a pedophile, just a wikipedia/history deep diver
e: really? why am i downvoted for this
iLoveOncall · 44m ago
This was his last non-obfuscated internet traffic before he switched to his VM.
slekker · 2h ago
This needs to be higher up, it is very damning
jMyles · 2h ago
This always happens though. Every time someone is thrown in a cage unjustly, the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation, whether it's details of the person's political or personality or, in this case, details of this (also seemingly unjust) probation violation.
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
perihelions · 1h ago
I'll steelman the unpopular position: I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Vandalizing your employer's infrastructure over a grudge is, I suggest, strong evidence of a major impulse control issue. It think it makes sense and is in the public interest, draconian as it is, that this person shouldn't be allowed to get high and have unmonitored internet access. The same place they've committed felonies before, on impulse.
Further context: his own defense lawyer filed a motion asking a court to find this guy mentally incompetent to stand trial,
> I think sobriety is a reasonable condition of freedom for someone with psychiatric self-control issues, that have lead them to commit felonies in the past.
Were he high on weed, maybe he'd not commit the felony in the first place. Yeah, banning him from alcohol is fine, from stimulants broadly - also OK, but weed? Honestly? How often, statistically speaking, does smoking weed make a person aggressive? While this person may be an outlier, without precise information on it, I'd say the ban on weed is as sensible as a ban on butter or relanium. If it doesn't serve any obvious purpose (like with alcohol: being drunk makes you do stupid things more often), then maybe it's really just a way of harassing this person?
IncreasePosts · 14m ago
Weed for normal people isn't a big deal, but weed for people on the cusp of mental illness or even just mental unwellness can exacerbate whatever issue they are facing.
Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak. I say this as a person who prefers weed to alcohol 100x.
vel0city · 13m ago
One important thing to remember is parole is not freedom. He was still serving a sentence for his crime.
gruez · 2h ago
> the state tries to redirect us (yes, us, here in this forum and others like it) to look at other details of the situation
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
jMyles · 1h ago
Well yes, I do agree with this. I wish people were more up front in these situations. But it's not easy because the waters are so muddied. But yeah, you're absolutely right (typing that phrase now makes me feel like an LLM).
RandomBacon · 2h ago
It seems like those are very easy terms to follow, that he agreed to.
If someone who did some serious stuff, couldn't follow easy terms, it is cause for concern.
toast0 · 1h ago
Parole terms aren't usually up for negotiation. It's generally parole or stay in prison. You can agree to the terms offered, but it's a coercive agreement, so I wouldn't put much weight on the parolees agreement. That said, I agree the terms seem reasonable.
But even if you stay in prison for your full term, you're likely to have supervised release which has similar terms.
pjc50 · 1h ago
I'm reasonably anti-carcerial, but he did actually commit a crime, and one of the conditions of release from that crime was agreeing not to do those things - that's what probation means - an agreement he promptly broke.
There has to be some penalty for noncompliance or you get more of it.
arp242 · 1h ago
He used encrypted services to commit a bunch of crimes. He was then released on the condition that he would no longer use the encrypted services that he used to commit the crimes with. He then lied and used those encrypted services anyway. It's really that simple.
I am absolutely NOT a fan of "tough on crime" type stuff. By and large I feel the US criminal justice system is an inhumane cruel monstrosity. But the conditions were not all that unreasonable (except the weed stuff) and all of this smells of bad faith on the part of this couple.
Summary: He was logged doing a search for the "North American Man/Boy Love Association", and then after downloaded some kind of VM access/TOR software the logging ended.
I'm surprised this isn't mentioned much here, there's a lot of reddit comments that picked up on this and the OP (self-identified as the wife) isn't replying to any, only the ones that fit her story.
The OP here also downplays a lot of what the husband did. He was on probation from DDOSing and then physically damaging company equipment after he was fired. Then on probation from that he smoked weed, ghosted his probation officer, broke the terms.
jMyles · 1h ago
Well of course. So try him on that.
1970-01-01 · 2h ago
It's very important to get the official source on this one. Husband was legally restricted and being monitored by the FBI, so he decided to go install a VM to bypass the monitoring. It's not so much bravery against authority as it is hubris that got him 3 years.
Yeah, that is a significantly more damning then what was given by his wife on Reddit. While SPICE is a normal means to interact with VMs, the defense couldn't offer any legitimate reason for him to be using one. They didn't even make an attempt to. They only established that the monitoring company couldn't say for certain that it was used explicitly to bypass the monitoring.
Also that it occurred right after the search mentioned on Page 28. It's a really bad look.
NotMichaelBay · 1h ago
Since it seems to have been glossed over in the court transcript, can anyone explain how exactly a VM or client for remote VM could be used to bypass the monitoring?
Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?
nusl · 55m ago
A VM would bypass monitoring software installed on devices the person uses. A VPN would obscure their traffic such that it is encrypted and not easily monitored. Even something like SSH is encrypted and not straight-forward to monitor, so a VPN isn't required to do this anyway.
A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.
User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access
^ Monitoring is here, but may not capture the rest of the chain
Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.
There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.
rnhmjoj · 6m ago
> A VM would bypass monitoring software installed on devices the person uses.
Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.
NotMichaelBay · 40m ago
Okay, that makes sense. But the monitoring software should capture the connection request to the VPN or Remote VM?
Almondsetat · 53m ago
Monitoring software installed at the OS level can monitor both traffic and what applications generate it. But if the traffic is coming from a VM, it can only do the former.
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
AlgebraFox · 1h ago
To those who say TOR, VPN, Signal, GrapheneOS or <replace with any privacy tool> is dead, we should use more of them not less. Today privacy became crime because the tech crowd (including many in HN community) ignored slow eradication of our fundamental freedom by evil companies like Apple (Yes, Apple. Don't forget they worked with NSA.) and Google. If crowd like HN is seduced by new AI enhanced, costly and locked phones, then how can a regular citizen understand freedom or privacy?
Freedom is being taken away by govt, because we are making choices that surrender it.
a2tech · 3h ago
I don’t know if you watched those videos but even if he did commit a crime the marshals are way way over the line when they arrest him.
pluc · 1h ago
That's par for the course in America
lokar · 1h ago
Law enforcement is the US is trained to use (often rapidly) increasing force to compel compliance. They are trained that this is the only way to keep themselves and partners safe.
bmn__ · 23m ago
Proportionality is law on the book. Throw enough LEO who violate this into prison, the problem solves itself over night.
int_19h · 55m ago
Look up "killology" for more on this.
yellow_lead · 2h ago
I've seen this other cases like this.
1. The fbi asks you to be an informant or "cooperate" with an investigation in some way.
2. If you refuse, they investigate you, and basically throw the book at you.
potato3732842 · 2h ago
Every government agency works this way to the extent that they are able to.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
juujian · 2h ago
Well, it's punching down. If you are a big corporation or otherwise have the means to fight back, you don't have much to fear.
bryanrasmussen · 2h ago
people talk a lot about how much they're against punching down, but I don't actually see that many people itching to take on Dwayne Johnson. The fact is for humans and organizations who are punching, punching down is generally their preferred method.
incone123 · 2h ago
The man who is the subject of the original post did indeed take on the FBI, who have then given him a figurative and possibly literal good kicking.
pkilgore · 1h ago
The problem with the CFAA is that it is so (IMO unconstitutionally) broad it is feasible that _every American_ has arguably violated it in some way, completely accidentally.
Thus, every time we see a CFAA charge we have to ask ourselves: "Is this an abuse of power?".
We should have better, clearer laws.
thrownawayfbi · 2h ago
I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration. I've had a five years probation in the past for what the FBI argued that I "hacked" some company from changing the URL in specific ways, not to mention the "clear hacking tools" I had installed in my computer, e.g CCleaner. You know something is wrong when you literally have 98% chance of losing in court against the FBI. They are corrupt and incompetent.
rdtsc · 2h ago
> I can attest as a personal experience in the past that this kind of behavior is not uncommon with feds, and has happened even before the current administration
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person is stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
Aurornis · 1h ago
The wife’s description of the charges is not honest. See all of the other comments which revealed a much longer list of offenses he committed.
The Reddit post is an attempt to garner sympathy by leaving out all of the actual crimes committed.
rdtsc · 1h ago
> The wife’s description of the charges is not honest. See all of the other comments which revealed a much longer list of offenses he committed.
Yeah, good point. That happens sometimes. It's sad, people just see reddit as sort of a platform of gullible people. I was just pointing out reddit's reaction, mainly.
Then my other reply was in reply to GP's own story ("clear hacking tools" = CCleaner).
alberth · 2h ago
I know this won’t be popular to say, but “guilt by association” is a real thing.
Unfortunately, Tor carries a negative connotation tied to criminal activity.
And if you're operating (like this individual) something that is perceived to be criminal in nature, you're bound to be a target by law enforcement.
Note: I'm not stating whether or not what happened to this individual is right/wrong. But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
Bjartr · 2h ago
Guilt by association is much more a social construct, than a legal one.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
coffeecantcode · 2h ago
From my understanding, guilt by association is quite valid legally when it comes to Tor exit nodes, due to the fact that other people’s traffic appears as your traffic.
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
nashashmi · 2h ago
Guilt by association: if a group of three approaches another in a confrontation, and one person punches another then would all three be seen as violent?
cestith · 1h ago
Limits on association and limits on technology use are standard fare when on probation for a felony CFAA conviction.
psychoslave · 1h ago
>Guilt by association is much more a social construct, than a legal one.
Turning this sentence up and down, and still fail to get what it tries to convey. Law is social construct per definition, isn’t it?
>It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system.
No? Like, at best it is just going to pretend to be so. Then it’s actually all ruled by ambitious sociopath manipulators that take The Prince as bedtime reading, either right from the start or as soon as they can unleash their master plan.
Can anyone point to any jurisdiction in the world which puts equal duties and rights with actual associated material/logistical means on every single citizen? If no, we might be free to conclude that justice and equality are words on frontispiece of the theater, not how the leviathan is planning to actually process.
All that said, not everyone is Aaron Schwartz. Even supposing it’s only to maintain the façade, institutions do also have to act against some criminal outside of their own ruling castes.
maz1b · 2h ago
By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
Just wanted to understand your point.
alberth · 22m ago
There's a big difference between being the user of something (Pixel/GrapheneOS, though I find these as weird comparisons given) and being an operator of something.
Operating an exit node is by definition you acting in the distribution of such activity (legal or not).
IlikeKitties · 2h ago
> By this logic, anyone who has had a Google Pixel and or is running GrapheneOS is guilty by association, right?
The source for that article was a single cop in a single country (Spain) making an off-handed comment. The way it’s been spun as a universal concept in Europe by all of the Android blogs is misleading.
axus · 2h ago
Would you predict that GrapheneOS will still be completely legal in 10 years in Spain?
Aurornis · 1h ago
Yes. I think that one comment was a flash in the pan about a particular moment in time from an officer involved in a very specific type of drug trafficking prosecutions.
potato3732842 · 2h ago
The part that should really enrage you is the way people will selectively understand this based on whether they agree or disagree with the context.
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
But when they do it to a tor node it's bad.
therealpygon · 2h ago
Pretty sure the questions start and end with “was it illegal”.
nobody9999 · 1h ago
>Pretty sure the questions start and end with “was it illegal”.
Disclaimer: I don't have any skin in this game or association with any government, any law enforcement agency, nor do I know the person discussed or (at least as far as I know) anyone who knows that person. And IANAL.
IIUC (and I may not), the guy was on probation[0], which is release from or in lieu of prison.
If someone is on probation, they are still under the authority of the (in this case Federal) judicial/prison authority which sentenced them.
It is (whether you think it's right or not) normal for restrictions to be placed upon those on probation, including random drug tests, restrictions on certain types of behavior (this is often related to the crime(s) for which they've been convicted).
Often, this also provides for warrantless searches and other privacy-invading stuff as part of the probation agreement. I'd note that (again, IIUC) that the convicted person must agree to the terms of probation or they will have to go to (or not be released from) prison to serve their (remaining) sentence.
Violation of the terms of probation (as is clearly defined in probation agreements) may result in imprisonment to complete the sentence imposed by the court after trial or (as it was in this case) a plea bargain.
I am unfamiliar with the case at hand, but sending someone to (or back to) prison for violating probation is the stick which (presumably) keeps people from re-offending and/or violating the terms of their probation, at least until they complete the term of probation.
As someone who works in this industry: we do ECU modification and repair and as such, have regular contact with the EPA. Our products all align with all required emissions regulation and testing, which is why we're allowed to continue selling them. If the EPA says jump, we ask how high.
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
potato3732842 · 2h ago
You, you are an instance of the problem.
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Chris2048 · 11m ago
> gets whacked for running a tor node.
'whacked' usually means killed. This guy was neither killed, nor jailed for 'running a tor node', but a bunch of more specifically bad, illegal shit that it would be misleading to describe this way.
The same way as describing destroying a bunch of an ex-employers data on-site causing thousands in loss is not a "workplace dispute".
> these are outcomes that nobody wants
which outcomes? these are outcomes no-one wants, but you've yet to prove they happen. It takes a lot of time to properly go through case details to determine abuse, it seems like you are very casually throwing around accusations.
> You might as well compare...
Why? they comply with the law, why does that make them 'big'? I'm sure the FBI has plenty resources to go after them, in fact, they have more to lose.
The 'one man shop' needs to comply with the law, however big or small they are.
> Who is law enforcement gonna try and abuse?
abuse? this guy says no-onw is kicking his door down, have you proof it changes for smaller setups?
they go after whoever they think is breaking the law, and not complying (providing relevant licences, proof of testing) flags you for that. Are you suggesting the small guy should fly under the radar?
ToucanLoucan · 1h ago
> For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
I am not defending at all the actions of the FBI. The FBI/CIA/NSA are overzealous law enforcement serving the will of colonial capitalism. Their history of targeting whistleblowers, activists, and technologists; like, for example, the guy running a Tor node; is well documented and deeply problematic. That same machinery has also been deployed against environmental activists, which makes the irony even more bitter that it's being cited here.
I'm defending the EPA, which in contrast, works with numerous industries, including ours, to benefit society as a whole.
The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
> "It is difficult to get a man to understand something, when his salary depends on his not understanding it"
Completely backwards. There is a LOT of money to be made circumventing emissions regulations, which is why almost every OEM has been caught with their hands in that particular cookie jar, either fingernail or wrist deep.
We COST ourselves money locking up those features because we agree with the regulations in place.
> A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Reactionary movements have existed for every time the Government says don't do anything since time immemorial. There is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten. The fact that they occasionally have a point is nothing but statistical likelihood; if you constantly say "no" to everything, by sheer chance, you will occasionally say no to something bad.
atmosx · 2h ago
Context plays a crucial role, especially within the Judeo-Christian tradition. So much so that it serves as a foundation for the design of the modern legal system.
s5300 · 2h ago
>> But this should be a cautionary warning of what might also happen anyone if you associate with things that are perceived as criminal in nature.
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what.
Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
No comments yet
s_dev · 2h ago
>But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
ahmeneeroe-v2 · 2h ago
> current elected US president wasn't a convicted rapist
Wow did this just happen today? I can't find anything about it online
/s
cestith · 1h ago
Found civilly liable, not criminally convicted.
ksynwa · 3h ago
In my land of the free? No way.
pluc · 1h ago
The stars are asterisks.
podgorniy · 2h ago
Some are free. Some are not. __Like in good old times__
NoImmatureAdHom · 2h ago
The guy did bad things and got caught. The ridiculous wife's perspective doesn't include that he e.g. DDOS'd an employer.
firesteelrain · 1h ago
Your comment and the highest voted one so far are sobering perspectives. I had a feeling there was more to the story
lotsofpulp · 2h ago
And home of the brave.
StopDisinfo910 · 2h ago
Based on the 2019 court transcript linked in the post, the reason for keeping him in jail during the pretrial are a lot more reasonable than how this is framed in his wife's post.
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. They argue that he has the knowledge and mean to circumvent the monitoring he agreed to and his pattern of actions indicate he is likely to do so if left free. A huge part of the argument lies on him having agreed to voluntarily participate in his own monitoring. The CFAA charge seems to be sealed but I'm far from convinced it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I would read the post with a huge grain of salt.
dvrj101 · 3h ago
they are trying to set precedent. This can kill TOR or other privacy related services in USA easily in current environment.
antonymoose · 2h ago
Several years prior I had a coworker get arrested on CSAM charges because, you guessed it, he ran an Tor exit node.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
Aurornis · 2h ago
> This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
pjc50 · 1h ago
If you run a Tor exit node, it is quite possible that you will end up downloading things on behalf of other people. CSAM carries strict liability charges.
Anonyneko · 2h ago
Reminds me of a similar case against Dmitry Bogatov in Russia in 2017, it was a big deal back in the day (though of course times have drastically changed and now something like this wouldn't even appear in the news over there).
nikanj · 2h ago
That's not the key precedent they are setting. They are working on a much more important case: Making the population understand that disobedience will result in punishment
cbg0 · 2h ago
Isn't this the goal of most laws?
nikanj · 2h ago
The goal of the laws is that you have to obey the laws. Here the case is that you have to obey the people holding the badges.
potato3732842 · 2h ago
There's plenty of laws they write that they know the population can't reasonably comply with and give the government discretionary power to screw people. And then there's more laws that just give the government enforcement arm discretionary power to choose whether the law is applicable or exercise unilateral judgement regarding whether compliance is satisfactory.
Your local zoning code is probably chock full of them. And if not there then your local stormwater/runoff rules probably have a bunch of examples too.
Federal stuff is much more highly litigated so you don't see as much of it there. State is a middle ground.
gryfft · 3h ago
You can beat the rap, but you can't beat the ride
rich_sasha · 2h ago
I certainly sympathise, but actually don't find it at all surprising.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
klibertp · 15m ago
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head
Out of curiosity, how does this work? If I claim I don't remember a particular password that I (provably) didn't enter for the past X months, how does the court force me to recall it? With an $8 wrench? Wouldn't that be cruel (if not unusual) punishment?
mapontosevenths · 2h ago
> You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
rich_sasha · 1h ago
Why would breaking the privacy of Tor users be self-incriminating? If anything, surely it's the evidence of innocence - whatever unsavoury websites were visited via the Tor node were Tor users, not this guy.
jrecyclebin · 2h ago
Idk the punishment just doesn't match the crime. Can't they just confiscate the computer? Or pressure the ISP to cancel his account? Tbh I get that the Feds are going route around and through anything that stands in their way.
Instead we're left up to state thuggery.
ranger_danger · 1h ago
Conveniently left out from the wife's story is the husband's corporate sabotage, FBI monitoring circumvention, CSAM searches and many parole violations.
3 years sounds about right to me.
NoImmatureAdHom · 2h ago
In the U.S. and much of the rest of the civilized world, you have rights. This includes the right to not self-incriminate (in the U.S. that's the 5th amendment). In general, except for very specific and limited circumstances, U.S. state and federal government actors cannot compel speech (telling your encryption keys is compelled speech).
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
jansper39 · 1h ago
I just saw that president Trump is thinking about prescribing 'Antifa' as a terrorist organisation and saying that he's 'not sure' their 1st amendment rights should apply.
I'd be a little more concerned about the state of US at this point.
gampleman · 1h ago
We've already done that in the UK with a certain pro-palestine organization.
axus · 2h ago
A good example of why people support smaller government.
altacc · 2h ago
As evidenced by recent developments, smaller government these days seems to mean less controls for businesses and the government but many more controls on citizens.
lenwood · 2h ago
I know very little about cybersecurity, but my understand of TOR is that a node host wouldn't be able to offer much about the traffic coming across their server(s). The packages are encrypted and there is no entry or destination info, so he may be able to say how much traffic was coming across, but what else could he possibly know? Info on other nodes?
red-iron-pine · 1h ago
the Bureau can't see the traffic but they have keyloggers on all of his systems. He tried bypassing them with Spice but failed and otherwise got logged getting onto Tor and searching for dubious things
ltbarcly3 · 15m ago
This is just extremely one sided. He intentionally sabotaged his ex employers computer systems, was hired to fix them, was caught as the original cause of the problem, fired again, then used a back door to take down their systems again. He plead guilty to this in 2014.
He was on probation and required to use monitoring software as a condition of being let out of jail early, he had a secret iphone he used to access the internet that was not monitored, so his probation was revoked. He wasn't arrested again, his probation was revoked.
The wife's account focuses on a ton of irrelevant details, the above is sufficient to explain the entire situation.
nashashmi · 2h ago
Since when did private monitoring on private property become de facto right for government to surveil? That is like saying if you have a car or computer the govt has a right to use it when they want to.
k__ · 58m ago
Could Tails saved him?
OutOfHere · 1h ago
Running a Tor exit node in the US is very risky for obvious reasons, and if doing so, it's just a matter of time before the operator gets to see the unfriendly side of the feds. Heck, even running a torrent node serving copyrighted movies/shows/music is too risky in the US. If you want to do these things while having a sane life, at least host them abroad, and anonymously.
tamimio · 2h ago
Oh boy, wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors. Great times ahead!
s5300 · 2h ago
>> wait until Palantir makes a unified database of everyone, they won't even need to have a previous offense, they can make one based on all the collected information or even based on your behaviors.
Well, I hear that if you make being gay a crime again, you cut off the head of palantir.
resters · 2h ago
Prayer can do amazing things, including curing homosexuality. See Thiel's exploration of the "Antichrist".
I remember when I used to think Thiel had libertarian values!
bilekas · 2h ago
> Prayer can do amazing things, including curing homosexuality.
Money can do a lot more things, including inducing hypocrisy, double standardism and blindness.
throwaway234798 · 2h ago
Taking OP at her word, this is a horrific tale of extra-judicial abuse of an individual for refusing to cooperate with the DoJ on a matter of digital privacy. The OP wants story amplification, but to what end? The DoJ, controlled by Trump and Pam Bondi, probably think this person is getting away lightly with only a severe head wound and a comfy 3-year stay in county jail. A trial isn't necessary cops know who's bad, after all. There is already so much outrage directed at them about many other, larger scale issues, that they not only don't bend to but seem to actively feed off of it. I'm sorry to sound so hopeless, but no, there is no hope that someone elected specifically for his lack of empathy, lack of respect for rule-of-law and lack of self-restraint would ever be swayed by this story, no matter how much it is amplified. Your best bet is to fabricate a story that your husband is a fervent Trump supporter being unfairly targeted by rogue, Biden-loving elements of the FBI and an Obama appointed district judge.
We voted for this, the time to fix the problem was last November, and now we have to live with the results. It's also why I, and anyone else who values their freedom, their career, their family, needs to post such sentiment anonymously. It is NOT safe to criticize this administration.
oliver-rock · 2h ago
I understand where you are coming from but I think that it is not always helpful to place everything on one administration. Calls for unity and a strengthening of the rule of law are what matter. Trump will be in for 4 years whether you like it or not, the long term protection of the rule of law should be highest priority and this case shows how it has been eroded over the last few years.
IlikeKitties · 2h ago
> needs to post such sentiment anonymously
This will become practically impossible very soon if it isn't already.
major505 · 1h ago
Insert joke about federal agents shooting dogs...
ransom1538 · 3h ago
"CFAA offense"
You can catch one of these by logging into your moms netflix account.
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
Aurornis · 3h ago
If you steal your mom’s password without consent and she argues that you accessed information on the account that you were not authorized to see, maybe.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
smallerize · 3h ago
No, it's about logging in to someone else's account against the Netflix ToS. Netflix doesn't want you to access their computer systems that way.
bilekas · 2h ago
> However the quote on its own is not necessarily true without further qualifications as mentioned above.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Nuance will be ignored when it suits them.
unethical_ban · 3h ago
3 years of pretrial detention for anything less than blowing up a building should be enough to enrage anyone. Even then, the legal system would be a failure.
How is 3 years pretrial not blatantly unconstitutional and thrown out immediately?
New Yorkers spend an average of 10 months in pretrial detention. This kind of abuse is routine in the American system, and by and large Americans want it that way for their usual reasons about "crime".
baggachipz · 2h ago
Ah, you must be new here. All kidding aside, the "Global War on Terror" was the impetus for all of the surveillance and associated persecution of innocents without due process. Always disappointed, never surprised.
praptak · 2h ago
And the Global War on Terror wasn't even the first American War on Due Process. Remember the War on Drugs? It is mostly forgotten but the civil forfeiture remains as its legacy.
77pt77 · 2h ago
You've had people in jail for over a decade at the judge's discretion because the judge didn't believe them.
Extremely worrying precedent if true. I'm frankly surprised there aren't any documented cases of this happening to Tor,I2P,Wireguard etc developers.
bgwalter · 2h ago
So they got him on a minor CFFA charge. Was anyone from Anthropic jailed for torrenting millions of books?
cestith · 1h ago
I agree on the massive automated copyright infringement. This case isn’t as minor as the guy’s wife would have us believe.
gosub100 · 1h ago
A "minor charge" of destroying his employer's network?
mrtksn · 2h ago
Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
I have no idea what this person was up to but this selective treatment(if true) smells very bad. IIRC behind the release of Ross there was some libertarian NGO or something, maybe contact them?
pjc50 · 1h ago
> This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
This didn't work out for SBF, but you can clearly see this process being set up for other people.
34679 · 2h ago
>there was some libertarian NGO
That was the National Libertarian Party and the party chair was forced to resign in disgrace shortly after, due to accusations of kickbacks and embezzlement.
The pardon was specifically a campaign promise to libertarians, and likely little more than that.
Even if this Administration is friendly to Tor (which I doubt), the FBI is a very large organization and installing a new head doesn't magically make current caseload at the agent level go away. There are still Biden-era and even Trump v1 era investigations likely still open and active there.
palmotea · 2h ago
> Interesting, Trump administration pardoned Ross William Ulbricht who run drug dealing business specifically because it was done behind Tor using cryptocurrency. So this was a one off?
Didn't Ulbricht get pardoned for being a hero of the cryptocurrency-bros, as kind of a deal to get support from the Libertarians in the election? I think he was a one-off, or at least part of a small category that doesn't extend to cryptography and privacy idealists.
mrtksn · 2h ago
Right, I was hoping that this will set some kind of precedent for legitimizing Tor.
gosub100 · 1h ago
He still did a decade in the slammer. I think his sentence was excessive, since he never directly harmed anyone.
romanovcode · 3h ago
> Months later, the government arrested him. Their official reason? A minor, non-violent CFAA charge from an old workplace dispute that had nothing to do with Tor.
This is exactly the argument for privacy to people who say "I have nothing to hide". Authoritative governments will always find a reason to dig something up and the less privacy you have the easier it will be.
As a side note it sickening to see USA government doing this arrest straight out of gestapo/kgb playbook.
77pt77 · 2h ago
Privacy is not a deterrent to that.
The state does what it wants and in the end it doesn't even need an excuse.
An excuse is a nice to have, but that's it.
potato3732842 · 2h ago
>The state does what it wants and in the end it doesn;t even need an excuse.
It doesn't need an excuse because people let it not need an excuse.
Every idiot, even on HN, heck, particularly on HN and other places where demographic factors result most never having been the target of government or think that they would be, is perfectly fine with it when the government behaves this way in pursuit of things they agree with. And so the only people complaining about any one government abuse are the small minority that care all the time plus whatever group care about the specific issue.
If people would stop being two faced snakes and have some principals and stand by them the problem would decrease on its own. But that's like saying "just go as fast as light", it's not a tractable problem.
77pt77 · 2h ago
The state has more power and therefore does what it wants.
Anything other than that is just wishful thinking.
IlikeKitties · 2h ago
> This is exactly the argument for privacy to people who say "I have nothing to hide"
People who say this will not be swayed by any argument. What they are really saying is "I don't want to think about this".
There's a truth I've come to accept in recent times: The vast majority of people are not able to extrapolate from their immediate personal situation. If they are not effected by something right now in a way they personally feel, they do not and will never care.
Once you accept that fact, so many things make so much more sense in this world. The whole MAGA movement explains itself, the complete disregard of climate change or even local environmental issues make sense and the complete ignorance of privacy issues. The only way to sway these people is when they are personally affected. So consider this Truth the next time you find out a service has been collecting private information in an unsecured S3 Bucket.
potatototoo99 · 3h ago
Just another day in the police state.
macawfish · 3h ago
It's unsettling how quickly things are escalating.
falcor84 · 3h ago
Indeed, these past few years have really recontextualized The Handmaid's Tale for me from an alternative history fantasy to an almost run of the mill "20 minutes into the future" fiction.
cestith · 1h ago
Atwood didn’t write it as a possible dystopian future. Every facet of the story takes place somewhere in the world right now. She has pointed this out herself on social media.
y-curious · 2h ago
I'm not sure this has anything to do with the current president. This type of cowboy judge shit has been happening for decades, we just rarely hear about it.
croes · 2h ago
He is also a former President
potato3732842 · 3h ago
Quickly? They've been doing this stuff to anyone that dares cross them for as long as I've been alive.
encrux · 2h ago
Nothing about this was quick. 2015 was the first time we had an increase in authoritarianism in the public debate.
Project 2025 was announced in 2023.
bigfishrunning · 1h ago
The patriot act was a pretty major increase in authoritarianism in 2001. We've been on this particular slippery slope since the start of the cold war.
macawfish · 1h ago
Fair point. Just noting that we're in the middle of a blitz.
eulgro · 3h ago
We all commit three felonies a day.
kilroy123 · 2h ago
This is exactly right. At any given time, the feds or government could come after you and find _something_ to charge you with.
I don't normally agree with this man, but he is dead right. There are too many fucking laws.
Georg Felonies with his 342,034,432 daily felonies is an outlier and should never have been counted.
criddell · 2h ago
What are the most common felonies committed by average people going about their lives?
xqcgrek2 · 2h ago
If anyone here has investments in US dollar denominated assets, move them out of the country. The US is entering a death spiral.
kilroy123 · 2h ago
I left the US 10 years ago when Obama was still president. It's been obvious to me that we've been in decline for decades. The state of the US is not surprising to me. It is however still shocking and sad to see.
This is unbelievable!
How in the world! Why they do that ?!
Because the police were frustrated????!
tamimio · 2h ago
You clearly never seen police dashcam videos in the US. Besides the corruption and stops for "hunt missions", a lot of times it's simply because you shattered their ego, even with a simple laugh: https://youtube.com/watch?v=NqJdt9_1XSw
resters · 2h ago
Dashcam videos show cops abusing power and being on a power trip in various ways, some mildly annoying and some outrageous.
This is also why mobile phone camera tech led to BLM as more and more people became aware of how police act when they think nobody is watching.
righthand · 2h ago
Mobile tech didn’t lead to Black Lives Matter. What even are you saying? People were recording the police way back during the Fergusson Mo protests.
resters · 2h ago
I think you are being sarcastic, but in case you weren't, in 2014 60% of adults in the US owned a smartphone, so my point stands. Videos of police misconduct were already widespread before that. Someone took video of the killing of Eric Garner, etc.
cestith · 1h ago
Do you think Michael Brown and the Ferguson protests didn’t contribute to the BLM movement?
1. Admitting to using cannabis during supervised release
2. Failing to make scheduled restitution payments and to cooperate with the financial investigation that sets restitution payment amounts.
3. Falling out of contact with his probation officer, who attempted home visits to find him.
4. Opening several new lines of credit.
5. Using an unauthorized iPhone (all his Internet devices apparently have keyloggers as a condition of his release).
These read like kind of standard parole terms? I don't know what the hell happened to get him into this situation in the first place, though.
Back in 2014, Rockenhaus worked for a travel booking company. He was fired. He used stale VPN access to connect back to the company's infrastructure, and then detached a SCSI LUN from the server cluster, crashing it. The company, not knowing he was involved, retained him to help diagnose and fix the problem. During the investigation, the company figured out he caused the crash, and terminated him again. He then somehow gained access to their disaster recovery facility and physically fucked up a bunch of servers. They were down a total of about 30 days and incurred $500k in losses.
(He plead this case out, so these are I guess uncontested claims).
In a technical sense, this may be true as part of the plea agreement.
In reality, a lot of plea deals are made because of various factors, which unfortunately is often not that the person accused is guilty, rather the risk of going to trial or especially the cost of going to trial is too large.
That said, in this particular case, the hard evidence suggests that indeed, the person accused committed the crimes they pleaded out for
We also know from prosecutions in other statutes that the government will often prosecute a a broad crime with many separate sub-definitions of the various way you can break it, then refuse to tell you under which sub-definition you're being charged, meaning you have no way to know if the jury even were unanimously convicting for the same thing and no way to know what you're even defending against.
Interestingly, Rockenhaus's isn't --- it's more or less exactly the circumstance foreseen by the authors of CFAA, who believed that even though existing law covered most hacking-type scenarios, they didn't form a clear basis for felony charges for purely destructive computer abuse.
Being angry at the CFAA is one thing, but this case has no relation to modifying a simple GET request.
Could you give some examples of this?
Navy sailor was convicted of possessing machine guns and destructive devices.
The ATF for example put back together de-milled RPGs, which could be a destructive device
However the statute says the following:
The ATF took his demilled RPG, put another gun (owned by the ATF) inside of it, then fired it to prove it had a bore over 0.5 inch capable of expelling projectile.But the state didn't tell him under what definition he was charged, so they didn't know if they were defending against the collection of parts the ATF took (falls under 3), or against the weapon the ATF claimed it was after they put the parts together (which falls under 2).
For what it's worth, I think this is the government's response to the argument you raise (on page 22 of the response brief, PDF page 30):
> Section 5845, captioned “[d]efinitions,” is a definitional provision, not a criminal prohibition. As relevant here, § 5845(b) defines the term “machinegun,” and § 5845(f) defines the term “destructive device.” These definitions do not create additional elements of the offenses charged under §§ 5861(d) and 922(o). Therefore, the government was not required to charge the applicable definition(s) in the indictment. See, e.g., Robbins, 476 F.2d at 30 (holding that an indictment under § 5861(d) need not refer to the definitions in § 5845 to “fairly notify a defendant of the charge against him”); United States v. Hoover, 635 F. Supp. 3d 1305, 1316 (M.D. Fla. 2022) (rejecting the argument that the government “was required to plead the specific facts supporting its contention that the [firearms] at issue fall within the definition of a machinegun”); cf. United States v. Pennington, 168 F.3d 1060, 1065 (8th Cir. 1999) (“The indictment’s failure to cite [18 U.S.C.] § 1346, a definitional provision, and to use its specific term, ‘honest’ services, does not mean no crime was charged.”).
And defendant's response, page 5:
> The question is whether the indictment “fully, directly, and expressly, without any uncertainty or ambiguity, set forth all the elements necessary to constitute the offence intended to be punished” and whether the indictment complied “with the necessity of alleging in the indictment all the facts necessary to bring the case” within the intent of the statute. United States v. Carll, 105 U.S. 611 (1881) (emphasis added). The government’s failure to give any specificity in the indictment cannot be remedied by wriggling as to whether the missing information can be considered an “element” or not. Even if the government were correct that the particular definition (or definitions) the prosecution is proceeding under does not change “elements,” it changes the “facts” underlying the scope of the statute.
I have no idea who is correct legally, and since oral arguments appear to have been held a few days ago I suppose I'll have to wait to see who is right.
What are you getting at?
If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
Considering he was convicted in another jurisdiction, and they can retry him in the 'right' one, why wouldn't a reasonable person anticipate that might happen?
I don't think Weev is living in Ukraine/Transnistria to practice his Slavic languages.
And the reason why I brought up it was overturned, was because I knew someone would mention his case was vacated, and I wanted to make clear it wasn't vacated because there was something improper found about the legal question of the CFAA.
I think that the type of person that excels at software development would also excel at lawyering. But they should probably go to law school and pay attention in class.
No comments yet
> What are you getting at?
> If an appeals court says “wrong jurisdiction”, that’s an “rm -rf” on the whole entire case. There’s nothing left to argue about.
I think your parent comment meant something like "the case wasn't overturned on the basis of deficiencies in the legal theory of the crime."
https://www.w3schools.com/tags/ref_httpmethods.asp
Don't fuck with other people's shit if they don't want you to.
I seem to remember cases or interpretations of the CFAA in which even guessing the username password combo of "admin:admin" would violate the act, resulting in teenagers or children being caught up in cYbEr FrAuD
To continue the garage door analogy, you wouldn't walk up to any random garage door and try code 12345 to help protect the owner's stuff, would you?
Which raises sincere doubts about the commenter's credibility to make such a claim.
But CFAA charges should, and this is the issue a lot of people have with them afaict, have a sliding scale for premeditation though.
If I knock on a door, it swings open, and I walk inside and steal something, then imho there should be a lesser maximum charge for possessing burglary tools than if I show up with a lock gun, crowbar, and concrete saw.
A lot of the CFAA excesses are maximum penalties from the CFAA being thrown at people using minimally sophisticated / premeditated methods, in addition to charges about the underlying crime.
That doesn't seem just or fair.
In practice it's turned into an if(computer){increase maximum penalty} clause, solely at the government's discretion.
I think intent probably matters a lot more than the technicality of how you succeeded.
As far as I am concerned, I am allowed to send any traffic I wish to public-facing hosts, and if they respond with content that the owners would not wish me to see, I have no responsibility to refrain. The only traffic I am not permitted to send are credentials I am not authorized to use (this would include password guessing, because if I manage to guess correctly, I was still not permitted to use it).
So which was it?
I am still permitted to do this. None of the details of this case give me the impression that they're using CFAA in such a way as to offend my sensibilities. Sounds like he sabotaged a former employer and caused hundreds of thousands in (tort not physical) damages. I guessed the urls for some issuu.com links that aren't available in search, and downloaded the page images to make a pdf. I was never prompted for a password. Arrest me, I'm a notorious hacker.
Shutting down the server (you solely maintained) before leaving would be "minor" to me... intentionally causing damage, earning money from that, getting caught, and again causing physical damage.. that's pretty "major" to me.
Warrants (in the US anyway) require reasonable belief that the crimes listed were committed.
They don't have to be right, mind you (after all, that's what trial is for), they just need reasonable belief.
They also can't recklessly disregard the truth (IE deliberately write lies they know are wrong).
Again, it's okay for them to be wrong about their belief. It's just not okay to know they are wrong and write it anyway.
Here, reading the warrant, etc, there is nothing obviously fraudulent here.
Perhaps it is, of course, but i read everything i could find and it's completely non-obvious which part of the warrant is supposed to be fraudulent.
Even the sort of retaliation claim made here is strange - Arresting you when you appear to actually hvae broken the law is generally only considered retaliation if (among other things) the enforcement of the law is uneven - IE targeted at you and nobody else.
Given the arrest was for a parole violation and they arrest parole violations like this all the time, ....
Like if you are at a traffic stop becuase you ran a red light, call a cop an asshole, and they arrest you because you have 50kg of cocaine bricks in your back seat, it's not retaliation.
Retaliation would be if you call a cop an asshole on facebook, and they come arrest you for violation of an 1825 law that hasn't been used against anyone in 200 years.
> The Origins of a Retaliatory Prosecution (Texas, 2019-2022)
> Early 2019: Conrad Rockenhaus, a supporter of free speech, runs Tor exit nodes used by journalists and activists. Federal agents demand he assist them in decrypting traffic; he repeatedly refuses, asserting his constitutional rights.
> The Coerced Confession: The case against him began when he was forced to confess to a non-violent CFAA (computer crime) offense while under the influence of prescribed painkillers and not lucid following a major surgery.
> The Pretextual Arrest: Just months before the 5-year statute of limitations was set to expire, the federal government arrests Conrad on the CFAA charge. The family alleges this was a pretext for his refusal to cooperate on the Tor matter.
[1] https://rockenhaus.com/press-kit/
My guess is that things would have gone substantially worse for this person had he taken that case to trial.
However, I suspected there was a lot more to this story when the original post buried the actual reason for the arrest several paragraphs down and tried to dismiss it as “minor”. Intentionally damaging a company’s infrastructure with an intent to disrupt their operations is a very serious charge. Not a “minor” disagreement with a former employer.
Then, if something breaks down the road, there’s no temptation for them to wonder if I had anything to do with that weird failure.
(And obviously, don’t freaking hack your ex employers! But also don’t even leave the impression that you could.)
Most big businesses are good about that, but I've helped a couple family members with their business' WordPress and just have standing access that I really don't want. They don't want to juggle activating/de-activating my account though, so /shrug.
This has never come up before, but it’s easy enough to be diligent about it.
Also: I keep a little paper notebook where I log the work I do for everyone, and occasionally have someone else sign and date it. It’s basically a cheap blockchain IRL. “How do you know you did this before you stopped doing work for them?” “Because the owner signed and dated the logbook after I did the work but before they hired the new IT person.”
I’m suuuuuper nitpicky about diligence in all this, for the protection of everyone involved, and especially me.
BTW, last time I posted stuff like this, someone thought I was treating this like an alibi: “ah ha! Now I can run amok and not get blamed for it!” No. Don’t do that, lest ye end up with a felony and permanent u employability. I just mean that when things inevitably break due to natural entropy, the first question is often of who had access, and you don’t ever want your name to be on that list.
4chan in 2010? Is this really ever even said anymore?
People take this to the extreme and think that their country is somehow a lawless hellscape where police are openly shooting innocent people, dragging them from cars for seemingly no reason etc... but those stories make the news precisely because it's not the norm.
This appears to be the earlier filing, but I'm not savvy enough to pull the underlying docs if indeed I can (where I am used to viewing PACER documents I get a permissions error): https://www.courtlistener.com/docket/66960649/united-states-...
(If you install the RECAP extension in your browser you can cache downloaded PACER docs and they will get linked from Courtlistener. Lay users can sign up for a PACER account and if you use less than $30 of document access charge per quarter it will be waived)
https://www.courtlistener.com/docket/16517474/united-states-...
Here's his plea: https://storage.courtlistener.com/recap/gov.uscourts.txed.19...
My recap is acting up a bit so I'll just copy/paste in case it doesn't grab docket entry 158 - the 'factual basis' for the plea:
1. That the defendant, Conrad Rockenhaus, who is entering a plea of guilty, is the same person charged in the Indictment;
2. That the defendant worked as a as a developer services manager, and later an infrastructure architect, for an online company providing travel booking and vacation services to customers (hereinafter, Victim Company );
3. That the defendant had access to and could control computer code located on Victim Company s servers throughout the country, including computer code that controlled business functions such as marketing, scheduling, and payment processing;
4. That on or about November 11, 2014, the defendant remotely accessed, without authorization, the Victim Company s servers from his residence in the Eastern District of Texas;
5. That on or about November 11, 2014, the defendant executed a computer code or command that shut down one of Victim Company s servers, which in turn caused several other Victim Company servers to crash;
6. That the defendant was retained by Victim Company to assist with the restoration of Victim Company’s servers;
7. That during the remediation efforts, the defendant, without authorization, disconnected Victim Company’s servers in Plano, Texas, in the Eastern District of Texas, causing further business disruption;
8. That the defendant’s actions cost Victim Company at least $242,775 in lost revenue and at least $321,858 in recovery and remediation costs.
I knew people like that, that where unnable to put their lifes togheter until they where fully medicated.
He also lied about using his computer, his wife told on him to his parole officer, according to the court documents.
He was on parole for DDOSing* a former employer...
*Ah, I see your update, guess it was less distributed and more direct denial of service with the physical destruction and all.
No comments yet
The wife makes a big deal about how one of the agents testified that Spice was an operating system, then she went on to falsely claim that it was merely a “graphic driver”. However, later in the in the transcript another agent corrected the error of the first agent and explained to the court that Spice was a means of accessing remote VMs, which could be used to circumvent monitoring software.
This combined with the fact that there was no internet activity subsequent to the software being downloaded is pretty damning evidence.
The chain would then appear to be: convicted of computer crime -> required computer monitoring software during supervision -> installed and used Tor -> supervision violation and revoked to prison.
1. Back in 2014 this person committed a pretty grave computer offense, which was not at the time prosecuted.
2. Some time after that, he became a high-profile Tor relay operator.
3. Some time after that, he was asked to subvert those Tor relays by the DOJ.
4. In 2019 he was prosecuted for the computer offenses, and convicted.
5. In 2021, he was released on parole.
(I think there's a long string of parole issues after that, and then)
6. In 2025 he was accused by the probation office of violating his parole in a bunch of ways and taken into custody.
On September 22nd, 2019, the monitoring software was downloaded. On September 23rd, Tor was installed. No internet activity was detected for the remainder of September or October by the monitoring software.
I don't believe that 2 or 3 come into play in terms of the parole violations (including the subverting of the monitoring software).
Seems like he was legally eligible to be arrested for a variety of reasons. The FBI is still not allowed to use fraudulent warrants to that end. The rule of law is no such thing unless it applies to everyone equally.
He violated 6 or 7 criminal things.
I'm on the civil rights and free speech maxxing side, but this was clearly a criminal in the act of actively criminaling.
The danger here is in crying wolf when this isn't a case of rights being violated for a non-perpetrator. This guy was willfully breaking laws left and right.
Don't cry wolf. We need that energy elsewhere.
https://0x0.st/KcyY.jpg
Only reason I know of it is from the thread at the time on HN.
My recommendation: ignore and swipe under the rug anything where KF is in play. Whatever it is, visibility feeds it.
Oftentimes, kiwifarms users directly harass or manipulate their targets to try to provoke more weird behavior, usually directly making the target's life worse in the process.
I can see why it's entertaining for folk (kind of like watching reality television), but overall it seems to have a pretty negative effect. And if you hang out there too long, it seems like you tend to lose human empathy.
Edit:
Reminds me a lot of the lives of people in this saga:
https://www.amazon.com/gp/aw/d/B01L8C4WBG/
The poor wife, “can you stop being a criminal for like, one month, please?”.
According to the court documents his crimes extended into “real life” as well, with intentional damage to his former employer to shut down their operations.
Cannabis is harmless and a lot of people use it as medicine, even if they think of it as recreational. "Oh I need it to relax." Then its an anti-anxiety drug, not a 'party' drug. Limiting this is just cruelty and an easy 'win' for LE. Same with justifying the slaying of Philando Castile and others (he had pot, or pot in his system, thus a criminal undeserving of rights or due process).
Once the federal government is onto you with a case like this, all your money is gone. Either to lawyers or your bank accounts are frozen and things like that. Failing to make payments is a feature, not a bug, in this system. I'm not going to tell everyone here how to live, but its ideal to have money that's squirreled away in a place hard to be frozen because tomorrow this can be any of us. You host a vpn on a vpn somewhere? Use tor? Said the wrong opinion online? Heaven knows, but the hammer falls on a lot of people and there's no mercy to it.
Lines of credit, again, fits in with the above. People need to feed themselves, pay rent, pay lawyers, etc. I've never been accused of a crime but I've done a lot of legal stuff in my life with lawyers and such, and everything about this system is unbelievably slow and expensive. It isn't like Hollywood portrays it at all. The money needed here is more than more people can muster just to remotely get a fair trial or deal. Especially when a lot of charges against you are 'stacked' if not entirely dishonest on the assumption of 'well, we're going to court anyway or making a deal so better add some nonsense on top for negotiation.' I can't find the cite, but I've read that if you get a federal arrest, you're looking at $1m starting to begin. How many of us here have $1m they can access, and even if you do, is it accessible if the feds freeze your accounts on 'suspicion?'
Probation stuff, who knows, but he was already being sieged by LE, so who knows what is happening here. There's no shortage of probation horror stories like one's officer cancelling at the last minute or changing location, and other things to guarantee missing meetings. And eventually you can break a man entirely and he'll stop being functional, and he'll fail at a lot of basic things. The stress here can trigger extreme mental illness. I'm a fairly delicate person and if this happened to me, the stress would entirely break me. I'd fall into deep depression. So there's complexity with "he missed x appointment" and "he missed x payment," that's worth exploring.
The government telling you that you can't use a computer of any kind without a keylogger is insane and should be fought entirely. Computers are like paper nowadays. "Everything you write and do should be sent to LE" is unacceptable. Computers arent optional anymore. Everything we do is computer or app based. Also we dont know his motivation for making a private vm or using an iphone. Keeping valuable information about himself from LE for example or hiding a medical condition or heaven knows what else. This is why privacy and speech and rights between you and your counsel are so protected but "We get all your computers" sidesteps many of those protections.
Yes, he's a criminal but he doesn't deserve to be treated like this. These, and his past, are simple white-collar crimes, but he got the bully treatment.
Yes these are 'standard' because they maximally oppress working class people (note very wealthy people just buy themselves out of the above) with the thin veneer of legitimacy. The wealthy, capital owning class, etc if arrested like this just shrug this stuff off usually, and uses its connections and wealth to get ideal terms, but nobodies like this have no chance. The federal government conviction rate is over 90% not because of merit, but because of this kind of bullying and dishonesty and oppression. Imagine if we were discussing near any other nation with a 90+ percent conviction rate, you'd balk and know its corrupt, but we're the same in this regard.
I wish digital culture was more liberal-libertarian like it used to be, than the hard-right turn its made in the past 15+ years. LE does not need a 'devil's advocate.' The accused do. I dont care if liberalizing the above makes more criminals get away with. I'd rather this guy go free, even if he's super guilty, than accept the above as acceptable in our justice system. All this for what's essentially mostly-harmless white collar crime.
Not to mention the incredible violence here for a non-violent crime. Armed LE more or less besieged his home. I'm not sure why people knee-jerk to defending any of this. I hope a new liberal-libertarian movement emerges in tech because I feel like we've lost our way.
If you don't like the terms of parole, you are permitted to refuse it and remain incarcerated for your full sentence, at which point you are release and there are no parole restrictions at all. Parole is "you agree to behave and they release you early". And "behaving" is whatever they want it to mean.
The sobriety violation was against his parole terms. People on parole are required to remain sober as drugs like cannabis impair judgement.
He agreed to the parole terms and then violated them.
Regardless, you could strike the cannabis part from this completely and it wouldn’t change anything. He has numerous other parole violations.
Page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
e: really? why am i downvoted for this
Who cares if he smoked weed or installed a VM or evaded a government keylogger? Those are all really shitty reasons to put someone in a cage, whether it's couched as "probation terms" or not.
Vandalizing your employer's infrastructure over a grudge is, I suggest, strong evidence of a major impulse control issue. It think it makes sense and is in the public interest, draconian as it is, that this person shouldn't be allowed to get high and have unmonitored internet access. The same place they've committed felonies before, on impulse.
Further context: his own defense lawyer filed a motion asking a court to find this guy mentally incompetent to stand trial,
https://www.govinfo.gov/app/details/USCOURTS-txed-4_19-cr-00...
Were he high on weed, maybe he'd not commit the felony in the first place. Yeah, banning him from alcohol is fine, from stimulants broadly - also OK, but weed? Honestly? How often, statistically speaking, does smoking weed make a person aggressive? While this person may be an outlier, without precise information on it, I'd say the ban on weed is as sensible as a ban on butter or relanium. If it doesn't serve any obvious purpose (like with alcohol: being drunk makes you do stupid things more often), then maybe it's really just a way of harassing this person?
Alcohol on the other hand mostly just knocks you out from doing anything too cerebral after you pass the ballmer peak. I say this as a person who prefers weed to alcohol 100x.
Isn't the reddit post doing the same thing by trying to imply he was jailed for running a TOR node when he was officially jailed for breaking parole terms? Even if they think those were just excuse to jail him, the refusal to acknowledge those details makes the account at least deceptive.
If someone who did some serious stuff, couldn't follow easy terms, it is cause for concern.
But even if you stay in prison for your full term, you're likely to have supervised release which has similar terms.
There has to be some penalty for noncompliance or you get more of it.
I am absolutely NOT a fan of "tough on crime" type stuff. By and large I feel the US criminal justice system is an inhumane cruel monstrosity. But the conditions were not all that unreasonable (except the weed stuff) and all of this smells of bad faith on the part of this couple.
Go check page 28, lines 3 to 8 on https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
I'm surprised this isn't mentioned much here, there's a lot of reddit comments that picked up on this and the OP (self-identified as the wife) isn't replying to any, only the ones that fit her story.
https://old.reddit.com/r/TOR/comments/1ni5drm/the_fbi_couldn...
The OP here also downplays a lot of what the husband did. He was on probation from DDOSing and then physically damaging company equipment after he was fired. Then on probation from that he smoked weed, ghosted his probation officer, broke the terms.
https://rockenhaus.com/wp-content/uploads/2025/09/U.S.-v.-Ro...
Also that it occurred right after the search mentioned on Page 28. It's a really bad look.
Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?
A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.
User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access
^ Monitoring is here, but may not capture the rest of the chain
Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.
There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.
Not really, no: a VM is just another userspace application and a monitoring software should be able to capture its traffic just fine. If he was also using a VPN, tor or conneting to a remote machine that's another story, but only saying he was using a VM doesn't really mean much.
The article provides a good foundation for opposing arguments.
Excerpting:
> The researchers wanted to find a way to do the seemingly impossible — to give the military the benefits of a global, high-speed communications network without exposing them to the vulnerabilities of the metadata that the network relied on to operate.
> ...
> There are other implications, as well. For a CIA agent to use Tor without suspicion in non-U.S. nations, for example, there would need to be plenty of citizens in these nations using Tor for everyday internet browsing. Similarly, if the only users in a particular country are whistleblowers, civil rights activists and protesters, the government may well simply arrest anyone connecting to your anonymity network. As a result, an onion routing system had to be open to as wide a range of users and maintainers as possible, so that the mere fact that someone was using the system wouldn’t reveal anything about their identity or their affiliations.
> ...
> Anonymity loves company — so Tor needed to be sold to the general public. That necessity led to an unlikely alliance between cypherpunks and the U.S. Navy.
> The NRL researchers behind Onion routing knew it wouldn’t work unless everyday people used it, so they reached out to the cypherpunks and invited them into conversations about design and strategy to reach the masses.
Freedom is being taken away by govt, because we are making choices that surrender it.
1. The fbi asks you to be an informant or "cooperate" with an investigation in some way.
2. If you refuse, they investigate you, and basically throw the book at you.
Your local building commissioner or whatever just has a lot less money and muscle on tap and much more circuitous access to court judgements in their favor than the FBI does. Differences in their strategic and tactical approach is a reflection of this.
Thus, every time we see a CFAA charge we have to ask ourselves: "Is this an abuse of power?".
We should have better, clearer laws.
One the first comments on reddit was actually:
> … in trump's america lmao
Someone had to awkwardly point out it was biden’s america. Which makes it easier and saves keystrokes: it’s just “america, lmao”. Then other countries can be even worse so it’s “lmao”. And soon enough they are just laughing their asses off while the person is stuck in jail.
> "clear hacking tools" I had installed in my computer, e.g CCleaner
I have always wondered if they are primarily that stupid or just evil and pretending to be stupid. I am leaning towards evil.
The Reddit post is an attempt to garner sympathy by leaving out all of the actual crimes committed.
Yeah, good point. That happens sometimes. It's sad, people just see reddit as sort of a platform of gullible people. I was just pointing out reddit's reaction, mainly.
Then my other reply was in reply to GP's own story ("clear hacking tools" = CCleaner).
Unfortunately, Tor carries a negative connotation tied to criminal activity.
And if you're operating (like this individual) something that is perceived to be criminal in nature, you're bound to be a target by law enforcement.
Note: I'm not stating whether or not what happened to this individual is right/wrong. But this should be a cautionary warning of what might also happen to anyone if you associate with things that are perceived as criminal in nature.
The bar for legal consequences is expected to be much higher than mere association.
It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system. For that to no longer be considered the case, even in a casual conversation like this, is a devastating shift of the Overton window towards authoritarianism as the norm.
It may not literally be guilt by association, but they’re two parts of the same whole in this case, right or wrong.
Turning this sentence up and down, and still fail to get what it tries to convey. Law is social construct per definition, isn’t it?
>It has never been perfect, nor uniformly applied in all circumstances, but it is and should remain a nominal goal of the justice system.
No? Like, at best it is just going to pretend to be so. Then it’s actually all ruled by ambitious sociopath manipulators that take The Prince as bedtime reading, either right from the start or as soon as they can unleash their master plan.
Can anyone point to any jurisdiction in the world which puts equal duties and rights with actual associated material/logistical means on every single citizen? If no, we might be free to conclude that justice and equality are words on frontispiece of the theater, not how the leviathan is planning to actually process.
All that said, not everyone is Aaron Schwartz. Even supposing it’s only to maintain the façade, institutions do also have to act against some criminal outside of their own ruling castes.
Just wanted to understand your point.
Operating an exit node is by definition you acting in the distribution of such activity (legal or not).
Yup. https://www.androidauthority.com/google-pixel-organized-crim...
If some electronics repair guy repairing vehicle ECUs in bulk who doesn't ask questions but has an inkling that they're gonna get used for emissions laws violations got rolled up on by the feds for refusing to go out of his way to help them out HN would find all sorts of ways to cheer and justify it.
But when they do it to a tor node it's bad.
Disclaimer: I don't have any skin in this game or association with any government, any law enforcement agency, nor do I know the person discussed or (at least as far as I know) anyone who knows that person. And IANAL.
IIUC (and I may not), the guy was on probation[0], which is release from or in lieu of prison.
If someone is on probation, they are still under the authority of the (in this case Federal) judicial/prison authority which sentenced them.
It is (whether you think it's right or not) normal for restrictions to be placed upon those on probation, including random drug tests, restrictions on certain types of behavior (this is often related to the crime(s) for which they've been convicted).
Often, this also provides for warrantless searches and other privacy-invading stuff as part of the probation agreement. I'd note that (again, IIUC) that the convicted person must agree to the terms of probation or they will have to go to (or not be released from) prison to serve their (remaining) sentence.
Violation of the terms of probation (as is clearly defined in probation agreements) may result in imprisonment to complete the sentence imposed by the court after trial or (as it was in this case) a plea bargain.
I am unfamiliar with the case at hand, but sending someone to (or back to) prison for violating probation is the stick which (presumably) keeps people from re-offending and/or violating the terms of their probation, at least until they complete the term of probation.
[0] https://www.uscourts.gov/about-federal-courts/probation-and-...
I say this because this cultural vibe of government agencies kicking in your door for doing innocuous shit needs to die already, that is simply not how this happens. We get letters, we get calls, VERY occasionally we get visits and said visits are scheduled weeks, sometimes months in advance. We always cooperate and the relationship, therefore, is not adversarial.
Honestly we have way more fucking problems with huckster vendors trying to fuck us out of a few extra dollars on parts than anything to do with the big scary government.
While we're at it, fuck coal rollers with a cactus.
For any given issue, subject, industry or niche there is always a you. And you are the enablers. Multiply by every equivalent idiot and niche and that's how you get the world in which some guy gets whacked for running a tor node.
If not that it would be some other niche, maybe some guy importing gray market power equipment to the chagrin of the branded dealers would be getting whacked. If not that then it's the amish farmers getting whacked over one of their many "in letter but not spirit" compliance measures.
Yeah, in every case the letters of the law are broad enough to nail these sorts of people but that's not an outcome the general public wants except for the occasional zealot on any given subject. And the equivalent enablers would be endorsing it just as you are now.
And at the end of the day your behavior (you plural) undermines the legitimacy of these institutions and the government they serve because these are outcomes that nobody wants, but single industry enforcement enough of a back burner issue that elections mostly don't get won and lost over them so the fire just keeps smoldering year after year (fed by our tax dollars, of course).
>As someone who works in this industry
Perfect illustrative example for one of HN's favorite quotes:
"It is difficult to get a man to understand something, when his salary depends on his not understanding it"
>Our products all align with all required emissions regulation...the relationship, therefore, is not adversarial.
You might as well compare a medium company with an encrypted file share service to some 1-man package maintainer for software that does the same. Who is law enforcement gonna try and abuse?
>While we're at it, fuck coal rollers with a cactus.
A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
'whacked' usually means killed. This guy was neither killed, nor jailed for 'running a tor node', but a bunch of more specifically bad, illegal shit that it would be misleading to describe this way.
The same way as describing destroying a bunch of an ex-employers data on-site causing thousands in loss is not a "workplace dispute".
> these are outcomes that nobody wants
which outcomes? these are outcomes no-one wants, but you've yet to prove they happen. It takes a lot of time to properly go through case details to determine abuse, it seems like you are very casually throwing around accusations.
> You might as well compare...
Why? they comply with the law, why does that make them 'big'? I'm sure the FBI has plenty resources to go after them, in fact, they have more to lose.
The 'one man shop' needs to comply with the law, however big or small they are.
> Who is law enforcement gonna try and abuse?
abuse? this guy says no-onw is kicking his door down, have you proof it changes for smaller setups?
they go after whoever they think is breaking the law, and not complying (providing relevant licences, proof of testing) flags you for that. Are you suggesting the small guy should fly under the radar?
I am not defending at all the actions of the FBI. The FBI/CIA/NSA are overzealous law enforcement serving the will of colonial capitalism. Their history of targeting whistleblowers, activists, and technologists; like, for example, the guy running a Tor node; is well documented and deeply problematic. That same machinery has also been deployed against environmental activists, which makes the irony even more bitter that it's being cited here.
I'm defending the EPA, which in contrast, works with numerous industries, including ours, to benefit society as a whole.
The problem is this exact mindset where we insist that everything is on one massive slippery slope and there's simply no way to differentiate from proper, needed regulation, and the boot of law enforcement being deployed to fuck with the working class at scale.
We can tell the difference and it isn't difficult, it simply requires thinking which an unfortunate number of voters don't like doing.
> "It is difficult to get a man to understand something, when his salary depends on his not understanding it"
Completely backwards. There is a LOT of money to be made circumventing emissions regulations, which is why almost every OEM has been caught with their hands in that particular cookie jar, either fingernail or wrist deep.
We COST ourselves money locking up those features because we agree with the regulations in place.
> A bunch of reactionary yokels are a symptom of the degree to which your ilk has undermined the legitimacy of the laws they violate and enforcement agencies they thumb their nose at, not the root cause. If society solves people like you the yokels will mostly go away on their own. That is what I seek.
Reactionary movements have existed for every time the Government says don't do anything since time immemorial. There is ALWAYS reactionaries because there is ALWAYS a segment of the population that never matures past the age of ten. The fact that they occasionally have a point is nothing but statistical likelihood; if you constantly say "no" to everything, by sheer chance, you will occasionally say no to something bad.
Opioid painkillers are associated with “things that are criminal in nature” because a certain segment of every society does and will suck, nearly no matter what. Does this mean that everybody in pain should just suffer and let their education, career, and family be taken from them before their time?
No comments yet
This would come off lot more legit if the current elected US president wasn't a convicted rapist and constantly promoting crypto along with his acolytes like Elon Musk.
Wow did this just happen today? I can't find anything about it online
/s
The FBI said he downloaded a client, here Spice, which can be used to access a VM and visited the tor project website to look into how he could download a Tor client. That happened in the 24h which followed him agreeing to electronic monitoring and voluntarily installing a spyware. They argue that he has the knowledge and mean to circumvent the monitoring he agreed to and his pattern of actions indicate he is likely to do so if left free. A huge part of the argument lies on him having agreed to voluntarily participate in his own monitoring. The CFAA charge seems to be sealed but I'm far from convinced it's a minor work related issue.
If you read the website, they keep firing their attorneys and pretending they are colluding with the government to keep him in jail. Parts of the description are frankly bizarre. It seems they are actually suffering for paranoia.
I would read the post with a huge grain of salt.
Of course there was no reporting on the Tor aspect, just “local man arrested for CSAM” in the local papers. He eventually had the charges dropped after years of court battles, but his name is forever tarnished as a result.
This particular job we had a lot of idealist folks, two of whom ran relays - they immediately ceased to do so in the aftermath of the coworker’s arrest.
Even from the early days of Tor I remember all of the warnings to not run an exit node in a country where internet activity was likely to lead to prosecution.
Running any sort of proxy (including Tor exit nodes) allows other people’s traffic to appear as your traffic. That’s the entire purpose of the software. You’d have to be willing and able to handle the consequences of any traffic any other person decides to send through the system.
Your local zoning code is probably chock full of them. And if not there then your local stormwater/runoff rules probably have a bunch of examples too.
Federal stuff is much more highly litigated so you don't see as much of it there. State is a middle ground.
Tor is totally used for criminal activity. That doesn't mean it is inherently a bad thing, or that it is this guy's fault, but he can't completely wash his hands off it. If bad guys use the postal service, it's not the postman's fault, but he has to cooperate with law enforcement if they demand that.
I don't know about the US, but contempt of court is a thing in the UK at least. You can't refuse to submit evidence to court, including things like encryption keys or things only stored in your head - or face penalties including unlimited jail time.
Now, I get that this is the US so the arrest was dialled up to 11 and it seems all of this is extra-judicial - no court warrant etc. This is all very disappointing. But, to my non-expert eye running a Tor exit node is in the legal grey zone, and I guess you can't be too surprised when things like this happen.
Out of curiosity, how does this work? If I claim I don't remember a particular password that I (provably) didn't enter for the past X months, how does the court force me to recall it? With an $8 wrench? Wouldn't that be cruel (if not unusual) punishment?
This is a bit more complex in the US. We have the fifth amendment to our Constitution which says "nor shall [a person] be compelled in any criminal case to be a witness against himself."
So, we can't be made to testify against ourselves. This has sometimes been interpreted to mean that they can't compel cryptography keys that are stored in our brains, and sometimes has been interpreted the other way.
I'm unaware of any definitive decision that applies universally. I've heard some suggest that passphrases that are themselves an admission of crime are a workaround that ensures you can't be compelled to provide them.
Instead we're left up to state thuggery.
3 years sounds about right to me.
The U.K. is fast sliding down the slope to being a dystopian police state. The idea that you can be jailed for refusing to provide encryption keys (except for really specific, narrowly-defined circumstances) is something that should induce nausea. I feel for you and your country, you accomplished such great things.
I'd be a little more concerned about the state of US at this point.
He was on probation and required to use monitoring software as a condition of being let out of jail early, he had a secret iphone he used to access the internet that was not monitored, so his probation was revoked. He wasn't arrested again, his probation was revoked.
The wife's account focuses on a ton of irrelevant details, the above is sufficient to explain the entire situation.
Well, I hear that if you make being gay a crime again, you cut off the head of palantir.
I remember when I used to think Thiel had libertarian values!
Money can do a lot more things, including inducing hypocrisy, double standardism and blindness.
We voted for this, the time to fix the problem was last November, and now we have to live with the results. It's also why I, and anyone else who values their freedom, their career, their family, needs to post such sentiment anonymously. It is NOT safe to criticize this administration.
This will become practically impossible very soon if it isn't already.
You can catch one of these by logging into your moms netflix account.
> [Supreme Court Justice Amy Coney] Barrett ruled that for the CFAA, a person violates the "exceeds authorized access" language when they access files or other information that is off-limits to them on a computer system that they otherwise have authorized access to. The majority opinion distinguished this from Van Buren's case, in that the information that he obtained was within the limits of what he could access with his authorization, but was done for improper reasons, and thus he could not be charged under CFAA for this crime.
This still does criminalize logging into your mom’s Netflix account, probably (?), but at least browsing HN on your work computer not covered anymore.
However the quote on its own is not necessarily true without further qualifications as mentioned above.
It's absolutely true, you're accessing an unauthorized account. All law enforcement need to do is ask you, did you access an electronic account that was not yours ?
Nuance will be ignored when it suits them.
How is 3 years pretrial not blatantly unconstitutional and thrown out immediately?
New Yorkers spend an average of 10 months in pretrial detention. This kind of abuse is routine in the American system, and by and large Americans want it that way for their usual reasons about "crime".
https://en.wikipedia.org/wiki/H._Beatty_Chadwick
And this in a civil matter!
This sounds awful lot like Middle Eastern mafia stuff, where it's technically illegal to do some things but you can do a lot of things if you are aligned with the people in power.
I have no idea what this person was up to but this selective treatment(if true) smells very bad. IIRC behind the release of Ross there was some libertarian NGO or something, maybe contact them?
This didn't work out for SBF, but you can clearly see this process being set up for other people.
That was the National Libertarian Party and the party chair was forced to resign in disgrace shortly after, due to accusations of kickbacks and embezzlement.
https://thirdpartywatch.com/2025/01/25/mcardle-resigns/
Even if this Administration is friendly to Tor (which I doubt), the FBI is a very large organization and installing a new head doesn't magically make current caseload at the agent level go away. There are still Biden-era and even Trump v1 era investigations likely still open and active there.
Didn't Ulbricht get pardoned for being a hero of the cryptocurrency-bros, as kind of a deal to get support from the Libertarians in the election? I think he was a one-off, or at least part of a small category that doesn't extend to cryptography and privacy idealists.
This is exactly the argument for privacy to people who say "I have nothing to hide". Authoritative governments will always find a reason to dig something up and the less privacy you have the easier it will be.
As a side note it sickening to see USA government doing this arrest straight out of gestapo/kgb playbook.
The state does what it wants and in the end it doesn't even need an excuse.
An excuse is a nice to have, but that's it.
It doesn't need an excuse because people let it not need an excuse.
Every idiot, even on HN, heck, particularly on HN and other places where demographic factors result most never having been the target of government or think that they would be, is perfectly fine with it when the government behaves this way in pursuit of things they agree with. And so the only people complaining about any one government abuse are the small minority that care all the time plus whatever group care about the specific issue.
If people would stop being two faced snakes and have some principals and stand by them the problem would decrease on its own. But that's like saying "just go as fast as light", it's not a tractable problem.
Anything other than that is just wishful thinking.
People who say this will not be swayed by any argument. What they are really saying is "I don't want to think about this".
There's a truth I've come to accept in recent times: The vast majority of people are not able to extrapolate from their immediate personal situation. If they are not effected by something right now in a way they personally feel, they do not and will never care.
Once you accept that fact, so many things make so much more sense in this world. The whole MAGA movement explains itself, the complete disregard of climate change or even local environmental issues make sense and the complete ignorance of privacy issues. The only way to sway these people is when they are personally affected. So consider this Truth the next time you find out a service has been collecting private information in an unsecured S3 Bucket.
Project 2025 was announced in 2023.
I don't normally agree with this man, but he is dead right. There are too many fucking laws.
https://www.theatlantic.com/ideas/archive/2024/08/america-ha...
This is also why mobile phone camera tech led to BLM as more and more people became aware of how police act when they think nobody is watching.
https://www.youtube.com/watch?v=isYZoFrIeo0
However, the poor guy only defeated criminal charges on appeal!