Jump to content

FBI could hack anonymous computers, regardless of their physical location.

Link81

fbi VS.jpg

 

Quote

"It just got a lot easier for law enforcement agents to hack anonymous computers over the internet. Last night the Supreme Court approved changes to the rules of criminal procedure, enabling warrants for searches of remote computers, regardless of their physical location."

-I don't have reason to be really concerned about this ... Or should I?

 

SOURCE: http://www.theverge.com/2016/4/29/11536348/supreme-court-approval-fbi-anonymous-hack

 

MORE DETAILS

Quote

"They also said this new rule could violate the Fourth Amendment, which protects against unreasonable searches and seizures."

SOURCE: http://www.tomshardware.com/news/supreme-court-fbi-extraterritorial-hacking,31708.html#xtor=RSS-100

AKA Link0712 on Twitch/WAN Show

Link to comment
Share on other sites

Link to post
Share on other sites

Why would they want to search your computer?

 

i would assume no reason

so you dont need to be concerned...

NEW PC build: Blank Heaven   minimalist white and black PC     Old S340 build log "White Heaven"        The "LIGHTCANON" flashlight build log        Project AntiRoll (prototype)        Custom speaker project

Spoiler

Ryzen 3950X | AMD Vega Frontier Edition | ASUS X570 Pro WS | Corsair Vengeance LPX 64GB | NZXT H500 | Seasonic Prime Fanless TX-700 | Custom loop | Coolermaster SK630 White | Logitech MX Master 2S | Samsung 980 Pro 1TB + 970 Pro 512GB | Samsung 58" 4k TV | Scarlett 2i4 | 2x AT2020

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, mikat said:

obvious troll is obvious lol

How? If you don't do anything illegal they would have no reason to "hack" you and if they did have a reasons they won't find anything. 

 

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, GreezyJeezy said:

How? If you don't do anything illegal they would have no reason to "hack" you and if they did have a reasons they won't find anything. 

well it's kinda like the "the government should spy on everyone because if you have nothing to hide its fine" thing

Link to comment
Share on other sites

Link to post
Share on other sites

You WISH only the FBI could do that.

9 minutes ago, GreezyJeezy said:

If you don't do anything illegal you have nothing to be worried about. 

Illegal in which country?

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

The reason why this is bad is because of abuse. They could just "find" any reason to search someone they don't like. That is why this is a bad thing.

i7-4790k | MSI Z97 GAMING-5 | Corsair Vengeance 16 GB | Samsung EVO-850 250GB SSD & WD blue 1 TB HDD | EVGA 1070 SC | Red NZXT H440 | Cooler Master G650W

 

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, mikat said:

well it's kinda like the "the government should spy on everyone because if you have nothing to hide its fine" thing

If you have nothing to hide it really shouldn't matter. I feel the whole pricey thing but they spy on us already you can't stop it so just comply with it and live your life and you most likely won't have to every deal with that, unless you do stuff you should be 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Railgun said:

The reason why this is bad is because of abuse. They could just "find" any reason to search someone they don't like. That is why this is a bad thing.

Not only that, it's also 100% unnecessary. Not ONCE have they caught a terrorist or what have you before the act through these supposed "security" systems. It's all happened thanks to good old fashioned detective work.

4 minutes ago, Okjoek said:

Just don't break the law...

I redirect you to my previous post here, where I ask to which country's law you refer by that.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, GreezyJeezy said:

If you have nothing to hide it really shouldn't matter. I feel the whole pricey thing but they spy on us already you can't stop it so just comply with it and live your life and you most likely won't have to every deal with that, unless you do stuff you should be 

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden

Link to comment
Share on other sites

Link to post
Share on other sites

Yeah just because they have authorization to do so, doesn't mean they actual have the capability to do it. If someone truly wants to be anonymous online it is not that hard, if you are smart. Tails + public WiFi from a distance, away from security cameras is a good way to start. 

GPU: XFX RX 7900 XTX

CPU: Ryzen 7 7800X3D

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, Sauron said:

Not only that, it's also 100% unnecessary. Not ONCE have they caught a terrorist or what have you before the act through these supposed "security" systems. It's all happened thanks to good old fashioned detective work.

I redirect you to my previous post here, where I ask to which country's law you refer by that.

I presumed the USA since that's the FBI's country of origin and where I live.

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, JAKEBAB said:

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden

So true with this statement by Snowden. It absolutely boggles my mind that so many people willingly give up their privacy because "they don't do anything wrong".

CPU: Ryzen R7 1700X Motherboard: ASRock X370 Gaming K4 CPU Cooler: Corsair H60 RAM: Crucial 32GB 12400Mhz GPU: Zotac GTX 1080 AMP! Edition

SSD: PNY 240GB HDD: Toshiba 3TB 7200RPM PSU: EVGA 1000 GQ Case: NZXT S340 Display: Dell P2416D

 

Camera: Samsung NX1 Audio: Tascam DR-40 Mic: Rode NTG2

 

Interface: Focusrite 18i20 Monitors: Event 20/20's Mic: Blue Bluebird DAW: Steinberg's Cubase 7.5, Adobe Audition CC

 

Guitar: MIM Fender Stratocaster Amp: Peavey Classic Chorus 212 Pedals: Dunlop High Gain Volume, Big Muff Germanium Pi, Boss DD-3 Delay, Roland Tuner

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Orangeator said:

Yeah just because they have authorization to do so, doesn't mean they actual have the capability to do it. If someone truly wants to be anonymous online it is not that hard, if you are smart. Tails + public WiFi from a distance, away from security cameras is a good way to start. 

bootable linux usb+mac spoofing+tor+public wifi+privacy filter on your screen if you really wanna go tinfoil

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Okjoek said:

I presumed the USA since that's the FBI's country of origin and where I live.

The title clearly reads:

Quote

regardless of their physical location

I do not live under the FBI's jurisdiction nor under US law. Yet the FBI (according to this article) can get access to my computer if they so desire, and potentially take some sort of action against me if they want to.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, mikat said:

bootable linux usb+mac spoofing+tor+public wifi+privacy filter on your screen if you really wanna go tinfoil

That is basically what I said/was implying. Lol. 

GPU: XFX RX 7900 XTX

CPU: Ryzen 7 7800X3D

Link to comment
Share on other sites

Link to post
Share on other sites

32 minutes ago, GreezyJeezy said:

If you don't do anything illegal you have nothing to be worried about. 

let me clarify something to you, legal and illegal is something subjective, what's legal today can be illegal tomorrow, and vice versa, the laws are something ppl with different interest than yours lobby to get it passed, step by step this could lead to a gov with a firm grip on what you think and what you do, you wont be able to disagree on political view, without you being framed, coerced, taken out of the picture, if something that threatens the continuation of the regime running the country, i know this seem like far conspiracy shiet to some ppl, but these are ppl who have no clue how the world works.

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, mikat said:

bootable linux usb+mac spoofing+tor+public wifi+privacy filter on your screen if you really wanna go tinfoil

And sacrifice 90% of what you do on your computer normally.

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, mikat said:

bootable linux usb+mac spoofing+tor+public wifi+privacy filter on your screen if you really wanna go tinfoil

 

6 minutes ago, Sauron said:

And sacrifice 90% of what you do on your computer normally.

(if you really want to put the tinfoil hat on use this guide)

 

To become anonymous use Whonix Distro. Download from this page on their site: https://www.whonix.org/wiki/Download

Spoiler

Things NOT to do
I wonder what my site looks like when I'm anonymous.

"I wonder what my site looks like when I'm anonymous" [1]

It's best not to visit your own personal website where either real names or pseudonyms (which have ever been tied to a non-Tor connection/IP) are attached. Because how many people are visiting your personal website? 90% of all Tor users, or just you, or just very few other people? That's weak anonymity. Once you visit a website your Tor circuit gets dirty. The exit relay knows that someone visited your website and if the site is not that popular, it's a good guess that 'someone' was you. It wouldn't be hard to assume that further connections originating from that exit relay come from your machine.

Source: [2]
Login into your real life Facebook account and think you are anonymous.

Don't login into your personal Facebook account. No matter if your real name is attached or only a pseudonym. You most likely added your friends and they know who the account belongs to. Through your social network Facebook can guess who you are.

No anonymity solution is magic. Online anonymity software may reliable hide your IP/location. But Facebook does not need your IP/location. They already know who you are, who your friends are, which private messages you send and so on. All those data is at least stored on Facebook server. No kind of software can delete that data. Only Facebook and crackers could.

So if you log into your personal Facebook account you only get location privacy. No anonymity.

Quoted from "To Toggle, or not to Toggle: The End of Torbutton"[3]:

    mike, am i completely anonymized if i log onto my facebook account? im using firefox 3.6 with tor and no script on windows 7 machine. thank you.

Never login into accounts you ever used without Tor.

Always assume that each time you visit a website, that they will log the IP/location which visited the website, at which time and what you did.

Also assume, that each time you're online your ISP (Internet Service Provider) will log your online time, IP/location and perhaps traffic. Your ISP could also log to which IPs/locations you connected, how much traffic and what you send and retrieved. (Unless it's encrypted, then they'll see only garbage.) The following tables should give you an simplified overview how those logs could look like.

ISP Log:
Name     Time     IP/location     traffic
John Doe     16 pm to 17 pm     1.1.1.1     500 megabytes

Extended[4] ISP Log:
Name     Time     IP/location     traffic     Destination     Content
John Doe     16 pm to 17 pm     1.1.1.1     1 megabytes     google.com     searched for thing one, thing two...
John Doe     16 pm to 17 pm     1.1.1.1     490 megabytes     youtube.com     view video 1, video 2, ...
John Doe     16 pm to 17 pm     1.1.1.1     9 megabytes     facebook.com     encrypted traffic

Website Log:
Name     Time     IP/location     traffic     Content
-     16.00 pm to 16.10 pm     1.1.1.1     1 megabytes     searched for thing one, thing two...

You'll see, when websites and ISP keep logs, no one needs Sherlock Holmes to conclude.

If you mess up for one time, and login with a non-Tor connection/IP, which can be tied to you, then the whole account is compromised.
Don't login into your bank account, paypal, ebay or other important personal accounts unless...

Logging into your bank, paypal, ebay or other important personal accounts registered on your name where money is involved could risk, that your account gets suspended, due to "suspicious activity" by the fraud prevention system. This is because crackers sometimes use Tor for committing fraud. That's probably not what you want.

It's not anonymous for reasons already explained. It's pseudonymous and offers circumvention (in case access to the site is blocked by your ISP) and location privacy. The difference of anonymity and pseudonymity is covered in a later chapter on this page.

In many cases you will be able to contact the support and to get your account unblocked again or on request, even the fraud protection policy gets relaxed for your account.

Whonix developer adrelanos is not against using Tor for circumvention and/or location privacy, you just should know the risk of your account getting (temporarily) suspended and the other things mentioned on this page and the other warnings from the Whonix documentation. So if you know what you are doing, feel free.
Don't alternate Tor with open WiFi.

You may think open WiFi is faster and equally safe as Tor since the IP/location cannot be tied to your real name, right?

It's better to use an open WiFi AND Tor, but not an open WiFi OR Tor.

The approximate location of any IP address can be tied down to a city, region or even a street. Even if you are away, you still gave away your city or approximate location since most people don't switch continents.

You don't know who is running the open WiFi router or their policies. They could be keeping logs of your MAC address and tie it with the activity you are sending in the clear through them.

While this doesn't break your anonymity, the circle of suspect has decreased from the entire world, a continent, or the country to a region. This strongly hurts your anonymity. Keep as much information as possible to yourself.
Prevent Tor over Tor scenarios.

Whonix specific.

When using a transparent proxy (Whonix includes one), it is possible to start a Tor session from the client as well as from the transparent proxy, creating a "Tor over Tor" scenario.

This happens when installing Tor inside Whonix-Workstation or when using the Tor Browser Bundle without configuring it to use a SocksPort instead of the TransPort. (Covered in the Tor Browser article.)

Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed.

You can choose an entry/exit point [5], but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit relays can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged.

License of "Prevent Tor over Tor scenarios.": [6]
Don't send sensitive data without end-to-end encryption.

As already explained on the Warning page, Tor exit relays can eavesdrop on communications and other Man-in-the-middle attacks can happen. The only way to get sensitive data from the sender to the recipient while withholding it from third parties, is using end-to-end encryption.
Don't disclose identifying data about yourself.

Deanonymsation is not only possible with connections/IP addresses but by social threats too. Some recommendations to avoid deanonymisation collected by Anonymous:

    Do not include personal informations in your nickname
    Do not discuss personal informations, where you are from...
    Do not mention your gender, tattos, piercings or physical capacities.
    Do not mention your profession, hobbies or involvement in activist groups.
    Do not use special characters on keyboard, which are existent only in your language.
    Do not post informations to the regular internet while you are anonymous. Do not use Twitter and Facebook. This is easy to correlate.
    Do not post links to facebook images. The image name contains a personal ID.
    Do not connect to same destination at the same time. Try to alternate.
    IRC, other chats, forum, mailing list, etc. are public, keep that in mind.
    Heroes only exist in comic books keep that in mind! There are only young heroes and dead heroes.

If it's a must to disclose identifying data about yourself, treat it as "sensitive data" in the point above.

License: From the JonDonym documentation (Permission).
Do use bridges if you think Tor usage is dangerous/suspicious in your country.

Quoted from the Bridges page: "Bridges are important tools that work in many cases but they are not an absolute protection against the technical progress that an adversary could do to identify Tor users."
Don't use different online identities at the same time.

They easily correlate. Whonix doesn't magically separate your different contextual identities.

Also read the points below.
Don't log into Twitter, Facebook, Google, etc. longer than necessary.

Restrict the time your are logged in accounts for Twitter, Facebook, Google and any other account based services (web forum etc.) to the time you are using them. After you are done with reading, posting and so on, log out. At least log out, shut down Tor Browser, change your Tor circuit using a Tor Controller, wait a few seconds until the circuit changed, restart Tor Browser. For better security follow the Recommendation to use multiple VM Snapshots and/or to use multiple Whonix-Workstations.

This is because many websites include one or more of the many integration buttons, such as "I like" and "twitter this" and Google analytics, adsense etc. Those buttons tell the originating service that you visited that website because you were still logged into their service.

Also note the chapter "Don't use different online identities at the same time." above.
Do not mix Modes of Anonymity!

Let us begin with an overview of the different Modes of Anonymity:
mode(1): user anonymous; any recipient

    Scenario: post anonymously a message in a message board/mailing list/comment field
    Scenario: whistleblower and such
    You are anonymous.
    Your real IP/location stays hidden.
    Location privacy: your location remains secret.

mode(2): user knows recipient; both use Tor

    Scenario: both sender and recipient know each other and both use Tor.
    They can communicate with each other without any third party being wise to their activity or even to the knowledge that they are communicating with each other.
    You are NOT anonymous.
    Your real IP/location stays hidden.
    Location privacy: your location remains secret.

mode(3): user with no anonymity using Tor; any recipient

    Scenario: login with your real name into any services, such as webmail, Twitter, Facebook, etc...
    You are obviously NOT anonymous. As soon as you log into an account where you entered your real name the website knows your identity. Tor can not make you anonymous in these situations.
    Your real IP/location stays hidden.
    Location privacy. Your location remains secret.

mode(4): user with no anonymity; any recipient

    Scenario: normal browsing without Tor.
    You are NOT anonymous.
    Your real IP/location gets revealed.
    Your location gets revealed.

Conclusion

It's not wise to combine mode(1) and mode(2). For example, if you have an IM or email account and use that via mode(1), you are advised not to use the same account for mode(2). We have explained previously why this is an issue.

It's also not wise to mix two or more modes inside the same Tor session, as they could share the same exit relay (identity correlation).

It's also possible that other combinations of modes are dangerous and could lead to the leakage of personal information or your physical location.
License

License of "Do not mix Modes of Anonymity!": [6]
Don't change settings if you don't know their consequences.

Changing user interface settings for applications, which do not connect to the internet, mostly safe. For example, checking a box "don't show this tip of the day anymore" or "hide this menu bar" will have no effect on anonymity.

Look into the Whonix documentation, if changing the settings you are interested in, is documented or recommended against; try to live with the defaults.

Changing settings for applications, which connect to the internet, even user interface settings, has to be thoroughly reviewed. For example removing a menu bar or using Full Screen in Tor Browser is recommended against. The latter is known to modify the screen size, which is bad for the web fingerprint.

You should only modify network settings with great care if you know their consequences. For example, you should stay away from the advice related to "Firefox Tuning". If you believe the settings are suboptimal, the changes should be proposed upstream, so they get changed for all Tor Browser users with the next release.
Do not use clearnet and Tor at the same time.

Using your non-Tor browser and Tor Browser at the same time, risks that you at some point confuse one for the other and deanonymize yourself.

Using clearnet and Tor at the same time also risks that you connect to a server anonymously and non-anonymously at the same time, which is recommended against. The reason for this is explained in the point below. You never know when you visit the same page anonymously and non-anonymously at the same time, because you only see the url you're visiting, not how many resources are fetched in background. Many different websites are hosted in the same cloud. Services such as google analytics are on the majority of all websites and therefore see a lot anonymous and non-anonymous connections.

If you really want not to follow this recommendation, use at least two different desktops to prevent confusing one browser for another.
Do not connect to any server anonymously and non-anonymously at the same time!

It's highly recommended that you do not connect to any remote server in this manner. That is, do not create a Tor link and a non-Tor link to the same remote server at the same time. In the event your internet connection breaks down (and it will eventually), all your connections will break at the same time and it won't be hard for an adversary to put the pieces together and determine what public IP/location belongs to what Tor IP/connection, potentially identifying you directly.

License of "Do not connect to any server anonymously and non-anonymously at the same time!": [6]
Do not confuse Anonymity with Pseudonymity.

This chapter explains the difference between anonymity and pseudonymity. Word definitions are always a difficult topic because a majority of people has to agree with it.

An anonymous connection is defined as a connection to a destination server, where the destination server has no means to find out the origin (IP/location) of that connection nor to associate and an identifier [7] to it.

A pseudonymous connection is defined as a connection to a destination server, where the destination server has no means to find out the origin (IP/location) of a connection, but can associate it with an identifier [7].

In an ideal world, the Tor network, Tor Browser (and the underlying operating system, hardware, physical security, etc.) is perfect. For example the user could fetch a news website and neither the news website nor the website's ISP has any idea if that user has ever contacted the news website before. [8]

The opposite of this, when using software incorrectly, for example using Firefox instead of the Tor-safe browser Tor Browser, the original (IP/location) of a connection is still hidden, but an identifier (for example Cookies) can be used to make that connection pseudonymous. The destination website could log for example "user with id 111222333444 viewed video title a at time b on date c, video title d at time e at date f.". These information can be used for profiling. Over time these profiles become more and more comprehensive, which reduces anonymity, i.e. in worst case it could lead to de-anonymization.

As soon as someone logs into a website (for example into a forum or e-mail address) with a username the connection is by definition no longer anonymous, but pseudonymous. The origin of the connection (IP/location) is still hidden, but the connection can be associated with an identifier [7], i.e. in this case, an account name. Identifiers can be used to keep a log of various things. When a user wrote what, date and time of login and logout, what a user wrote, to whom the user wrote, IP address (useless, if it's a Tor exit relay), browser fingerprint etc.

Maxim Kammerer, developer of Liberté Linux [9], has a interesting different opinion. [10] I don't want to withhold from you:

    I have not seen a compelling argument for anonymity, as opposed to pseudonymity. Enlarging anonymity sets is something that Tor developers do in order to publish incremental papers and justify funding. Most users only need to be pseudonymous, where their location is hidden. Having a unique browser does not magically uncover user's location, if that user does not use that browser for non-pseudonymous activities. Having good browser header results on anonymity checkers equally does not mean much, because there are many ways to uncover more client details (e.g., via Javascript oddities).

Don't be the first one to spread your own link.

You created an anonymous blog or hidden service? Great. You have a twitter account with lots of followers, run a big clearnet news page or similar? Great. Do not be tempted to be one of the first ones to advertise your new anonymous project! The more you separate identities, the better. Of course, at some point you may or even must be "naturally" aware of it, but be very careful at this point.
Don't open random files or links.

Someone sent you an pdf by mail or gave you a link to a pdf? That sender/mailbox/account/key could be compromised and the pdf could be prepared to infect your system. Don't open it with the default tool you were expected use with by the creator. For example, don't open a pdf with a pdf viewer. If the content is public anyway, try using a free online pdf viewer.
Don't do (mobile) phone verification.

Websites such as Google, Facebook and others will ask for a (mobile) phone number if you login over Tor. Unless you are really clever or have an alternative, you shouldn't do it.

Reason: The number you give away will be logged. The SIM card is most likely registered on your name. And even if not, receiving an SMS gives away your location. Even if you anonymously bought a SIM card and do it from a point far away from your home, there is still a risk: the phone itself. Each time the phone logs into the mobile network, the provider will log the SIM card serial number [11] AND the phone serial number [12]. If you bought the SIM card anonymously, but not the phone, it's not anonymous, because these two serials will get linked. If you really want to do mobile verification, you need a spot far away from your home, a fresh phone, and a fresh SIM card. Afterwards, you must turn off the phone, and burn both the phone and the SIM card right after doing it.

You could try to find an online service receiving SMS for you. That would work and would be anonymous. The problem is, that it most likely won't work for Google and Facebook, because they actively blacklist such numbers for verification. Or you could try to find someone else receiving the SMS for you, but that would only shift the risk from you to the other person.

Source to this information.

Also never, ever use your own wifi. Connect to your neighbors wifi (not recommended) or public wifi (recommended) that has no security cameras in the area.

Literally that is it. That is how to become 99% anonymous and untraceable even to the NSA. Also change/spoof your wifi mac address.

GPU: XFX RX 7900 XTX

CPU: Ryzen 7 7800X3D

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×