It's interesting, the article discusses that the request is for a relatively short period of time (35 minutes) - however for a popular website that could still be thousands of viewers.
It suggests that there's something they're specifically looking to match against - but if that was the case, I would think that specific IP addresses could be provided in the request - e.g. Did any one of these 10 IP addresses view the article in the time period. Much more specific and likely easier to justify.
I'd rampantly speculate that perhaps that time matches to the link being posted in a pedophilia related forum (with the forum behind TOR) - and the FBI would like to get a list of who might have followed it there.
I agree with your speculation, this looks like a timing attack regarding a Tor or VPN server.
That said, while catching pedos is a good thing, their methods are still concerning for regular law abiding citizens. The road to hell is paved with good intentions…
A lot of people use “pedophilia” to mean “sexual abuse of children” and “pedophile” or “pedo” to mean “sexual abuser of children”. (E.g., RMS’s infamous defense of “consensual pedophilia” which, merits of the intended sentiment to the side, isn’t even a coherent thing to defend or oppose except under the misuse of “pedophilia” to refer to an act and not an inclination.)
> Did any one of these 10 IP addresses view the article in the time period. Much more specific and likely easier to justify.
It is, but it also leaks information. Now people know you're looking at those IP addresses. If you were going to leak that, a major news outlet is probably not the place you want it to leak to.
You might be right and it might be an easy cover for a fishing expedition, but it doesn't seem inherently malicious on its face.
That's only 4 billion hashes to search the entire IPv4 address space. I don't think the entire search space is big enough for that really to provide much privacy while still being functional. Whatever you put in the way, that's somewhere in the neighbourhood of cracking a 6 character lowercase+number password.
But this is a rare case where you can use a derivation-extension function like PBKDF2 to make the hashing take practically any amount of time you want. You could probably make each run take a full minute on USA Today's hardware and still have your results in a reasonable amount of time.
Tor is vulnerable to statistical analysis with which if you time it perfectly you can link exit nodes with specific user. [1] The fact that FBI is asking for those specific 35 minutes suggests that they are onto something like this.
Entirely likely, though possibly there are potentially flaws that could allow people to identify it through other means.
I've never used TOR so I didn't realise that this would apply (and it makes perfect sense it would work that way).
It may be that whoever requested the data knows as little about it as I do (or more likely, they know a lot more about what they want and my speculation is completely wrong).
TOR is clunky and slow, it’s not outside the realm of possibility that someone would visit a dodgy forum over TOR, and use their regular browser for other web browsing.
Some sites can be difficult to even access over TOR, especially ones that are very JavaScript heavy or sit behind something like Cloudflare.
>I'd rampantly speculate that perhaps that time matches to the link being posted in a pedophilia related forum (with the forum behind TOR) - and the FBI would like to get a list of who might have followed it there.
now cue in all those stories of how people have been getting in trouble only because their ISP was using the same IP to NAT a crowd of customers.
Talk about a chilling effect, i.e., do not read the news because law enforcement can subpoena the list of what you read. Lawyers recommend never sharing anything with law enforcement because it can be used against you. So the news articles you read can now be used against you? The FBI seems to think so. This is exactly the reason there are laws prohibiting law enforcement from ask libraries for lists of what patrons read. Someone at the FBI is way out of bounds.
To be fair this doesn't sound like a fishing expedition - they're looking for readers in a 35 minute period. Presumably they have a crime suspect or suspects who may have viewed it in that time. Ideally they would be able to narrow it down to specific IP addresses, but perhaps this is not possible.
if they can produce a warrant for this data, there's no reason why the site cannot comply. But to get the warrant must require a judge to grant it, and it must be lawful.
Lawful is an interesting term. Patriot Act was voted in and is the law of the land. It allows for NSLs and other rather controversial if not unconstitutional practices.
Warrant is not a must. This is not a movie. You would be surprised how many companies give you what you want just by calling as LEO.
That is every downloader of a publication accessed potentially internationally within a 35 minute period.
That is not by any definition strictly/narrowly tailored, and if they are being deliberately vague about it to obscure ways and means that is even more alarming. If they are looking for someone in particular they should be asking for the highest time resolution possible to minimize the Constitutional blast crater w/regards the 4th Amendment.
Nevermind we're getting into surveillance via third party metadata via Third Party Doctrine again.
> Talk about a chilling effect, i.e., do not read the news because law enforcement can subpoena the list of what you read. Lawyers recommend never sharing anything with law enforcement because it can be used against you. So the news articles you read can now be used against you? The FBI seems to think so. This is exactly the reason there are laws prohibiting law enforcement from ask libraries for lists of what patrons read.
I don't understand. What's the reason there are laws prohibiting law enforcement from ask libraries for lists of what patrons read ?
"In a legal context, a chilling effect is the inhibition or discouragement of the legitimate exercise of natural and legal rights by the threat of legal sanction."
This case seems different. Because of the tech involved, I’d wager (speculatively) cops didn’t care about the content of the article. What mattered is the technical detail like the IP which has nothing to do with intellectual interest in the particular content.
> “The FBI’s subpoena asks for private information about the readers of our journalism. We have asked the court to quash the subpoena to protect the important relationship and trust between USA TODAY’s readers and our journalists.”
Yet it looks like usatoday.com article pages continuously leak this same information, and more, to at least a dozen commercial third parties.
Is the difference that the government was trying to get the information for free?
As the parent post noted, the USA Today home page makes requests to dozens of third-parties--including Amazon, Facebook, Google, Twitter, and something called "summerhamster". I'm sure one of the dozens will take the FBI's call.
Hilariously, the USA Today homepage also hits OneTrust, who has the slogan "Privacy, Security and Data Governance" right in the <title>. What is there to govern if nearly all the major tech players have your access logs?
USA Today is shouting its readers' reading behavior from the mountain top.
A user visits an e-commerce website and decides to purchase a product. They add it to their shopping basket before continuing browsing for more goods they wish to buy. They then finish their shopping by going through the website’s checkout process.
The website uses cookies to ensure that when the user chooses the goods they wish to buy and clicks the ‘add to basket’ or ‘proceed to checkout’ button, the site ‘remembers’ what they chose on a previous page.
In this context, the cookie is ‘strictly necessary’ to provide the service the user requests and so the exemption would apply and no consent would be required
Maybe they could have easily gotten the data otherwise,but decided to do the right thing by requesting it through the direct channel and allowing this process to take place through the legal system.
This seems like a crafted case to set some kind of precedent. The request involves cop killing and child abuse, though it's really hard to see how the requested information is useful as the "suspect" killed himself. My guess would be they're trying to prove a related person saw the incident and wiped their drives or something, but that's some weak evidence. Additionally, the FBI likely could just buy this data.
Also, why is this challenge which featured a gag order not be dealt with in a secret court? Doesn't our knowledge of events already make the USA Today guilty of a crime even if this subpoena doesn't stand?
I’m also wondering how this got public so easily if there was a gag order, but it sounds like the court made it public initially and USA Today just responded to that news.
That would be quite a wide net and quite the "fishing expedition" and why the FBI has earned itself a bad rep (in addition to things like getting people on unrelated charges like "lying" while they are free to make things up.
My mind immediately went to trying to match a screenshot of the article that someone posted.
The USA Today website does a little bit of localization in the navigation bar. If that's visible together with the system clock its probably enough to narrow to a very small set of IPs.
I guess it's a best practice to not disclose real personal details for library cards, store discount programs, and such where it's not absolutely required and where it can be avoided.
I recall hunting stories on this one, because there was an 8chan rumor that one of the FBI agents shot had been "their head kiddie porn investigator" and they'd been working on the Hunter Biden laptop case for over a year in secret.
There appeared to be no correlation at all. The rumor died down fast too.
It suggests that there's something they're specifically looking to match against - but if that was the case, I would think that specific IP addresses could be provided in the request - e.g. Did any one of these 10 IP addresses view the article in the time period. Much more specific and likely easier to justify.
I'd rampantly speculate that perhaps that time matches to the link being posted in a pedophilia related forum (with the forum behind TOR) - and the FBI would like to get a list of who might have followed it there.