Hacker News new | past | comments | ask | show | jobs | submit login
Illegal TV streamers, here's how the feds will hunt you down (arstechnica.com)
103 points by chaostheory on March 4, 2011 | hide | past | favorite | 71 comments



This is what happens when you overfund a department. Especially when you target the money for a particular purpose.

All this manpower would be more useful for more important crimes, but that's not how the budget was designed.

And departments ALWAYS use all their money.

It's hard to argue "so defund them", because then you hear of cases that are being ignored.

I think the best thing to do is merge as many departments as possible, then fund them in total, and hope that someone local can direct the money where it's needed - on the fly - rather than some centralized planning budget doing it.


> I think the best thing to do is merge as many departments as possible

Isn't that pretty much what the Department of Homeland Security is? ICE, Customs, TSA, Coast Guard, FEMA, the SS and a few others under one umbrella? Doesn't look like it actually made anything better.


All they did was to add another layer of bureaucracy over the top of existing departments, as I understand it. Ideally, they would eliminate redundancies post-merger, but this is government we're talking about.

If we coded the way the government governs, we'd never be able to remove bad code, we'd have to continually add more and more complicated code to fix the existing bugs and source control would also be an anathema, in particular because of the 'blame' command.


If we coded the way the government governs, we'd never be able to remove bad code, we'd have to continually add more and more complicated code to fix the existing bugs

Wow, that sounds a lot like some places I've worked. Nothing was ever removed out of fear that something somewhere might break. Refactoring, hence, is forbidden. Just add more code and special cases.



"The SS" means the Secret Service, not the Schutzstaffel, if it takes anyone a second to figure that out.


Insane.

1. The US government now isn't even trying to pretend it doesn't only work for obsolete corporations. This is all make-work crap. They know the streams will be published somehow.

1a Until the supremes work out and declare that (soft) money is not protected speech, America will be an absolute, undemocratic plutocracy.

2. Why allow someone to register a domain that is obviously to be used for exactly this purpose in the first place?

3. The penalty for using frames on a site is now 5 years in prison.


It's pretty transparent.

http://www.ice.gov/news/releases/1007/100702hollywood.htm

> At a sound stage at Walt Disney Studios in Southern California, U.S. Immigration and Customs Enforcement (ICE) Director John Morton announced to movie industry representatives how the agency is "turning the table on thieves" by combating movie piracy. "Working with industry, we will systematically target websites that offer counterfeit or pirated products. We will seize websites, prosecute the owners and forfeit proceeds."

This is from an ICE press release. No secrets here.


Until the supremes work out and declare that (soft) money is not protected speech, America will be an absolute, undemocratic plutocracy.

Sigh.

I can use my money for political speech as I see fit. You and I could pool our money for political speech as we jointly see fit. At what point do you advocate that we should lose our right to cooperate, pooling our money to reach more of the electorate?

Sure, it's a cliche by now, but America isn't designed to be a democracy[1]. It's overarching architecture is that of a constitutional republic, only granting limited powers to the government. It just uses democracy to fill in the details.

The problem is that the people have complacently ceded to the government too much power (and you're advocating that we cede even more![2]). The government now has the power to determine who is going to succeed, who is going to get rich, and who is going to be destroyed.

But, as I've said elsewhere, the problem is with public choice economics, and rationally-irrational voters.

Because we've allowed the government's power to grow so greatly, it now wields sufficient power that it's (very) cost effective to woo the legislators for special privileges and rent seeking.

On the other hand, while voters collectively could wield power to counter this, it's diffuse, and any one particular voter has approximately zero influence, and thus has little incentive to make the significant investment in educating himself about what's going on. Thus, the electorate is generally ignorant (and rationally so), and does not know about (most of) the shenanigans going on with their government.

[1] There are 3 equal branches to the US federal government. The SCOTUS is appointed, not democratically elected, so that's 1/3. The President is elected by the electoral college, not the populace, that's another 1/3. The legislature is made up of two houses. The Representatives are elected democratically, but until the 17th Amendment, the Senate was appointed by the State legislatures -- not democratic. So that's another 1/6.

Thus, 5/6ths of the US government's power was determined non-democratically as designed at the time the Constitution was ratified. Only 1/6 was democratic. So it's tough to say that we're supposed to be a democracy.

[2] Indeed, you seem to be trying to give the government more power, not keep it for the liberty of the people. In (1a) you advocate controlling speech, which obviously entails having the goverment decide whose speech is legal and whose isn't. And in (2) you further advocate prior restraint on speech, deciding in advance that someone seems to have the intent to say something bad. It looks to me like you're trying to build a "democracy" with absolute control over us. (I'll leave the ultimate invocation of Godwin to the reader)


Downvotes are fine, but please give me the courtesy of explaining your disagreement, rather than just whacking me over the head.


The system is a two party stable oligarchy anyway.

We more or less publically fund parties in Europe. Why does the private sector, whether individuals or co-operating individuals have a right to fund/corrupt officials and influence policy? If hard money is wrong, soft money should be too. Making it an issue ad is a stupid, inconsistent loophole. Toby Ziegler's been through all this anyway.

It's simply not normal for corporations to give millions to parties and issue groups outside America. And the principle may be arguable, but the effects are clearly appalling.

on point 2, I'm not saying there should be enforced, pre-emptive speech control. But if the system were human instead of automated, someone could have pointed out to the domain owner that they'll probably have to seize it anyway if they use it for that purpose. Of course, I'm expecting far too much intelligence and concern for the customer from a dumb (ie efficient) system.


A fair reply, thanks. Maybe we're not so different as the initial disagreement would show.

The system is a two party stable oligarchy anyway.

I've been saying this forever. DEM and GOP are just two sides of the same coin, with barely a hair's breadth of difference between them.

If hard money is wrong, soft money should be too.

Logically that makes sense, but I'm arriving at a different solution than you. I think that the freedom of speech (together with some others, like self-defense, property rights, and freedom to engage in contracts) are paramount. Because our system is fundamentally designed to guarantee natural rights, but only incidentally democratic, when rights and voting are in tension, it should be the freedom of speech that wins over electoral procedures.


Gmail. The feds then went to Google, which turned over information on the Gmail account in question. Chevys@gmail.com was registered to Brian McCarthy at the same Deer Park address Comcast had revealed.

Gmail has information including his name and address? Really?

Anyhow, another con to using one email account for everything.


The problem is that gmail stores your email on Google's server, and that the US government can therefore coerce them to get that information.

The solution is for everyone to use encrypted email, where the decrypted data only exist on your hard disk. Governments and powerful people can still get at it, but to do so they have to burgle your house, which costs them time and money (so they can't do it to everyone), popularity (in states that have to care about what the public thinks, they can't burgle everyone), and also alerts the suspect.

So why don't people do this? I use gmail because it's convenient. The solution to this problem is obviously to make locally-stored email as easy to read as gmail.

As it happens, I'm working on a project ("Shout!" is the current working title) that aims to do just that (among other things).


It says that they got the name & address from Comcast by looking up the IPs he used to connect to the other services.

If you have the power to issue subpoenas, you can find out a lot of things assuming you know which people to ask.


They found that the gmail account had information that matched the name and address of the information Comcast provided.

"Chevys@gmail.com was registered to Brian McCarthy at the same Deer Park address Comcast had revealed."

So either the account had information (maybe ip logs but article clearly states name + home address) or it was in the emails.


Hmm, I had read that assuming they were talking about an IP address, but I may have misread it. I think you can put your physical address in somewhere in your Gmail account, but it's not required and I might be misremembering.


>Chevys@gmail.com was registered to Brian McCarthy at the same Deer Park address Comcast had revealed

The name that Google gave for the email address was found out to be same as the one given by Comcast. Also the guy seemed to be located at Deer park as revealed by the info from Comcast (not Google).

Does that make the story clearer? Or am I the one misinterpreting?


Nope, you're right... the guy was an idiot, despite his best attempts at thinking he wasn't.


The article says he made money from advertising, if that was Google Ads linked to his email address, wouldn't they have his name and address linked so they could send him cheques?


I guess the lesson to criminals is clear: make sure your victim is poor. Beat some homeless person to death and make a video? Excellent. Re-broadcast free broadcast TV? Lose all your money and spend the rest of your life in prison.


I'm quite annoyed that my tax dollars are being used to bring the hammer down on media "pirates" and PS3 hackers while serious crimes like DDoS for money (and the related botnets), phishing, malicious systems intrusion, and all manner of corporate espionage get the cold shoulder.


It reminds me of how the FBI mostly conducts sting operations on "radicalized retards," where they find someone on a Islamist message board and then encourage and equip the recruit for terrorism.

It's an extremely rare thing (as in I can't think of one off the top of my head) to hear about a credible terrorist threat being foiled by FBI work.


It's happened, you just don't hear about them.


Why not? Wouldn't it be better for the government's PR situation to let us know that they are catching real terrorists instead of just prodding and handholding incompetent fools?

Maybe I don't understand anti-terrorism... but why trot out these phony stings and make the public think that these are just a bunch of incompetent over-hyped organizations (and I mean terrorist and intelligence alike)? If we are supposed to be suspicious and wary, wouldn't it be beneficial to have something really scary to feed the public?


Depends. It doesn't require too much imagination to conceive of scenarios where the present course is better. Besides, the public was fed scary shit for political manipulation. But that doesn't mean that the other isn't true.

But I've said all I'm going to say on that.


What good would that do? Make you feel your tax dollars were hard at work while you realize you almost got nuked yesterday?


Bullshit, such claims require evidence, I won't accept that on faith, and neither should you.


I don't.


"I have proof, but I can't give it to you. You just have to trust me."

Business plan of every major religion.


So you have evidence?


Or rather, real criminals are hard to catch. Going after them would consume resources with no payoffs. Easier targets present more opportunities for publicity.


And the copyright industry has lots of money with which to bribe politicians.


I hear people say things like this all the time. What does it really mean? Do you believe that politicians are bribed with big cases of money? Or are you referring to campaign contributions?

I would probably attribute it to agents wanting to further their careers by catching some people and getting them convicted. All of the agent's office buddies are going after copyright violators, so they do too.


Generally what is meant by "bribe politicians" is twofold. The first aspect is campaign contributions, which help keep the politician in office. But the second one is post-legislature work. A former Senator just got made MPAA head, and similar things happen throughout the business sector - get defeated in the polls (or don't run for reelection) and move over to a cushy job on a corporate board or as figurehead of an industry group, where you get paid a 6-figure sum for easy and part-time work. Both of these are perfectly legal if unseemly.

I agree that it may also be about agents who want to further their careers - because the punishments for copyright violation are so high, it probably looks just as good on the CV as a successful DDOS or spam case, and it's probably markedly easier.


I believe they're compensated in real tangible ways for doing the work of wealthy people.

That is a more severe and pernicious problem than most people realize.


It's too bad the payoffs for the pirates are pretty much nil too.


It's like the police's propensity to attack prostitutes and cannabis growers to look 'tough on crime', but not actually take any risks dealing with the serious criminals.


In a democracy the solution to this would be to form a political party, win elections, and thus force the state to change policy.

Unfortunately I doubt that the USA is sufficiently democratic for that to work. So a better solution would be to write software that makes it a lot harder for governments to know what people are communicating on the internet.


It's not that the USA isn't democratic enough. Quite the opposite. The problem is with public choice economics, and rationally-irrational voters.

The problem is that the government wields sufficient power that it's (very) cost effective for those who have sufficiently deep pockets (corporations, unions, other special interests) to woo the legislators for special privileges and rent seeking.

On the other hand, while voters collectively could wield power to counter this, it's diffuse, and any one particular voter has approximately zero influence, and thus has little incentive to make the significant investment in educating himself about what's going on. Thus, the electorate is generally ignorant (and rationally so), and does not know about (most of) the shenanigans going on with their government.


"It's not that the USA isn't democratic enough. Quite the opposite."

I think the real issue is democracy, no matter how well executed, really just isn't that good at protecting citizens from tyranny. Laws that ensure freedom and privacy are all good and fine, but they will never compete with math that ensures privacy and freedom.

Even were we to devise the perfect system of governance, advancement in technology to ensure the situation would still be essential.


Various attempts at this have been made, but a bigger obstacle to anonymity than good software is mass adoption of that software.


Low hanging fruit?


So I just checked out ICE's website (http://www.ice.gov/about/offices/homeland-security-investiga...) and I have absolutely no idea why a domestic copyright violation case would fall within their jurisdiction. Any ideas how they twist this to fit in their "mission"?


tptacek has made some good comments on this: http://news.ycombinator.com/item?id=2010226 http://news.ycombinator.com/item?id=1946307

In short, Customs covers counterfeit, which extends to IP rights. Not saying I agree with it, but that seems to be the justification.


Any place within 100 miles of the US border is a Constitution-free zone:

http://www.aclu.org/national-security_technology-and-liberty...


Great chain of events and the best part is there was no high tech brain work involved. I mean the guy could have done so much to at least try to wipe his trail, but I guess if he were that smart he would be making a positive impact on the world and not doing this. What got me really thinking is how GMail has his address? The language is a bit clear if Google had the address or just the name which was of the same guy who lived at Deer part as revealed by Comcast. The only possibility otherwise seems to be that this was linked to some Adsense account which contained the address for a cheque delivery perhaps?


"I guess if he were that smart he would be making a positive impact on the world and not doing this."

If he were that smart, he wouldn't have been caught, and we wouldn't be reading an article about it.


http://vimeo.com/15492594

It's not that hard for a site to get your location.


That video, while cool, is tremendously misleading. Not only does he make a lot of unlikely assumptions assumptions (it should not be that easy to get someone's apache pid), but Facebook doesn't use php's build-in session management code at all.


at least try to wipe his trail


Beware: that is the loudest Vimeo video ever.


I read this and for some reason I read it like an instruction manual on how to do things right. Given the chain law enforcement followed, the "advice" you can take away from this is:

- Always, always, always use a prepaid credit card. You can buy them everywhere. Pay for them with cash. Don't buy them in a store with good surveillance;

- Make sure you register them with out-of-state addresses and fake names (if you even have to). Use a different card to pay for different things so the trail covers multiple states. This complicates law enforcement;

- Use a foreign intermediary. This GREATLY complicates law enforcement;

- Have that intermediary be an innocent-looking site, like for sending large files. Use a different set of cards for that site;

- If you're not interested in real-time as such you could greatly complicate efforts to obtain a warrant by uploading different pieces of the content to the intermediary site using a variety of networks.

- Encrypt the upload. Have individual pieces meaningless without the whole.

- Upload those pieces via multiple accounts on the fake foreign intermediary. Maybe even use two or more intermediaries.

Not that I have any interest in such things but the engineer in me sees such a post and naturally looks for ways to solve the problems.

The piece about encrypting and uploading different pieces as a background task that simply looks for open networks as you wander around actually sounds like an interesting technical exercise.

Then again, I wouldn't be surprised if such a thing exists already.


I read 'lived with his parents' and thought that was good enough information on the value of this business model.


2 ways to get richer, earn more or spend less.

That said, as you get bigger, you earn more. ad networks pay higher rates as you get more traffic. So I wouldn't dismiss the business model right away. Looking at the traffic curve on that site, it was going up a lot at the end. I bet the bulk was made recently.


Even if the domain is hosted out of US jurisdiction, so many sites are littered with Facebook 'Like' buttons, couldn't the requests for those assets then be taken from Facebook? Is it time to start adblocking all these useless but perhaps identifiable information?


1) Host in I2P/Freenet/etc only

2) Use anonymous or throwaway email addresses only; never connect from your real IP (see i2pmail, hushmail, and good proxying + generic email service)

3) Run your own ad networks, accept payment only in Bitcoins.

4) Encrypt everything vaguely related; all mail to and from your disposable email address should be encrypted, write a script that downloads and empties its contents nightly storing encrypted archives on your machine only. All code and source control and everything else that can be encrypted should be encrypted. See ecryptfs.

5) Profit!


  > write a script that downloads and empties its contents
  > nightly storing encrypted archives on your machine only
For bonus points, have the script automatically mount your hidden partition (just stick the password in .netrc) thereby alerting 'them' to the fact that you have one.</sarcasm>

The automated script itself can't be encrypted, so you've alerted 'them' to the fact that you're connected to that email account, and pointed them to where the encrypted files are stored (even if they can't access the files themselves).


If they learn enough to get physical access to the machine that runs the script then you're already pretty much screwed, obviously. At that point the encryption is merely there to minimize damage.

Your machine could be confiscated coincidentally if you're involved in other things that make people angry. In this case, they may just gloss over any content irrelevant to the charges at hand. Anecdotes I've heard seem to corroborate that mode of operation. In such a situation, the email archives and/or the backup script may never come into play anyway.

You could also not use a script and do it by hand every day. It's just a trade-off of risks; you either do it manually each day and allow yourself to accidentally forget a day, or get lazy and let it go for weeks, or whatever, and keep that data in the hands of a third-party where you really have no idea what's going on with it, or you can put a script on your machine, where local analysis of your HDD could reveal you.

Also, there'd obviously have to be some unencrypted parts of this, but you could probably encrypt the part that contains the actual email address. You can just point a cronjob to a script that decrypts the real script and shreds it to your paranoia's satisfaction when done.

If the script can actually run fully automated (i.e., no passphrase needed), then that'd probably be a problem if someone got a hold of your workstation. So it really shouldn't be totally automated, but mostly automated would still be good.


How about

1) Don't sell ads against stuff you don't own.

?


I hope that Google is your first target with this idea.


Except that people sign up to have Google ads juxtaposed with their content.


You might look into robots.txt and then reconsider your point.


What does that change? Perhaps these content providers should look into a DMCA takedown request and reconsider their position. The target of this raid wasn't hosting any content himself, he was only hosting links that most likely went out to large video sites, where the copyright holder could request a takedown. My understanding is they were simply annoyed at this guy's aggregation of the links and added him to the target list.


Google respects if I don't want my content indexed.

This guy doesn't.

I can't believe we're even discussing this stuff. This guy is clearly in criminal backwaters fencing illegal stuff. How can you even remotely vindicate his behavior? "Oh but there is a layer of redirection between him and the actual source of the content" really doesn't cut it in my book.


> How can you even remotely vindicate his behavior?

Nobody's defending his behaviour; people are pointing out that the way in which the federal government apprehended him was clearly illegal. There are legal ways to stop him from infringing; let's see more of that.


The problems are that #1 ensures that you will have few users and #3 is diametrically opposed to #5 (unless you can somehow pay your rent or hosting bills in bitcoins...)


You can cash out btc for US$ or other currencies pretty easily. See http://mtgox.com .


they do keep record of logged ips , beware


This is incredibly alarming!

Censorship and information control of the highest order.

Those things have no purpose but oppression.


So

1) Use IP instead of a domain or use a bunch of disposable domains registered outside of US jurisdiction and reach.

2) Don't use US based email.

3) Don't use US based ad systems.

4) Profit.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: