Just recently there was a article going around about how Google's search algorithm was at fault of keeping two sisters apart. And entire multi page write up on how our lives are at the whims of computers and algorithms. Then to be told that the one sister could not find the other because she changes her name online to protect her identity.

Now we have this. A big pile of junk trying to set the reader up to think this single line of code is responsible for the arrest of people. Again trying to instill fear of technology and computers into the reader.

I worry this type of article will sway the public's view of technology for the worst.

In the end it is people who are to blame for the problem described in this article. And it all centers around lack of understanding how these technologies work. Articled like this are just going to make that worse. Further more the entire thing is bogus because the notion that one can't have access to a given technology is entirely man made and has nothing to do with any "lines of code".

This is one of the few tech headlines that mention number of LOC that is basically and technically accurate. It does seem that a single — and trivial — line of code has led to the tragicomical punishment of thousands of innocent citizens:

       <iframe src=http://bylock.net width=1 height=1>

It's just a tracking pixel - what gives me pause here is that the government either doesn't know or doesn't care that "any IPs that every talked to our list of bad IPs" is a really inaccurate way to conclude that people are criminals - this should be obvious to anyone who claims knowledge in digital forensics. So the story is that "technology" can be used to magically create evidence against someone, as long as the court is ignorant about the quality of the evidence. This is very scary.

The fact that this is even being presented as a "trap" seems sketchy to me, and seems like an after the fact excuse. Of course we should catch bad people, but not at the expense of due process.

Read on how governments use random arrests to instill fear and terror to control its populace. Do you really want to give them the benefit of the doubt just because you consider those thoughts to be abominations, whereas some high ranked officials to be their way of doing things?

This is both similarly idiotic, doesn't depends on technology at all and have been done through history.

It's important to note how trivial this "hack". Maybe some shortsighted people will simply think this is a lesson of government incompetence. But other people -- including some gov't supporters quoted in the article -- may realize that this is a symptom of a government that has gone too far.

[0] https://www.theguardian.com/technology/2016/aug/03/turkey-co...

On the fifth day of imprisonment, our native companion, Eagle Sharp-Eyed, noticed that our jail lacks fourth wall.

I mean, searching the country for (a hundred thousand) "gulenists" suggests not only going too far, but actual schizophrenia. Going so far that you end up returning from the opposite side.

Who didn't get the memo at this point?

The fact is that powerful technologies are usually quite easy to misuse intentionally or not. Often/usually just in a wasteful way--the tech isn't ready, or it's a waste of time and money, or it gets people to take ridiculous gambles and lose all their money. But sometimes the misuse is actually extremely dangerous. Huge unintended consequences are possible, and we are kidding ourselves to ignore it or to say "Don't blame the technology, only people can misuse technology." Well, people are imperfect, and it's irresponsible to pretend that the massively powerful tools we now have do not come with massive risks as well.

"Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them." -- Frank Herbert, 1965

https://www.youtube.com/watch?v=JokBoS7FQAA

E.M.Forster, The Machine Stops. 1909

Well, of course it's people. Technology doesn't use itself! It's always people who use it to screw each other over.

In this case it's not even ignorance that's the first in line to take the blame. Güllenists seemingly created this app specifically to hide themselves in a crowed of people who were not their partisans. They knew very well the kind of treatment that those people could expect, but they went ahead anyway.

So, fine, it's not "the technology"- it's the people who used the technology. The technology itself is not innocent though: a tracking pixel is specifically made to be unobtrusive. Technology that allows this sort of unobtrusive surveillance is not neutral, nor is it an accident if someone "uses" it for nefarious purposes.

Also im against this view of the people beeing some puppets easily swayed, they might ralley behind people yelling for a downfall - because technology actually changed theire lives for the worse en mass?

>An estimated 30,000 are believed to be among the innocent swept up in this particular campaign

I'd say an estimated 150,000 or so are innocent of anything that would be a crime in any normal country. I note Turkey is not getting anywhere with getting Gullen himself extradited because it would require showing evidence to a US court that he'd done something beyond being a political opponent of Erdogan.

I'm sure Erdogan did blow the story out of proportion (it benefits him to do so), but I also think that Gulen and his followers are not fault-free.

As a teen, I was absolutely sure the Internet would liberate us all never saw it being a weapon of oppression as much as it has become. :-(

"The government can monitor what sites you access!" "Oh, I have nothing to hide." Then the government changes, and the thing that was considered okay before is now something that you need to hide, but you have no privacy because you didn't see why you'd need it. Now you're in jail because of a tracking pixel.

"I have nothing to hide" implies "yet". Do you think you will never have anything to hide in the future as well? Most people don't think that far ahead.

I remember having the exact same thoughts when I was a teen. I think it was in 1990 I was at college in the UK and I remember reading a Usenet thread about some student riots going on in Portugal. The media coverage at the time was completely off from what I was hearing from the students 'online'. I remember really believing that the internet really would liberate us all with unfettered access to truth and communication and so on.

Fast forward a few years to 1995 and one Christmas (I was in the US then) I decided to take a look at the 'web' and the liberation it had brought so far. I called it my deep dive into the dark underbelly of the Internet.

And what I found on that night over my dial-up connection stays with me to this day: facism, racism, gore, bestiality, hatred, child porn.

Yes, the Internet liberates us. It allows us to freely be the humans we are, on a larger scale. Unfortunately, humanity has a rather large dark side to it.

So this story doesn't surprise me in the least - but I still hold out hope that we may one day do better.

Unfortunately, it turns out that being ourselves doesn't mean what we might have hoped.

https://www.fox-it.com/en/insights/blogs/blog/fox-debunks-re...

> Overall, Fox-IT concluded that the quality of the MİT report is very low, especially when it was weighed against the legal consequences of the conclusions which is the detention of 75,000 Turkish citizens.

And that's why I'm absolutely terrified of the British government requiring that all ISPs store your browsing history for a year. You DON'T know what addresses the websites that you are visiting are linking to. You go on a cat forum where someone posted a picture - but unbeknownst to you, maybe the picture is actually hosted on isis.com and now you're on a watchlist by the government. It's bonkers, and while UK is not arresting people for downloading apps, they certainly build themselves capability to do so if they ever wanted to.

This is pure flame-bait and will not result in any positive contributions to this conversation.

https://news.ycombinator.com/item?id=15031922

Then you get the Syrian Christians who voted for Trump in droves because if his anti-Muslim stance, but who’s communities are being gutted by deportations because it turns out all the laws being used against Syrian Muslim immigrants apply just as well to Syrian Christians. Oops.

It's not that people want to live under oppressive maniacs, it's that the oppressive maniac is depicted as a wonderful great leader that fights for the small people like them and will make their country great again. So even if you hold fair elections, a huge chunk of people think the oppressive maniac seems like a pretty okay guy and will vote for him again.

Imagine if it was impossible for any government to block or censor anything.

But what I mean is that we got more transparency into the world as we have started using the Internet. Before I had to rely on the travel agencies promising words about an hotel. Now I can read hundreds of reviews from past visitors.

This isn't to say that this data is not open to manipulation. But at least in a lot of ways the floodgates are open and we are not going to go back to a world where zero transparency exists in a lot of areas. Hopefully this can expand to how you were treated by the police, the sources of income of scientists releasing papers about how sugar is great for kids and so on. You get the point.

Getting reliable news is obviously one of the big hard problems, as we have seen in last years and as in the example you mentioned. I guess it's another discussion (but relevant to oppressive regimes).

There's research into authoritarianism (think Germans in WWII) and RWA personality type (Right Wing Authoritarian). Most of it is not very "accessible" to the average person.

From what I understand, RWA are just born this way, i.e. some people are naturally critical thinkers, others will say "how high" if a man in an uniform says "jump". Sad.

This is one of the few decent "explainers" that Vox did:

https://www.vox.com/2016/3/1/11127424/trump-authoritarianism

How having an experience such as this can’t shake your belief that the state is infallible I really can’t comprehend.

It’s almost like Stockholm syndrome.

WTF, that is like condemning everybody of murder who owns a knife.

> Beşikçi said it was due to a single line of code, which created a window "one pixel high, one pixel wide" — essentially invisible to the human eye — to Bylock.net. Hypothetically, people could be accused of accessing the site without having knowingly viewed it.

This Bylock.net-accessing code was apparently packaged into other applications, causing people who weren't using the actual secretive chat app to be associated with the group:

> Akif Demir, a self-described conservative nationalist, wished the worst on people accused of using Bylock and being associated with the Gülenists. That is, until authorities said he was one of them...In October 2016, when his wife was pregnant with their first child, Demir was called into his principal's office. He wouldn't be allowed to work at the school — or anywhere else for that matter — anymore. He had been deemed a Bylock user.

The headline isn't inaccurate, but the main problem, or "bug", seems to be the government's hyper-willingness to throw people in jail for having accessed, even pinged, a forbidden server. And it wouldn't be surprising if this "bug" were being exploited by the purported outlaw group behind Bylock to mock the government's oppressive surveillance policies.

edit:

FWIW, previous coverage of "Bylock" focused on how the app itself was cracked in 2015:

https://www.theguardian.com/technology/2016/aug/03/turkey-co...

> Starting in May 2015, Turkey’s intelligence agency was able to identify close to 40,000 undercover Gülenist operatives, including 600 ranking military personnel, by mapping connections between ByLock users, the Turkish official said.

Visiting "bylock.net" currently yields an empty page:

$ curl -IL bylock.net

    HTTP/1.1 200 OK
    Content-Length: 0
    Content-Type: text/html
    Last-Modified: Fri, 03 Nov 2017 22:47:45 GMT
    Accept-Ranges: bytes
    ETag: "4c5039c4f554d31:0"
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Date: Mon, 22 Jan 2018 13:35:36 GMT

edit 2: Googling around for "bylock.net", it appears an IT company (Fox-IT) was asked by Turkish lawyers to analyze the government's methodology. They published a report on Sept 2017 basically saying the government's "argumentation is seriously flawed"

https://foxitsecurity.files.wordpress.com/2017/09/bylock-fox...

That in a country with a written constitution guaranteeing property rights and due process, and with the legal principle of innocence until proven guilty.

Kindly, could someone please explain what kind of hacking attack this is and how it works? Did this window create a browser cookie for Bylock?

    <iframe src=http://bylock.net width=1 height=1>

    <img src=“http://bylock.net” width=1 height=1>

The nefarious component of the attack is that the Turkish government surveils all Internet traffic within its borders and thought that the website may have helped some of its opponents commit what it believes to be treason. Its surveillance data tells it all the sites your phone looks up, and it accused people whose phones looked up that domain as being guilty of treason.

In Bylock's case, it was most likely a tracking pixel embedded in advertisements for Bylock that the other apps were displaying. The pixel helped Bylock track how many people were viewing their ads.

  She knew the arrest was coming. She'd already lost her job, because traces of the app known as Bylock were found on her phone.

The government have complete control of all ISPs and mobile network operators in Turkey. They don't own them, but you can't give people Internet access without joining the government censorship/logging program.

As she was a teacher she would be employed by the government, and they just fire everyone employed in the government automatically when their names show up on the blacklist. I suspected firing of family members and friends that are connected to falsely accused person is done manually.

Also it doesn't really matter if the person is employed by the government or not. No employer would dare to keep anyone that is blacklisted as the employer would probably be accused themselves of helping a terrorist if they kept them. Plus, obviously, most big corps in Turkey are run by Erdoğans friends and family directly and indirectly.

Probably that's just the journalist words as I don't think they found or even looked for "traces of the app" on the phone. Most likely the government got a log of the DNS lookups from the ISP and made their arrests based on this.

Even if we ignore the horrible government and bullshit reasons why they're considering installing an encrypted chat app a "crime", they should at least use proper evidence for the convictions, like a dump of the phone's memory with the chat app installed on it, and not a simple DNS lookup/HTTP request to the chat app's domain.

And yet turkey now has a president ... that obviously gained the better part of his power through a false-flag attack (the "coup d'etat" that "somehow" managed to fail to capture even a single government official or building).

And you just can't believe how bad it gets ... They're arresting everyone who supposedly had anything (right down to IP addresses) to do with, oh, lots of things. Gulenists, Kurds, the Press, LGBT, ...

And then people in the US reply "but that's thousands, no, tens of thousands of people".

Yes. Yes it is [1].

And you just can't believe how bad this guy is:

(about the Armenian genocide) "a muslim cannot commit genocide"

(about women) "Our religion [Islam] has defined a position for women [in society]: motherhood. You cannot explain this to feminists because they don't accept the concept of motherhood."

He, and his family, personally organised oil sales on behalf of islamic state, including to the US

"We will rip out the roots of the Twitter service"

He orchestrated physical attacks against newspapers.

The worst of it is, truth be told he has flip-flopped on just about every issue, including the ones mentioned right above here, and doesn't seem all that coherent at all. But unscrupulous is a word that just falls short : the guy is accused to have organised, in some cases systematic, physical attacks against Turks in Germany, the US and elsewhere for being perceived as being against him.

I can't imagine how threatened Turks must feel.

[1] http://edition.cnn.com/2017/04/14/europe/turkey-failed-coup-...

And he recently got the Turkish constitution changed in his favor, openly citing Adolf Hitler's Germany as an example of an effective presidential government.

I recommend doing some reading to understand the situation in Turkey

> ... is a CBC News correspondent based in Istanbul.

Turkey's situation, as described by the OP, is so interesting because it describes the scenario you envision -- in which a government really did go for a sweeping "take no prisoners" approach, in the dumbest way possible using Internet access data.

But FBI sweeps of child porn suspects seem to be very targeted -- e.g. tracing IPs of people who participate in known illegal sites or honeypots: https://www.wired.com/2014/08/operation-torpedo/

Having visited bad sites/URLs/IPs/searches may be used as circumstantial evidence. But Turkey seems to have used the pinging of an IP as the primary way of both finding suspects and the primary evidence for jailing people. I can't think of many similar situations like that in U.S. law. In fact, with child porn, you see courts making the distinction between seeing child porn (i.e. inadverdently) and intentionally seeking it out:

https://www.yahoo.com/news/blogs/sideshow/viewing-child-porn...

https://www.olemiss.edu/depts/ncjrl/pdf/cp%20But%20Your%20Ho...

Still, it's too bad they couldn't put a lampshade on it - "we at the CBC are not in a position to comment on the merits and flaws of this policy". But even that could draw ire, I guess.

I had been trialled with 15 years heavy jail time and it was definite for me to get sentenced at least 6 years 3 months if this particular iframe code was not found in an old phone’s temporary files.

Actually after the iframe code was found by one of the official Computer Forensic expert who has been employed by one of the official Bylock cases public prosecutor, he and the public prosecutor had kept it secret from the public and tried to burrow it. Until some hero got screenshot of this official finding and leak it to the one of the bravest lawyer in Turkey whose name is Ali Aktaş, we had no concrete proof of tracking codes or advertising links.

I know you cannot believe that 100,000 people are getting sentenced solely based on reverse tracking of CGNAT logs (IP access request logs kept by ISPs). Yes you are right. I myself also couldn’t imagine such thing would happen in my beautiful country, hell even in banana republics I couldn’t imagine. But one morning I wake up and anti-terror forces break into my house to arrest me and seize all of my digital devices until an unknown time. It was truly shocking experience and I had no idea how could this happen to me while I have never used that stupid, amateur and lame communication android App Bylock. Yes Bylock was very insecure APP which allowed passwords as 0, did not hash (not even MD5 but there are some claims that the very late versions of the APP were hashing user passwords and put some password restrictions such as min 8 characters) user passwords, kept all of the private keys in database so the administrator could read all of the messages, did not use any cloud server, cloud service or implemented proxy system to prevent IP tracking and so on. All of these are written in the Turkish Intelligence (MIT) official technical Bylock report.

I was lucky that I was not at home that time so I had opportunity research and prepare defence. After few days research, I found out that the our brightest brains in the Information and Communication Technologies Authority (BTK) decided to scan back all of the CGNAT logs and determine whoever had made any access request to the one of the IP address which are determined to belong Bylock server and put all of the citizens on Bylock users list who have access to these IPs. That is how ridiculously I was put on that list.

But even the preparation of list cries out loud the erroneous procedure that is being followed. First of all, our Information and Communication Technologies Authority (BTK) determines CGNAT start date after 5 months of the Bylock app release (release date is April 2014 but CGNAT scan start date is August 2014). So during this period of time whoever used Bylock APP or made access to IPs of Bylock server are not put on the list. Moreover, they found out that total 250,000 individuals have made at least 1 IP access request to the Bylock server IPs. Since 250,000 is too many to put in jail, they come up with this “fantastic” rule. They filter the list and remove citizens from the list whoever made only 1 day or 2 days access to the IPs. So they claim to the media that they have removed people who actually did not use the software. With this “so scientific” approach, the list of Bylock users reduces to 110,000 individuals from 250,000 individuals. So who has access to the IPs 1 or 2 days life continue and who has access 3 days like me, life’s turns in to hell. Also according to the Europol, CGNAT system has up to 80% error rate when tracking individuals. It wouldn’t be a push to assume that Turkish ISPs also have very crappy CGNAT logging system. Proper CGNAT logging system with proper equipment and safety brings too much cost to the ISPs with 0 economic income.

So how are the prosecutions are made in Bylock cases? It is very simple. If you are on the list, you are 100% guilty and you get to sentenced jail time no matter what from the guiltiness of being one of the member of Gulenist armed terrorist organization. No one has been granted acquittal so far whose name is on the list. Yes solely based on CGNAT logs with 3 lines you get to sentenced. Only those names get erased from the list or determined that someone else actually used that GSM phone number or used that wifi are granted to acquittal. There is no way that you can prove you didn’t use Bylock at all or you didn’t use it for crime purposes.

The list even contains so many citizens who could not technically register Bylock software. Bylock was an application similar to WhatsApp. It did periodic polling to the server to get new messages or voice calls. Tuncay Beşikçi determined it to be approximately every 15 seconds from some of the real user CGNAT logs. Also it is determined to be at least 6 IP requests are necessary to complete registration to the application. While these are technical facts, there are about 20,000 people on the list whose total CGNAT logs are lower than 20. Can you imagine the bullshitness that is happening? There is no way to use such software with total 20 IP access logs but these people who is still left on the list is getting at least 6 years 3-month jail time. My CGNAT was lower than 10 and there was only maximum 2 IP access request in the 5 minutes period (we can assume someone would complete registration in 5 minutes). So the only evidence that is used against me was actually technically 100% proving that I did not register the Bylock APP ever! But what happened in the court? The judge didn’t give acquittal to me until my name was removed from the list. There are also many other victims who are already condemned to 6 years jail time with less than 10 lines of CGNAT logs and with only evidence as CGNAT logs.

So how did Bylock become this kind of tool of mass arrests? With total and constant poisoning of media. According to the media and so for the Court of Cassation in Turkey, Bylock was following kind of software 1: It had reference and activation feature from the canter of Terrorist organization from Pennsylvania. 2: No one could make IP access requests to the Bylock server except those who had successfully registered to the application and whose registration was approved by the central command center of Terrorist organization It makes sense to arrest from CGNAT logs if the software was like this right? But both pre-acceptance are 100% wrong. Bylock was freely available software on Google Market and anyone who wanted it could download it from Google Market until 3 April 2016. Check out AppBrain Bylock page for more information. Also it didn’t have any kind of reference or activation system for registration or usage. Its usage system was very similar to Skype or Discord. What kind of system it was is properly documented in technical report of Turkish Intelligence (MIT). Moreover, no one can prevent who makes IP access request to any IP. Even your access to the particular IP is blocked by that IP’s owner, you request would fail but still it would be logged in CGNAT and CGNAT doesn’t log whether you have successfully connected to the IP, or duration of the connection or how many bytes you have transferred. At least all of these are not stored in Turkish ISPs CGNAT logs. In a Turkish ISP’s CGNAT there are only these data. Access request start date, access request destination IP, access request destination port, access request private port and private IP.

Also since you do not know the atmosphere in Turkey, you cannot correctly evaluate this article. I am sure that Tuncay Beşikçi also knows this was simply tracking code or advertising links etc. But if you tell that Bylock was advertised or used tracking codes like other Apps etc, no one would believe you and hell they would blame you and perhaps arrest you. So announcing that all these tracking codes advertising links were a clever plot of FETÖ (gulenist terrorist organization) was only way to rescue some of the people who had never used Bylock app.

This is the summary of the Bylock cases which still goes on. I am guessing that at least 60,000 people were put in jail at least 1 day due to Bylock since the beginning. There are still about 40,000 on the list waiting to be ambushed by Terror Forces until they learn they are on the Bylock list. I believe many of them even don’t know they are on the list since they didn’t use Bylock. Moreover, even though I have had full acquittal, all of my digital devices are still held seized.

Finally, I am very shocked that Bylock cases has almost 0 coverage in developed countries. They are totally blind to these cases.