Entrapment and all the related legal discussions aside: there's a purely technical problem with the data used as evidence: no referrer data was collected.
In other words, the IP logs that the FBI is using only really indicate that someone followed a link. No information about link body text, alt text, title attributes can be inferred from these logs without any indication of context. The URL's themselves look pretty bad as well, but the evidence data doesn't really indicate what the user saw when they clicked the URL.
On top of this a whole host of issues around prefetching and content crawling could be raised, but I'm not even going there. But then it seems that probable cause is a pretty low barrier, so maybe you don't need much incriminating evidence anyway.
From the article:
"When anyone visited the upload.sytes.net site, the FBI recorded the Internet Protocol address of the remote computer. There's no evidence the referring site was recorded as well, meaning the FBI couldn't tell if the visitor found the links through Ranchi or another source such as an e-mail message."
Correct me if I'm wrong, but isn't this entrapment?
As I understand it, it's legal for the authorities to go buy marijuana, and then arrest the dealer. But it is not legal for them to sell marijuana, and then bust the people who buy it.
No. They do not prosecute people based on clicking the link. They merely obtain a search warrant. They will prosecute people if they found any CP based on the search warrant.
There is definitely problem with the methodology used by the FBI here, but the real problem is this law. I guess I understand the reason for laws against planning to murder someone... but planning to copy some bits to your computer that represent a naked kid?
Let's spend our money going after people that actually physically rape children, not people that click links, or that think about thinking about clicking links.
...and some people were giving us grief because TinyArro.ws is configured by default to show previews for all URLs that it shrinks/redirects.
It seems scary to me that people could be rickrolled with an FBI URL via a tiny url service.
If you have your own tiny URL service, I recommend making URL redirects preview by default. Or at least take a moment to consider the idea. It always seemed strange to me that we'd expect average web users to remember some special preview URL or have a special cookie pre-enabled before they get goatse ambushed.
Quite old, and my understanding is that they don't do this anymore. Anyone have an updated info? A google search on Roderick Vosburgh find nothing recent.
> who wants to bet this will the new, popular 4chan bait for random bypassers?
Wouldn't that be a "good thing"? If the signal-to-noise ratio for this honeypot goes down and they end up investigating a bunch of innocent people, that should be enough for the practice to stop.
The US government has a lot of money to waste on stuff like this.
A year or so ago I jokingly made a reference about killing the president (not killing the President; I intentionally didn't capitalize the P) on Slashdot. A month later, the Secret Service was at my house. As far as I know, the case was dropped, but for some short period of time I was facing federal charges and was under investigation. I probably have an FBI file now (which I personally think is awesome).
So anyway, I would probably not click this link, unless I was using Tor or that new VPN service by the Pirate Bay guys. If you are in the US, there is plenty of manpower around to waste your time.
(To be fair, the agents that were investigating my case didn't know much in the way of details. As soon as I showed them the post in question, they became very friendly, and I haven't heard from them since. But still, it was a big waste of my time and the taxpayers' money.)
In other words, the IP logs that the FBI is using only really indicate that someone followed a link. No information about link body text, alt text, title attributes can be inferred from these logs without any indication of context. The URL's themselves look pretty bad as well, but the evidence data doesn't really indicate what the user saw when they clicked the URL.
On top of this a whole host of issues around prefetching and content crawling could be raised, but I'm not even going there. But then it seems that probable cause is a pretty low barrier, so maybe you don't need much incriminating evidence anyway.
From the article: "When anyone visited the upload.sytes.net site, the FBI recorded the Internet Protocol address of the remote computer. There's no evidence the referring site was recorded as well, meaning the FBI couldn't tell if the visitor found the links through Ranchi or another source such as an e-mail message."