hckrnws
This headline is misleading by omission, to (nearly) the point of being false.
Context: https://en.wikipedia.org/wiki/8_December_2020_incident
tl;dr:
- The primary reason for their arrest wasn't the Linux/encryption tools.
- They were under investigation / suspicion after volunteering for a Kurdish militant group.
Secondarily to the above, the prosecution used their encryption/etc, (in a case of bad logic) as further post-hoc evidence or cause for suspicion.
In my opinion, omitting the primary causes here is intentionally muddying the issue, and making it sound like encryption itself was the cause.
*Caveats:*
- Yes, the prosecution clearly don't understand the technology, and obviously don't care to know.
- Yes, they are implying that use of encryption itself is due to "needing to hide something".
- Yes, they're implicating innocent (AKA "normal") use of encryption as something bad, and that's a problem.
> This headline is misleading by omission, to (nearly) the point of being false.
Thank you for doing the research and not just upvoting due to click bait.
Probably thanks to this comment, the author of the video has changed the title, description and pinned a comment to clarify the charges. Great example of fixing your mistakes.
> after volunteering for a Kurdish militant group.
Source please.
Extracted from Wikipedia given in OP
https://www.lepoint.fr/societe/ces-jeunes-partis-combattre-l...
https://www.mediapart.fr/journal/international/010919/ces-re...
Thanks
Doesn't watch the source nor reads the provided info in the video notes itself, wants proof for something that is derived from the original sources. Can't even fatom what you wanted to achieve with this comment.
The provided video description and pinned comment where added after my comment. Please be more careful with your sarcasm.
As for the Wikipedia source, if you read the full article (it's not too big, give it a try) it can be interpreted differently from "fighting for the same cause as the group" compared with "volunteering to join forces with the group" when put side by side with the OP's statement that I asked sources for. One thing is to do a one off action in association with a specific group, another is to fully volunteer towards the group. Hence why I wanted more sources to disambiguate the word "volunteer".
In the Chelsea Manning trial, the prosecution characterized `wget` as a nefarious hacking tool.[^1]
In 2009, Boston College police used a suspect's use of Linux and the command line in a warrant application on the basis that it was a sign of possible criminal activity.[^1]
I don't expect law enforcement to be experts, but can you at least ask your local IT guy to sanity check your work first?
[1]: https://slate.com/technology/2013/07/bradley-manning-and-the...
>I don't expect law enforcement to be experts, but can you at least ask your local IT guy to sanity check your work first?
The HN crowd probably wildly overestimates the knowledge of the "average" IT guy, especially the kind working for local government.
Sanity has absolutely nothing to do with it. What will be presented at trial is whatever they think they can get away with. Whether wget is a hacking tool or not has no bearing on the matter. This is rhetoric, not a math proof.
When hunting for probable cause this is a feature not a bug.
It may not be inaccurate to characterize wget or curl as tools that could be used to perform nefarious acts of hacking. After all, the command-line options offer wide latitude to twiddle parameters and craft requests far beyond the type that would pass a browser's sanity checks. In fact, I could see where you could make the same argument about popping open the Developer Tools console in a browser.
Plenty of people use wget in a mundane fashion where they may want to automate or test stuff that is in no way illicit hacking, but likewise, malicious threat actors can have a field day with it. It's essentially a morally neutral tool with possibilities.
While that won't erase what the accused have gone through during 16 months(!) of detention, I think it's still good news to see that the State has been condemned for its actions.
The "proofs" for conspiracy were apparently very light and the fact that the accused had used privacy protection measures, like instructions for a de-Google'd smartphone, Tails, TOR and encryption, were apparently enough to sue, detain and to have the DGSI investigate... I wonder what would happen if a similar case happens in the U.S.: they would have perhaps been suggested to have a plea bargain and plead guilty and serve X years in prison, and maybe liberated after Y years for good conduct. But, oh wait, being convicted of terrorism actually sentences you to 30 years[1] in the U.S. so you'll most likely rot in a cell and be forgotten by everyone except your captors.
[1]: https://code.dccouncil.gov/us/dc/council/code/sections/22-31...
It's unfortunate when suspicion falls upon these people simply for trying to undertake privacy-protecting best practices that the majority of us morons in the world don't care about or are woefully ignorant to. I hope one day privacy is normalized and treated like a valued, first-class human right (more like it was before social platforms and cloud-hosting became a thing and shifted popular culture to share-everything/control-nothing).
USA: I don't want to go into details at this point as the case is still ongoing, but I was offered a plea deal at my first court date to be released the next day and I refused. I was finally released just shy of my 10th year in detention.
> 16 months(!) of detention (...) the State has been condemned for its actions
Just a clarification that it appears to be 16 months of isolation and intense privations, not just any form of detention. And the State was condemned to a few thousand euros damages that's ridiculous.
> I wonder what would happen if a similar case happens in the U.S.
Ask Leonard Peltier or Mumia Abu Jamal. They are the "modern" equivalent of Sacco & Vanzetti or the 5 Haymarket Affair anarchists condemned to death. The US Justice system is very well-known for producing fake evidence to get rid of political opponents. That being said, as a french person i can't say anything better about the french justice system.
Has anyone ever been sentenced to 30 years prison for doing a terrorism?
Conspiration is 30 years maximum. Actually committing a terrorist act and being convicted locks you up for good in a supermax prison. So yeah either way you're locked up for a VERY long time :/
People convicted for Jan 6 Capitol attacks are looking at 18 years[1] at least
[1]: https://www.pbs.org/newshour/politics/oath-keepers-founder-s...
18 years is by far the longest sentence handed down from Jan 6. Most convictions have resulted in probation. The Federal max sentence is rarely actually handed down. Typically, it’s closer to half the max with even that sentence shortened later on.
Zacarias Moussaoui was sentenced to life for his participation in the conspiracy to commit 9/11, but he wasn’t one of the actual perpetrators.
In the US? Absolutely. There was a very famous someone who just finished up a life sentence, and a quick google turns up https://www.fbi.gov/stats-services/publications/terrorism-20... which has, among others, 40 years for Matthew Hale, 39 years for Sean Michael Gillespie, and life for Ali Al-Timmi and Eric Rudolph.
He finished the first life sentence. He's still got 7 more to go, apparently.
Just using encryption leads to this?
We may have technology now, but what’s clear is that the human nature that lead to the witch hunts several hundreds of years ago still exists.
> Just using encryption leads to this?
No. The people arrested in that case were anarchists and had varying levels of engagement for social change. The main defendant, who this article talks about, was a vocal opponent of the State and state-sponsored injustices (police abuse, social inequalities, etc).
Whether he actually planned attacks against the State as he is accused of, i don't know although the fact all the accused were liberated tends to show the police had nothing against them. But even if these police fantasies were true, any damage he could do by attacking eg. a police station would be nothing compared to the millions of people who suffer/die every year do to french imperialism and its racist and ecocidal policies.
The suspects were not anarchists ... they were allegedly connected to a Kurdish militant group (so more like nationalists).
I hate gov.s as much as the next guy, but the rant is off-topic here.
The main problem is that they try to formulate simple encryption in a criminalizing way, which can lead to bigger problems if it becomes a widely accepted view.
> The suspects were not anarchists ... they were allegedly connected to a Kurdish militant group
I don't mean to be rude, but you sound extra sure while your message is wrong on two counts:
- the suspects are all anarchists, except for one person who might identify as a trotskyist ; the support networks that grew for the 8/12 case also grew in the anarchist milieu for this reason (i don't have an english source for this, but if you read french the mediaslibres.org planet would contain plenty of information about this)
- only one suspect was involved in the kurdish liberation struggle, and that's definitely not what any of them was accused of although that's probably what triggered the investigation ; they were accused of planning attacks against the french empire (not the civilian population)
> The main problem is that they try to formulate simple encryption in a criminalizing way
I agree.
PS: "anarchist" is not insult it's a political orientation. I myself am an anarchist.
How did they target the group though, did they just scan the internet traffic and said, oh wow there is a group of people who only talk through Signal, or were there another precedence?
According to this Wikipedia page [1] that details the case they (or at least some) were put under surveillance when they returned to France after they had spent time in Syrian Kurdistan to fight against IS with Kurdish YPG [2].
[1] https://fr.wikipedia.org/wiki/Affaire_du_8_d%C3%A9cembre_202...
Talk about a buried lede !
How so? They were fighting against ISIS, alongside YPG, who the US government (and probably France too) supported officially. It makes sense they were surveilled at first - France wants to make sure volunteers aren't actually supporting ISIS - but they weren't and that's not why they kept the surveillance going. It was because they were an "ultra-left" group and France was apparently concerned they might attack police or sabotage phone infra or something (per Wikipedia.)
They were then arrested preemptively (after the surveillance was retroactively authorized by a judge!) and one member was held in solitary for 16 months. Despite all that, the prosecutors apparently couldn't find an actual plot to accuse them of planning, so they're pointing at their use of Tor and Signal instead. It's pathetic.
It's burying the lede because the title makes it sound like the authorities in France are going around finding tor/linux users and arresting them, when what actually happened is that the group was surveilled because they were known to have fought in syria, and after they came back they were also using tor/linux. Don't get me wrong, arresting them for that reason is still an injustice, but it's misleading to paint the whole situation as "arrested for using linux and encryption".
> the group was surveilled because they were known to have fought in syria
That's not correct. One person fought against Daech in Syria, then a few years later a dozen persons get arrested ; most of them don't know one another. You can't really talk about a "group" and certainly can't say they took arms when only one of them did (and for an arguably very good cause which was approved by the State on paper).
I agree with you the video title is misleading, though.
but ultimately that's what happened. they're charged with criminal conspiracy, but rather than alleging some specific plot, the prosecutors say that using Tor and Tails proves their clandestine nature, and that nature is incriminating in and of itself.
them fighting alongside YPG has nothing to do with why they were arrested, it's just backstory.
Sounds like they were following standard industry best practises.
Getting arrested for it is beyond lousy, as many other IT professionals will be doing the same things because they're industry standards. :(
Maybe I should put some more time into my new Qubes install, plus see what the latest updates to my Pinephone look like.
Genode[0] does now support the pinephone.
Microkernel, multiserver, capabilities.
This is occurring with some regularily in liberal democracies. If you want to see a much more global picture, just read this:
https://community.qbix.com/t/the-coming-war-on-end-to-end-en...
yea like China
I fear this is the future.
We need plausible deniability and a way to hide that these tools are even being used.
No. We need to government that government does not harass people for doing totally legal things and punishes actual decision makers criminally when they do.
We need personal responsibility for government officials.
There are quite a few people in the whole process from surveillance to arresting and detaining them, that should have noticed, that they did nothing illegal (or atleast are employed there to be the ones who should be noticing stuff like this).
Engineer builds a house, uses way less material then needed to be safe, because it saves money,... then house collapses, engineer knew (or should have known) how much concrete/rebar is needed, still approved it, criminal negligence, jail. Why not the same for police, prosecutors, judges, etc.?
Absolutely agree with the opening statement. However, the example given suggests that the same principle applied to government would result in endless lockdowns and "safety" measures above any reasonable boundary. Officials' accountability should be pinned to something else, not "safety" and not even "money", I think.
Generally, if you are doing something adversarial on a massive scale, plausible deniability is next to meaningless. You aren't going to win in a system that you are trying to fight against.
If you are doing something smaller personal means that just happens to be against the law, if you have to resort to plausible deniability, you already fucked up in a lot of ways. The sad truth is that many of the "hackers" are like a few steps away from being script kiddies, without basic understanding of opsec. The actual good people all realized that its much easier to go white hat and get paid reliable salary and live a comfortable life rather than fight an ideological war that doesn't matter in the end.
Plausible deniability works great... in a liberal, rule-of-law, legal-by-default society.
Is that not the point of VeraCrypt(formerly TrueCrypt)?
Normal everyday OS in Main encrypted volume, then your secret hidden OS in the hidden volume.
Should someone make you divulge your password, you give them the one to get access to the normal boring mundane volume, and they have no proof that the other volume exists.
As long as your Tails and your VeraCrypt utility are in a USB key out of reach from the police, you should be able to plausibly deny.
If they have the ability to take your computer, presumably they have the ability to search your residence. Where would you keep it out if reach while also being able to regularly use it? Or what would you do if the police showed up while using it?
They have electronics sniffing K9s now. https://www.techrepublic.com/article/electronics-sniffing-do...
For your first question, it's a stash at a walkable distance out of your residence. For fingerprints, wrap it up in a condom every time you fetch it. If you live in an apartment complex, store it out of your apartment at a place where people would never look thoroughly: the garbage room, for instance.
There should be a way to make the Tails OS in such a way that each time the USB is plugged in, the contents of the flash drive are moved to your computer RAM, so that if you plug it off without running `shutdown` explicitly, not only you'll shut the computer down in 2 seconds, but your USB is also clean. The `shutdown` command being run with the USB still plugged in then copies the image from RAM back to your thumb drive. Your non-destructive shutdown routine will obviously take a lot longer though.
https://www.etsy.com/listing/267826934/micro-sd-card-reader-...
(nsfw... if you can't open it, the url explains it all)
Having the storage device on your person nearly 24/7 seems like a complete failure on the "plausible deniability" front.
you're over thinking this. The USB does not even necessarily have to be undiscoverable, VeraCrypt is enough. Just put a couple of K on some crypto wallets and hold them in the main volume.
The fact that you've got valuable data on the "boring" volume is enough to explain why it is encrypted.
If you use an amnesic OS that does not right to the USB and is read only on the hidden volume, you won't be racking up the SMART data clocks on write cycles when within the "interesting" volume, making it look completely like a passive USB, sat there looking pretty and gathering dust just holding your wallets.
But even then, you could explain any high usage in the SMART data as it being a random USB you had lying around that you used to use daily, that you decided to throw your wallets on. The SMART data is not timestamped, it's just a total cumulative counter that goes up over the entire life of the device.
If true, then fuck you France.
Crafted by Rajat
Source Code