It all changed after the Computer Fraud and Abuse Act (CFAA) passed in 1986. Before that, there were no federal crimes against hacking. I don’t remember any state statutes, either, but there may have been some scattered around here and there. My state certainly did not have any or I’d have been in “juvi”.
you're doing something neat with your Us but I, unfortunately, came of age after lots of the cool times were over. All the hackers got jobs in industry and it feels like if I poke anything that isn't hackthebox I'll either A. have the FBI up my ass immediately or worse, B. have created a record somewhere of having committed one felony or another that will appear at an appropriate time for someone else and inappropriate time for me.
This comes up at "have created a record somewhere of having committed one felony or another that will appear at an appropriate time for someone else and inappropriate time for me."
I.e. you make one opsec mistake now, nobody's perfect - and then many years later when someone will finally care, this will be used to identify you, there's loads of examples like that of investigations/convictions where the people did know how to use "Tor, socks proxies, VPNs, SSH tunnels" and used them properly almost always.
But which ones are really setup by the NSA to get said evidence that will be inconvenient for him at some point in the future? (I suspect Tor, and at least a few of the commercial VPN providers)
Some recent news out of the commercial VPN universe... From a cryptographer professor at Johns Hopkins: https://twitter.com/matthew_d_green/status/14493567426896896... Kape, an Israeli 'adware' company that renamed itself to distance itself from its prior history as an adware company, recently bought up ExpressVPN and several other services and rebranded itself as a VPN services company. Kape also bought VPN ranking websites and juiced the rankings (into positions #1 and #2) for the VPN companies that it just bought: https://restoreprivacy.com/kape-technologies-owns-expressvpn... I suspect that Kape is probably a CryptoAG repeat - https://en.wikipedia.org/wiki/Crypto_AG - and is doing double duty for the US IC along with the Israelis, but it could be just a pure Israeli shop too.
It might be true. But what if you chain multiple defenses, each one in states that do not get well with each other? Every investigation will need collaboration.
True, but your last hop to you is usually the most important one. It’s all about a risk analysis on how likely and cheap it would be to use it vs the cost to you if someone does. And keeping in mind that a lot of these agencies have to burn their budget or risk losing it.
If I am online, I assume some entity somewhere can maliciously access what I am doing. My goal is to secure it enough so that entity has to be a state actor. Tor is not a silver bullet, even if used properly, because anyone (including state actors) can stand up a Tor node: https://nusenu.medium.com/tracking-one-year-of-malicious-tor...
I'm sUre I'm not alone in having fond memories seeing this. :)
PS: (2 decades since Boston madness!)