hngopher.com

       [HN Gopher] Justice Department withdraws FBI subpoena for USA To...
       ___________________________________________________________________
        
       Justice Department withdraws FBI subpoena for USA Today records
       ID'ing readers
        
       Author : prostoalex
       Score  : 50 points
       Date   : 2021-06-05 21:37 UTC (1 hours ago)
        
 (HTM) web link (www.usatoday.com)
 (TXT) w3m dump (www.usatoday.com)
        
       | xvector wrote:
       | I wish services didn't store IPs at all.
       | 
       | If abuse is an issue, why not hash the IP with a nonce?
        
         | codetrotter wrote:
         | IPv4 space is small so they will subpoena the nonce and find
         | what the original IP was
        
         | kadoban wrote:
         | For ipv4 is there a difference between storing IPs and storing
         | their hash with a nonce? You can calculate the hash of every IP
         | address in reasonable time, so it's reversible.
         | 
         | Only benefit I can think of is you can forget the nonce and now
         | the data is securely useless, if the nonce was secure, but that
         | doesn't seem that useful really.
        
         | gizmo686 wrote:
         | There are only 2^32 possible IP addresses. You can brute-force
         | that on a personal laptop.
        
           | vgaldikas wrote:
           | There's even less 'usable' ones, when you exclude private
           | ranges etc...
        
         | uses wrote:
         | Hm, I'm confused, usually the whole point of storing an IP is
         | in case the visitor uses the platform to do something illegal,
         | like a death threat. Without the original IP law enforcement
         | can't subpoena the ISP, etc. But also as someone else said, if
         | you use a nonce, and I think you mean salt, then it can be
         | cracked nearly instantaneously anyways due to the small space
         | of IPv4 (~4 billion).
        
         | aneutron wrote:
         | Sometimes there's a forensic purpose. For example, you want to
         | know which servers exfiltrated your data and to which IP.
         | 
         | Or for audit purposes (e.g. you might need to prove to some
         | regulator no outside access was made, which is stupid but ...)
        
       | myself248 wrote:
       | I'm curious if we'll ever find out what they thought they'd learn
       | from this.
        
         | mathattack wrote:
         | From the article, that's why they withdrew it.
         | 
         | ---
         | 
         | " The subpoena, issued as part of an investigation seeking to
         | identify a child sexual exploitation offender, was withdrawn
         | after investigators found the person through other means,
         | according to a notice the Justice Department sent to USA
         | TODAY's attorneys Saturday."
        
           | resoluteteeth wrote:
           | I think you may have replied to the wrong comment.
        
         | b9a2cab5 wrote:
         | More likely they acquired the data through other means like
         | hacking into a "foreign" server.
        
           | bellyfullofbac wrote:
           | Probably easier to subpoena the many many tracking pixel
           | providers embedded on the USA Today website...
        
       | boomboomsubban wrote:
       | >The government's own guidelines require the FBI to pursue
       | alternative sources before subpoenaing a newspaper
       | 
       | Or "we could always just buy this data, we requested it for some
       | other reason but the media got more pissy than we expected."
       | 
       | The entire thing is just so strange, why was the challenge not
       | hidden when the subpoena was?
        
       | Turing_Machine wrote:
       | > President Joe Biden recently criticized the policy, saying it's
       | "simply wrong" to seize journalists' records.
       | 
       | The FBI is part of DOJ, which is an executive branch department
       | under Biden's direct authority. If he thinks it's "simply wrong",
       | he can just order them not to do it. He's not limited to
       | "criticizing" it.
        
         | bowmessage wrote:
         | Good point. I'm not sure he's even aware of that option,
         | unfortunately.
        
           | hellow0rldz wrote:
           | Oh, he is. But it's good PR to make positive statements while
           | doing whatever you want.
        
       | wydfre wrote:
       | Did anybody bother to lookup the article they wanted to get the
       | IPs for and get scared out of their minds when they realize what
       | the title was?
       | 
       | No, I am wrong, Hacker News is right, I have learned my mistake,
       | we need anonymity - from everything.
        
       | whereis wrote:
       | Did they want the readership data for malicious, unjustified
       | reasons?
        
         | 2OEH8eoCRo0 wrote:
         | Probably not
        
         | chrischen wrote:
         | They probably just wanted it to make their jobs easier.
        
           | serf wrote:
           | That's a brilliant side-step over a morality qualm, without
           | ever really answering the question.
        
       ___________________________________________________________________
       (page generated 2021-06-05 23:00 UTC)