With all due respect…what!?
But BCI investigators were able to devise a way to tell which IP address–and consequently, which Freenet user–ultimately was downloading the offending files.
That is called a straight up hack. They are claiming to have hacked the network. As an aside, I would love to hear Freenet’s response to this.
But back to the point. Let’s examine your statement here:
I take only one issue with this statement. The word “you’re”. Who is “you”? (I’ll leave the metaphysical pondering for another time)
First off, the Network does not allow access to anything outside of itself. Which wasn’t really a factor in this case, but it does mean that no data outside of the Network can be used by LE (Law Enforcement).
So the data must be kept inside of the Network. Which, as we all know, isn’t kept in files, but rather in chunks. So taking the hash of the chunk would not positively identify a target file. (in your quote they call the hashes “codes”) As an aside, the hashes of these chunks (of pictures in this case) can be found and tagged by uploading the pictures to the Network and studying the datamap that is rendered.
Now, logs could be kept of what chunks were being retrieved from any vault that LE were running. They could also keep track of the MPID that they were being sent to (NAE Manager). In this instance they can only hope to control a vault which contains one of the chunks with the matching hashes. Likely this would result only if LE was running many vaults (joke’s on them…the more the merrier).
Now they know which NAE Managers are requesting specific chunks. However:
While the NAE Manager may be found out to be downloading specific chunks, the NAE Manager is unable to render up the IP address of the client - or the relay, because:
So the relay node may not know what it’s passing, but it knows what IP address it’s passing to. The NAE Manager is aware of only the MPID of the relay node. (the XOR address using DHT)
What do we have so far? LE knows that a NAE Manager requested a flagged chunk held by an LE controlled vault. They do not know the IP address of the NAE Manager. If they happen to control the NAE Manager as well, they can know the MPID of the relay node, but not it’s IP address. If they control the relay node as well, then we have a Network completely run by LE! All jokes aside, they would then have the IP address of the client. However:
When you can connect to known nodes, this attack is completely mitigated. Done. End of story.
If you route through random relay nodes that are owned by LE to connect to NAE Managers owned by LE and request a chunk tagged by LE from a Vault that is run by LE, it follows that you are participating in a network that is completely operated by LE.
Having your IP discoved when participating in anything less than a network that is completely operated by LE would be an outright hack of the Network.
C’mon @janitor, you’re better than this!
As far as searching a target’s device (targeted using other means than IP address, of which finding out is impossible - or a hack - as explained above):
Police also have the technological tools to quickly scan suspects’ computers while in the field or carrying out a search warrant at a suspect’s home or workplace.
Everything in this statement implies physical access. No malware involved. Although I’m sure some could be devised, but I would assume that it would be incapable of mass infection. Even if it was, it would still have to be cognizant of the client’s XOR address at the time of download to report on a specific client which is randomized every time the client connects. (I visualize something that works like anti-malware does at this time - which is an attack the Network can do nothing about, but interesting nonetheless)
P.S. BTW, a big thank you to @Seneca for starting and all who participated in the thread linked below. Very worth the read.
P.P.S. The linked article in the OP is written to convey FUD bullshit of the worst kind.