Badmovies.org Forum

I'm all for nabbing perverts who could harm children, but I don't think this is the way to be doing it.  Looks like you could nab a lot of innocent folks this way.


http://www.news.com/8301-13578_3-9899151-38.html?tag=nefd.lede

Wow....that is some scary stuff. I hate child porn just as much as the next guy but you are right, Trek, this is not the way to be doing it.

Not only is this bad but it also opens the door for the government to do so much more if they feel like it. Now you have to be careful about clicking on any link as you will never know for sure where it will take you until it's too late.

heck, a guy could program a hijacker program to click infect computers there and mess the whole system up big time. 
-Ed

What if you have a child who sees a link that says, "Young Boys Here,"  he might click on it thinking he's supposed to.  Then what?  Exactly.

Absolute horsesh!t. 

Just the other day I was looking at a stereo receiver, and wanted to click on "features", but wasn't paying attention and accidentally clicked on "similar products".  I guess if I'd been on the wrong website, I'd be facing ten years in prison now.

Hmm.  Couldn't someone "copy shortcut" and then paste the link anywhere, claiming it was something innocuous?  Like, say, someone could copy one of those links and post it here, claiming it was a link to a montage of bad movie clips.  A lot of us would be doing time for "attempting" to download child porn.

The line between a sting operation and entrapment is getting pretty thin.

That's the disturbing part. It means you could get rick-rolled into it. Someone could send you the link via email/irc/forum/whatever pretending it is whatever they want, legal or not. And if you clicked, you're still pwn3d.

DUDE!  I was just about the post the same story!

I mean, what the hell?  Someone could send you a message and be like, "Hey, this site out, it's funny!" You click on it, get a message like, "This site was closed" and be like, "Huh, wonder what that was all about..." and then BAM, FBI is at your f**king door arresting your ass!

What the hell???

Guess we all need to think twice about each and EVERY single link we click, huh?  Guess next time one of you guys post something that claims to be cool, I should just ignore on the offchance it might be an FBI trap site.

Oh man, that is AWESOME! *Goes to seek FBI links to post*

I would imagine the ISP's they are paying the most attention to would be those of the people who returned more than once to the site.

Uh?

Why would anyone return to the site?  They are not actually offering child porn, are they?  Seems to me a 'legit' user clicking on the link to find that stuff would figure out pretty quick there's nothing there...and thus never click it again.

A lot of ya'll hit on exactly why this will never fly as a viable enforcement tool...there is

(a) no way to determine intent; an accidental http request looks like any other
(b) no way to determine who actually clicked the link (multiple users on one machine like libraries, schools, most homes, etc)
(c) NAT/IP spoofing, so there really is no way to ID what computer/LAN it came from anyway.  This might.be a good way to hose somebody (at the very least their reputation) - set up your outbound corporate router to 'spoof' a coworker's IP addy and poof, they are on the list.  Go high enough upstream on the router and you could actually slam some random person this way. Huge problems with NAT-ed firewalls, too, where the IP address they record is the public address of the firewall, not the specific user (that IP address is re-written by the firewall).

In other words, this is fantastically stupid and can not work, regardless of the legal implications.

But hey, it lets some automaton in government tell the story that they are fighting child porn....

It's illogical to think that you can nab innocent people with this technique.  If you know before hand that the link leads to child porn, then you can't possibly be innocent.

People who are anti-child porn would never click on a link like that.  I think it's a excellent thing the FBI are doing.  It sounds like an excellent way to nick perverts who might otherwise go unnoticed in the community.  And I don't buy the possible argument that "innocent" people would just be curious.  If you are curious about a subject such as this, then you are a pervert and must be stopped.  End of story.

If you are truly innocent, you have nothing to fear.  No stone should be left unturned in the protection of children.

Really? How about this....at one time I used to try to fight spam in my inbox. Not only did I get the headers from my mail, but I would often open the link to whatever spam it was (bank scams, meds, porn, anything...) so I could get more information from the actual site rather than just the e-mail headers. I know that wasn't a real good idea to begin with but now...oh no...now I would go to jail for trying to get more information to shut the offending site down.

Or how about this...perhaps the argument could be made in this case that this link shouldn't have been touched by anyone innocent....but did you actually read some of the comments here and think about this? This is just the beginning if someone wants to take it further. At what point do you stop this? Do we allow the feds to disguise a link as something else and nail anyone who clicks on that? How do we know that the person being arrested is the one that clicked on the link? I have 3 people in my house...how would they know which of us did it? Would all of us go to jail just in case?

Or how about work...how many people have computers at work? How many are available for anyone in the building to use it? Mine is locked out when I am not near it with a password that only I know....but I am not allowed to do that. I only do it until I am caught. Many places won't allow you to password your computer...so....when you're away, someone sits at your computer and clicks on that link...let's see....who goes to jail then?

Never mind what has been said here that someone could copy and paste such a link and disguise it as something else...so now you could theoretically become a criminal for clicking on a link to anything.

Fighting child porn is great...but there are better, more efficient and less mistake prone ways to go about getting someone.

There is absolutely no way they could charge everybody who clicks the link, much less make the charges stick. Can you imagine how inefficient it would be?

I think the intent is to scare people. The cops are watching. You never know when the next porn site might be a trap. I can see that having some benefits.

Hate to say this, KB, but you are wrong.  People click links every day that they do not know where they go. 

The point just about everyone in this thread is making is that *I* (for example) could send out an email or put up a web site for something completely unrelated to child porn but include this link with different anchor text.

Example:

link to FBI child porn user harvester script:  fbi_link.com

Now, let's say I want to rope in a BUNCH of people, so I create some web site about something, oh, like American Idol - the Unheard Stories.  I could spend a fair amount of time making this site look legit, with a ton of legit info "borrowed' from many other sites.

On that site, next to a picture of each current AI contender, let's say I put a link that looks like this in the html code:


You don't think a whole heaping BUNCH of people would click that link?

If you don't think this will work and is very effective with the 'average joe' computer user, check out how most phishing for identity theft is done.  It is exactly this.

Hover over and read the link text before you click?  GOOD FOR YOU!!!  Right on.  However, you still are not 'safe' because of  I could make that link legit looking and simply do an immediate redirect (or a host of server side tricks), and voila, you've just got put on some FBI watch list - even though YOU NEVER INTENDED TO VIEW CHILD PORN. 

If you doubt THESE tricks work, look into how websites are used by the millions every day to propagate various kinds of malware.  The browser, and the user, comprise an attack vector that can be exploited.

So, yes, innocent people DO have something to fear from this kind of idiotic, misplaced attempt at using technology.  My prediction is that there will be millions of $$ spent investigating innocents 'trapped' by above mentioned tricks, and more than a few innocent reputations destroyed.

Meanwhile, the child porn consumers will continue to get their child porn from real porn sites, safely ignoring this 'trap' one since THEY will be savy enough to watch what they click.

Savvy?

You are right about that...there is no way...BUT the potential for abuse of this whole idea is there and the government scares me enough already.

Where I work if you don't password lock your pc before you leave your desk you're in breach of compliance rules and you can get into big trouble.  Even if you're just going to the next pod to talk to someone.  So from my end of things, if I didn't lock my pc and someone came along and clicked on that link, I would get into trouble.  But it would serve me right because I failed to do the right thing in the first place.

As for someone sending me that link and saying, "click on this", I don't actually have anyone that would do that.  I guess my circle of friends is different from most people's but then I can only go by what my life is like, not what everyone's life might be like.  And if I lived in a share house, there would be no way anyone would have access to my pc for any reason.  But that's just me.

I guess there would be better ways to nab perverts, but for the occasional accidental access, it would be in the FBI's interest to investigate them before they toss them in the clink.  I just have a really sensitive trigger to child porn and paedophiles.

Ever get adware/spyware? go download adaware and run it, and if you get any results, it could have just as easily been someone hijacking you to the FBI website.

It isn't your immediate friends circle that will trap you. It's any person with access to a computer anywhere in the world with malicious intent. Plenty of people would think it's funny to pull this scam on the FBI/innocent people. I am sure now this story is out there it will be done.


AndyC has the right idea. It is essentially a scare tatic. Since I am sure the FBI are aware of all the flaws in this trap that we've already mentioned.

Where I work (and many other companies around here that I know of) it is explicitly against company policy to password protect your computer. I guess they are worried about someone doing it and leaving or perhaps they just want to be able to get into your computer if they feel like it. I do lock mine though. I take the chance that nobody will notice and actually, I got caught once and reamed out about doing so. The next day, I changed the password. Not everyone can or will do this though.

I know one guy that works in our other shop who was in charge of a computer...as it turns out, the guys on the night shift were using his computer to look at all kinds of porn (including scat porn)...so...he could have gone to jail if someone on the night shift had clicked on such a link....because after all, it is his computer.

There are too many unsure things about this way of catching people...too much that can go wrong...and I have been through the legal system in this country and despite what everyone hears...in most cases you are not innocent until proven guilty...you are guilty until proven innocent.

How many computers are there at your work?  Let's say 100, just for discussion.  Do you think all of those computers have a public IP address?  No, they don't.

Your whole company has one public address, and little 'magic' box between your internal computers and the big bad internet translates your internal, private IP addresses for the "source" IP header field into its own public IP address in that field.  Then, when the computer on the other end sends data back to "you," it is really sending it back to that magic box.  The box then rewrites the destination header of the returning datagram so the packet gets to YOU on the internal net.  This is called Network Address Translation, and it can get a whole heap more complicated than this.

In other words, to the FBI's little harvester, EVERYONE in your company has the SAME IP address.  They have NO WAY of knowing who, within your company clicked the link.  The IP address they harvest is the one public address of the firewall (that magic box).


Problem is, you are still thinking in terms of everyone seeing the link, or even sending the link, knowing what it really is.  These things are very easy to disguise for the unwary user.

Worms, adware, spyware and phishing are very real problems in computing, and they ALL propagate by mechanisms that depend on people not doing what they indend with their computers.  The next time you hear on the news of a BIG Internet worm making the rounds (to the tune of millions of infected computers), like the one a few weeks ago, think that rather than a worm infection, every one of those people got put on the FBI child porn list.  Are they all child molesters, just because they did not practice 100% safe practices on their computers and MADE A MISTAKE?


To the tune of millions?  How can you do that? 


And no one here disagrees with THAT, but THIS particular solution is doomed to costly failure.  It's a feel-good, politicians approach at solving a problem by TALKING about it, rather than doing something.  Far better to put the resources that have been/will be spend on this into real investigations.

In other words, they need to go after the people PRODUCING the child porn.  It's the same thing with drug enforcement - if you leave production alone and only go after the consumer, enforcement is a farce.

The one piece of information the article said they are NOT harvesting is the source web site where the link was when it was clicked.  Hmmmm.  Maybe THAT would be more telling than the IP address of the person who clicked the link.  In this case, the 'consumer' could be an accident.  But a person putting the link UP and disguising it as something else is committing a crime.  It might even appear on some real child porn sites, and THOSE should be the target of real investigation.

Food for thought....

Oh, yes...and let me say...I agree with that too. There is nobody lower than someone who would abuse a child and I'd like to see them all erased...but there has to be better, more sure methods.

Unfortunately, you can be innocent of something but accused...and it will cost thousands and thousands of dollars to prove your innocence. You could go into financial ruin for something you didn't even do.

It is a sad fact that enforcement in this area is not as effective as it could be. The press releases from the OPP that come across my desk about people being rounded up for kiddie porn make it seem an awful lot like a PR exercise. For a start, I get the names and the charges when the arrests are made. Then I hear nothing about it. They don't announce who got convicted, so we can see how many perverts they actually got off the streets. And worse still, they don't announce who got off, so reputations might be salvaged somewhat.

And I get the impression it isn't the cops themselves who write this stuff. In the one case where a local guy was caught, I called the detective in charge of the investigation to clarify what exactly the guy did. The charges are extremely vague. Basically, they are charged with some combination of making, distributing or possessing the stuff.  This cop seemed unaware of the press release and more than a little annoyed. He advised me that a charge like production of child pornography covers a pretty wide range of offences, implying that this guy's crime was nowhere close to what I was imagining. The benefit here is that I can at least cover the guy's trial and find out what he actually did.

But it does make you wonder if there aren't some cops shaking their heads at what some dink in PR did in the case of the internet sting we're discussing. Could be we don't have the whole story.

Savvy.  I'm quite happy to concede when I'm wrong or misinformed.

But if your argument holds true (and I know that it does), it doesn't make sense that the FBI would hide a link in something innocuous sounding to get paedophiles to click it.  Surely it would have to say something along the lines that kiddie porn is available there?  Really, how many American Idol fans are child abusers (using your example)?

And from what I understand, the kiddie porn world is a fairly tight knit community.  Those guys would only get their merchandise from "trusted" sources, not some random link the FBI put up.  It doesn't make sense.  But then I guess that's why I'm not in the law enforcement biz.

Those monsters obviously don't scare easily and it sounds like a bit of a red herring for law enforcement to expose their tricks for the world to see.  As sad as it is to say, these perverts will never be fully eradicated.

I'm not saying the FBI would hide it....I'm saying it is too easy for any Tom, Dick or Harry with a grudge against someone or humanity in general could do this.  The purpose could be either to flood the FBI's database and/or to try to get innocent people in trouble.

It would be a pretty scummy thing to do, but we see that kind of behavior everyday on the Internet.  Spam, phishing, spyware, etc.  Why not add "get 'em on the FBI child porn list?"

And again, just for emphasis, this program specifically does NOT record the referring site, so such a person would be undetectable by the current system as described.

I'm on the border on this one. On one hand this is a good thing It's catches perverts like that. The bad thing is that it has a lot of downsides, which outwieght the pros.
There will be many more cases coming up like this thanks to all the new technologies coming out. Just wait and see. All this new technology and convience will come with a price to pay. I think this could be the start of the payment.

Hate to say it, but if you're accused of having child porn and/or molesting a child, even if you're innocent, financial ruin could be the least of your problems.

If you claimed you clicked on such a link by accident, or that you were tricked into it, the FBI's "investigation" into that would probably go something like this:

"Oh, yeah?  Prove it!"

The legal system in this country often is just as messed up as bad crime movies make it out to be, sadly.

Bears repeating:  I'm all for catching pedophiles, but this way of doing it is wide-open for abuse.