One More Detour on the Writing Road

Excellent--thank you!

::happy writer goes off to plan trouble::

From:

fireun.livejournal.com

glad we could help *grin*
-april

From:

pbray.livejournal.com

When I was in New York city last week, we spotted an internet "pay as you go" setup in the back of a tourist shop near Times Square. It was 10 cents a minute for access, payable via cash only. Each machine was hooked up to a machine that accepted ones, fives and ten dollar bills.

Of course you could only get away with using such a setup once or twice--once the police had traced you there, they'd do a stakeout, or possibly ask for surveillance videos from the time of your visit in order to narrow down their suspect pool.

From:

Plus, something like that would likely be limited to large cities. Places in smaller towns would offer free wireless, or charge flat fees.

From:

Consider also portable apps that allow for anonymization of IP address, such as TOR (The Onion Router). - http://en.wikipedia.org/wiki/Tor_(anonymity_network)

Scenario runs somewhat differently:

Go into netcafe (find one that's lax about allowing content to run from USB sticks - not hard to do).

Plug USB stick with TOR on it in, run from stick.

TOR quickly establishes a series of blind-jump links via TOR routing hosts on the net, such that your web-based nefariousness will to be coming from an IP address in Germany, Russia, etc...

Run portable Firefox browser with TOR usage enabled, and all location-grabbing turned off (java, cookies, etc...)

TOR app allows you to refresh and set up a different link-chain at will, making it even harder to track/trace, as different actions will appear to come from varying locations.

IP address of machine you're on is not findable by LE in any meaningful timeframe. Use of portable apps that do not leave tracks in system registry likewise.

End result... unless you provide info as to identity in your actions (buying something on web with credit card, having cookies or personal info on USB stick accessible to browser, and hit sites that slurp up that info (email address, etc...), you're going to be a nightmare to trace/track.

Note: this doesn't require use of netcafe - can do from home. however, netcafe has the advantage of separation from your home, tho the PC used there may not be as sanitary as one you have control over...

From:

e-moon60.livejournal.com

When I was in NZ, I used an internet cafe in Wellington (lots smaller than NYC) and paid cash to hook my laptop into their LAN to get online with their broadband. On a previous trip, I did the same in Christchurch, which is much smaller (this time, I popped for internet service from the hotel, which would make me much easier to trace.) But I saw internet cafes in every town I stayed in, including much smaller than Christchurch.

From:

daveamongus.livejournal.com

On the flip side, if you're somewhere like Panera Bread and have your own laptop, there's not much hope for tracking it down. They don't ask for any information when signing in, so there's no way to really trace, unless the location itself has some kind of serious logging that grabs cookies and such-like and can try to triangulate the information to an individual user.

From:

So your own laptop is safer than some public one? I would have thought it was the other way around...

Can someone get a court order to initiate that sort of logging, or would Panera, frex, already need to have that capability in place?

Can an APB be put out on a laptop like it can on a person? Can you petition/demand/order ISPs and other services to be on the lookout for a certain IP address? So, Google logs my protag's IP addy and lets the feds know she's at a Starbuck's in Boise--possible?

From:

You'll find cyber crimes is a hugely grey area unless we're talking about an FBI level threat/felony here. Tulsa for example, JUST got a cyber-crimes unit in '06. Look at the number of cyber-bullying cases that they have absolutely no clue what to do with...just being tossed out of court because well...there's no "real law" for what happens on the internet-yet.

Tracking a person down all depends on how smart/savvy the tracker vs the trackee is. There is plenty of IP masking software as well as brute-force entry into 64 and 128 bit encryption systems (fairly standard wi-fi stuff) ---basically steal the 'locked' bandwidth and mask you address (and computer's info).

Could you track it down to a particular computer sold to a particular person on a given day --- yes, with a week+++ of research time and assuming the computer used wasn't stolen. Again, how savvy is your criminal?

So, Google logs my protag's IP addy and lets the feds know she's at a Starbuck's in Boise--possible?

The user's IP address is NOT attached to her computer. It's attached to either the local internet service provider or depending on their physical distribution could be associated with the physical router . How to trace an IP Address. IP trace programs on the web. (http://www.google.com/search?q=ip+trace&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a)

IP Masking (http://www.google.com/search?q=ip+masking&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a).

...err I hope I actually helped? (http://www.wikihow.com/Trace-an-IP-Address)

From:

Yeah. I'm in fact-finding mode. What's possible, what isn't. My protag isn't particularly cyber-savvy, and may assume things are possible that really aren't. I'd like to then have someone else say, um, no--that's not really possible.

Protag is a person of interest in a murder investigation. Now that you mentioned FBI, need to find out if the FBI gets involved in cases of interstate flight if person is a POI, but not labeled a suspect or out on bail or anything. I kinda hope not.

From:

Unless there is a federal offense involved the quick answer is no.

More information on the fbi.gov site (http://www.fbi.gov/aboutus/faqs/faqsone.htm) regarding scope of investigations etc including jurisdiction.

From:

Yea--no FBI.

One less layer of complication.

From:

Oh no, toss it in...see how your protag works around it. >:D

It's gooood to be eeeevil!

From:

Actually, I can see them getting involved in another aspect of the storyline.

The problem with writing in present day. I can't just make shit up.

From:

Paranormal/urban fantasy/second world/slipstream/ authors do it ALL the time. :D

Sorry. That was not being helpful. Adding obstacles for your protagonist is good... making stuff up just to please my giddy post-convention brain is not.

From:

OK, this is a supernatural thriller. But I still need to have a decent grasp of what is possible and what isn't so that when something happens that isn't possible, someone in the story can know that it isn't and why.

And when a bunch of stuff starts happening that shouldn't be happening, then we gots the story.

From:

Okay, if the goal at this point is to raise the stakes through an active pursuit (they've found her, they know where she is, they're inbound etc...), then the answer is yes you can trace her general location down.

If your cyber-cops are coming from a well trained, 'big city' police dept then I'd say the answer is yes, she can be traced within a reasonable amount of time. The necessary court orders would be provided to Yahoo!, Google etc to sequester or just flag things like email (or even MySpace, Facebook etc). Is she using Windows? Then she's definitely buggered: We may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety of users of Microsoft services or members of the public.

Thanks Bill.

Also, NSA monitoring internet. (http://www.salon.com/news/feature/2006/06/21/att_nsa/?source=whitelist) <--- there's an ad placement before the article. These cybercop organization and groups are small and tight-knitted and trained by one another. Who's to say that your local 'big city' cybercrimes officer can't make a phone call and call in a favor to Deputy Dawg over at NSA or FBI (it's a cheesy quick-fix but it's a realistic way of dealing with an issue).

From:

Thanks. If nothing else, she needs to know, or learn, what to do in order to get from where she is to where she needs to be in order for the story to proceed. She starts out in Seattle--even if all she does upon leaving the city is toss her laptop and cell phone over a bridge railing, there need to be sound reasons why.

And if she's able to get from Point A to Point B without interference when she shouldn't have been able to, that's really nice to know.

Nice info here.

::makes notes for next book...::

From:

Waaaay too many experts in Seattle. (http://www.mynorthwest.com/?sid=61414&nid=11)

She should probably withdraw all cash from bank and carry on hand too (I think already mentioned).

Seattle is a hotbed of cyber activity (http://www.google.com/search?q=seattle+cyber+crimes&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a). It would be crawling with white hat hackers.

Wow, yeah...ditch anything with a chip!

No vehicles with an onstar or internal navigation system AAAnd keep in mind the 'red light/intersection' camera system of Seattle. (http://www.google.com/search?hl=en&safe=off&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=5Wb&q=seattle+intersection+cameras&btnG=Search)

Heh. Cyberparanoia at it's best. Fit for Seattle.

From:

Yeah, I have her tossing her phone.

She should probably withdraw all cash from bank and carry on hand too (I think already mentioned).

Thought of that too.

::sigh:: And this isn't even the major chase sequence in the book. It's first third of the book Point A to Point B.

Thanks for reminding me about the red light cameras. I'm seeing them more and more in Illinois, too.

And we have tollways where you need to pay cash unless you want your iPass to pinpoint your whereabouts.

From:

Video: how to stay "off the grid." (http://www.videojug.com/film/how-to-stay-off-the-grid)

Staying off the grid Google. (http://www.google.com/search?q=staying+off+the+grid&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a)

Sorry. I'm an information junkie. ;)

From:

I never would've guessed... *g*

From:

Also worth, (given advances in the subject areas), staying off camera grid, as well - facial recog software has gotten ugly-good of late, as has behavior pattern recog software (determining from motion patterns if someone in a crowd is acting oddly relative to that crowd - violent/slow/fast/erratic/etc..., and fwding to live eyeballs for eval)

Thank the Brits and HDCCTV...

protag may wish to consider both physical alterations to face/body (glasses/hat not enough), and to mood - if you're entering a stress zone, and know that recog software is in use, perhaps soma, xanax, (I'm not the pharma expert, but I bet you know a few) that spin down nervous traits would prevent unwanted attention.

As always, should you or any of your 300-lines-a-day force be caught or edited, the secretary will disavow all knowledge of your actions.

From:

e-moon60.livejournal.com

A heel pad or other orthotic in one shoe to change gait a little--not an actual limp, but it causes a slight shift of weight and thus doesn't look like "Oh, that's Jenny, that's her walk" on camera. Though they say that wigs and so on aren't good enough these days, nonetheless criminals do use them effectively. Women have the advantage of more hairstyle possibilities, and can also wear larger hats without comment...and a hat can also change overall appearance as well as hide a face from overhead cams. Esp. if Jenny doesn't wear hats normally--has a [nameofteam] ballcap instead. A change to something she wouldn't normally wear--different color, different style (not extreme, just...different) along with a gait change will also make her look less herself on surveillance cameras. "That can't be Jenny; she'd never wear something that loud/subdued." "Oh, no, she hates ruffles/granny shoes/etc."

From:

galeni.livejournal.com

I can picture the Feds staking out (with Hotmail's or Google's assistance) someone email account and sending a virus equivalent of LoJack to someone's computer so in the future they could track it. Most people think checking their email is safe. (mwahahaha)

From:

daveamongus.livejournal.com

Your own laptop is safer in that instance, because there's only one bit of real, hard-to-falsify bit of information that identifies it as yours, and that's what's called a MAC address, commonly known as a hardware address.

There's two scenarios here: One is that you get on at Panera, where yours is just one of many laptops in their physical location. You've got everything turned off, such as Google Desktop, that goes out and identifies you somehow to the rest of the internet (and thus pins you to an IP address at a certain time). You use only other sites that you don't provide personal information for, and you're essentially lost in the cloud of traffic from that particular Panera.

The other scenario is that you do just about anything from your laptop, or a cafe-owned PC, that identifies you and marks the time that you were at the location and the local (private) IP address that the local router provided you when you logged on. Then, in theory, all of that information is subject to subpoena and could conceivably be tracked back to you.

Part of the trouble is, this is also a somewhat cumbersome step. One of my favorite laughers in watching Law & Order is when they get an IP address for a child molester or something off an internet forum, and actually just sit down at a computer and track that IP to their location. Nope, need a subpoena, because only your ISP knows what IP address is assigned to what physical location--that's the business they're in.

So if the Feds twist Google's arm, they'll get the IP address you're logged on from. Then they have to check with ARIN or another, similar resource to find out who owns the IP, then twist their arms to find out where that IP is located and then deal with the business or homeowner or whatever at the very end.

One of the interesting things about prosecuting folks on the basis of what passed to their IP address is the concept of open wireless networks. There's a potential "reasonable doubt" qualifier in the notion that a homeowner or business has an unsecured wireless network, meaning anyone can drive up and use that node from their vehicle, or an adjacent building, or whatever.

And last I heard from the file-sharing cases, there's a question as to whether or not they can compel businesses to log activity. Some have made the argument that they don't need to log activity for the technology to work, therefore they don't keep any logs and offer the cops nothing to subpoena.

The problem with putting an APB out on a laptop is, again, that there's an issue of addressing. The only way someone who is hopping form network to network is going to be identifiable is by either their MAC address, which can be difficult to determine and hard to track, or by their activity on known sites where they provide a login or personal information.

From:

A lot of hardware out there (many if not most DSP-based NICs) are capable of changing/spoofing MAC addresses. There are software tools to enable this, and it's a known, if not overly common hack.

If you spoof MAC addresses, sanitize the device you're working from of any personally identifiable info, use TOR and/or other link-washing tools, and are ruthless about encryption (keep all tools/data in a TrueCrypt-crunched-hidden-volume on an "openly" encrypted volume), you're going to be a serious pain to anyone building a case, unless they happen to have eyewitness to you and your onscreen activities.

From:

All this leads me to conclude that my protag most assuredly does not possess this level of expertise. But this stuff is good to know.

From: