I honestly find it baffling how people get away with this crime.
Isn’t pretty much every image traceable? If I post a picture on a website, isn’t my IP address, one way or another, traceable? Obviously that information is not necessarily easily had, but if someone is committing a criminal offense surely warrants will be forthcoming?
Why can’t the cops catch them every time? If nerds and geeks can seemingly ferret out every bit of deception that pisses them off, like a company using a sock account or something, why can they not apply their skills to catching purveyors of child porn? How on earth can anyone get away with this (at least, on the Internet)?
In theory, a website that allows public submissions could record the IP addresses of posters, however, AFAIK there is no law requiring them to keep such records. Even if they did, the posters could just use proxies, some of which don’t keep records either.
There isn’t necessarily any way to track down the owner of a site, either, You don’t have to show ID to register a domain or buy webhosting. The owner could just do everything via proxies and pay with a prepaid debit card that’s not in his real name.
And then there’s torrents and various other protocols. And in any of these cases, the images could be encrypted.
All of the proxies, hosts etc. could be in different countries, some of which, for whatever reason won’t help other country’s law enforcement.
I assume law enforcement does their best, but they have limited resources. Civilians can’t help them since they’d be committing a crime by seeing the child porn.
Or don’t use the “Web.” I remember IRC having a lot of those scuzzy channels. Usenet? Use the library or wireless at Starbucks? As for the “nerds and geeks,” if you’re referring to 4chan or Anonymous destroying people, you’d have to get them interested.
ISP’s generally don’t want to give up that kind of information. Even if they did, there exist ways which make it extremely difficult to track down the people who download and upload child pornagraphy images. In fact there are protocols which exist for the sole purpose of completely anonymizing the network. (Ideally, this is for security, guarantee of free speech and such but obviously it can be also be used for nefarious purposes as well).
Amusingly, as a side note, that hacker group Anonymous that you keep hearing about in the news? They actively try and screw with the child pornographers.
It would be childs play to purchase web hosting in countries who could care less.
Even in the US, you can load a webserver onto a laptop and let your members know you will be online on a certain schedule and camp at a different starbucks every day.
web hosting purchased with prepaid visas under an assumed identity. accounts trace back to hotmail addresses that are only accessed from public wifi.
This sort of thing is not shared on pubic websites. You need to be invited to get access. Once law enforcement manages to get invited they tend to be able to catch a fair number of people associated with a given network.
My jackass client was caught by his girlfriend who was snooping on his computer. Four day jury trial set in two weeks. Fucking nightmare!
To answer the OP… In my limited experience as a defense attorney, the folks who get caught are the ones who chat up and try to meet up with sweeTpi13, who is really Detective so and so. When they do the subsequent computer search, they find the porn.
For many of the same reasons entire countries can’t take out websites that are open to the general public. Some Bit torrent sites that exist for the sole purpose of illegally sharing data continue to exist despite the US governments best efforts. Remember when Wikileaks was in the news sharing classified information and ‘we’ couldn’t manage to take it down?
Then you can delve deeper into private websites and servers. The police don’t get access to every bit of private data to determine if it’s illegal or not. They are limited to what they can see publicly to get their leads and warrants.
This is probably the biggest explanation. From what I’ve read, a lot of these types meet and chat on private channels. They trade pictures back and forth, so a person in possession of a pic may have it tenth-hand. Truly private channels tend to be point-to-point chats, so no intermediate server to monitor activity.
the tech-savvy types have stripped all ID information; blacked out their own pictures. Some guy was just returned to Canada who used the “swirl” technique to hide his face in his Thai pictures. Seems with judcious tech you can “unswirl” thise pics. Duh! A few years ago someone was caught when police blocked out the girl and published pictures of the hotel room hoping someone would recognize it. (Turned out to be an Orlando resort hotel). In another case I heard of, the girl’s t-Shirt logo was narrowed down to a particular school from “anywhere in the USA”. When a crowd gets involved in thedetective work the results can be pretty quick.
Often, when the perp is caught he can “cooperate” with authorities to help link himself to others.
But generally, the pictures are not simply posted on public websites, unless the server is located in a country that does not really care; but with first-world pressure, those are getting fewer and fewer. Similarly, they might be posted on a sharing site (hidden in plain sight) with private address and posted via a string of proxies to attempt to evade IP tracing; then the share address is given to like-minded individuals.
When individuals chat, often they use the same proxy trick to avoid being traced; and of course, unless they are doing their thing under police supervision, they are not logging IP addresses either. if the police ar lucky, forensic audits of the program history might yield something; but for every program that logs activity, there’s a method or program to erase that history.
Can you really? I assume that starbucks wi-fi generally hands out private network IP addresses to every laptop that signs on and acts as a gateway to the internet.
That means that incoming webserver requests aren’t going to be forwarded back from the gateway to your laptop unless someone specifically configures the gateway to do this. Or am I missing something obvious?
Actually you don’t need complicated techniques to unswirl them. It was as easy as using the same swirl filter but clockwise rather than anticlockwise! I know this cause I did it and in fact wrote the section of the wikipedia article on it (or the orginal section anyway).
the Starbucks router isn’t much different from your home router; uses NAT, hands out addresses, becomes the gateway address on that network. On the internet, all traffic looks like it comes from the gateway’s address. it forwards back to you any replies to network sessions you started. To connect two people behind firewalls, yes, you initially need some sort of connection server.
How many days, how many Starbucks? Unless you live in NYC, you’ll run out in a month or two. Of course, they all probably have security cameras. Unless you use masking tech, your browser and PC have identifiable fingerprints - MAC address, browser version and add-ons, accept cookies, etc. which can help identify you. The local router at Starbucks may or may not log MAC addresses, and times.
At the very least, you’ve identified the city you liv in, probably left security footage. The pattern which ones you hit will help locate work or home area, just like bank robbers.
No matter what the crime, the issue in today’s tech is not whether they can catch you, but how badly they want to, how much resources to spend, to catch you.
With my home routers, I can’t run a web server inside unless I configure the router to route incoming traffic on a port to a particular address. The thing is, the web server doesn’t start network sessions - it’s the web client (the browser) that does. So even if the other person trying to browse to my webserver isn’t behind a firewall, they won’t get through.
Of course, there’s other things you could do at a laptop at Starbucks to distribute your pics, I’m sure. But drachillix mentioned a web server, and AFAIK they don’t work like that; you can’t start a network session from a webserver to your clients to let the router know how to forward their requests.