Google Ordered to Identify Who Watched Certain YouTube Videos

Cell phone tower data has been used for a decade now in pretty much the same way.

Did you happen to pass by a cell tower in a major city around the time a crime was committed? We all have.

Well, your IEMI was included in a cell tower dump. Probably dozens of times.

Did you happen to drive your car over any bridge in the Bay Area lately? Did a municipal vehicle pass you and catch your license plate with their ALPR camera?

Guess what? Your name went through a database of an LEO search if they wanted to find a perp for that time/location.

Privacy has been dead for a long time. The worst part is people don’t care.

The Snowden files changed nothing. If there was ever a point in history where people would have given up their cell phones for their civil liberties, that would have been the time to do it.

Blackstone: "It is better that ten guilty persons escape than that one innocent suffer"

So not sure where you got the impression he's okay with up to 100 people being disturbed so we can catch one bad guy.

But then, he wasn't really talking about that was he? Better the guilty go free than the innocent suffer what? He was, essentially, talking about the principle of innocent until proven guilty; that innocent people shouldn't suffer by being punished for a crime unjustly.

2999 innocent people, in your formulation, though, are not being punished for a crime. They're not even being accused of a crime.

If it is an order by a court, then i think it is ok. Then it is no mass surveillance and for solving a crime it is useful.

I wonder what kind of video it is. Maybe a shared link, so only people who secretly know about it knew about it, and they have become suspects. Is it mentioned in the forbes article?

And i wonder if people abuse videos on youtube by encrypting the content with a key and the key is then shared.

I agree that it's egregious, but Sir Blackstone was talking about punishment, especially relating to execution, and I think perhaps the ratio can be adjusted significantly downward when the cost to the innocent is much lower. Otherwise, the only reasonable search would be when a government official is already certain of your guilt.

Did you forget the link to Blackstone?

The second one seems a lot more narrow and more legitimate

Supposing every person watched that video 10 times AND supposing the target was one of the viewers (it really isn't clear that this is true), that's 2999 people who have had their rights violated to search for one

I think whether their rights are violated depends entirely on what sort of information is handed over. Consider acquiring surveillance footage that has plenty of foot traffic, but a suspect is known to have passed by. The police are typically permitted to review that footage even though plenty of innocent people were captured on that video.

I don't think any of this appears legitimate.

It isn't.

Democracy is fake.

Our justice system is fake.

Everything is fake.

(Where "fake" = "not what they are advertised or perceived to be.)

If all of the same things were occurring in another country, or even better: in a video game, you would have little difficulty and zero aversion to accepting these facts.

However: put a person into these things, and the brain malfunctions.

If you are a reasonably normal person, your mind will now be filled with objections to this proposition, reasons why I am incorrect. But if you were to state those objections, I can punch holes in every single one of them without even breaking a sweat.

We live in a literal simulation, but not the kind that everyone has been hypnotized to believe is the only kind possible - have you ever noticed that when the notion of simulation theory comes up, it is always The simulation theory (Nick Bostrom's)?

This is a pretty neat trick eh? And there seems to be nothing that can be done about it, because people will fight tooth and nail (using Meme Magic, aka "The Facts", "The Reality", etc) against being extracted.

Thankfully, it is simultaneously hilarious. Well, except the part where millions of children are dying, but nobody cares....but oh boy when a big scary "pandemic" comes along, pull out all the stops.

I hope that there is a Hell, because I would like to see every single member of this despicable 21st century society end up there some day. Seeing justice finally being served for once would be worth suffering for eternity.

OP explicitly agrees with you that the 30k is illegitimate, but that's the only one you address. What's your take on the one where the police became aware that they were being watched on a YouTube livestream while responding to a bomb threat and obtained a court order asking for information about who was viewing a set of local livestreams at the specific times where they were searching for the bomb?

What makes that one different than a court order demanding that a business release security footage that covers the scene of a crime for the time window in which the crime occurred? Or would you consider such a court order to also be illegitimate?

Any kind of search can be deemed constitutional if it goes through a warrant process, which is the point of warrants. This story is less about the how the information was taken and more about whether or not the warrant process and 4th Amendment rights were properly followed.

This would then be mixed in with the question of whether or not new forms of data (like video views) would equate to previous forms of similar data searches that police have obtained warrants for (like reviewing CCTV).

  In a just-unsealed case from Kentucky reviewed by Forbes, undercover cops sought to identify the individual behind the online moniker “elonmuskwhm,” who they suspect of selling bitcoin for cash, potentially running afoul of money laundering laws and rules around unlicensed money transmitting.

  In conversations with the user in early January, undercover agents sent links of YouTube tutorials for mapping via drones and augmented reality software, then asked Google for information on who had viewed the videos, which collectively have been watched over 30,000 times.

The first is a somewhat clever attempt to unmask someone ann undercover investigator was already talking to. Police should have narrowed scope of the warrant by only asking for data on viewers within a narrow window after they sent the link.

Even better might have been to directly link to some service that they already control on a honeypot URL, and then gone after the ISP for customer details.

But I suspect a much narrower request where google identified the target user and past just that user's info on would be constitutional.

Isn't that worse? Essentially making Google do the job of the police and the police having to trust the work of Google for it.

Not sure if you're being downvoted because people think you're serious, or because they dislike sarcasm.

Because of the possibility that the leaders will change - or change their opinions - in the future, the only safe course of action is to express no opinion whatsoever.

You won't dare post anything actually transgressive.

I mean do all that but don’t tweet it and leave your phone at home. That is the issue.

We also, apparently, shouldn't even try to discuss and figure out any other possible approaches or responses to any given problem that might exist.

We don't care if this wall might possibly be easy to simply walk around and obviate, we shouldn't even look, or even talk about looking. The only rational way to attack any problem is to just look exactly in the direction you were led to look, bang your head on that same spot forever.

Or go back to how things were: Keep it to yourself and discuss spicy topics among close friends. Friends assume good faith. People on the internet tend to assume the worst interpretation possible and don't give any benefit of the doubt.

We're on a tech forum known to have some of the best and brightest and visited by tech giants. If anyone can solve this problem, it is us. If we are the ones giving up, then who is there to make things right?

You think the world’s geniuses are hanging out here? The world’s brightest are here and you’re going to inspire them to solve what you frame should be a very high priority? There are much bigger problems to solve.

I really think your vanity is warping your perspective.

Any truly reliable privacy and anonymity tool that isn't created by the government will probably be made illegal by the government. Failing that, using it will make you a target of the government's security apparatus. If you create a cryptocurrency that can't be traced[0] or an anonymous marketplace where people can buy and sell anything they want[1], you're going to end up on the wrong end of US government trade sanctions or US drug laws. Running a Tor exit node gets your IP address blocked by much of the internet and can even get you a visit from the FBI[2]. Tor itself only exists because it was created by the US Navy as a tool for dissidents in dictatorships to be able to access the internet.

The only way to solve the problem would be to elect politicians who would either dismantle most of the surveillance system or address crime and terrorism so decisively that there was no longer any plausible threat to justify continuing to maintain a mass surveillance apparatus in which case it would (hopefully) eventually wither away as part of budget cuts once politicians forget why it was even "necessary" in the first place. There is no solution to political problems without obtaining and using political power to solve them.

The strategy of eliminating the system's justification isn't foolproof though because the bureaucracy that runs the military draft (Selective Service) somehow still exists even though the draft was ended around half a century ago and is almost certainly never coming back. Politicians only noticed it existed a few years ago long enough to debate whether to extend the wrong of registration for it to include women in addition to men. The eventual decision was to leave the status quo intact[3]. The sensible option of abolishing that relic of a past rights violation rather than continuing to waste money on maintaining the bureaucracy was not seriously considered. That means the direct route is almost certainly the better approach.

[0]: https://www.theregister.com/2022/08/10/github_tornado_cookie...

[1]: https://en.wikipedia.org/wiki/Silk_Road_(marketplace)

[2]: https://www.reddit.com/r/TOR/comments/rjgq8s/ok_so_what_has_...

[3]: https://www.politico.com/news/2021/12/06/ndaa-women-draft-dr...

Solving these issues won't make you much money, and anyone that gets close will invite more heat than the center of the sun. Better to divest. Keep an email and phone for essential services like banking but avoid all other activity.

    If anyone can solve this problem, it is us.

Any tech we create to "solve" this issue will be worked around and/or used to cause more problems.

Tech isn't the solution.

The so called best and brightest of this forum are more likely to be censorship loving control freaks that melt and disintegrate at the sight of a different opinion or political belief.

Those of us who were born in the sixties or seventies know how the tech industry was once led by and populated with people who intensely cared about freedom of speech and despised government agencies.

"It is difficult to get a man to understand something when his salary depends upon his not understanding it." -- Upton Sinclair

I have no hope that the people who created the very tools that led to these problems, are in anyway going to try and solve this problem.

If anyone can solve this problem, it is us

We've literally created this problem by making industrial-scale stalking profitable and socially-acceptable. We've created an entire self-sustaining industry that spies on everyone, is not accountable and that the government can just ask for data when needed.

best and brightest and visited by tech giants. If anyone can solve this problem, it is us.

I'd say this egotistical god-complex is exactly what got us into the current mess.

Consider: if your adversary is the NSA, CIA, or (maybe) FBI, you’ve already lost the game you’re playing.

If you make a HN account that you only access via Tor through a browser with Javascript turned off and stick your writing through some AI editing service, it's probably pretty difficult to trace anything back to you.

This is already too hard. But anything that can be done needs to be wrapped up into a trivial to use interface. It has to be for everyone, not just people who are technologically {capable,knowledgeable} and have the time and energy to do this all the time every time. It needs to be standard.

Of course, we should fight this from both ends. Many ends. We shouldn't collect the data. We shouldn't process it. And we should build defenses.

If you're looking for privacy from your current and possibly future employers, you can obtain that by using a pseudonym online and taking basic measures to make yourself hard to dox. If you want privacy from the US government, that's not going to work.

Also, getting doxxed isn't entirely bad because it can open doors as well as closing them. Depends on how you leverage it. You just don't want the US government and/or the government where you live as your adversary.

But by doing this (Tor etc), you've also potentially identified yourself as a person of interest who warrants further scrutiny. It begs the question: what are you trying to hide.

So the whole internet will become like LinkedIn. Let the horror begin.

So one's privacy posture should be part of the complete security posture, and should ideally start at

"DEFAULT DENY ALL"

After which you can -of course- start opening up ports and start trusting people with information. Even if done imperfectly, one's attack surface is at least under some sort of control. I mean -at least- a semblance of control can be taken, however aspirational in practice. It allows conscious control of ones information flows.

As you may have experienced yourself a posture of "DEFAULT ALLOW ALL" is effectively impossible to manage, since tracking down and plugging new leaks faster than they show up is pretty much like bailing out a boat with -well- a squillion leaks (and more every minute).

Getting muggles to a safe default posture is going to be difficult. However, seeing the growing awareness in society it might not be impossible.

Think of nascent privacy initiatives by the EU (no matter how (in)effective as yet). Or you could think of starting school programs akin to "just say no" for instance, promoting more conscious and careful online behavior. It might never be perfect, but some level of herd resilience might be attainable?

Ha ha.

There should really be levels of history. I don't want youtube keeping every video I've ever watched on file, so I have history off. However, now, if I leave a video and come back to it the next day, my place in the video is lost. Lemme specify the length of time to keep history pls.

Any client software can do this for the users who want it. There is no need for the service provider to track user watch history on the server by default.

I'd prefer to have that sort of thing stored locally, perhaps synced between all of my browsers/computers (directly, without storing the history unencrypted on servers).

That doesn’t require them to know who you are.

The comment in question appears in incognito mode. I don't think they're banned.

One in the same on HN.

How is a banned account making visible comments? Also, how did you find that post?

That's true, I'm just banned but it still lets me comment and that's fine with me. No pesky fake internet points to worry about.

Both, not either.

Anyone collecting data needs to consider how the data can be misused. Whether that be by a (repressive) government, a hacker, or a future purchaser of the data

why would they want phone numbers

Because it is trivial to make a burner/secondary email address, but much less trivial to do the same with a phone number. Furthermore, everyone adds phone numbers to their contacts but very few add emails, so phone numbers are much more valuable from the perspective of inferring social graphs.

Both of these are extremely valuable for adtech and generic "growth & engagement" scum, thus why all companies matching this criteria started effectively requiring phone numbers. The 2FA/security angle is just an excuse for the true reason behind it.

Brief counter, based on adtech knowledge.

Fingerprinting to a user, especially for a bulk request, without something to anchor on like a device id (or phone number), is harder than you make it out to be. End of third party cookies and so on has had an effect.

Source - am a fairly experienced security engineer.

It’s a nonsense argument to say Google can’t handle credential stuffing without SMS 2FA in place, as in not pushing all 2FA via Google Authenticator and using the very wide reach and talented security team for baseline cred stuffing. Sec tools for this, even without being Google and their very talented sec team, are pretty good.

Wanting a hard phone number is a pure identification play and also about the more likely pragmatic concern (than cred stuffing) of using Google for burner accounts.

This sounds like it’s new though? And maybe is for testing/dev and will go away?

Which really underscores that all of the MFA stuff is actually about security. Because of course it is.

Entrapment isn’t just “any time police trick you during an investigation”. It is only entrapment if the police actually induce you to commit the crime you are charged with. Viewing these videos is not a crime.

I read that as “they sent a list of URLs”. Not, “they uploaded a bunch of videos”.

Entrapment is a practice in which a law enforcement agent or an agent of the state induces a person to commit a "crime" that the person would have otherwise been unlikely or unwilling to commit.

Viewing the links and using technology covered by those is anything but. This is trying to make crime suspects out of thin air. So much for fucking free democratic society.

We learned from Nest that they won't even require a warrant before handing over the code to a smart lock to law enforcement.

No judge needed. Just ask and say "open sesame"

Well, in the US in general it might be. The police are saying that it is probably a crime under money laundering and unlicensed money transmitting laws. The issue is that particular set of laws are mostly outrageous and quite unintuitive in practice. They criminalise a lot of quite reasonable activity - in this case, like selling bitcoin for cash.

Although the thread root refutation makes no sense. Freely trading bitcoin leading to 9-11 is going to have to involve some flexible mental gymnastics since 9-11 happened in a pre-Bitcoin world. In practice AML style laws are generally targeting tax evasion.

Per the GP—this is likely about someone laundering money for terrorist organizations that the US is investigating.

I'm pretty sure it's satire.

Well, I don't know if there's any way to be absolutely anonymous on the internet.

It seems to me that there's still good reason to prefer using invidious on an instance used by many people as opposed to youtube directly. Can't make perfect the enemy of the good.

There's an option to use Invidious as a proxy, though I don't know if public instances offer this (and you probably need an invidious account).

Yes. It totally switched the narrative on Israel (and that's great imo). They didn't ban videos of Palestinians getting murdered and bombed, like other platforms did. It's a bit insane since even my apolitical friends got exposed to the raw videos and now it really shaped their opinion. I won't push it since I know this never actually happens, but it got zoomers to maybe even consider the conflict important enough to be an issue that swings their vote (the issue is that we don't vote lol).

For me that's awesome. But it really really really didn't sit well with members of Congress I guess, and boomers in general.