On Wed, 3 Jan 2024 02:29:16 +0100 (CET), Nomen Nescio <
nob...@dizum.com>
wrote:
> What happened to x*ef*
ig.com and J*ax*ah
>
> Post by YLeeCoyote » Thu Dec 21, 2023 9:19 pm J*ax*ah using an alias
> posted the following unhappy message
>
> J*ax*ah wrote:
> Police raid, server seized and charged with having cp. Not coming
> back.
>
> As x*ef*
ig.com is gone and the message was from the same IP that Jaxah
> used I accept that it is real.
I was rather surprised when I read the above. What surprised me was not the
fact that the arrest/seizure happened at all, but rather it was the timing--
frankly, I did *NOT* expect any type of enforcement action to be undertaken
so quickly. That said, on reflection, I have an idea as to what may have
precipitated this move on the part of the UK authorities.
My intent in writing this post is to examine Jaxah's activities with a
somewhat critical eye, in order to illustrate where I believe he went wrong
-- the idea being not to castigate him for making mistakes, but to educate
others so that they *think* before they potentially undertake legally risky
activity without taking appropriate precautions beforehand to avoid being
traced, identified, and potentially prosecuted.
> I assume that it was something about the ASSTR clone he was hosting or
> something else on his server.
I can only /hope/ that Jaxah did not have CP on his server. That said, with
all due respect to YLeeCoyote, I think that we have to consider that it may
be the existence of the text stories themselves that was the sole (or at
least the primary) reason for the seizure/arrest, as opposed to any other
factor.
Unfortunately, over time, I have observed a culture of denial here in ASSD:
I have seen people make remarks about Frank McCoy, to the effect that he was
only gone after/prosecuted because he had CP on his machine.
Similarly, I have seen statements to the effect that Thomas "Mr. Double"
Arthur was only pursued because he was selling contraband.
Likewise, Ron Kuhlmeyer's previous offense record has also been dredged-up
as a potential justification for /his/ arrest and prosecution.
Remember, all American prosecutions and convictions to date: Fletcher, McCoy,
Arthur and Kuhlmeyer were prosecuted under 18 USC 1462, for importation
and/or transportation of obscene materials, and not primarily for other
offenses.
The general sentiment here in ASSD appears to be the following:
They won't come after me because...
* I don't abuse kids;
* I don't download or view kiddy porn;
* I don't sell anything;
* I don't have a previous record as a sex offender.
I would argue that breaking the law alone (e.g. 18 USC 1462 in the United
States, or its' equivalent in other jurisdictions) is enough to put you at
significant risk.
Some 20 years ago, the risk was very much less apparent -- it was not at all
clear when Karen Fletcher was indicted (circa 2006) that her body of work
was not protected by the First Amendment.
However, with the successful prosecutions of Fletcher, McCoy, Arthur and
Kuhlmeyer, the matter is now not only settled, but carved in stone, even --
particularly in view of the fact that both McCoy and Arthur not only had
their convictions upheld on appeal, but also both their applications to the
United States Supreme Court for judicial review were denied, meaning that
the lower court rulings stand, and constitute legal precedent going forward.
Where Jaxah Went Wrong
======================
There are two mandatory rules frequently mentioned to new (or aspiring) drug
dealers (or hackers, or anyone for that matter) dealing in contraband:
1. Commit only one crime at a time;
2. Don't shit where you eat.
A third rule applicable to digital contraband is:
3. Don't use file-sharing programs/apps (e.g. BitTorrent) to distribute
contraband. The police have a long history of using this type of software
to bust people.
I can practically hear the howls of outrage: "We're not criminals! It's just
stories... it's just text! What about the First Amendment?!"
As far as His Majesty's Government in the United Kingdom is concerned (and
also Canada, Australia and New Zealand) those persons who traffick in
stories involving underage characters /are/ criminals. The same is true of
the United States. The law has been settled for decades, and not just in the
United States. The Courts in our various nations pretty-much concur in this
regard.
In the United States obscene material is *NOT* eligible for First Amendment
protections. Frank McCoy tried to challenge that law, and lost, /badly/ --
he ended up paying for it with his life.
You may not agree that text should be considered 'obscene' -- I agree. You
may think that the law is an ass -- also agreed. But whether we like it or
not, the law isn't going to change, let alone anytime soon. Get over it.
You don't have to like it (and, for the record, I *don't*) but you *DO* have
to accept it, because to do otherwise is to deny reality. Should you traffick
in underage stories, and they catch you, you're rather likely to wind-up in
a prison cell.
Now, if Jaxah did, in fact, collect CP, he broke the first rule; in any case,
he definitely broke the second and third rules by running a server out of
his home. Even if he was using a secure email account, and posting safely,
using BitTorrent and running a server from home might, in and of itself,
have been enough to lead to his identification and arrest.
Now, to be entirely fair, Jaxah may not have collected 'child pornography'
as most people in here would understand it, i.e. images of real children
being abused. The United Kingdom classes some images (pseudo photographs) as
child pornography -- like Canada, which classifies /any/ sexually explicit
image of a person under the age of 18 years (even drawn from the imagination)
as 'child pornography'. Accordingly, the child pornography charges /may/
stem from illustrations contained in the ASSTR archive.
Jaxah's primary mistake (which I believe helped lead to his identification)
was that he did not compartmentalize his activities -- rather, he used the
same Gmail address/handle for virtually all of his online activity. (I found
evidence of social media accounts using the same information.)
/Strict/ compartmentalization (and following the above rules) would have
gone a *long* way to help prevent his identification/arrest and server
seizure.
Another mistake was a lack of situational awareness -- he very likely wasn't
aware of some of the legal changes that have taken place in the last few
years. I would offer-up two examples: the UK Online Safety Act, and the U.S.
Cloud Act.
* Passage of the UK Online Safety Act -
This Act, which received Royal Assent in October 2023 (and thereby became
law), has been heavily criticized because Section 122 of the Online Safety
Act provides Ofcom (the UK's FCC equivalent) with the power to compel any
tech firm to scan its content for child sexual abuse or terrorism content,
or else face fines of up to £18 million or 10% of annual turnover.
Content to be scanned includes 'child grooming' texts/emails/messages. It is
a virtual certainty that exchanges of many of the text stories with underage
content would fall afoul of such automated mechanisms looking for 'child
grooming'.
I consider it rather unlikely that automatic scanning played a role in this
instant case, but this is something to be kept in mind for the future. To be
frank, there was no need for this to be used, as Jaxah laid all his cards on
the table face-up, in full public view, right here in this very newsgroup.
* UK entered into a Cloud Act Agreement with the United States -
This, IMO, was a game-changer. For those of you not familiar with the Cloud
Act, let me explain: the Cloud (The Clarifying Lawful Overseas Use of Data)
Act allows the US government to compel an American company to hand over data
pursuant to a warrant or subpoena, without any regard to where the data is
physically stored (i.e. overseas).
Conversely, the Cloud Act allows foreign police to demand data directly from
American companies/service providers without recourse to the American courts.
So, for example, the British police could approach Google with only a local
UK warrant, and on the strength of that warrant, Google is legally required
to hand-over the data requested by the foreign authorities. Google (or any
other provider) is actually barred from attempting to have this reviewed in
the American courts.
The foreign authorities can now have the data they requested in days, as
opposed to months/years, as was typically the case under the Mutual Legal
Assistance Treaty (MLAT) process. (A 2013 study showed that the average
length of time to process an MLAT request was 10 months, with some cases
taking much longer.)
IMO, what led to the timing of this raid/seizure/arrest were the comments
that Jaxah made in this NG about moving the server to a foreign jurisdiction,
out of reach of the American (or other) authorities.
Another part of situational awareness is understanding your environment, i.e.
Usenet. Usenet was (and still is, to some degree) a distributed anarchy --
there are still many servers worldwide (albeit not thousands like there used
to be) but it is still very hard to censor. A corollary to this is that once
something is posted to Usenet, it is there more or less FOREVER. As evidence
of this, consider the following:
Frank McCoy died of Covid-19 (contracted in prison) on April, 2nd, 2020. It
is almost four full years since his death, yet Frank's works are apparently
still to be found on Usenet (among other places), if one knows where to
look.
What I am getting at, is be careful of what you post to Usenet, when using a
traceable account -- once something is posted, it is *very* difficult to get
rid of it. (The only way to accomplish that is via cancel messages, and not
every server accepts article cancellation messages. In any case, using cancel
messages is very nearly a lost art.)
As part of being careful, DO NOT announce your plans to break the law, and
DO NOT post evidence of having done so, from a traceable account.
Because he broke these rules, Jaxah may well find himself in the exceedingly
uncomfortable position of having his Usenet postings read into the court
record as evidence against him.
What Can Be Done? - Recommendations
====================================
As much as I hate admitting it, for Jaxah, there is simply nothing to be
done.
First off, if you have been using a traceable account (e.g. Gmail, or other
clearnet email) and/or Google Groups, you should abandon these and start over
with a brand-new identity. The reason for doing this is because security is
NOT retroactive.
Many of you will doubtless be reluctant to do so, but because Google Groups
is soon to abandon support for Usenet, you will have to do this anyway, so
you might as well get on with it now, as opposed to waiting until the last
minute.
FWIW, switching from a Gmail account to e.g. a nymserver account is NOT
enough, if you are using the same identity. The links between identities
have to be *completely* *severed* and the way to do that is to use a brand-
new identity.
I know it sucks to lose all that reputation capital, but it cannot be helped.
> I will do what I can to remove his posts from here [ASSLR] as requested.
Once you make a post, even to a Forum such as ASSLR, you *must* consider it
scraped and/or saved whether by LE or others. Having it deleted after the
fact isn't necessarily going to save you, if you make a mistake.
> I will add that we are all sorry for what happened and wish things work
> out well for him.
I am sorry that happened to him as well. What is particularly distressing is
that this almost certainly could have been prevented with the use of proper
tradecraft. The sole bright spot in this entire debacle is that /should/
Jaxah be convicted and imprisoned, prison sentences in Britain are nowhere
near as long as they tend to be in the United States.
Tradecraft
==========
Use Tor, and Tails, if you can.
Use a tor-based email service: one such is Morke:
http://6n5nbusxgyw46juqo3nt5v4zuivdbc7mzm74wlhg7arggetaui4yp4id.onion/src/register.php
Posts can be sent via email to ASSD using the dizum mail2news gateway:
Send an email addressed as follows:
To:
mail2new...@dizum.com
Subject: Your chosen subject line goes here
Newsgroups: alt.sex.stories.d
References: your references line goes here
[blank line]
Message body goes here.
If you're really serious about security, you'll use a nymserver -- if anyone
wants details, ask.
Usenet can be read from any number of providers, including free ones; some
of those have already been mentioned here in ASSD.
Some providers allow for purchase of blocks of data, e.g. 100GB for something
on the order of $20 or thereabouts. You can pay with cryptocurrency (use
Monero, if possible), and stay anonymous.
If you only read text groups, 100GB is more than enough for a decade of use.
Remember, you only use your news provider to READ news -- all your posting
should be through a mail2news gateway using a Tor-based (or nymserver) email
address.