
FBI affidavit against Ryan S. Lin in cyberstalking case (2017) - LinuxBender
https://www.justice.gov/opa/press-release/file/1001841/download
======
Nadya
The relevant bit is on Page 22.

 _> Further, records from Pure VPN show that the same email accounts Lin's
gmail account and the teleportfx gmail account-were accessed from the same
WANSecurity IP address. Significantly, Pure VPN was able to determine that
their service was accessed by the same customer from two originating IP
addresses: the RCN IP address from the home Lin was living in at the time, and
the software company where Lin was employed at the time._

Also, it seems Lin knew or suspected this at least, seeing as he doesn't
believe in a VPN service that doesn't keep logs:

 _> For example, on June 15, 2017, Lin ... re-tweeted a tweet from "IPVanish,"
that read: "Your privacy is our priority. That's why we have a strict zero log
policy." Lin criticized the tweet, saying, "There is no such thing as VPN that
doesn't keep logs. If they can limit your connections or track bandwidth
usage, they keep logs."_

This will be a useful .pdf to keep on hand because I also don't believe in
VPN's that don't keep logs. At a minimum they'll keep 30 days worth and in
many countries may actually be required by law to keep them longer than that
even (60-90 days usually).

As an aside, it's good to see another example that the FBI does actually
investigate cases of cyberharrasment and takes doxing seriously, contrary to
popular opinion.

E: A few typo fixes and the last 4 words.

~~~
ALittleLight
I opened the document expecting to sympathize with Lin. In my imagination this
was some FBI surveillance state overreach, or "cyberharassment" thing getting
overblown.

Instead, reading through the allegations, Lin came off as abominable. Contrary
to your conclusion that this shows the FBI takes cyber harassment seriously,
it seems like law enforcement generally allowed Lin to publicly subject this
poor woman to psychological torture for a couple years before doing anything
about it.

Provided the allegations are true, whatever sentence he gets will not be
enough...

~~~
claudiawerner
Why would you expect to sympathize with him? Is it usual (i.e more likely than
not) that cases of cyberharassment are overblown, or based on faulty
knowledge, or outright false? It's strange to me that someone would
immediately be so skeptical, unless the rate of false accusations is higher
than the rate of true accusations (at least insofar as determined by the
imperfect legal system). Is that the case? I'd like to be corrected if it is.

~~~
ALittleLight
I don't know what the rate of false or overblown allegations is. I wrote above
about my intuition and not my judgment after a considered study of the issues
and evidence. It's just what I expected.

As for why my intuition went that way, I suspect it's because, from the title,
I felt like Lin was wronged by the VPN company which misled him, I generally
distrust the FBI, deanonymizing VPN traffic seems troubling to me,
"cyberharassment" sounds more like being mean to people online than the things
Lin did and I don't think sending rude words to people should be criminal, and
I suppose that I personally am more likely to be (falsely) accused of
cyberharassment than I am to be victimized by it which probably results in
implicitly identifying more with the attacker than the victim.

~~~
claudiawerner
I don't think "cyberharassment" sounds like being mean online at all, I think
it's what most would consider harassment but conducted through the Internet to
the extent that it is possible to do so, and it may even be more pernicious,
since it is very easy to stalk people and submit anonymous comments via the
Internet. In the same way, I'd also assume you personally more likely to be
falsely accused of rape than you are to be victimized by it - simply because
you're probably not a rapist. It does not have much to do with the fact that
most rape allegations are true, at least to the extent we determine in legal
courts.

Maybe we should think about how we act online if we feel that there is a
significant risk of being accused of cyberharassment, even if such conduct
should not be illegal (and I suspect we also disagree on where the line ought
to be drawn here).

~~~
ALittleLight
"Harassment" can refer to a variety of behaviors. I feel "harassed" by
telemarketers insisting I apply for a loan or buy whatever they're selling. If
someone were to repeatedly bother me at the mall trying to sell me something,
I'd think of that as them "harassing" me to buy something etc. Harassing seems
to me like repeatedly being a nuisance.

In the context of criminal behavior I'd expect harassment to be a campaign of
intentionally bothering someone and invading their space. I'd assume someone
like Lin might be guilty of criminal harassment if he waited outside this
girl's house and lewdly propositioned her every day, bothered her at work,
etc.

I think we should have a higher bar for what constitutes cyberharassment
because it's so much less invasive and threatening than physical harassment
and so much easier to ignore. It's also possible that it's easier to
inadvertently participate in cyberharassment when you can't see how the other
person is reacting to you or feel how inappropriate the behavior is.

What Lin did in this case is far beyond any of what I described above. I think
of his behavior as transcending what I'd describe as cyberharassment - in my
earlier comment I called it psychological torture and I think that's far more
apt than cyberharassment which seems too milquetoast a phrase for what
happened here.

------
seibelj
This guy is a monster. Read the whole thing if you have the time. For some
reason this bit stuck out at me out of all the crimes: He hacked into her
"Rover" account (Uber for dog walking) and messaged all her clients that she
had a panic attack and murdered their dogs, and will deliver the dog to them
in a ziploc bag.

Total psychopath.

~~~
roguecoder
Yeah, this primarily inspires the thought of whether we should be providing
services that enable this kind of behavior.

------
joshstrange
Started out wondering if Lin was going to be wrongly accused but this hit
closer to home that I expected. First off Lin appears to be a POS but what hit
me was this line:

> While each of these incidents in isolation may appear relatively harmless,
> the cumulative effect of this behavior is both harassing and indicative of a
> significant attachment, disproportionate to the amount of time they spent
> together.

Specifically the first part "While each of these incidents in isolation may
appear relatively harmless". I've had friends harassed online and when you try
to explain to law enforcement it sounds petty or minor but I've seen first
hand it weigh on my friends who have experienced it.

Services like TextNow and Pinger and amazing tools for someone looking to make
someones life a living hell. I've still got screenshots of PAGES of new text
messages (from different numbers) all from some asshole who has nothing better
to do than harass people.

In my situation I had finally had enough and thew up a webpage explaining how
to block ALL TextNow/Pinger numbers and calling out the individual in question
(trust me this was done tastefully and with tact) then ran Ads on FB to raise
awareness in my community. Turns out way more people that just my immediate
friends had been affected by this toxic individual (I had a number of people
reach out to me). I spent $40 on ads for 67 clicks, 1,465 reach, and 37,454
impressions. It was worth every penny. I'm not going to say this will work for
you OR that it worked for me (the harassment stopped but, you know
causation/correlation and all that) but I know I would do it again in a
heartbeat.

It's important to note the police were next to useless for this entire saga.
I'm not sure what percentage was apathy vs a lack of skills but yeah...

~~~
ukyrgf
That's amazing!

Last year I was desperate for extra work, and met a guy hiring programmers on
Craigslist. I ran his name and found a website from a guy saying never do
business with him, that he doctored financial documents and was a liar. It was
kind-of a crazy site, so I met with the liar anyway, and he brought it up
pretty quickly, saying it was an old neighbor and that he's crazy. I went to
work for him, but he kept bringing it up, wondering how he could get the site
taken down (queue me trying to explain slander and him saying "there's gotta
be another way!"), until one day he was exploded with a "I could go over to
his house and fucking kill him!".

I already had a new job lined up at that point, so I just left my key on the
desk and never came back. I still wonder if I should email the guy that made
the website just to let him know how much it gets under his enemy's skin.

------
w8rbt
They all log, and they all turn those logs over to police agencies when they
get court orders to do so. These services are only intended to prevent ISP
snooping on legal activities that may be personal or embarrassing, but not
illegal. That's it.

If you do something illegal on a VPN connection and think the VPN providers
have no logs/evidence, you'll be very surprised when the cops show up.

~~~
zigzaggy
Exactly. Even my personal VPN (Streisand) running on a cloud-hosted VPS is not
safe if I decide to become a criminal. All LE would have to do is subpoena my
hosting company and monitor incoming connections.

A VPN may slow a nation-state down a little, but it will certainly not stop
them.

------
woofcat
I'm always curious at how these VPN providers aren't being hit with false
advertising. They claim to keep basically no data about you.

"You are Invisible – Even We Cannot See What You Do Online We DO NOT keep any
record of your browsing activities, connection logs, records of the VPN IPs
assigned to you, your original IPs, your connection time, the history of your
browsing, the sites you visited, your outgoing traffic, the content or data
you accessed, or the DNS queries generated by you." [0]

[0] [https://www.purevpn.com/privacy-
policy.php](https://www.purevpn.com/privacy-policy.php)

~~~
crankylinuxuser
Them not keeping a record may be true...

But the rsyslog was delivering the logs to *.fbi.gov

And not retaining logs would still be correct. They said nothing about
transporting them to the relevant feds.

~~~
rayvy
Ahhh. They aren't _keeping_ the logs, they're merely forwarding the logs to
another "non-associated entity" (giving them legal cover), and storing the
logs there. Makes sense. They can advertise "we don't keep logs" ( _we_
meaning the corporate entity itself) so they have legal cover, _and_ they make
the three letter agencies happy (and thus are allowed to continue to operate)

~~~
crankylinuxuser
Indeed. And those tools to do such an analysis already exist. Its the formerly
NSA tool called "Apache NiFi". It even has a syslog server plugin specifically
for this purpose (it's built in already; drag, drop, configure, done):

[https://nifi.apache.org/docs/nifi-
docs/components/org.apache...](https://nifi.apache.org/docs/nifi-
docs/components/org.apache.nifi/nifi-standard-
nar/1.5.0/org.apache.nifi.processors.standard.ListenSyslog/)

Link/proof asserting Apache NiFi is one of the NSA data analytics tools:
[https://www.forbes.com/sites/adrianbridgwater/2015/07/21/nsa...](https://www.forbes.com/sites/adrianbridgwater/2015/07/21/nsa-
nifi-big-data-automation-project-out-in-the-open/#1377a1e555d6)

~~~
willstrafach
Proof also can be found here: [https://code.nsa.gov](https://code.nsa.gov)

------
analyst74
Sometimes I feel the anonymity aspect of the Internet brings the worst out of
people. If we didn't have anonymity to begin with, people would have not tried
those kind of harassment. Or if they do, it'll be a routine case for the
police as opposed to requiring substantial FBI involvement.

~~~
vokep
Anonymity is required to maintain freedom of speech. It provides a route for
any adult to be the child that calls out the emperors new clothes.

The sad part is yes, it also enables bad people to do bad things without
consequence, however, that is the bet that we make. That the bad people doing
their bad shit, is a small price to pay to prevent bad people in power from
doing very very bad shit

~~~
analyst74
It's not anonymity that protected freedom of speech, but people who believe in
free speech, represented by supreme court that is protecting it.

And when it comes to overthrowing corrupt ruling class, do people seriously
believe anonymously complaining online is going to do anything?

~~~
sleepybrett
One could argue that anonymous complaining and accusations contributed to
Trumps election.

How many of those 'anonymous americans' (who were concered about the emails,
or spouting off about clinton having parkinsons, or bernie or busters, etc
etc) were not americans, but non-americans or bots/sockpuppets created to
amplify the signal of a vocal minority of americans or non-americans.

Because of platforms that are largely anonymous you can never know if an
anonymous user is your next door neighbor or a bot tied to the marketing arm
of some product you might be interested in or the agent of a foreign
government.

An interesting concept might be a social network where all users are verified
and their profile contains only general information about them, letting you
know if their opinion matters or is misleading.

------
deckar01
> On April 14, 2017, at 14: 55: 52, the email address "rlincc@gmail.com" was
> accessed from IP address 199.38.233.169, an IP address owned by WANSecurity,
> a Kansas VPN service. As discussed above, this Gmail address is directly
> attributable to Ryan Lin and was used to communicate directly and openly
> with Smith and her roommates, including when he first responded to the
> Craigslist advertisement to be their roommate.

This type of information couldn't be provided by VPN logs due to gmail using
TLS encryption. If they gained physic access to a device that he was currently
logged into, they just needed to look at the gmail account activity. Anyone
can look at all the IP addresses they have accessed their gmail account from.
They could have also just got a warrant.

> On April 14, 2017, at 15:06:27, the email address teleportxf@gmail.com,
> provided by "Ashley Plano" to Rover, was accessed from the same exact
> WANSecurity IP address, 199.38.233.169

This is more interesting. It doesn't seem likely they caught him logged into
this account, or that would be all the evidence they needed. I suspect they
issued a warrant to Google for this account and got a list of IP addresses
back. I can't imagine that the VPN provider allocated a unique IP addresses
for each subscriber. This seems like a really weak correlation unless they are
leaving out some important information.

------
Animats
Although much of the data seems to have been recovered from his work computer
after he lost a job.

This article is two years old. Current status, from US Bureau of Prisons
Inmate Locator:

    
    
        RYAN S LIN
        Register Number: 00578-138
        Age:  	26
        Race: 	Asian
        Sex: 	Male
        Located at: Brooklyn MDC
        Release Date: 01/02/2033

~~~
tjbarkley
I wonder where he worked and why he was terminated. It was probably a similar
pattern of behavior at work.

------
chris_wot
What the guy did was seriously disturbing. He looks like he is going to prison
for 17 years and virtually ruined the victim’s lives:

[https://www.justice.gov/usao-ma/pr/newton-man-sentenced-
over...](https://www.justice.gov/usao-ma/pr/newton-man-sentenced-
over-17-years-prison-extensive-cyberstalking-campaign)

~~~
anxman
This dude is a horrible monster and has been one for years. 17 years seems
like barely enough.

------
iaw
Took me a second to find the follow-up [0], he pleaded guilty and took a 17
year sentence.

[0] [https://www.boston.com/news/local-news/2018/10/04/newton-
rya...](https://www.boston.com/news/local-news/2018/10/04/newton-ryan-lin-
sentenced-cyberstalking)

------
Romanulus
VPN providers never keep your private data... since when are IP addresses
considered private data? Gotcha.

------
8ytecoder
The new title tells me what the submission is about but not why it's here on
HN. For context, the old title mentioned why it's relevant - that Pure VPN
kept logs that assisted the FBI in its investigation of Ryan Lin.

------
kakarot
If you use PureVPN, you're a sucker, plain and simple. You failed to do basic
research into your VPN provider, or failed to consult with someone who
actually knows what they're talking about.

Let's do a very quick experiment where we evaluate a few popular VPN services
at a glance, and critique them using non-technical insights which can
generally be applied to any business trying to sell you a product. In other
words, there's no excuse for not being able to develop these insights just
because you aren't a "tech person".

Googling PureVPN provides the following summary:

"The best VPN service in 2018. PureVPN leads the industry with its massive
network of more than 2000 encrypted VPN servers, around 300000 anonymous
IPs..."

PureVPN only has a 150 character limit to describe their business, and they
use it for:

1) Overzealous claims about being "the best" and the "industry leader"

2) Throwing out large numbers which they hope the user will correlate to
excellence as a VPN service. The clueless user will think, "the more the
better, right?"

Nord VPN's summary:

"Protect your privacy online and access media content with no regional
restrictions. Strong encryption and no-log policy with 5000+ servers in 60+
countries..."

1) No regional restrictions? That's a given for any decent VPN. Useless noise
meant to paint the product in a better light.

2) They claim strong encryption, but again, that's a GIVEN for any decent
service. More deception.

3) They immediately try to sucker people in with the "no logs" bullshit

4) More stupid large numbers.

See a trend?

Now look at Mullvad VPN's summary:

"Mullvad is a VPN service that helps keep your online activity, identity, and
location private. Only €5/month - We accept Bitcoin, cash, bank wire, credit
card..."

Wow! No claims about being the best, no claims about anything. It "helps" keep
your data private. No claims about 100% privacy. Then they list the price and
payment methods. Informative and non-deceptive.

~~~
kkhafra
> "Protect your privacy online and access media content with no regional
> restrictions. Strong encryption and no-log policy with 5000+ servers in 60+
> countries..."

I don't see how this is deceptive whatsoever? It states known facts about the
VPN while also giving a basic outline on their policies. I'm inclined to
believe that Nord doesn't keep logs (as of Nov. 1 of 2018) due to their audit
by an external company. The report is available:
[https://ucp.nordvpn.com/audit-report/](https://ucp.nordvpn.com/audit-report/)

I'm not saying that Nord is 100% safe, as others mentioned in this thread, it
is completely possible that any "no-logs" VPN provider may store logs
_somewhere else_ or an organization may store their data. It allows a provider
to claim _they_ keep no logs, which also technically being truthful. I'm
intrigued by Nord's stance to this (as their audit has no mention of it at a
quick glance) and I will email their support about this.

Not only that, regional restrictions may apply to services such as Netflix,
which have been battling VPNs for years now. Most VPN providers don't work
with many of these services, and due to the fact Nord does, I'd claim that as
a good advertising standpoint. Never tried "Mullvad", but I doubt they can
bypass restrictions of these same sites.

Now onto Mullvad... The reason they can't claim to be the best, in any field
for that matter, is because they aren't. Isn't keeping your data private "a
GIVEN for any decent service" (to quote your own words...)? I'm also worried
about that price, are the potential legal fees Mullvad may pay to keep your
privacy safe worth the 5 pounds a month you pay? Same with any VPN for that
matter - the cheaper it is, the less likely it is safe.

~~~
kakarot
Regarding #2, I flubbed and meant to say "More noise", not "More deception". I
didn't realize my mistake till later.

And I was briefly dissecting the Google summaries of these services, but I
have read much, much more than that for every major VPN provider before
settling with Mullvad.

I recommend Mullvad and if you took more than a cursory glance at their blog
and documentation then you would get an understanding of what kind of service
they want to be. They strive for top-notch security and service.

Nord also seems like a decent choice, even if they are not for me. For me, a
company's ethos is extremely important and comes first. However, Nord still
has the standard scummy sales tactics employed by so many companies, as you
can see from their summary.

------
person_of_color
Why is this relevant to HN? Is he a famous OSS contributor?

------
writepub
Why is a raw legal document better than an accurate news article simplifying
it for lay folks?

Dropbox's value is derived from it's ability to make something like rsync more
human for non-tech folks.

