
Private Intel Firm Buys Location Data to Track People to Their 'Doorstep' - NN88
https://www.vice.com/en_us/article/qj454d/private-intelligence-location-data-xmode-hyas
======
badrabbit
They claim to unmask VPNs, unless they have a 0day, this is usually done using
social engineering (ip grabber link redirects for example), which
intetestingly maybe perfectly legal, but I'd argue unmasking someone's VPN
constitutes bypassing security measures, so depends on the lawyer?

If the computer that is behind the VPN is a "protected computer", regardless
of the method used, unmasking a VPN would be illegal:
[https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act](https://en.m.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act)

In the case they brag about, the person's computer was in Nigeria, if that
computer is used for foreign commerce (e.g.:the guy buys stuff from US sites)
it would be a protected computer and this company is bragging about a felony.
Am I correct?

Of course, I can testify first hand, the FBI never prosecutes companies/execs
unless it is a clear publicized financial white collar crime. Under this same
statue, the FBI will raid you if a company files a criminal complaint against
you even for disclosing an open FTP server vuln:
[https://www.dailydot.com/debug/justin-shafer-fbi-
raid/](https://www.dailydot.com/debug/justin-shafer-fbi-raid/)

------
anonzzz
I would like to see some data that proves they can track someone to their
doorstep. I would think that a hacker that was trying to cover their tracks
would have enough OpSec sense to evade some location data collected on a
phone.

~~~
neuralRiot
At least be smart enough not to login to any account from the hacking VPN’d
computer.

