Hacker News new | comments | show | ask | jobs | submit login
How police found Twitter user accused of sending seizure-triggering GIF (documentcloud.org)
119 points by danso on Mar 21, 2017 | hide | past | web | favorite | 136 comments

From an article related to the case [1]:

> charged with criminal cyberstalking with the intent to kill or cause bodily harm and faces a maximum sentence of 10 years in prison if convicted,

What is even more sad:

> More than 40 Twitter users sent similar strobes to Mr. Eichenwald after they realized they could trigger seizures, he tweeted Friday.

The agent went through these steps to identify the suspect:

- Asked Twitter about account information. (w/ search warrant)

- Got phone number

- Phone number was Tracfone prepaid but asked AT&T for information about phone number. AT&T could map [phone number] -> [specific iPhone model] ("DPD sent a request to AT&T")

- Asked apple about iCloud account related to [phone number] (w/ search warrant)

- Find selfie of accused with his DL in hand in iCloud pictures, and also a screenshot of the seizure-triggering GIF, and many other incriminating/stalking behavior items.

[1] http://www.washingtontimes.com/news/2017/mar/18/twitter-user...

EDIT: Added (w/ warrant search) to clarify what "Asked" meant in my summary.

Wow, did not realize Apple is so gung-ho about sharing iCloud data with LE. I love the Apple ecosystem but when I have to start fracturing out my services it's going to suck.

edit: should have read the post. Thought "ask" meant they handed it over willingly. Apple was served a search warrant, AT&T was not.

The LE guidelines are available here, if you're curious as to what they offer: http://www.apple.com/legal/privacy/law-enforcement-guideline...

The FBI had a warrant

Yeah, if you try to _literally kill someone over the internet_ and you think any lawful company is going to fight a warrant for your data, you've got another thing coming.

It feels like people still minimize pretty awful actions when they happen over the internet.

Imagine someone running up to someone with epilepsy in public and showing them strobes? What sort of deranged person does that?

Imagine someone sending death threats through snail mail over and over. Of course that's horrific! But brigaders doing it through twitter is kinda fine because "hey, you're on twitter, stupid stuff happens".

So much harassement is extremely cruel but we (myself included) tend to discount it when it happens over social media.

Yeah, I found that I was doing this myself. I think it's because I was always posing myself the what-ifs of "well, you could just be accidentally sending something that would trigger it...", but the law can deal with intent where most software and programing problems simply can't. Where it is clear the intent was to cause harm, we should absolutely treat these things with as much seriousness as any other attempt to harm another person.

> but the law can deal with intent

How do you come to this conclusion?

So from this and your comments I take it you took it to mean they can know intent, when it's clear they can't. They can however investigate and get a pretty good idea. Software is limited to mostly instant decisions by automated process - a far cry from a court case and an investigation by professionals.

Come on, don't be dragging the discussion down like this.

If you've got something to say about mens rea, then say it.

The law can deal with "what some judge/jury conjectures that the intent might be", but it cannot deal with intent. But this weaker statement sounds like it might be implemented in software, too.

Did you read the articles?

The suspect tweeted "I know he has epilepsy" and "I hope he dies."

But sure, a judge and jury could only possibly conjecture about intent…

I read the article. The only thing that we know is (under the weak assumption that it was indeed written by him) he claimed this was his intent.

The difference is the ability to follow through with the threat. If someone sends you a mail, they have your address. If someone does it over twitter, they probably don't know where you live.

Are we going to throw 5 year olds in jail when they tell an adult male they hope they die? No, we're going to apply the same level of doctrine, how likely is it that the 5 year old can carry through with the threat?

There were a lot of nasty comments on fb on the Vice article, saying he deserved it etc.

Without excusing the act, I think part of why people minimize or dismiss the potential damage for acts like these is because they feel like it can't be that bad if it's that easy to do.

> More than 40 Twitter users sent similar strobes to Mr. Eichenwald after they realized they could trigger seizures, he tweeted Friday.

I'm not suggesting that these people shouldn't be charged with some sort of crime, regardless of whether or not they can prove that Eichenwald had a seizure (which I have my doubts about). There's a precedent set that things like lasers shined at pilots eyes are gone after regardless of whether or not it causes a crash.

However, while not condoning these peoples' alleged actions, I can understand why this guy attracts a lot of derision online. Eichenwald appears to be a really scummy character. Google his name and "child p*rn" just for starters. There appears to be a lot of wild stuff there about a big time shady payoff to a site he was "researching".

He also recently appears to be becoming mentally unhinged. He recently went on Tucker Carlson's show and gave a serious repeated accusation about Trump being hospitalized in a mental institution that he later claimed was a joke.

Should be a fascinating legal case to follow if it goes to trial.

This is as close to a real life 'snowcrash' as you could get and whoever did this (and the copycats) should be thrown the book at.

50K people die in the USA alone each year due to seizures, this is really no joking matter.

The problem is that it's easy to say someone gave you a seizure, since -most- are not fatal, even if they didn't have a seizure. There's not much evidence against or supporting that you had a seizure from a gif. This really opens the door for abuse on both ends. So, I am skeptical of "throw the book at them" as a solution, because it would be so easy to fake and ruin someone. The solution should be with browser makers and social media companies to not have autoplay and be more cautious for photosensitive people. I mean, what if you accidentally give someone a seizure? Should you be held liable? I say this being a skeptic of this particular person's story, given his history.

In this case, there is clear mens rea and actus rea. The accused openly stated that he intended to cause a seizure with the hope of causing actual bodily harm. He knowingly used a GIF as a weapon.

That's vastly different from, say, a heavy metal band inadvertently causing a seizure with their stage lights, or an animator inadvertently drawing a sequence that triggers photosensitive epilepsy.

By analogy, consider someone who deliberately drives their car at a bus stop and later brags on social media about trying to mow down pedestrians, versus someone who slips on black ice and spins out of control.

I am fundamentally opposed to "throwing the book" at anyone - I'd much prefer a programme of evidence-based rehabilitation.

I'm not sure he "openly stated that he intended to cause a seizure".

The image itself says something like "You deserve a seizure" but that image has been around for years - this person did not create that image.

The police found a direct message from the Twitter account stating "I hope this sends him into a seizure" and "I know he has epilepsy"

Ahh, ok thanks.

So I'm not responsible for throwing a rock at your car because the windshield stopped it and didn't crack?

There's documented evidence of intent here. The guy was trying to give their victim a seizure. There's nothing accidental here.

Of course if someone accidentally gave someone else a seizure, there should be different standards applied. Of course!

Also, yes, we need to make sure photosensitive people can browse more safely (for the same reason we put airbags in cars).

The book you throw at them isn't "giving someone a seizure", it's "attempting to harm someone intentionally with super malicious intent".

> Also, yes, we need to make sure photosensitive people can browse more safely (for the same reason we put airbags in cars).

I'm kind of surprised that we don't have "epilepsy mode" in a browser somewhere. Just limit the redraw speed. It'd mess with the browsing experience but much less than a seizure.

Same for TVs, for an epileptic user it's much better for a highly dynamic scene to look washed out or just blur to a whitish color than to show it accurately and potentially cause a seizure.

Even if the attempt to cause a seizure didn't work, the attempt was itself a crime.

Dumb question, but what is the meaning of AT&T "toll records" used to link the user to an iPhone 6?

> "AT&T responded and a review of the subscriber information showed the telephone number was associated with a Tracfone prepaid account with no subscriber information. However, a review of the AT&T toll records showed an associated Apple iPhone 6A Model 1586"

That is, if you are a Tracfone user and Tracfone uses AT&T to provide service, AT&T effectively sees the Tracfone user information?

Also, Twitter tracks the type of client used to send a tweet and reveals it in the metadata accessible to the public API -- the `source` attribute [0], e.g. "Twitter for iPhone", "Twitter Web Client", "TweetDeck". And Twitter probably captures more about the device/client that isn't publicly revealed, such as the browser agent for when a tweet is sent via the web client.

If the suspect had tweeted using the iPhone client, or via the iPhone Safari browser, would the police have enough info to subpoena Apple for Apple Account tied to that specific phone number? In other words, skipping the process of subpoenaing AT&T/Tracfone because the suspect was dumb enough to register the Twitter account using that phone number?

[0] https://dev.twitter.com/rest/reference/post/statuses/update

My understanding is that "toll records" simply means the metadata that AT&T keeps to charge Tracfone the usage of their customers.

At minimum they need to keep track of the ICCID for your sim card and the IMEI for your phone [1]. Once you have the IMEI and know that this is an iPhone, it is trivial to ask Apple for the records of who bought that device, or which iTunes account is associated with that SN.

edit: corrected per comment below.

[1] https://www.cnet.com/news/on-call-how-does-my-carrier-know-w...

Not that it matters much, but a SIM card has an ICCID, and a (GSM) phone has an IMEI. ESN is a phone identifier, for CDMA phones.

Of course, makes totally sense. IMEI is associated with the (GSM) phone, not SIM card. Thanks.

I think AT&T just logged the IMEI of the phone that used their towers, which I believe is sent as a standard part of the authentication packets the phone sends to the towers.

So the lesson is if you are trying to murder people over the internet, don't plug your anonymous sim card into your iphone which is tied to your identity?

Is that the lesson? I would've guessed the lesson is to not try to murder people over the Internet.

Makes sense why AT&T was asked for data. I'm interested in why Tracfone wasn't. But I guess if it's enough to have a phone number and suspicion that it belongs to an iPhone, that's enough to send a search warrant to Apple. Given the popularity of the iPhone, I wonder if law enforcement has the option of querying Apple to see if an Apple account is tied to a number and save them the work of sending a search warrant to the phone service provider.

edit: replaced "subpoenaed" with "asked for data"/"search warrant". Doesn't look like a warrant was mentioned in the AT&T case.

Was trying to be witty, but really the lesson would apply to anyone trying to be anonymous on the Internet, including those who have more noble motives.

If you want to be anonymous on the internet and you are doing this for immediate and spontaneous reasons my advice to you would be to forget about whatever you were planning, likely you will not manage to maintain your anonymity.

If you have a lot of knowledge in this field and a fair amount of time to prepare you may be able to pull it off but chances are you will still get a detail wrong somewhere and find yourself lifted out of bed at 3 am.

In that case I hope you have a very good lawyer.

I always figured if you had to do something illegal go to a public library you've never been to before and only use a computer once and never use it again. Also disguise yourself when you go. That being said you wouldn't be able to login to anything like twitter and you can't continue your actions very easily.


Surveillance camera(s) in the street tracking you to you parking your car?

Forgot not to take your cell phone?

Did it ring while you were in the library? Did you answer if it did?

Is it the city/town that you live in?

Did you talk to anybody while you were there?

Do you speak the language natively?

Do you have any accent that might stand out?

Did you go during office hours?

Male or female?

How big a city/town was this in anyway?

Another 100 items or so?

See, it is so easy to forget something, and that's before getting into any fancy CSI stuff.

You need a library card to use those machines, and though it's been a while, I recall having had to show ID last time I got one of those.

Risk of death from seizure is not high. Though intentionally triggering people is disgusting and he should never do it again and pay some damages. Intention to cause harm seems clear.

At the very least it seems like assault.

I assume device IMEI and/or SIM ICCID of call carried on their network was recorded since Tracfone operates as an MVNO afaik.

Toll records would be the CDR, I'd imagine. [0]

[0]: https://en.wikipedia.org/wiki/Call_detail_record

Desktop browsers allow you to disable auto-playing animated images. I'm surprised mobile browsers don't seem to have this. If I suffered from this, I'd want some sort of reasonable protection from asshats.

That's a good place point. I see Apple's disability servies praised on a regular basis.

One would have thought this scenario would have been thought of.

Is it possible on iOS to disable animations / autoplay within an app?

It seems like it would be useful to do this at the OS level too, not just per application. I.e. detect and filter out combinations of pixels sent to the screen that could cause a seizure. That would make the whole device a lot safer. I wonder if (a) this is possible and (b) whether it would interfere too much with desirable animations.

Edit: There is (offline) software to check if a video could cause a seizure: https://trace.umd.edu/peat.

It's probably possible on an OS level but I'm guessing it's an expensive task. If you're playing a 3d game that's resource intensive and you want to check 'every' frame you'll surely take a performance hit. I think disabling gif/movies/etc from playing automatically would be almost as effective and not as much overhead (toggle option of course)

> reasonable protection from asshats

Is there a strong argument that distinguishes this case of being "asshat on the internet" vs "homicidal with intent to kill"?

I was thinking about it like this: I could tamper with the brakes on your car, but there would only be a very very slight chance they would actually fail at a life-threatening moment... probably you'd realize they were faulty, and even if they did fail you'd probably be fine. I'd probably still be in trouble for it though.

Yea, the fact that it was only done after the victim revealed publicly that he suffered from epilepsy and the suspect reportedly claimed he attemped to exploit that health issue.

Kinda like purposely giving someone something they're allergic to.

That would require insight we don't really have. Personally, I had no idea something like this would work. I assumed it would need something more powerful in intensity, like an actual strobe light.

Maybe the suspect in this case knew it would work, maybe not.

The suspect specifically targeted the target because he said so in messages to some of his "fellow travelers" in whatever sorts of internet political circles he runs in.[0]

I would urge you to do some reading on these sorts of events. Following the facts of the case can do wonders for your own arguments.


Yes, he did say things like ""I hope this sends him into a seizure" and "let's see if he dies." You can imagine, though, similar situations where that's puffery. There's also a pretty loose correlation between a seizure and death.

Edit: Should clarify that it's still atrocious, and seems criminal. Not convinced though, that it's clearly attempted murder. The charge is interesting in that the penalty is 10 years max, even though it speaks of intent to kill.

Nothing you say will be considered "puffery" by the prosecution in a court. Do not _ever_ pretend anything you say in bluster or anger can not be used against you in court...

Also, they're not charging him with attempted murder here. They're charging him with "Cyber Stalking, in violation of U.S.C. s2261A(2)(a) and s2261A(2)(A) and (B)"

There's no doubt at all, that if the evidence as listed is true, he's in clear violation of this: https://www.law.cornell.edu/uscode/text/18/2261A (Something which I suspect a lot of GamerGate/4Chan/shitposters/self-identified-edgelords should think carefully about... I bet a lot of them have no better opsec than this guy...)

Different screen size, but many games have a warning about epilepsy.

It might be like https://en.wikipedia.org/wiki/California_Proposition_65_(198... where the incentives are to mindlessly post a warning without any effort to confirm whether it's necessary. Result: warnings on everything until they're nearly unavoidable.

Them's the breaks. When you have such laws like that "everything causes cancer in california" one, the only recourse companies have is to cover their asses.

It takes one guy to file a suit that he got a seizure from your game when it didn't have a warning. Even if he didn't get a seizure, have fun in court.

When everything has a warning, nothing does.

I use this bit of CSS to make images/videos grayscale till I hover over them:


Ignore the hover part and it seems like it'd work fine for mobile (Firefox with an extension), though it does seem like you'd need to be holding your phone/tablet pretty close to have a seizure either way?

How does this work? Do you run your browser in development mode with a script or is there some way to run css on all pages you visit (sorry I'm not a web person and my terminology is surely off).

You could use something like Stylish.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/stylish/

Chrome: https://chrome.google.com/webstore/detail/stylish-custom-the...

Collection of custom stylesheets: https://userstyles.org/

Userscripts are the same concept for JavaScript; see https://greasyfork.org/en

Pretty much what mintplant said, though on desktop Firefox you can also use UserContent.css (not sure how long it'll be supported for though).


Twitter's native app allows the user to disable autoplay.

If you're curious about the actual gif, I found it here[1]. Funny how something this simple can be so harmful.


[1]: https://giphy.com/gifs/acid-SDdgL8VFPq4ec

Some people find much later in life they are epileptic. Not sure if that's true of photo-induced epilepsy too? Perhaps sit down first before viewing?

I feel a little nauseated after watching this for a few seconds. I don't think I am epileptic but could this mean I might be?

I would look up other symptoms of epilepsy. If that does not quell your concerns, consult with a doctor.

As a person with epilepsy I viewed the image (FOR SCIENCE!) and almost immediately had a headache. which is on par with what I was expecting from previous experiences with flashing lights.

That being said, EEG testing has reveled that my thresh hold for Photosensitive seizures is much higher than other triggers making me feel safe viewing the image.

That seems like a very reasonable process. Nothing unusual anyways.

The only part I take exception to is the hyperbolic kill portion of, "intent to kill, injure, harass..." of the complaint. Seizures are unpleasant, inconvenient, and you might get injured on the way to the ground but they are rarely fatal, and if the victim was known to be at risk of such, he would be in an ICU somewhere. Did the perpetrator intend to kill? That might be hard to prove.

> “Spammed this at [victim] let’s see if he dies,”

Seizures can kill and this is widely known, so widely that we got instruction in high school on how to deal with a seizure victim to make sure they don't die.

Surely someone sending a seizure inducing picture to someone they know is prone to seizures is well aware of the risk they are taking, they are definitely not doing it to give them a monitor induced suntan. See perps quote above, definitely a slam dunk for intent.

Griefers don't care about the damage they cause, the more the merrier.

That quote sounds like common smack-talk rather than a genuine statement of intent. I think you could hang "intent to do the victim harm" on the combination of that and the actions here. But, actual intent to cause death? I'd want to see much more than mention of dying - "do that and I'll kill you" or "I hope you die", or similar, must have been said a trillion times in situations where actual death was _not_ intended.

12 angry men.

Sorry, I don't understand the implication of your reference?

And I totally missed your reply. Apologies. It's a reference to an old movie that explores that kind of situation leading to an acquittal.

That's not hyperbole, it's just the wording directly out of the law they're charging him under:


And in full context it says:

… engages in conduct that—

(2) with the intent to kill, injure, harass, intimidate, or place under surveillance with intent to kill, injure, harass, or intimidate another person, uses the mail, any interactive computer service or electronic communication service or electronic communication system of interstate commerce, or any other facility of interstate or foreign commerce to engage in a course of conduct that—

__(A) places that person in reasonable fear of the death of or serious bodily injury to a person described in clause (i), (ii), or (iii) of paragraph (1)(A); or

__(B) causes, attempts to cause, or would be reasonably expected to cause substantial emotional distress to a person described in clause (i), (ii), or (iii) of paragraph (1)(A),

So they're not trying to prove "intent to kill". They only need to prove "intent to intimidate anther person" using an "electronic communication system of interstate commerce" that either for (A) "places that person in reasonable fear of … serious bodily injury", or for (B) "would be reasonably expected to cause substantial emotional distress".

Seems to me they've laid out all the evidence needed to show that - the only thing a court needs to decide is if that evidence is all true and admissible.

I wouldn't want to be the defendant here.

That was my first thought too. After reading the document, it's pretty clear he acted with intent. He visited websites to figure out how to make images that trigger seizures, clearly created the gif for maximum impact and chance of a seizure, which he knows could be fatal. It was planned and well thought out.

Page 7 there are some DMs. "Spammed this at [Victim#1] lets see if he dies".

While his own DMs might be construed to be hyperbolic, he's done himself no favours there at all, and his defense attorney is going to have the fun task of trying to prove that.

The clauses aren't as strict. The criteria's merely intent to induce fear/distress.

> whoever (2) with the intent to kill, injure, harass, intimidate[...] or intimidate another person[...] in a course of conduct that—

> (A) places that person in reasonable fear of the death of or serious bodily injury to a person described in clause (i), (ii), or (iii) of paragraph (1)(A); or

> (B) causes, attempts to cause, or would be reasonably expected to cause substantial emotional distress to a person described in clause (i), (ii), or (iii) of paragraph (1)(A),

> shall be punished as provided... [0]

[0] https://www.law.cornell.edu/uscode/text/18/2261A

What the statute says[1] is "the intent to kill, injure, harass, intimidate, OR place under surveillance with intent to kill, injure, harass, or intimidate another person."

The affidavit in the complaint does say "AND" but maybe that's just a calculated legal ploy, where they can still fall back on the "OR" of the actual statute?

1: https://www.law.cornell.edu/uscode/text/18/2261A

Status epileptics can definitely be fatal. Epileptics are at serious risk of death from seizures or seizure-related injury so I would not be so dismissive of the risk.

See page 7 of the affadavit. The perpetrator sent a series of direct messages to another Twitter user stating:

> I hope this sends him into a seizure

> Spammed this at [Mr. Eichenwald] let's see if he dies

> I know he has epilepsy

So, the intent to harm and/or kill is pretty damn clear.

An 8 minute seizure is really, really bad. That was probably very close to fatal.

Agreed. This appears to be the ordinary process.

Can anyone point out what might be of interest here.

The only thing I can point to us this is one of the few cases where some piece of atrocious online harassment actually ended up with someone being held accountable in anyway. There have been plenty of cases of death threats and bomb threats and other such things that didn't seem to trigger any kind of real response.

They typically don't qualify as criminal threats in those cases. The FBI does investigate quite a few of these and I've seen more than a few from FOIAs that don't result in arrests because they fall short of being criminal. I'm still surprised at just how often nothing is done about swatting.

I find this case interesting. While it's far beyond acceptable or fair play even in good fun and trolling to do something like sending someone who suffers from epilepsy a gif known to trigger a seizure, it's being classed as stalking in this case. I'm curious to see the evidence and what precedent this sets, because it seems like a stretch to call it stalking from what I understand of this case, which is admittedly not too much.

A good side effect of this is that hopefully it prompts companies to provide better protections against this, because it's rather unique in terms of medical conditions interacting with technology and has a lot of potential to cause harm.

Isn't it way easier now to find harassers on Twitter because Twitter made a telephone number linked to the account mandatory in some (all?) cases?

Good point.

Maybe there are many other cases but they go under- / un-reported?

I think it serves as a good reminder that it's quite easy for law enforcement to access anything that you have stored in your cloud accounts. We tend to get casual and think of these as our personal backup pods that can't be accessed without our knowledge.

It's good to remember that Google holds the keys and that they are used according to legal procedure (as in this case), and at times, according to Google's fancy (as in PRISM and I'm sure many incidents of unauthorized employee spying).

Pay attention to what you upload, and pay attention to what you're using. It's very easy to cross-contaminate or leak information, and these things can have a very long tail. "The internet never forgets".

Dread Pirate Roberts aka Ross Ulbrecht was eventually tracked down because early on in the Silk Road's lifecycle, he made a post on a btc talk account linked to his personal email account asking if "[anyone had heard about this new marketplace called Silk Road]". Since that was the first mention found online, agents began to investigate Ulbrecht.

It may seem obvious in hindsight, but that was a single long-forgotten post made years before anyone had an inkling of what Silk Road would become. Strict opsec is very important.

It was interesting to me because of how ordinary it was. I just assumed the user would be doing this from a regular computer, and that the police tracked down the IP. Not that the suspected troll would be dumb enough to use his own phone number to register for Twitter. And be someone who is "Clever" enough to use a pre-paid account but then dumb enough to sync data to iCloud. But I guess it's easy to erroneously conflate Apple's device security with iCloud security.

>But I guess it's easy to erroneously conflate Apple's device security with iCloud security.

You might be overthinking it. I get the feeling that many people think of "online" as some sort of magical place where they are shielded from the consequences of their own behavior.

These are common mistakes of cyber criminals. Usually people get caught because they miss a point of data leaking. A commom one is people using a VPN and then accidentally opening their browser that's still logged into Google...All of a sudden that IP is now linked to you personally. If you're going to commit crimes online keep everything separated and use a VM or better yet a different device altogether.

It doesn't have to be something unusual or extraordinary to be interesting. Personally I found it pretty interesting simply to see how the wheels of justice turn, just like I used to watch detective shows when I was a kid.

One odd little thing that caught my eye: the way they used archive.org to establish some history of the victim's Wikipedia page. I would have expected that they would have used Wikipedia's own edit history for that. It made me wonder if the FBI agent just didn't know about the Wikipedia edit history, or if they thought archive.org was a more reliable source.

Page 11-12,

Weird how he takes screenshots of random shit like his research on how to trigger epilepsy.

Who researches shit and takes screenshots?

My SO is a specialist nurse. She takes screenshots of everything under the sun. She finds it easier to quickly look up screenshots than load a bookmark or even find her own research notes. When I asked about it, she said all the other nurses and doctors do it too and that's where she picked it up.

Yeah, makes sense. Bookmark == pointer to bytes, Screenshot == bytes. If the bytes could save someone's life (or N doctor visits, or even 5 saved minutes), quite worthwhile to keep a copy.

Same principal as pinboard.in's archiving, except comes stock on nearly every phone.

Printing to PDF on google drive is my equivalent.

Useful when arriving in foreign countries where you don't have internet setup - download them all first and have names of destinations, maps, tickets and bookings - especially good in Asian where a taxi driver may not read or speak English.

Interesting, though, because screenshots aren't searchable.

Indeed, but not surprising when `O(n)` beats `Maybe<?>`.

I do! It's the easiest way to make a durable copy. True, it's not indexable, but that can be sufficiently overcome by manually categorizing screenshots once they're made, and they don't depend on the source remaining available, or having cellular data available when I need to refer to them, or whatever. As long as my phone is charged, they're usable.

(It looks like iOS 10, to which I've just updated, supports print to PDF in the same style as OS X. So maybe I'll be leaning less heavily on the screengrab method in future.)

It's an easy way to send information to others. Maybe he was brainstorming ways to attack the victim with others and sent them screenshots of his research?

People who use the internet mostly through phones.

On the bottom right of this page, a link entitled "Related Article" takes you to a US Department of Justice Press Release [0], although it doesn't really say anything new other than that the guy was arrested and had an initial court appearance last Friday.

[0]: https://www.justice.gov/opa/pr/maryland-man-arrested-cyberst...

I'm wondering if they asked AT&T if the IMEI was ever used on any other phone numbers/sims. its possibly he always used the tracfone sim, but I'd guess that its highly likely he might have used it with others a well that might have tied to his identity. perhaps its too broad a request?

Is there some extension or piece of software that could potentially detect this kind of thing and mute it? Like download gifs, look through the frames and calculate some kind of score and if it hits a threshold, auto-pause the gif?

Anyone have a link to the GIF?

If I remember correctly, this was the one: https://img.4plebs.org/boards/pol/image/1482/29/148229548198... (beware, it blinks ;P)

YIKES, that's using like the minimum frame delay!

[Unsafe] Here's a mirror in case it goes down: http://i.imgur.com/Qi6tSit.gif

[Safe] And here are the two frames extracted to two separate images. Anyone with epilepsy should be able to view this without issues. http://imgur.com/a/kQTQc

It won't blink as fast when played in the Twitter website or app. Twitter automatically converts it to a video when you post it, and there's a bit of a delay between every loop when you loop a video, as compared to a GIF.

After I received some assistance with testing (someone created a new account to test with, but then the account mysteriously disappeared - not sure what happened), I can definitely agree that videos (webms/mp4s) have a notable limp: https://drive.google.com/open?id=0B0l5ewAKDn5aNV9OS0x6QWw4VD... (this was the easiest way to share it)

I tried recording the GIF but that was too much for the GPU in my ThinkPad :P suffice to say that it's about ten times faster (and that playing the GIF in `animate' is even faster than that)

Ah, right, good point. (It's mildly amusing that the affidavit went to such lengths to describe GIFs, when nowadays it's really a webm or mp4.)

It seems that either twitter has vacuumed up any copies of the gif from their website, or google reverse image search has removed all/has no indexed copies of it on site:twitter.com. (I don't exactly want to upload the gif to twitter to test it...)


Twitter gave the police information about the phone number which registered the account that sent the seizure-triggering gif

AT&T gave the police information that is was a Tracfone prepaid account with an associated toll record that was an iphone

Apple gave them access to his cloud account which had all the incriminating details needed including email / picture of him with his drivers license and data about the victim

It should be noted that in the document, Twitter and Apple were provided search warrants whereas AT&T received a "request."

The guy was charged with "aggravated assault w/ deadly weapon": https://twitter.com/Lauren_Southern/status/84421405863522304...


Personal attacks will get your account banned from Hacker News. Please don't do this again, regardless of how wrong someone is or how bad some comments are.

We detached this comment from https://news.ycombinator.com/item?id=13920864 and marked it off-topic.

What happens if some 10 year old in say Russia, for example (lol), used Bitcoin he made from a few minutes of mining in the very early days of Bitcoin, to purchase a black hat SEO campaign, spamming social networks like Twitter, Tumblr, and Reddit with a click-baity title and purchased upvotes/likes/retweets, spreading a gif like this across US social networks. Would our law enforcement convince, or manually penetrate the networks of the black hat SEO service spending possibly millions of dollars to maybe track down this 10 year old, to find out they have no jurisdiction over him? What if someone had an unsecured hotspot on their phone and local LE accused the person who owned the phone of this?

Are local LE's capable of deciphering the possibly extremely technical misdirections one could easily employ? What if someone reads WikiLeaks, and used one of the exposed zero day exploits to frame a mobile phone user of this. What if someone's friend knows their WiFi password and does the same thing, spoofing the owners Mac address?

What prevents a 10 year old kid from sending anyone they dislike to court for who knows how long, requiring them to amass legal fees to defend themselves. What happens if one of the enormous number of people who have RAT's from malware on their computer from being set up in this manner?

What if someone creates their own image hosting server, and they swap all the images hosted, out for this gif? What happens if someone hacks said img hoster and does the same? What if it is a massive free, fast image hoster, and they are hacked and this happens? If the precident dictates that this could potentially kill people, what standards of security should image hosters be held to? Should they be required to pay for the same annual audits companies who handle credit card info do? Or should they be held to the standards of government contractors? Seems like they are effectively claiming the security of image hosters is an order of magnitude more vital than any other company. What if a kid uses the WikiLeaks zerodays which were purposely not exposed by the CIA, provided the entry for this 'prankster'? Can any potential victims sue the government.

Since we've established that feelings matter, how is a gif like this different then offending someone to an absurd degree? I've seen several articles from multiple news sources from different countries, detailing the enforcement of hate speech crimes; for example, Western countries making it illegal to speak out against islam? Are offenses of those nature subject to similar accountibility? Are law enforcement agencies equipped well enough to be certain that no misdirection or projection of the actions onto another was utilized?

Obviously one could go on for eternity like this. Making it simple for anyone with Google to lock someone up who they dislike. Seems to me that a person who is susceptible to these triggers, should find a solution on their end to somehow inhibit the effectiveness of such weapons. If all jurisdictions were to take this seriously, whether it's a 'meme' charge or attempted murder, one could backlog an entire countries legal system for years for a small sum of money. Tbh, this is the dumbest thing I've ever heard of, and the few comments I read, are equally ignorant.

What if, the defendant in op's story denies the accusations. What if his friend did it from his phone while he was sleeping, and never told a soul? Good luck using the internet, everyone. Hide your kids, hide your wife.

We detached this subthread from https://news.ycombinator.com/item?id=13919250 and marked it off-topic.

It does not appear that anything you wrote in that wall of text has any application to the case in the linked article.

Convicting a person who allegedly posted an image on the internet, with intent to trigger a sizeure in another, sets the precident for every means of distribution of a similar image that I listed off to be treated as attempted murder or whatever charges come of this. Name one thing in my wall of text that is not an implication of this story; Unless you are implying this article is on hackernews, only to foster discussion of the technical aspects of a subpoena of personal information?

> Convicting a person who allegedly posted an image on the internet, with intent to trigger a sizeure in another, sets the precident for every means of distribution of a similar image that I listed off to be treated as attempted murder or whatever charges come of this.

You are apparently unfamiliar with the concept of 'intent' in criminal law. This was a message targeted at an individual with specific intent to cause seizures. All your hypotheticals have no basis in fact.

> Name one thing in my wall of text that is not an implication of this story;

Every one of them?

> Unless you are implying this article is on hackernews, only to foster discussion of the technical aspects of a subpoena of personal information?

No, it is on HN because enough people found it interesting to warrant discussion of this actual case. Fantasy need not enter the discussion unless it bears some connection to reality, making stuff up out of whole cloth is not going to further the discussion in a meaningful way, no matter how long you make your walls of text.


> Proving intent in most cases, is extremely costly and difficult. Are you familiar with the concept of 'precedent' in criminal law?

I don't know about "most cases", but in this particular case it's fairly easy since the weapon came attached with a note saying essentially 'I am hoping this kills you, buh bye'.

> 10 year old

> mining in the very early days of Bitcoin

So junior was mining at what, age 3? Smart kid.

If I were 10 years old and I had Bitcoins to spend, I sure as hell wouldn't use them "to purchase a black hat SEO campaign". What 10 year old kid would?

A 10 year old these days would probably by a few years worth of Minecraft server hosting.

This is a long rant of "what if's" that aren't relevant since the details are known.

The "what if the guy didn't do it" is what the justice system is for, attorneys and investigators sort it out.

Sadly that's not how the justice system usually works. Investigators put together worst case scenario and find some facts that support their hypothesis (this document). Like everyone else he will settle and probably spend a few months in jail and pick up garbage on the freeway for 6 months, whether he did it or not. It's usually not worth the risk of losing in court

That much I'm fully aware, it's up to the defense basically even if the accused can't afford a good one. I believe the system should focus more on justice rather than convictions, but that's a whole different matter.

I am implying that this is rediculous, and that spending any significant resources to pursue this should be criminal. I'm saying that unless they have a confession from the defendant that he was trying to kill this guy, or his diary dictating that, which they should include in the story were that the case, then this is just stupid. The presidence this case might set forth is terrifying. It provides a never before seen limitless weaponization of the justice system, which will be abused by those without morals, those who have a lot to lose, and those with more $ to attack anyone they like. Any halfway smart kid can use this image attack with zero risk of being caught, so clearly the safety mechanisms and protections need to be on the victims end.

> I'm saying that unless they have a confession from the defendant that he was trying to kill this guy, or his diary dictating that, which they should include in the story were that the case, then this is just stupid.

You must have missed the bit in the article where the defendant actually indicated he did just that, and in writing no less.


> So the reason this article is on hackernews, is because some kid said he wanted to hurt someone else?

No, it's because he actually did.

> I'm saying that unless they have a confession from the defendant that he was trying to kill this guy, or his diary dictating that, which they should include in the story were that the case, then this is just stupid.

If that was the standard for a criminal prosecution, we'd rarely convict anyone.

> The presidence this case might set forth is terrifying. It provides a never before seen limitless weaponization of the justice system, which will be abused by those without morals, those who have a lot to lose, and those with more $ to attack anyone they like.

The fact that assault is a crime has been established many, many years ago.

Every response is karma suicide, however, I am obviously referring to this exact specific case.. One would traditionally assume that posting a gif is not a crime, no matter the gif (with a few exceptions in the law such as certain types of pornography), in THIS case, the person I am responding to claims it is a crime because of the intent. And the precedent I am discussing is apparently whether or not posting a 'gif' image is assault, regardless of intent, which you are implying this case would claim. Please see my other comment, the one(and the paragraph) talking about 'kittens'. Explain to me the difference between this specific case and that one? How about those gifs which tell you to stare at the optical illusion, and after an arbitrary amount of time, show a terrifying skeleton. Is it a crime to post that without sufficient warning?(assuming it hurts someone psychologically - please apply this assumption to all of the following hypotheticals) Those would never 'go viral' if they contained warnings, obviously, and could be extremely and permanently damaging to certain people with relevant psychological conditions. If it isn't a crime to share those images, is it a crime to post them on an anxiety subreddit? If not, is it a crime to post them on an anxiety subreddit, with intention to trigger panic attacks, or similar, in their users? Is it a crime to email those to a person who enjoys optical illusions, has severe panic disorder and ptsd, and several heart conditions? how about with the intent to kill them? Does intent dictate criminality here? If not, what makes it criminal? Number of people affected by a given condition? Please continue down-voting each of my replies(so I am discouraged from proving my argument) and assume whatever titles are associated with that sort of behavior. Edit: Also worth noting that getting convicted is mostly irrelevant to my argument. I am trying to bring attention to the burden this sort of thing could put on a legal system, especially if it was 'weaponized,' as well as the burden of legal fees, time, and negative publicity, false claims like these would have on the defendant.

It looks to me like you're being downvoted because you're overposting and your comments are impossible to make sense of. Please stop.

Criminal intent is one of the most important parts of law. If there is no criminal intent in many cases there is no crime.

If you want to have a discussion, take some time to clearly articulate your arguments because it's hard to read. I think that's what's getting voted down, not necessarily that everyone disagrees with you.

> Does intent dictate criminality here?


> Is it a crime to email those to a person who enjoys optical illusions, has severe panic disorder and ptsd, and several heart conditions?

Maybe, it depends. In any case if your intent was pure but you're just stupid the case brought against you in the event of a mishap would be one of negligence.


Not sure if you're aware of this, but punishments are meted differently to 10-year-olds compared to adults. The suspect in this case was a 29-year-old man. And "most young kids are probably afraid of guns" sounds like something said by someone who didn't grow up in a rural state.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact