Hacker News new | past | comments | ask | show | jobs | submit login
Australian police sting brings down paedophile forum on dark web (theguardian.com)
142 points by kristofferR on Oct 7, 2017 | hide | past | web | favorite | 108 comments

People should really read VGs special, which covers things like:

* How VG found the IP of the Tor Hidden Server, and discovered that it was being run by Australian police.

* Why Australian police got to run the site, despite having no direct connection to it, due to how their laws allow the police to act in ways that are criminal elsewhere (basically digital black sites).

* How the forum had a policy that all posts from the admin had to include rape images, as an attempt at preventing police from honeypoting the site.

* The ethics of the police running a CP forum, including police posting CP themselves.


I like how discrete VG appears to be, and still asking the right questions (at least in the English version [1]).

Two disturbing things other than the obvious ones such as people abusing children. First,

> While the young Canadian unsuccessfully tried to find help to control the desires he felt, the American kept them shut inside. He was afraid any doctor, psychologist or counsellor he consulted would have to report him if he admitted being sexually attracted to children.

I often feel as if, like with drug users, treating paedophilia not as inherent thoughtcrime but as something someone needs help with, could help prevent a lot of abuse. I don't know what I'd do if there was such a taboo on adult men being attracted to adult women.

The second is the state of anarchy we're in at a global level, with law enforcement, criminals, governments and large multinational companies simply being able to go there where the law is most conducive to whatever they want to do, effectively as if there is no law at all.

Both things for which I don't really know how they could be fixed, but which have me concerned nonetheless.

[1] https://www.vg.no/spesial/2017/undercover-darkweb/?lang=en

>He found one weakness: By asking the server the right question, it would reveal his own IP address .

>The question was asked and the server replied. It was located in Sydney, owned by the server Digital Pacific.

What the hell does that even mean? It almost sounds like they were doing packet sniffing and looking at the IP addresses of where the packets came from. Any non-tor exit node IPs could be the server's IP. Similar strategy was used against Silk Road.

It is this bug: https://www.owasp.org/index.php/Server_Side_Request_Forgery

Except that with tor, hitting ANY external IP from the "real" IP of your hosting box is bad news (since your service is no longer hidden).

This is a rookie mistake for an operator running a hidden service. What you are supposed to do is a) ensure you are not running crappy software and more importantly b) ensure that your server/container/service (preferably) has no network egress or (if you need that) that egress is transparently proxied at the network level through something suitably anonymous. Whatever scheme you choose should be robust against an attacker who compromises your hidden service any any way, up to having root on the host or vm. This usually means that if you are trying to run a hidden service on a single physical machine, you want multiple VMs or containers, and you really want there to be no guest-to-host escapes. There are multiple ways of skinning that cat but VMs are nicer than containers or jails because you can have actually different network stacks.

The officer's methodology for determining whether the requesting IP was really that of the hidden service was quite sound from a forensics point of view and in fact did not require any "special" network access over and above that which a normal citizen would have.

Two things spring to mind: a debug message that spat out the IP it was listening on, or just scanning the internet and sending every server a Host header that's the Tor hostname. Sounds more like the former though.

They have a more technical description of the process further down in the article, in the grey box:

"IP addresses and physical server locations are inherently difficult to find on the Tor network. So how did VG’s computer expert get the forum to disclose this information?

1. Profile picture upload

The forum allowed users to upload a profile picture. This picture could also be fetched from a user-supplied URL.

2. The leak

This is where the information leak occurs. Configured for optimal security, the forum’s software and/or server would fetch the remote profile picture via Tor. Childs Play did not – all traffic to external sites originated from the server’s real IP.

3. The IP address is exposed

By telling the forum to fetch a picture from a server Stangvik controlled, he could see in his server logs that the originating IP was with a hosting provider in Sydney – Digital Pacific. Stangvik went on to confirm that outgoing DNS requests originated from the same provider, and that the forum’s software also loaded images included in forum post previews from the same IP.

4. A proxy, VPN or Tor Exit?

The next question was whether the IP belonged to a Tor Exit Node, a VPN or a proxy server. An IP can hide just about anything. How could he confirm that this was the forum’s location, rather than just a node in a chain of redirects? Stangvik applied three improvised techniques:

5. Timing between the servers

He rented a virtual server with Digital Pacific – the same place as where the suspected IP was located. He then updated the profile picture URL to point to this server. Upon receiving an incoming profile picture request, Stangvik’s server would respond with a redirect to another URL on the same virtual server. Repeating this redirection process several time, Stangvik was able to isolate and measure the roundtrip-time between the two servers. The measurements yielded very low times, consistent with a forum server in close vicinity of his rented server.

6. Measuring intermediate nodes

Stangvik also paid attention to so-called «Time To Live» values on the incoming data packets. These provide some insight into how many intermediate parties are involved from the sender to the recipient. In this case, the values indicated that there were at most one intermediate – a typical result if the servers were located in the same room.

7. Measuring packet size

The final test started to get advanced: Measuring MTU (Maximum Transmission Unit) and packet fragmentation. Each packet in a computer network has a maximum transmission size, based on which intermediates it passes through. Each encapsulating technology, such as VPNs, can result in the total packet size increasing beyond the maximum size, and local networks usually have larger maximum sizes than the “tubes” found on the internet. If the maximum size is surpassed, the packet will be broken into multiple fragments.

By crafting long profile picture URLs, and setting specific packet flags, in the redirects returned by his custom web server software, he could see that the MTU was consistent with that of high-speed local area network traffic, and also ruled out VPN configurations."

Step 4-7 shows the difference between a person who want to block something (ISP blacklists, national firewalls, ectra) vs actually identifying whom is running a server. The questions of end point, a proxy, VPN or Tor Exit should be the minimal standard for IT related investigations. It saves both innocent bystanders and resources, and is also effective in catching the intended suspect.

This is why any server you want hidden should be behind something like whonix where no process running on the server should know the IP.

No, it should be configured to use a purpose-made device that tunnels all traffic over Tor as gateway.

Yes, because running the server in your garage or getting a colocation deal for a special purpose-made device is certainly more secure.

>where no process running on the server should know the IP.

that's not the issue though. Even if the server was behind NAT (and thus only knows its internal IP), it could still find out its real external ip by sending packets to some other machine on the internet and checking what the "from" address was from. preventing this leak can only be done by having a strict routing table and/or outbound firewall. having VMs/containers 7 layers deep wouldn't help if the packets could freely reach the internet unproxied.

if it was behind whonix, all outside traffic would be routed through tor. One of its selling points is that malware running on the VM as root cannot get the real IP (without additional exploits).

Whonix is great but the fact you need two servers and how the set up is more involved than just installing Tor and setting up a Hidden Service are the most common reasons why most takes the easy but less secure route.

Whonix is amazing. I recommend it to anyone who is serious about avoiding even sending a single packet over the clearnet.

Even doing it on a single server is more secure than whatever these guys had. You can only be found if there's an actual exploit in the VM or tor or something, webserver bugs don't pwn you alone.

Damn. If only those child pornographers knew this tip.

If I were going to do something so very illegal, I'd research the hell out of it. If I were going to run something like this, I'd pretty much want to be an expert on the architecture and software stack.

I'd be asking hundreds of questions, taking courses, and using as many layers as would be reasonable to hide even my efforts at learning. I'd probably be obsessed with security, more so than I am now. Much more so, in fact.

And then you'd likely be in a select group of people who could be investigated individually. OPSEC is hard in most circumstances, but it's very hard if you're trying to be an expert on one topic in a short period of time.

Yeah, I'd even have to make a point to hide my learning. Only a specific subset of people would be asking how best to allow uploads while ensuring the IP address was masked via Tor. Added with other questions, it'd put me into a pretty narrow group, so even gathering information would need to be masked.

Fortunately, I don't actually want to do anything illegal. That will make it easier. I do kind of want to learn how to set up a hidden service, but just to satisfy my curiosity.

The original silk road fell because of an opsec failure in a post on stackoverflow...

A few weeks ago, and prompted by an HN post, I considered writing about the possibilities if ML as applied to large aggregate datum and with criminal investigation as the motivation.

With all the public posts, writing style analytics, and use of a common moniker across services, it seems that it may be possible to do just that on a large scale. It seems that it could be made trivial to narrow down lists of suspects by crunching large data sets that contain stuff like SO questions, AC posts on Slashdot, or responses on HN.

After all, how many people are actively seeking to secure a message board as a hidden service and doing so at that time? I sort of envision it as having some commonality with the timing attacks already in use to deanonymize Tor users.

Subject A asked about securing IP addresses for uploads and Sevice A got this feature two weeks later. Subject C asked about this security aspect and Service A has that concern. Subject Q asked about using this forum software and requested this modification. Service A uses that software, etc...

So, maybe Subjects A, C, and Q are all the same people.

While it doesn't prove much, it does potentially aid in narrowing down the list of suspects. Coupled with other bits of information, it may narrow the list down significantly.

That and there are huge sets of data out there. Processing that intelligently, and rapidly, could really change the way investigations are done.

That's what XKEYSCORE does, pretty much. The NSA has spent a lot of time working on these sorts of techniques.

No it doesn't - or at least there is no claim I've seen that this is part of XKEYSCORE. It's not mentioned on the Wikipedia page either[1].

However this is an active areas of research in both classified and (presumably) non-classified areas. See for example this search: https://scholar.google.com.au/scholar?q=related:KbJLbpaKfCkJ...

[1] https://en.wikipedia.org/wiki/XKeyscore

Right, the NSA has a bunch of anti-Tor tools that usually are called QUANTUM-whatever. However, correlation of people across different networks is something that XKEYSCORE does. There's also the writing deanonymisation tools that you mention (but there's Anonymouth[1] which could help).

My original point was that OPSEC is hard if you're trying to be a topic expert in a short period of time. You don't need NSA tools to attack someone in that situation.

[1]: https://github.com/psal/anonymouth

In particular, this part:

> It seems that it could be made trivial to narrow down lists of suspects by crunching large data sets that contain stuff like SO questions, AC posts on Slashdot, or responses on HN.

Is what XKEYSCORE does (or at least, it's the interface you use to query the above data sets which are collected as part of PRISM and the other programs).

I've said it before, I'll say it again. Comments like that are why I like HN. I see there is some long reads associated with this subject.

Once again, HN has sent me off into a subject I'd not have found on my own. That's why I like HN as much as I do.

I feel like eventually some combination of factors would nail anyone against that level of effort and access. It would be interesting if there were a platform for people to compete on how long they can keep their servers up without being compromised.

I've forgotten the link, but there was a detailed story some years ago of a child pornography network where all the participants avoided identification in a long, joint investigation by the international crimes unit of the Five Eyes states.

I think it might have been a Defcon or Black Hat talk on ways of communicating anonymously. They certainly didn't use a web forum, it was more along the lines of posting encrypted messages to Usenet that were widely distributed and could only be decrypted by the recipient.

This was taken as evidence that perfect operational security is possible even against nation-state actors committing a large (but not indefinite) amount of resources.

Thanks, this is the one I was thinking of. Couldn't remember his obscure nickname. I remembered the capture rate in the child pornography group wrong, but the point stands :)

Having read that, I almost wish I were doing something illegal so that I could enjoy such a cat and mouse game.

Maybe there should be some sort of informal game, perhaps played with the major law enforcement agencies, with the goal being to avoid identification. It could be justified by asserting that it would aid in training investigation techniques.

It needn't hand over monetary prizes, just admission of success. Maybe it could trade pictures of cats?

But the whole point of being a criminal is to get a lot of money for not much effort. If you have to put that much work into it, you may as well get a job.

I'm assuming pedophilia isn't profit motivated. I don't really know that, but it seems a good assumption. I'm also not even sure where to begin researching that.

That's actually discussed in the VG article - that in pedophilia circles the "currency" is images and videos with much less money changing hands, which makes "follow the money" quite a bit harder.

I am not keen on learning the ropes, but I understand that it is driven by a barter culture and that there are financial exchanges made but that a lot is simply traded.

The illicit nature is probably one of the attractions. My understanding is that people become 'addicted' to it and strive to amass large collections. Few offenders have just a couple of images and videos but, instead, have vast collections. This is more so than is seen with legal pornographic material and possibly has something to do with the rarity and difficulty of access as well as inconsistency of access.

Disclosure: I used to date a lady who studied and worked with sex offenders. However, we seldom discussed her research and never her individual patients. So, I'm largely speculating with just a hint of regurgitating expert information.

So, with that said, it is largely still a fairly taboo subject of study. I guess there are many misconceptions and misunderstandings, even at the academic level. An example might be that sex offenders have a low rate of recidivism, even lower if narrowed to new sex offenses. On the other hand, they often have many victims prior to their first interaction with the justice system. Most victimization isn't done by strangers and involves grooming by a person close to the victim. That sort of stuff.

I don't have a solution, by the way. There has been some serious discussion of allowing current examples of confiscated CP to be used by those who are predisposed to such, but that goes over about as well as a lead balloon. It also doesn't solve the issue where they seem to want more and new material. Maybe CGI will be the answer? I'm just not sure that society will find that acceptable.

It isn't easy to have a conversation about it. She would very seldom disclose her work with the people she knew and had received death threats and had some instances of vandalism. Her work with offenders negatively impacted her social life.

So, we on HN might discuss it and try to remove our biases and be objective, but we are a rarity and previous threads might indicate that not everyone is willing to do so.

Sorry for the novella and meandering nature of my post. I'm not the greatest wordsmith.

The purpose of addressing the security fault in operational security is partial to retain trust trust in the tools used, and understanding the limitation of them. We don't want to read a news article that said "If only those journalist knew".

You'd think that with a story that big they'd provide an English version. Too bad.

They do. It's just impossible to find since they prefer showing 1080p of some empty US road instead of checking browser headers. But here it is:


(The icon was in the top right, some 20p image!)

Now I see the english version. I read it with google translate.

Bloody hell that was a difficult read.

Worth mentioning, these support groups. Because not all men are rapists and neither are all pedophiles.

Virtuous Pedophiles (for those who never raped) virped.org

Community support for offenders after prison (Australia): http://www.smh.com.au/national/pedophile-support-programs-ch...

Opsec breaches here: (from https://www.vg.no/spesial/2017/undercover-darkweb/, linked in this thread)

1. not firewalling the server so all traffic goes through Tor

2. registering a bitcoin wallet with a private email address

3. asking a coding question using their own identity (Ross Ulbricht, anyone?)

Maybe it would be a good idea if some western states have access to a kind of backdoor into Tor/I2P/Freenet/etc. How many pedo/drug/etc. illegal sites are still there and will be there in the future where the owners know proper opsec. I get the point that journalists/political dissidents want some anonymous communication channel, but do we have to tolerate shit like this? Maybe tor without the hidden services would be morally less contemptible?

I suppose its likely that the NSA controls/monitors a sufficient amount of tor nodes to make this already be the case anyhow.

"Maybe it would be a good idea if some western states have access to a kind of backdoor into Tor/I2P/Freenet/etc."

How will we ensure that only the Western States that are supposed to use the backdoor will be able to, and that e.g. the governments of Russia, China, or Iran will not have access? Remember that Tor was created by the US government for the purpose of evading surveillance and national firewalls, and that many countries would like to have access to that backdoor for less acceptable purposes.

"I get the point that journalists/political dissidents want some anonymous communication channel, but do we have to tolerate shit like this?"

Tor is not really the issue here. Pedophiles do not really depend on Tor as much as you might think. Pedophiles are known to use the postal system to send and receive encrypted DVDs. They are known to operate legitimate websites as "fronts" for pedophile forums (not hidden services). They have used Usenet, IRC, FTP, and BBSes. They use sneakernet.

Child molesters often go undetected for years, despite not using the Internet at all. Child molesters rely less on systems meant to evade mass surveillance than on the fact that we do not live in an Orwellian world of total and pervasive surveillance. I think we would all agree that the priority is to arrest people who abuse children; yet that is a crime that occurs offline, is not in any way aided by Tor, and still remains hard for the police to detect and stop.

It is easy to fall into the trap of thinking that were it not for Tor, the police would have an easy time catching pedophiles or that child sex abuse imagery would stop being produced.

There’s this thing called the slippery slope. The reason backdoors are bad is because: once one government shows they can get a backdoor, every other government will want one. The FBI wanted a backdoor for iPhones while completely disregarding the fact that if Apple added one, what’s to stop China from demanding one, too?

There is a back door to every Iphone. Just ask around Boston.

Apple being an US company?

Doesn't count if they sell stuff in China. Chinese iPhones will have a Chinese backdoor, US iPhones will have a US back door.

And since it's easier to program one backdoor to rule them all, we may even have all iPhones be accessible from both US and China…

To maintain their cover, undercover detectives were posting and sharing abuse material on Childs Play. For over a year.

Who would authorize this...once again, it's a whole freakign year? I understand seizing a site and "seeing" who log in for a while but police actively posting child pron? Why not have undercover ATF agents kill people to prove their no undercover?

In the future, I hope we can use existing AI to create fake child porn images so these brave officers wouldn’t have to feed these motherfucking-sickshitbag-fuckers real child porns (although the police stated the pictures they used already exist else where).

Bravo to all the people crackingndown in human trafficking and protecting children from harms

I hope they got signed releases from the grown up victims whose non-consensual images were being posted. If not, then they are increasing the harm. If an a adult who valued privacy had a sex video stolen and then distributed by the police they would be livid. For it to happen to someone who was abused as a child is unconscionable. From that perspective artificial might be preferable.

Out of interest, in what way is harm increased? Does the same harm occur in cases in which the image is only being viewed?

This is like some sort of awful Black Mirror episode. What if we could generate infinite "new" content without harming another human to do so?

I say do it. I'm already ok with Loli Hentai existing, although I find it revolting to look at. If artificial child porn indistinguishable from the real thing becomes available, it will devalue its production. Given the risks, it seems likely that much fewer children will be raped.

In Australia it would still be illegal, here's the link for NSW[1]. Maybe it should be reformed to match your idea. But there's a reason why the law is written to make things that are "implied to be" child abuse material to still be child abuse material.

[1]: http://www.austlii.edu.au/cgi-bin/viewdoc/au/legis/nsw/conso...

But what if it's artificial child porn that looks like your child? Do you really want to enable that?

Currently, in the USA it is clearly illegal to produce porn that resembles a real child, even if no child was exploited to produce it -- despite the fact that purely fictional (e.g., drawn) erotica featuring underage characters is still only of dubious legality. There are justifiable reasons for this.

It looks like it would be legal if it is distinguishable as being purely fictional, where what a reasonable person would believe is taken into account.

For those who do not want this type of search query to be in their history, have a link:


If my reading is correct, images that are fictional, and appear fictional to a reasonable person - inferred by me through a number of law courses and not directly stated in the link, are not illegal. Drawings should be fine. CGI, maybe, depending on how easily it is distinguished as being fictional.

The PROTECT Act specifically had provisions against even drawings of any kind, however those parts to my knowledge were ruled unconstitutional. On the other hand, there are various state laws against the material; I don't have a better source than Wikipedia at the moment, but:

>Currently, such depictions are in a legal grey area due to parts of the PROTECT Act being ruled unconstitutional on a federal level; however, laws regulating lolicon and shotacon differs between states; several states have laws that explicitly prohibit cartoon pornography and similar depictions (such as video games in the state of New Jersey), while others usually have only vague laws on such content; in some states, such as California, such depictions specifically do not fall under state child pornography laws,[70] while the state of Utah explicitly bans it.[71]

From: https://en.wikipedia.org/wiki/Legal_status_of_drawn_pornogra...

I'm not qualified to speculate how well those laws will stand up to a challenge as a 1st amendment issue. The SCOTUS tends to take a strong protective of the 1st view.

My inexpert opinion would be that those laws would be ruled unconstitutional, but my opinion is absolutely not an expert opinion. While I have taken numerous legal courses and have a decent familiarity with law, I am not a lawyer.

I will also add that not only am I not a lawyer, I'm not your lawyer and the above isn't legal advice. Consult a qualified legal representative, in the appropriate jurisdiction, if you need to.

That said, some areas have some pretty tough obscenity laws that are still on the books. When challenged as a free speech issue, they tend to fall - even though the law may still remain on the books and people still get prosecuted.

Florida has at least one such law and they have lost in front of the SCOTUS but still use the law. More recently, it was used to charge the folks who make the overtly degrading porn. They actor does stuff like write on then with lipstick, spit on them, etc... They used the law to charge them, though people have previously appealed that law to the higher courts and won their appeal.

I'm not actually sure how they get away with that?

>But what if it's artificial child porn that looks like your child?

I don't understand the problem. Let's assume that no real images are used as input to the artificial child image creation process. So what if it looks like your child? That is mere coincidence, and doesn't seem to me to be reason why it should be illegal to possess or produce.

>There are justifiable reasons for this.

Can you please elaborate on what these are, or where I can read about what they are? So far, the reasons I have been given and those that I have seen used for example in England when laws were being created (the CAJA 2009 law) have been poor reasons and unjustifiable restriction of freedom of expression in my view.

Then we use that to prevent children from being raped at no cost to civil liberties, or risk for the innocent.

And if anyone has a moral problem with that, because it feels wrong, well fuck them.

That would actually still be illegal in Australia (at least, in all the states I've checked). For NSW in particular the The Crimes Act (1900) s91fb[1] states that materials that "appears or are implied to be" child abuse material are legally defined to be child abuse material. The criterion is further expanded by saying that the judgement of whether something qualifies is by "the standards of morality, decency and propriety generally accepted by reasonable adults" (among other restrictions). Though, as this article proves, Australian police are particularly well-known for being allowed to break laws for the purposes of an investigation.

Given that loli isn't legal in Australia, I doubt that photorealistic artificial child pornography would fare better.

[1]: http://www.austlii.edu.au/cgi-bin/viewdoc/au/legis/nsw/conso...

This idea raises an interesting question - what if all child porn in the future was artificially generated. Would it be illegal to consume or share that material?

Probably. Child porn is illegal today because consumption incentivizes production of even more material. If you could somehow guarantee that production would only come from artificial sources then there would be no reason for it to be illegal, but making that guarantee in the real world is unrealistic. Once you create demand for artificial content then someone is going to try and slip the real thing in, bringing us back to square one. Artificial depictions of child porn are already illegal in many jurisdictions for that reason.

"Once you create demand for artificial content then someone is going to try and slip the real thing in, bringing us back to square one."

That is a slippery slope fallacy. Would you apply the same logic to legal pornography and say, "Well the actors are just too young, someone is going to try and slip in underage actors?" Or to non-visual descriptions e.g. Nobakov? At what point do you think the line should not be expanded?

"Artificial depictions of child porn are already illegal in many jurisdictions for that reason."

I think the reason is a lot less rational. In the 80s and 90s we had a widespread moral panic about child molesters that results in thousands of innocent people being thrown in jail. We still see remnants of that panic. I think we have shifted from a rational motivation for protecting children to a moral motivation to jail pedophiles. People do not want to have pedophiles in their communities and if a pedophile is able to avoid breaking the law people demand a broadening of the law. The idea that a pedophile could avoid prosecution by satisfying himself with cartoons instead of recordings of child abuse led to the law being broadened to ensure that the pedophile is punished.

While consumption may incentivize production, reducing supply does not affect demand.

Why would you assume that people slipping the "real thing" would be a problem? We watch violent movies for entertainment, and some will enjoy /r/WatchPeopleDie, but the latter will always be niche, and intentional production of such clips is still illegal. I do not see the benefit of outlawing artificial depictions.

> Child porn is illegal today because consumption incentivizes production of even more material.

Does it? Does that happen with other kinds of not-paid-for porn? More importantly, shoving the entire thing underground has got to make it harder to find the abusers creating these images. Which effect has a bigger impact?

> you could somehow guarantee that production would only come from artificial sources then there would be no reason for it to be illegal

Yet the majority of anime porn is illegal on the countries of the commonwealth even though they are not even close to looking realistic.

I think I read in the 90s that made-up child porn (such as drawings from imagination) had recently become illegal in the U.S. It doesn't seem like that could've survived a first-amendment challenge, but IANAL and I don't know what's the status now.

It would in the United States; the law here criminalizes possession of cartoon depictions of child sex abuse:


There have been prosecutions in the past:


Yes, it is controversial, as the original reasoning for banning child abuse imagery was to protect the children who are harmed by its production. This is the result of a shift in thinking: while the original idea was that we should protect children, today it is a matter of morality and pedophiles are considered morally deficient. As a result, even if a pedophile has never harmed a child, the common notion is that they are a danger to the community and that we can never be too careful.


"Visual depictions include photographs, videos, digital or computer generated images indistinguishable from an actual minor, and images created, adapted, or modified, but appear to depict an identifiable, actual minor. "

I am glad there are laws like that. Unfortunately, the hardware and software keeps improving. That means that someday a person sitting at home will be able to produce all the realistic child porn they want, and the police will have no way to detect it.

Even more interesting: would it be moral. It seems to me like it would be great if police wouldn't have to feed them, but they wouldn't even have to rape children to feed themselves.

But what if looking at AI-generated child porn inspires a pedophile to do something similar with a real child?


Please tell me you're joking, snakeanus. There is no way you could seriously be trying to make out paedo's as the victim here?

> I fail to see how arresting people for a thoughtcrime is heroic.

Thoughtcrime? No, viewing or possessing CP is an actual crime.

> How can someone who has never raped a child but just views CP on an online forum be a "motherfucking-sickshitbag-fucker"? Who was the victim of this person?

Quite obviously, the child/children in the pictures they're viewing.

> Why do you feel the need to insult people who haven't done anything wrong?

They have done something that isn't just illegal, but unquestionably morally reprehensible. How could that ever be considered 'not wrong'?

> How do you exactly "protect children from harms" by catching people that simply view CP?

What are you asking here? How do you protect children from paedophiles by arresting paedophiles?


Ok this is ridiculous, only on HN could we see child pornography being defended as a victimless crime.

First of all, no child should be exploited in that way. Period. Not up for debate. Whether or not they feel victimised at the time by what has happened to them is irrelevant. So by viewing or obtaining CP, one is supporting and proliferating that material.

> I will have to question that.

Question all you want, I don't think you'll find any other sane rational person who thinks watching videos of children being raped is totally fine.

> There is no victim nor is anybody harmed by possession nor viewing. Thus it is not wrong.

Here it is again 'CP isn't wrong'. Yes it is, I don't see how you can think it's not.

> Just like not every straight/homosexual person is a rapist, not every paedophile is a rapist.

Really? Every paedophile is a paedophile. It's not a kink, it's not a fetish, it's not a sexuality, it's a mental health problem and one that can potentially have horrific outcomes if the resultant behaviours are welcomed and encouraged.

I'm not responding any more after this, because frankly if you think being a paedophile is totally fine then you need to get help.

We've asked you before not to make things up about HN to score points in an argument. This one was absurd, and a nasty thing to say about a community you belong to.

You've broken the HN guidelines here by resorting to personal attack. You've been breaking them elsewhere too. Someone else being wrong doesn't give you license to break the rules and make this place even worse, so please read https://news.ycombinator.com/newsguidelines.html and clean up your act.

Apologies, dang.

This particular issue is just a bit of a sore spot for me because I have a friend and a family member who both suffered sexual abuse as young children. Doesn't excuse my comments though so again, sorry about that - I'll make more of an effort to be less abrasive and confrontational in future.

> We've asked you before not to make things up about HN to score points in an argument. This one was absurd, and a nasty thing to say about a community you belong to.

Hang on - people routinely defend creation, possession, and distribution of images of child sexual abuse on HN, especially composite images. I see it here far more often than on other forums.

> only on HN could we see child pornography being defended as a victimless crime.

No, not really. I have seen it being defended in multiple places over the years. Mostly places where there are many STEM people and can't bear the thought of certain numbers being illegal.

> First of all, no child should be exploited in that way. Period. Not up for debate.

Exploited in what way? Remember, even a 17 year old taking a picture to show it to his/hers gf/bf is considered CP in every country that I know of. Who is exploited in this case?

> Whether or not they feel victimised at the time by what has happened to them is irrelevant.

If they are a young child then I will agree. If they are a teen then no. I fail to see how this is relevant to the discussion however. We are not talking about the production of CP, we are talking about the consumption and distribution of it.

> So by viewing or obtaining CP, one is supporting and proliferating that material.

How did you deduce that from the previous sentence exactly? In any case, I fail to see how "by viewing or obtaining CP, one is supporting and proliferating that material".

> Here it is again 'CP isn't wrong'. Yes it is, I don't see how you can think it's not.

Viewing or distributing CP isn't wrong because nobody is harmed. I don't see how you can think that it is wrong.

> Every paedophile is a paedophile

Sure? Just like every straight person is straight. That being said not every paedophile is a rapist as neither is every straight person.

> it's a mental health problem

They said the same about homosexuality a while ago. Look what happened to Turing for example, a great mind put to death because he did things that even though they harmed nobody it offended some people in power who considered them gross.

> because frankly if you think being a paedophile is totally fine then you need to get help.

If you think that we should arrest people who have done no harm on another human being directly or indirectly then you are a monster and you should get help.

>Here it is again 'CP isn't wrong'. Yes it is, I don't see how you can think it's not.

You haven't defined any criteria for 'wrong'; the person you are replying to is taking issue with the fact that the harm principle (a commonly accepted ideal of what is 'wrong' in individualist society) does not apply to any given instance of viewing or possessing child pornography. You have to define your criteria for 'wrong' rather than simply assert it. By defining criteria, only then can you be refuted in any meaningful sense, rather than a rally of "it's wrong" and "no it isn't wrong".

So if you say that it is wrong, please back up your meta-ethical position.

>It's not a kink, it's not a fetish, it's not a sexuality

Pedophilia is a fetish; it may be other things too, but it is a fetish for children, this is even in the 'plain' sense of the word fetish, which is to concentrate on a particular aspect above all else. The pedophile, rather than fetishising say "normal" features like breath, fetishises extreme youth.

>being a paedophile is totally fine then you need to get help

Nowhere did the poster say this.

We've banned both your accounts in this thread. That kind of sockpuppetry is an obvious abuse.

Agreed with the crackdown, but not with the "brave" methods. Someone is getting paid to not only look but distribute this all day, everyday. We need to take measures to demolish government institutions that post and distribute this content under the guise of "law enforcement." I read far more articles about police-run sites and forums being shutdown than I read about wild sites being taken down.

This is no better than the "brave" arms smuggling operations of the ATF.

Sounds illegal.

Just to clarify - the police department didn't create the site from scratch. They busted the original owner of it, then took over the site 'as is' and ran it for a while longer to gather evidence of other users, then shut the whole thing down.

No different from cops everywhere knowing where a drug shipment is landing, then setting up a sting operation around that to see who comes along to collect, and then pouncing. (Rather than intercepting the drugs mid shipment or before it leaves).

That's not a fair comparison since in that scenario the police don't interact with any end user and are not distribution anything themselves.

This is more akin to a police going under cover and selling drugs on the street, hoping to get near the supplier.

...and in doing so, becoming the largest dealer... for a year.

In this case surely getting the producers is significantly outweighs being a dealer for a bit.

>The Argos commander, Insp Jon Rouse, said it had led to “significant rescues of children globally” and the arrest of “serious criminal child sex offenders”.

Yes, which is something a lot of advocates has been pushing for. Put the massive resource currently allocated at blocking and use it to go after the producers. The consumers, the technology, the platforms, all those are of limited interest when the real goal is to rescues of children and stopping sex offenders. With limited resources police should prioritize efforts where it has the biggest positive effect on people and not where it has the biggest political effect.

>In this case surely getting the producers is significantly outweighs being a dealer for a bit.

I agree. The producers were abusing children, lots of them. Running the site allowed the police to identify a lot of the producers, so they can be arrested and locked up.

For a year... the largest dealer. Imagine if the DEA secretly busted a whole cartel, and turned into the largest producer and exporter of cocaine for a year!!!

Completely different.

>Imagine if the DEA secretly busted a whole cartel, and turned into the largest producer

The police did not produce any material.

Trying to compare illegal drugs to child exploitation is absurd.

Unless you’re one of the kids in those pics I guess... then the harm is easier to see. Plus drugs almost only ever involve consenting adults!!!

If you read the article, you would know that it is in fact not illegal for police in Australia.

By the same token, other countries could try to extradite them under their laws, broken through the international, online distribution of CP.

They could, but the AFP is used by those other countries for exactly this reason. They have frighteningly broad latitude when it comes to breaking laws to achieve their goals. In this case, perhaps it was justified, but the VG article posted above raised some concerns with their methods that I agree with.

Should see what our intelligence agencies are allowed to do. Australia has rather weak protections for its populace, and rather strong laws allowing police and intelligence forces to do this. Despite some large controversies, the public doesn’t seem to really mind, which scares me. My state, QLD, literally became a police state in some ways, under Bjelke-Peterson. I don’t forget that, but often it feels like everyone around me does...

I think it's just apathy, politics is mostly a joke here in Australia.

We also don't have the same type of deep distrust of government that some other Western countries have - which is not to say that Australians love their governments, far from it, but we don't exactly have a strong anti-government streak. In many ways this is a good thing, but it does tend to mean we don't spend much time thinking about checks and balances.

No, I know it's not illegal when law enforcement does it. Very little is!

Actually were it to be done by police in the USA, Canada and many other countries it would be illegal even for law enforcement.

Yeah, it's illegal in the U.S. so they had AUS do it for 'em.

It's also illegal for them to murder people for no reason, but they get away with that pretty easily.

>legal protections allow police to post abuse material

It should be noted that Australia has a lot of history with this sort of legal protection. The reason for this is that Australia does not include its armed/police forces in its democratic institutions - i.e. the armed and police forces do not answer to the public, but rather to the sovereign (the Governor General, who answers to the Queen).

For example, its legal for Australia to commit war crimes as part of the Coalition - in fact, Australian armed forces are in the Coalition to "do the dirty work that other countries cannot do". Australian Forces can bomb innocents with relative impunity - relative to the scrutiny that the American forces must operate under, that is. Whenever America needs something dirty done, it comes knocking on the ADF door...

Give me sources, or I'll say you're just plain wrong.

Conduct that amounts to war crimes will amount to an offence either under the Defence Force Discipline Act or under civilian law - ADFIS and AFP do investigate this stuff, though admittedly they haven't had much luck recently with actually charging or convicting anyone, but the same can be said of any other country currently in Iraq. I'd find it hard to believe that Australia is any worse than the US, honestly.

(FWIW I'll allow that parliamentary scrutiny of the ADF is probably not as stringent as in the US Congress.)

In this case, the police are using their Controlled Operations authority that was originally granted to allow police to conduct drug importations as part of sting operations. Other jurisdictions do have some analogous laws, though potentially not with such broad scope.

Pop quiz: why doesn't the ADF ever have to report its civilian casualties to the nation? Oh wait, you answered it:

>parliamentary scrutiny of the ADF is probably not as stringent as in the US Congress.

Australian Constitution, Section 68:

"The command in chief of the naval and military forces of the Commonwealth is vested in the Governor‑General as the Queen’s representative."

(NB; the Australian Constitution is an embarrassment to the Australian people - it is categorically the worst constitution of all modern western democracies...)

Here, Scott Ludlum explains the situation pretty well:


".. Australia has remained anchored to a pre-democratic tradition founded in hereditary monarchies and feudal states."

Curious readers might like to know more about Australias' war crimes in the middle east, and the extent to which its politicians will go to keep the truth from the Australian people:



Australia committed war crimes in Mosul, and in Raqqa - this is known by anyone who cares to investigate the matter. It is not reporting these crimes, because its forces are not required to by the Australian people, and its politicians are cowardly hiding the truth, because they know that the Australian people will be held liable for these crimes...

> the Australian Constitution is an embarrassment to the Australian people - it is categorically the worst constitution of all modern western democracies...

You really think so? I agree with you that there are many deficiencies in the Australian constitution, plus a national tradition of constitutional conservatism which means most attempts to address these deficiencies are doomed to fail. But in calling it "categorically the worst", I think you go too far.

I think the (unwritten) UK constitution is worse. Similar to the US Supreme Court, the High Court of Australia has the power to overrule the Australian Parliament and nullify unconstitutional legislation, even though it uses that power somewhat sparingly. By contrast, the UK Parliament is "sovereign", which means the courts cannot overrule Parliament. The UK courts effectively have the power to strike down primary legislation contrary to EU law, but with Brexit that power is going away. They also have the power to issue a "declaration of incompatibility" saying that legislation violates human rights, but that does not by itself void the legislation – either Parliament must act to amend or repeal the legislation, or there is also a fast track procedure whereby ministers can amend it without going to Parliament, but until either Parliament or the ministers act the legislation stays in force. (Also, Parliament granted the courts this power, and can take it away at any time by a simple majority vote in each House.)

I think another way the Australian constitution is superior to the UK constitution is that the Australian constitution bans the national government from establishing a religion (the ban doesn't strictly speaking apply to the state governments, but in practice they abide by it), whereas the UK constitution establishes a state church in one of its four constituent countries (England).

Also, the UK Parliament has in theory unlimited power to overrule or even abolish the devolved administrations (Scotland, Wales, Northern Ireland) at any time, by a simple majority vote (even though real world political constraints mean that trying to use that power could easily lead to the violent breakup of the UK). By contrast, the Australian Parliament can't legally abolish the states without a national referendum which would be very unlikely to pass.

The reason I think its heinous: one rule for whites, another set for Torres-Straight Islanders/Original Occupants. Racism is intrinsically encoded in Australian law and Australians unwillingness to do anything about it is a sheer and utter embarrassment to the enlightened world.

The UK, in my opinion, is a totalitarian state and has no pretense to being a free society - so yeah, I don't include it in this set, as you rightfully indicate. Australia is a step above the UK in this respect - as the UK is a highly classist, authoritarian/totalitarian state where a majority of its population live in servitude to feudal lords, it doesn't even pretend to have a Constitution, nor individual rights. Australia does pretend, though, so its just a bit above the UK in that regard ..

> The reason I think its heinous: one rule for whites, another set for Torres-Straight Islanders/Original Occupants. Racism is intrinsically encoded in Australian law and Australians unwillingness to do anything about it is a sheer and utter embarrassment to the enlightened world.

I think your phrase "racism is intrinsically encoded in Australian law" accurately describes the legal situation up until the reforms of the 1960s and 1970s. But I'm not convinced it is an accurate description of Australian law in the present-day. Can you give some examples of present-day Australian laws which in your view "intrinsically encode" racism?

Sure - the current Constitution itself. Just read it and tell me you're okay with Sections 25 and 51.


Section 25 reads: "25. Provisions as to races disqualified from voting: For the purposes of the last section, if by the law of any State all persons of any race are disqualified from voting at elections for the more numerous House of the Parliament of the State, then, in reckoning the number of the people of the State or of the Commonwealth, persons of that race resident in that State shall not be counted."

Section 51 (xxvi) reads: "51. Legislative powers of the Parliament: The Parliament shall, subject to this Constitution, have power to make laws for the peace, order, and good government of the Commonwealth with respect to: ... (xxvi) the people of any race for whom it is deemed necessary to make special laws;"

Then, there was the abolishment of ATSIC in 2005, which many in the indigenous community view as a betrayal. Even the UN got involved ..


And .. then there is the Nauru situation. Its essentially a detainment camp for undesirable immigrants, and has recently been removed from public scrutiny by way of being made a military base. Still people suffering in that camp daily, but you won't hear many Australians being too deeply bothered by the fact that their government is running a concentration camp... well, its one of 7 that are in operation, and I can guarantee you they won't get public oversight any time soon.

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact