The authorities apparently got tired of asking and just went in themselves.
Canada-based Windscribe, a VPN provider, just said that one of its European servers has been allegedly seized by Dutch authorities without a warrant. According to the company’s post on X, law enforcement said that they will return it to the service provider after they “fully analyze it.” It’s unclear why law enforcement impounded just a single rack from Windscribe’s cabinet, but the VPN provider said that it only uses RAM disk servers, meaning anyone who would look through the installed SSDs would only find a stock Ubuntu install on it, so the servers shouldn’t hold any trackable data.
That is why you dont use VPN. See you guys in I2P.
Mullvad is safe. They were raided and the authorities got nothing.
No, this is just why you don’t use Windscribe.
They have a reputation for being in a legislation where they have to save logs. They themselves know that they’re the “black sheep” among VPN providers, which is why they continuously make cheap offers and use raunchy advertising, like this one:
Doesn’t take a genius to figure out that their VPN is likely insecure
Too sumarize the article:
US clickbait and ad infested news website directly quotes “trust me bro” Twitter post + describes in 2 sentences what a ramdisk is and does zero real “journalism” like maybe contacting mentioned dutch authorities or Windscribe themselfs.
Once again: Ban Tom’s Slopware. Post the original source instead.
There’s that legal jargon that comes to mind, fishing expedition
What authorities exactly? How did they get their hands on these servers without being let in? Do they have a response to this all being put on twitter? Even the article doesn’t mention reaching out to “Dutch authorities” for comment, in a great journalistic failure to clarify anything.
Got it, do not use IT services in
DenmarkNetherlands.Dutch is not Denmark. Dutch is Netherlands
“Oh you’re Danish! You should meet my friend Geert Van den Berg, he’s also from Dutchland!”
If I had a penny for every time, I’d have at least three fiddy.
Tree-fiddy.
Goddamn it Loch ness Monster…
Right? I use lemmy to avoid dinosaurs from the Paleozoic era, not to interact with them!
Look, I know I am no longer young and hip but calling me a dinosaur hurts my feelings…
Also, turns out Geert is from Germany and not the Netherlands.
Cries in European.
I have a friend from swederland
Oh, I love swiss cheese!
An important distinction lol
This is probably my favorite cold open in one of my favorite shows of all time. 😂
Whatever they find is inadmissible, if there truly wasn’t a warrant.
Doesn’t mean they can’t use it for parallel construction
Does Dutch/EU law have that?
https://en.wikipedia.org/wiki/Parallel_construction
It’s not a law but a practice that cops do in order to use dubiously acquired evidence to build a case against someone.
Yes but that doesn’t answer the question of whether it’s an accepted practice in the EU. I’m also not so sure it isn’t somehow codified into law, in the US there’s precedents supporting it but IDK about other countries.
It basically means dodging legal restrictions on investigation by using illegal (or at least inadmissible) means to obtain evidence, and once the police have it, they look for legal ways to get that same information.
So everywhere “has it”, the question is whether they use it. I don’t know if there’s reason to believe that EU police forces use such methods more or less than their US counterparts.
I know what it is, but that doesn’t mean it’s an accepted practice in the EU. I don;t really know much about how their law works, which is why I asked about it.
this isn’t in US
https://repository.tilburguniversity.edu/bitstreams/97187bcf-4ad2-402c-ac05-e565346d09b6/download
EU has similar laws and Dutch law allows for striking illegally collected evidence if the infringement was severe
The EU doesn’t have laws. It has directives and regulation. These are converted into law by member states.
The EU doesn’t have any regulation or directives about the inadmissibility of evidence; that is a national concern. The only area the EU has directives for regarding evidence is the cross-border admissibility of evidence from one country being accepted in another.
This is in line with the principle of subsidiarity, which means the EU only concerns itself with trans-European issues.
This is technically correct, the best kind of correct.
EU Regulations are directly applicable to all member states, so its not needed to transpose those into domestic law for them to be used. Some countries’ constitutional setup mess with this(like the uk eh pre-brexit I guess), but in general regulations are as important if not more than domestic law.
Directives can be directly used in domestic courts but only under certain conditions. The defendant/respondant needs to be a public body and the transposition deadline must have passed. Its basicly ‘you failed to implement it in time — tough’. Also if they’re not implemented correctly. But in general yes, they’re only instructions for the members to pass domestic legislation.
I think even on a technicality both are law. Sorry if this was a bit padantic.
oh and yes I’m not aware of any EU legislation on admissibility of evidence. But, not really my area :/ I think there have been proposals for cross-border stuff but can’t remember what became of that. If you know any in force i’d be interested in reading that? thanks
Conspiracy brain says this was deliberately done to make any evidence inadmissible and key evidence gathered without a warrant would result in an acquittal with an unlikely second trial for fear of double jeopardy.
Laws exist outside of that country.
The same goes for NL.
deleted by creator
To what end? What authority? At this point it could be you or me in a mask with a body cam, for all the credentials authorities are showing these days.
Spoiler: it was a random thief in need of hardware.
The thief just want to set up their own gaming server; issue is that it’s too expensive to purchase, so it’s easier to steal it.
Good odds that type of thing is happening more than is being told.
Imagine all the €€ worth of ram in there at current prices 😅
Gonna retire to Switzerland when it’s sold 🤑
What’s the point lol? Switzerland is expensive to live. Keep your assets in Switzerland to benefit from Tax haven and retire somewhere where your money goes 5 times as far 😂
Police have UPS-like devices which splice into existing mains cables to keep machines alive on the way into the forensics lab. Presumably it’s standard practice to use those.
Of course, the server could be configured to wipe itself if it loses connectivity for more than a few seconds, or its routing changes. The police would need devices that route Ethernet traffic over 5G, though those would presumably be detectable as bandwidth goes down and latency goes up.
No clue if data centers in other countries are similar to the ones in the US but the handful I’ve been in are basically Faraday cages with zero cellphone service inside so it would be quite the feat keeping any kind of internet connection after the ethernet cable is removed.
RAM disks alone will not be enough; the law enforcement can literally freeze the DRAM for forensics.
Police have had, since the late 90s I think, the “Hotplug” which is a special battery pack / generators that provide a special power plug where you can gently loosen the existing plug, slide the generator’s plug in place over it, then remove the computer from the main supply while keeping it powered on.
Power plug locks only buy you time or prevent casual mayhem; the police can work around those.
Should build the software so the second it loses internet connection, or its IP address changes, it clears the ram.
Cannot move a server without it losing internet, and even if they find a way around it, it’d still force an IP address change.
The DevOps way is to have them die at regular intervals in addition to other triggers and then rebuild on a regular cadence. Iirc correctly Netflix servers have a 12 hour TTL. Windscribe could easily do a 1-2 hour TTL with matching certs and encryption keys.
Seems trivial to code in a beacon dependency and then embed that beacon in the walls or floor so the police would have to dismantle the entire building before being able to find it and take it along for the ride. Or heck a combination of beacons so the police don’t know how many to look for.
I’m intrigued how that would work with some styles of plug that disconnect before coming out of the socket like the uk type-G plugs. Unless they’re not touching the socket itself and connecting somewhere else? I have no idea, i’m not an electrician.
It doesn’t matter for server class hardware, they generally have dual PSUs to ensure they stay up if one of the two lines fails. So unplug one side, plug in your backup/mobile supply, the disconnect everything else and then run away with the blade
oh yes that makes a lot of sense for server stuff. I imagine that may be quite useful for general use & maintenance too.
I’m too caught up thinking of consumer stuff.
This probably works in the UK and US. Rest of Europe, not so much unless you gently strip the cable which is pretty dangerous.
I just read the manual for the Euro version; basically, they assume you take the power strip/PDU with the computer.
So, you plug the special UPS into a spare outlet on the PDU; it monitors the power supply, and as soon as power from the PDU drops it jumps in and starts supplying. So plug into an outlet, then unplug the PDU from power, and the UPS takes over. Since at this point the pins on the PDU plug are live, they provide a safety cap to put over the end of the cable. The computer itself is never unplugged.
It’s not that dangerous. They make strippers that will only take off the outer insulation, and then you can use vampire taps on the wires.
Or you might be able to pop the case and jump the power on the DC side. You could easily do that on an ATX power supply, but servers are a little more complicated, because hotplug PSUs use wafer connectors instead of molex plugs.
Interesting
While it is running or seconds after…
As long as they have no logs the only thing you could get from memory is encryption keys, which can be rotated.
