Contributed by: Lothar
The following is a rough rant on Security and Overgrow.com. I need to get some more info from the feds and lawyers who deal specifically with Internet issues - this article will be much improved over time.
I have seen the same concern popping up again and again:
Is Overgrow safe? Can LEO get my IP?
Q: Is LEO actively trying to gather info on Overgrow members?
A: Probably. Does it much matter? Not really.
Be assured that the DEA, RCMP and various other agencies, have the time and money to hire some very intelligent people with almost infinite resources when it comes to hacking and Internet sleuthing in general. If they want your IP, with few exceptions, they will get it.
Q: "Does this put me at any kind of risk":?
A: I will say that you are 99% safe, even if they find out your ip and track you.
How can this be?
1. Hacking is illegal.
Courts will not tolerate police doing illegal things to gain evidence to be used in a trial proper. The reason that you see cases thrown out of court for search violations is often due to defense lawyers attacking and quashing a warrant.
However, if a cop taps your phone, searches your house or goes through your banking records with no warrant at all, then that is an even more egregious and illegal violation of basic rights and the evidence gained (and all subsequent evidence flowing from that) will never see the inside of a courtroom.
2. A warrant would be required to gain access to a server's records, (to gain useful information for) an investigation or prosecution. (I've got a funny feeling that should that happen here, we might hear about it.)
Ok, let's say the cops get a warrant somehow, (The possible grounds for the police to get a warrant for Overgrow in the first place are a mystery to me) and take Overgrow's servers apart, finding all our IPs, then what?
The police now have an IP. Whose IP? Apparently someone, somewhere, who has access to that computer with that IP has been claiming that they grow marijuana.
Which person? Is that person, who has been using that computer under an alias, reliable? Maybe it's a lot of bullshit boasting. And what about those pictures? Who do they belong to? Is it really that mysterious person's house (what house? - the house with the IP / ISP registration or is the grow somewhere else?)
....See where I'm going here?
Imagine if you were the cop showing up with a blank warrant before a judge - To Search: "mystery person" at "mystery location" for "fourth party, unconfirmed anonymous tip"
3. The information on the Overgrow server is effectively an anonymous tip since the source of the information (an unknown entity behind a keyboard at a particular IP) cannot be established to be credible or even properly known.
It was explained by both myself and our American legalists that anonymous tips are not enough for a warrant because the origin of the tip could not be established to be credible.
Even if the police magically obtain a warrant for Overgrow, they still have to get another warrant for you. There is no real possibility that they will get a warrant for YOU since they have no clue who YOU are or where your grow is.
There are also cross-jurisdictional issues here since this server is somewhere in Canada.
4. Now here's what the cops can do. Once they have gathered enough legitimate evidence that you are growing (in the real world) (Smell, hydro bills, pictures of you carrying christmas tree sized plants out your door) then they will come in and, with a warrant, seize your computer and use whatever they find on it in your prosecution. But then so what? By that point your fun is over anyway.
Police do illegal things all the time, my point is that it will not get them very far. You will have to have screwed up in the real world first.