kogepathic

At what point will law enforcement ever come to accept that an IP address does not map directly to a person?

As outlined in the article:

* most residential IP addresses are dynamic

* more and more carriers are using cgNAT as they exhaust IPv4 addresses

I'd like to add a third case that I feel is often overlooked:

* most consumer or ISP provided routers never have their firmware updated (unless the ISP pushes the update themselves) and are probably vulnerable to mirai, KRACK, and many others.

Taking a these into account, even if LEO is able to get the correct information for an IP address, there's a non-zero chance that the people had/have a compromised device.

No average consumer is going to be able to prove to LEO or a judge that their device was compromised, and I somehow doubt doing forensic analysis of the person's network is top of LEO's list of evidence to gather. Additionally, many compromises can be ephemeral so by the time the deed is done and the police show up, the router has been rebooted and evidence of the compromise is gone. There is zero chance that LEO is dumping RAM of the router before seizing it as evidence.

Combine this with the fact that people may have an encrypted device and may legitimately forget the password before being requested to decrypt the device. I'm sure this can happen, as being arrested and going to trial can be quite stressful.

The US government is already indefinitely detaining people for not decrypting their devices. [1] I'm not saying the suspect in this case is innocent or guilty, but consider what precedent is being set there.

I don't see heading anywhere good...

[1] https://nakedsecurity.sophos.com/2016/04/28/suspect-who-wont...

woliveirajr

Add that inside a home, the IP is again behind a NAT because the whole family is using the wi-fi. Including people who drop by to visit you, to have a dinner, to watch a game.

One IP per person really doesn't hold.

rhinoceraptor

Or someone in range of your Comcast router is using your xfinitywifi network.

Edit: this is incorrect apparently.

megaman22

A number one reason to always buy your own equipment, and not pay to rent the shit that Comcast provides.

djsumdog

You can't for AT&T U-Verse. They won't assign an IP address to a 3rd party device. I've been meaning to get some cards and do some raw frame dumps to try to figure out how their Fiber modems work and see if I could get it to assign my own device an IP address. It's on the long list of things to do.

ams6110
I've read how all you need is put the AT&T router behind your firewall and proxy the 802.1x packets to/from the AT&T device, thus faking out the upstream gateway.

I don't have AT&T so I didn't pay much attention to the details. One possible approach: https://github.com/jaysoffian/eap_proxy