Round official seal with gold braided outside rim and blue around the circle that has words Department of Justice and an eagle facing left with wings held high on top of a shield with flag colors red, white and blue,

I’ve written before about the importance of practicing good information security habits to the politically-minded who are also Good With Computers, but for the most part, it’s been just that – practice – to most of us unless we’re out actively protesting. We’ve been concerned about what a Department of Justice under the draconian hand of Jefferson Beauregard Sessions the Third might look like, but all we could do was cover our tracks as best we could and wait for the DoJ to make a move.

Now they have, and just like the rest of this administration, it’s as bad as we could have feared.

In August, web hosting service DreamHost revealed a Department of Justice warrant requesting information about a site they hosted, disruptj20.org, that had organized protests of the inauguration of Donald Trump. But they didn’t only ask for information about the site’s owners. The warrant also requested emails, photos, and contact information for the site’s users as well as the IP addresses of the 1.3 million people who had visited the site.

There’s a reason I’ve recommended using Tor or a VPN: You can be identified by your IP address. That information would effectively reveal every person who used an unanonymized connection to look at that web site, for no other purpose than to identify them as political dissenters.

DreamHost’s blog post on the matter called it “a highly untargeted demand that chills free association and the right of free speech afforded by the Constitution.”

Sometimes requests like this are made by overly ambitious law enforcement agents and dropped as soon as they’re challenged. But according to DreamHost, when they challenged the warrant, the DoJ doubled down and filed a motion in Washington, D.C. Superior Court to force them to turn over the records including the visitor IP logs. They wouldn’t take “Your request is horrifyingly unconstitutional” for an answer.

Fortunately, the light of day was enough to get the DoJ to drop the worst parts of the request. As of this writing their warrant still stands for some of the site owner information, which DreamHost is challenging in court, but they are no longer demanding visitor logs.

But that was only thanks to the work DreamHost put into defending their ideals of an open and free internet. How many web sites on other, less vocal, less idealistic hosts are being served with these warrants? And how many of those warrants are being honored? Is Sessions planning to mark everyone who’s ever downloaded the Indivisible Guide or visited flippable.org as enemies of the state?

So be careful out there. Look into getting a VPN – be cautious about “free” ones, but some offer subscriptions for as little as $5 a month, and ProtonVPN and Hide.me are both reputable providers with limited free services if it’s absolutely not in the budget. Use Tor when visiting activist sites. And if you’re going out to protest, brush up on securing your phone.

I may have seemed paranoid before, but now they really are out to get us.

Appears in Issue: