"1) What is the likelyhood that our IP addresses will not be traced back to our homes?"

Your IP address COULD be traced back to it's location but why?  You would have to give LE a reason other than surfing the web.  For instance, the Craig's List Killer was caught in exactly this manner but no one went looking for his information until AFTER he killed a woman.  LE is not sitting around randomly tracing IP addresses. A court order is required to get this information from your ISP and that requires probable cause. Yes it COULD happen but it is highly unlikely.

"2) Can LE use activity on this site to convict?"

Not by itself, no.  What they WILL do is use the information to try and intimidate you into admitting wrong-doing.  You have the right to STFU!

"3) If I message a provider through this site, wouldn't it be easy for LE to find that 'this' IP address contacted 'this' provider on 'this' date with 'this' message? Can that information be used against me?"

Talking about sex, surfing the web and contacting another human being on the internet are not illegal activities. Giving a woman money in exchange for sex is the only crime involved in the hobby.  Unless they catch you in the act nothing they find on line is enough to hurt you.

"I'm on a regular wireless home internet connection that is encrypted so that only I can use it. But, that doesn't really mean anything in terms of protection, does it?"

Nope, if they want to find you they will. Again, they have no reason to be looking for you...

"am I being overly-cautious about this?"

Well, in my opinion yes you are but YOUR comfort level with all of this is what really matters.  A little healthy paranoia is a good thing in the hobby but you may be miss-directing your concerns a bit.  Winding up in a room with LE is what you really want to concern yourself with.  Spend as much time on line researching safe techniques and good providers as possible.  Be as sure as you can be that you are meeting with a legit provider and not walking into a sting.  

As I said earlier, the type of internet espionage that you are concerned with is only of interest to LE if they suspect you of serious wrong-doing.

First of all, this is my first post and I had to gather so much courage to post this, although, I have been reading all the newbie posts diligently for almost a year.

Secondly, I want to take the time to thank everyone on this board (both hobbyists and providers) for such warm comments and supportive advice. Personally, for a public forum with anonymous posters, the level of sincerity is incredible. So thank you all.

My question: So many hobbyists post on this website, write reviews, respond to forum questions, etc. 1) What is the likelyhood that our IP addresses will not be traced back to our homes?
2) Can LE use activity on this site to convict?
3) If I message a provider through this site, wouldn't it be easy for LE to find that 'this' IP address contacted 'this' provider on 'this' date with 'this' message? Can that information be used against me?

I'm on a regular wireless home internet connection that is encrypted so that only I can use it. But, that doesn't really mean anything in terms of protection, does it?

Is there a software or something one could buy and install that would scramble all this? I know I'm paranoid and I'm actually happy about as it makes my appetite for risk extremely low. But, am I being overly-cautious about this?

Thank you in advance for your response. Here goes my first post (gulp)

HB - P.S: I'm single and live alone, so I'm not worried about anyone at home finding out. Plus, I clear out my history, cache, and all that good stuff.

Yes, they COULD track your ISP. But likewise you can always claim the posts are not made by you...they have no colid proof YOU PHYSICALLY wrote them. Police are not gonna waste their time to court order a tracking device on your ISP for a simple misdemeanor of "soliciting prostitution". That s just silly.

Now if you were a pimp running 10+girls through an anonymous online data base THAT would be worth their time as running any kind of sex/prostitution ring is a felony.

They tend to go after the street level sex worker as they bring the thugs,drugs,and guns. Agencies,pimps and madams are more worth their time busting than 1 singular man/woman. They do this occasionally, but it's only to make a statement to others who do the same thing in the city to hopefully scare them into stopping,which never works.

Just be safe and smart.

If you need some tips on verify providers,setting up meetings, or about the actual meeting e-mail me and I can help you out sweetie

This is all pretty much right on. The ISPs MUST decrypt any data which transits their network for LE when given a court order (not your wireless link).

The real issue is that LE must establish enough probable cause from what they can see openly to get a court order to do the wire taps against a specific entity. They can get records of IP#1 contacting IP#2, but that is very limited in utility.

As for your local encryption... your safe from "casual" local hackers.

The internet wiretaps are tough to work as well. Relax that sphincter a bit, please.

To some all your questions shortly, as one person mention before, LE would need a reason to trace you your IP.  There are millions of people who hobby, and who provide. You have a better chance of being struck by lighten, then LE randomly tracing your IP for seeing a provider.

Only way I see them doing this is if it were some weird-dangerous-stalkrish-crazy crime going on and LE had to take them steps, but with it being millions of people on here, they would narrow it down big time.

LE mostly goes for the quick hits. Post an ad for a few hours and see what they get. It's fine being nervous, and that helps you pay attention to what you're doing. Only suggestion I would make is get your nerves together before you call a provider, because you may come as "suspect" or "weird" if you're too too nervous.

Helpful hints when hobbying 1. get a tracphone, 2.make a seperate e-mail account, 3. Don't wait in hotel parking lots for a long time (wait down the road). 4. never bring your wallet to a session. 5. Don't talk about sex or money until an LE check is done 7. Only see well review providers, and do research.

We are not a priority for LE. Plus they don't have the funds or time for the activities you suggest. Your paranoia, while common for a newbie, will diminish once you get off the sidelines and see an escort.

Since law enforcement has limited resources they will make street prostitution the focus of their efforts. It affects neigbhorhoods, and is involed with drug use. They aware that that this type of thing goes on, but it is not high on their list unless someone complains to them about a certain person at a certon location.

Magic. The fabled LE check will land hobbyists in jail. Newbies should use only providers that have been reviewed by hobbyists that have some type of review track record. Law enforcement can trick, do the LE check, get tricked and end up behind bars. To your suggestion that he not wait in parking lots, I would add don't wait in lobbies or on sidewalks. Nearby food serving establishments are better choices for waiting, grab a bite to eat, or something to drink, something to read, check cell messages, or just people watch to pass the time.

Why not?  Please explain.  I'm a n00b but I think I'd feel safer bringing my wallet inside with me where I can keep an eye on it, rather than have it in my car where it could be stolen.  

MC

1. I guess you're right about the LE.
2. The reason I say wait down the road, pretty much want I'm saying is don't just wait in the parking lot or any where in the hotel for an extended period of time.  Find somewhere like a resturant or bus stop, that won't dry attention to yourself.
3. I quit bringing my wallet to sessions with me, because once a provder went through my wallet while I took a shower. I always lock my wallet inside some where out of view.

If you've been reading this board for almost a year, there is little I can add that hasn't already been posted numerous times.   If you want to play, then select a provider that you find desirable (makes sure she is well-reviewed, of course), make contact, and get into the game.  As far as LE risk goes, it is ever present, but if you've been on here for a year, you have no doubt seen more advice on how to minimize and avoid this than I can post in one note.   It's one thing to be paranoid and cautious, another to be so paralyzed by fear that it prevents you from enjoying your life.

If you use a Tor Proxy or a service such as Anonymizer in combination with the Incognito mode of your browser you are virtually untraceable.  However to be most effective you would need to proxy your connection from the very beginning and every connection thereafter.  Since you already have an established history of logging in as this username from your IP there is possibly a history that could be traced to you.

...bringing it with you:

http://www.lasvegassun.com/news/2009/nov/04/their-valuables-gone-their-ladies-night/

END OF MESSAGE

Yes they CAN, but will they?

LE is going to after
1) easy targets and
2) public spectacles.


Are you a target of powerful enemies?  Governor Spitzer was caught because (I think) he pissed off his enemies too much.  They probably tipped him off to LE.

I agree with most of what was said in earlier posts.  If you are a regular joe, LE is not going to waste their time working hard to bust you.  If you make it easy for them, they'd love to pad their stats with a freebie!

However, you need to assess your "spectacle factor".  Are you a pastor at a church?  In my neck of the woods, LE caught a young pastor who showed up in response to a local CL posting.  The local newspapers had a field day with it.  

Are you a CEO of a successful, high profile company?  You think your competitors aren't spying on you?  They'd love to have you resign amidst a scandal.

Are you a Senator up for re-election?  You think the other party isn't going through your trash?  Think along the lines of what happened at Watergate.

There is a lot of IT research that's come out in the last month or two showing that incognito mode on modern browsers still leaves too much information exposed both locally to the computer that can be dug up later and to the site the user is trying to access. So I wouldn't rely on pr0n mode to keep you safe.

Outside of that this is really good advice. Tor Project can be googled and found easily. There are many tutorials on how to set it up on your primary desktop in popular browsers like Firefox and Chrome.

However if you have malware on your computer or your system has been affected by some exploit Tor may be compromised and not work the way it is supposed to making it vulnerable to detection. Whole drive encryption on your system is a good idea if you insist on setting this stuff up on your main computer. However how you do that variest quite a bit depending on your hardware and operating system combinations. Google can certainly find the needed answers though.

In another post I mentioned for the truly paranoid or security minded using T(A)ILS (amnesiac/incognito) can also be found by google. Is a liveCD (or USB) operating system that leaves no traces of its activity on the computer it was used on. It also uses heavy encryption and the best version of Tor available. Combine this with secure email providers (hushmail, no-log, riseup), tracphones, good ole fashion cash, and vanilla visas you have all of the tools necessary to do whatever you need to do privately.

As the post I'm quoting pointed out doing this after the fact of having your current account created provides a residual trail (does anyone know in detail the logging policies on TER?) that could be tracked but unless you've paid for VIP status nothing is stopping you from never using this account again and simply creating a new one once you've set up using more secure methods.

Oh how I wish providers supported encrypted email (Have yet to even hear of one who does) and that TER provided SSL (https) secure connections to the site!

As others have pointed out there is also a real need for keeping security practices in mind in real life encouters since that's a more pertinent threat. However as another posted keeping things secure shouldn't extend to not doing out of simple fear. That's where the trust metric in the community itself is important and where I've seen great things so far.

There is nothing to decrypt when you're sending plain text over the internet. TER uses standard http connection which means every node between you and TER sees what you submitted to TER clear as day. Now if TER starts using SSL (https) connections then communication with the site itself is encrypted and all those nodes would see would be ciphertext. Mix in onion proxies like TOR and even the bits they get wouldn't be the complete message. Thus even if they break the encryption they don't have all of the message so what they have is of limited use.

It seems that the misconception here is that the encryption used between the computer and its local gateway (provided by the ISP) by a secure wireless connection versus how the ISP communicates with the rest of itself and the internet at large.

To be clear basically what is being sent between the computer and the ISP's wireless gateway is (kind of) secure assuming it isn't a compromised encryption method like Wire Equivalent Protection (WEP) or WPA with weak keys, but once the gateway receives the message it is decrypted and then transmitted to the internet.

The google street car fiasco (which you can google to find out about) shows how easy it is to pick up partial information over even fairly secure connections just by snatching the data packets while they are being broadcast. So it isn't entirely out of the question that some LE could just war drive their neighborhoods sniffing packets in the open air outside of your house on a giant fishing expedition for blanket illicit activity. While there is technically a SCOTUS case that decided thermal imagining a house violated the 4th amendment the recent use of backscattering scanners on the street to peer into homes and vehicles seems to indicate that the courts might not extend that ruling to cover other modern invasive scans. All of that goes out the window even more so if you're outside the US where you may or may not even have analogous intrinsic protections.

As for the internet wiretaps sure they're a massively difficult for local LE to implement, but google the wired article on what was called Wiretap the Internet day and look up how AT&T/NSA scan all data traffic (and this is before the infamous wiretap day) that passes through US pipe (which is most internet traffic) and you'll see that various feds regularly and actively monitor such data activity (Which covers your cell phone, obviously computer, and even many landlines) and well in this era of cooperation and interagency sharing it wouldn't be entirely out of the question to request information from the feds if they happen to have anything stored in their systems pertaining to something the locals might be interested in that happened to happen online. Sure the feds could decline, but sometimes they oblige so that's the case to keep in mind.

So while it is fairly tame/safe to communicate in a number of ways at the present time the trend seems to be supporting that this will not remain the case. So it is better to get into good practices now than finding out the hardway how far along their IT slueth skills have progressed.

Also if your computer is fairly modern (specifically if the processor supports hardware virtualization - which is usually the case if it is a multicore processor of some sort (dualcore, quadcore, etc)) you can find a program called VirtualBox (which is free for private use) which will allow you to run T(A)ILS inside your main operating system. This might be the best overall method of balancing "well I don't want to set up a special computer or have to keep restarting my computer every time I want to change operating systems" with "I need a good deal of anonymity, security, and I need it to not leave a trace"

I mentioned that in another post too, and I'm sorry I forgot to include it in the last one. While this might be the hardest to set up of any of the other ways suggested it does have the benefit of being a good balance between various practicalities. I hope that helps!

Okay, so there's this word, "tracing," that gets used from time to time on the Internet and in movies, that shows something akin to someone following a path along the lines of a specific person's communication online.  In reality, nothing like this happens, or is possible.  However, here I will break down the different parts of the trail that a person leaves behind as they access a website, and explain the reality behind all of it.

When you access a website, your computer sends a request to the web server.  When that server gets the request, it logs it, along with the IP address from which that request came.  Note that I didn't say "the IP address of your computer."  It usually is, but if you use a proxy server to connect to the website, the IP address of that proxy server is what will be logged, rather than your IP address.  The log entry will contain the above-mentioned IP address, the content of the request itself (the HTTP GET, POST, etc. command that was sent, along with any parameters) and the "referrer", which is the URL of the page that contained the link you followed, if applicable.  A separate log entry is created every time your browser makes a request to the web server, and the logs are stored at the server.  While it's possible to turn off logging, it's a terrible idea for the webmaster, because those logs are super useful for troubleshooting errors in web applications, detecting certain types of application hacking and reconnaissance, as well as analysis of user activity (like "Are there any parts of the website where a lot of users just bail?") that help them improve the user experience.  What can someone from LE do with that?  Well, if they want to find out who is behind any specific IP, they need to get a subpoena to go to the ISP that owns that IP, to get the account information that corresponds with the account that was using that IP at the time.  They need to do this for each and every such lookup, stating their case to the court.  It sounds like a lot of work, but it's actually somewhat cookie-cutter, so it's just a bit of work.  Mind you, for a busy site, if they wanted to track down everyone they'd have to do this tens of thousands of times.  And they'd need a search warrant, and to seize the web server, in order to get those logs without TER just handing them over (which would be suicide for them as a business).

Potentially, someone could observe the communications between browswer and web server, but this is a huge deal; they would need a warrant to allow wiretapping, essentially.  There are two kinds of wiretaps: ones that are only allowed to classify who is talking to who (or, in this case, what is talking to what) without recording or observing the contents of those communications, and the more commonly thought-of kind, which records the actual communications.  This would be a lot of work for LE, both from a procedural perspective and from a technical one...they would use this if they had some reason to go after a specific individual, and that person happened to visit TER, rather than as a way of going after TER members.

The other set of evidence resides on your machine.  A web browser works by pulling files down and then showing the local copy to the user.  Thus, there's a cache of things you download (as you already know since you're clearing that cache), and a history of what you visit.  Be aware that deleting these filed doesn't really get rid of them; it's quite simple with forensics to recover 'deleted' files from slack space, since deleting them just removes the pointers in the file system to the data.  In other words, if the part of the hard drive that contained a deleted file hasn't been overwritten with something else yet, the file still remains and can be recovered.  The solution for this is a program like Eraser, which overwrites slack space with random data, and can be scheduled to run on a daily basis.

Last risk is of a keylogger on your computer, either put there by LE or by a bad guy (who would then blackmail you...don't joke, as at this very moment a trojan horse called Kenzero is doing this sort of thing to people with regard to their porn surfing).  If LE has a warrant to break into your home and put such a piece of software onto your system, you're probably pretty screwed, as to get that kind of authority (and put that kind of horsepower behind it) they really have quite a lot of interest in you specifically.  This is the kind of investigatory activity reserved for high-level members of organized crime, cases where espionage is suspected, etc.  So don't worry about it, unless you're spying for another country, planning an act of terrorism, or party to certain social organizations that take "whacking" to the next level

Against the backdrop of all of this is the following: what LE would be interested in is a local affair, subject to local jurisdictions.  And going after people based on their use of this site would be a massive undertaking that would span a lot of different, disconnected jurisdictions, over events that truly aren't that much of a bother to LE in the first place.  They have easier, bigger fish to fry.