[giarc]

That's like saying John Smith went to a bank withdrew money at 1pm on Jan 1. Then the bank was robbed at 1:10 Jan 1 therefore John Smith robbed the bank.

I don't think you can connect visiting the info page and the very next SecureDrop file upload.

[hackuser]

The threat here isn't only proof that is acceptable in court:

* Your actions could put you on a shortlist of people to be more thoroughly investigated.

* Your actions could tip off the people whom your information threatens; maybe they stop communicating with you (or worse) to shut off the leak.

* Per the Snowden release, the NSA tracked the communications of people within something like 3 degrees of their targets. With standards that low, it's not a stretch to think someone would track everyone visiting the Washington Post's secure drop box.

[FiloSottile]

It all depends on traffic.

And "a group of 100 IPs including a coffee shop near NSA employee John Smith's home" is enough.

[grugq]

That is a poor analogy of the threat. Basically the problem is about attracting adversarial resources. Any suspicious activity will attract more attention and thus make it more likely the adversary will find real evidence.

I wrote up an analysis of exactly this problem last year: http://grugq.github.io/blog/2013/12/21/in-search-of-opsec-ma...

[aqme28]

It's not about proving that John Smith robbed the bank, but raising suspicion so that he will be investigated.

[polarix]

The difference between a court of law and a court of force.

[mpyne]

A Tor user at Harvard was successfully tracked when he sent a bomb threat, since he was the only user on the Harvard LAN using Tor at the time the threat was issued.

That wasn't proof, of course, but it didn't need to be proof, just a good lead for law enforcement to kick-start their investigation.

[grugq]

My analysis of that incident: http://grugq.github.io/blog/2013/12/21/in-search-of-opsec-ma...

[tempestn]

Enjoyed, thanks. Particularly liked "Let's call it half a win."

[jlgaddis]

If memory serves, there were several people who had been or were using Tor at the time the threat was sent. When he was questioned by the police, however, he confessed.

[mpyne]

That's possible, but doesn't really change the point. By bootstrapping a associations of identity-masking technologies with possible identities you allow "normal" law enforcement investigative techniques to unmask the identity.