Comment by anigbrowl
3 years ago
Realistically, what prevents police from just sticking in a USB device and doing a memory dump? I'm not sure I buy this story since police with a sufficiently strong warrant can always just take over a firm's premises and bring in their own forensic people until they find what they want.
this is such a dumb position, holy shit.
no they haven't built an impregnable system, neither has anyone else in the history of the world.
they have raised the bar very fucking high, though.
normal vpn company: oh yes, Officer, here's their credit card details and a list of all IPs they've ever connected from, and DNS logs from our internal servers
mullvad: OK, I guess you have the corrupted partial contents of memory of one machine that you managed to dump after dawn raiding us with guns and using liquid nitrogen to freeze the DRAM for a cold boot attack where you now have 90 minutes before entropy claims another victim.
one company tried a lot harder and made things a lot better. dumb equivalence arguments are dumb.
I think you need to familiarise yourself with the Mickens Security Model: https://www.schneier.com/blog/archives/2015/08/mickens_on_se...
making yourself resistant to casual subpoena attacks for little cost is valuable thing for a lot of people.
It's not a position, it's a simple question. Given that I can get a lot of information out of a computer to which I have physical access with only middling forensic skills, I'm inclined to think that the police can do at least as well if they're sufficiently motivated.
I could be wrong, but I would think that a conveniently timed power outage would prevent the memory dumping scenario :)
Unless you automate this process to flush all memory periodically, this seems like a good way to get charged for interfering with an investigation or have your assets seized and thrown into legal limbo. Police aren't complete morons, in the real world goofing around like this has consequences.