By

We're pissing people off

I just checked my logs, and a different RCMP address is googling my most recent releases, namely the information about Special I, as well as information on Tim Groves. The regular IP address for the RCMP is 199.212.150.16, which is the gateway that comes from RCMP HQ. This other IP comes from 199.212.150.5, and unlike previous stumbling, this user is clearly looking for Tim, and is using Google Cache. However, they still have the tell-tale signs of the RCMP:

199.212.150.5 - - [29/Jul/2011:15:02:35 +0000] "GET /2011/03/status-update/ HTTP/1.1" 403 571 "http://www.google.ca/url?sa=t&source=web&cd=3&ved=0CCUQFjAC&url=https%3A%2F%2Fparoxysms.ca%2F2011%2F03%2Fstatus-update%2F&rct=j&q=tim%20groves%2Brcmp&ei=7ssyTs2qBIjegQejyMyDDQ&usg=AFQjCNELSXP2umC41T22GLzPkq_D3fr3iw" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; INFOWEB-APPROVED; INFOWEB-APPROVED-IE6-EN; INFOWEB-APPROVED-IE6-FR; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" </code>

They also visited the site with a Blackberry Curve running Blackberry OS 5, and wanted to read the Special I document: 199.212.150.5 - - [28/Jul/2011:23:03:53 +0000] "GET /2011/06/excellent-article-in-briarpatch-magazine/ HTTP/1.1" 403 169 "-" "BlackBerry9300/5.0.0.846 Profile/MIDP-2.1 Configuration/CLDC-1.1 VendorID/107" </code>

They take the advice on my 403 page, and use Google Cache to read the Special I release. Of course, they could have just gone to their own intranet, since that’s where the person who worked on this ATIP got the information:

199.212.150.5 - - [27/Jul/2011:15:55:45 +0000] "GET /wp-includes/js/l10n.js?ver=20101110 HTTP/1.1" 403 571 "http://webcache.googleusercontent.com/search?q=cache:cKr9HYhAFpoJ:paroxysms.ca/+HTTP://PAROXYSMS.CA/SPECIAL_I.PDF&cd=2&hl=en&ct=clnk&gl=ca&source=www.google.ca" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; INFOWEB-APPROVED; INFOWEB-APPROVED-IE6-EN; INFOWEB-APPROVED-IE6-FR; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" </code>

The RCMP officer who is investigating this is also looking for an MOU between DFAIT and the RCMP. The right hand doesn’t know what the left hand is doing apparently: 199.212.150.5 - - [25/Jul/2011:22:55:23 +0000] "GET /2011/07/welcome-dfait/ HTTP/1.1" 403 571 "http://www.google.ca/search?hl=en&q=DFAIT+and+RCMP+MOU&btn=Google+Search&meta=" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" </code>

This new IP is interesting, and is part of the reason I block the RCMP’s entire subnet. The fact that the RCMP is now googling Tim Groves after his Briarpatch article, and is trying to see what the hell I’m talking about shows how the RCMP can perceive Independent, Radical Media as a threat, even though the methods that I’m using are 100% legal. If you’re visiting a website, you should never assume that it’s not logging your IP address. I’m working on fixing this with a script so that I don’t retain any data other than the Government of Canada visiting my site, but it’s not quite ready yet. I do plan on releasing it after Chaos Communications Camp, some time in the fall.