Just FYI, you need very little skill to clone the WiFi access gateway of a hotel WiFi, and then blast their SSID from your router, to lure close guests into your honeypot. Once people are on your malicious gateway, the fun starts.
In a hotel with hundreds of hackers on alcohol, it’s not unlikely for people to fuck around.
There is also no requirement to be a “good guy” to attend the conference.
Telegram is not just IM. Open the search and search for channels. Get creative, they have keyword filters. City name is always a good start. Check the channels with ❄️ and 🍄 emojis. This is where people are scammed for drugs. Maybe sometimes not scams.
A lot happens on Telegram, and it’s right behind that little search icon.
There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it’s network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.
Going further, don’t deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.
Just some thoughts. Not sure any of this was applicable to the case.
There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.
I would assume any app can read it. Just needs to request the permission http://androidpermissions.com/permission/com.google.android.providers.gsf.permission.READ_GSERVICES
In short, untreated mental illness