đŸ Archived View for dioskouroi.xyz âș thread âș 24918538 captured on 2020-10-31 at 00:57:44. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
________________________________________________________________________________
"The tactics drew widespread attention starting in 2013, when Snowden leaked documents referencing these practices."
So this is what Snowden has done: he "drew widespread attention to these tactics". Before Snowden they would call you "paranoid" if you would allow yourself to mention it. Today they can not call you paranoid anymore.
And yes, it has hurt US industry reputation. Many don't trust Intel processors and Cisco routers anymore (among other products). They actually destroyed computers and internet as we knew them in the 1990'ies. It is not fun anymore to own a computer or a phone if you know that NSA can get access to it anytime they want... and you will never know if they accessed it...
They totally still call you paranoid. Snowden unfortunately meant nothing to the general technology consumer mass. They're more than happy to defend tooth and nail their jails. See Discord or Zoom as prime current examples.
It is ridiculous that he had to go through this just for people to shake their shoulders and keep on, except for the few that already were inclined to care.
It is a relatively common belief among non-technical people in my friend group that Facebook listens to everything you say within earshot of your phone and later displays ads to you based on what it hears. That belief still isn't enough to get those people to stop using Facebook, Instagram, and WhatsApp. It isn't that people don't think they are being spied on. It is that people don't really care that they are being spied on.
Snowden didn't fail to change things because people didn't believe him. He failed to change things because he didn't articulate a compelling enough reason for people to be fearful of what he revealed.
If people reading this want to see this changed, we need to do a better job of showing the real world consequences of this lost privacy. Talking about theoretical concepts like lost freedom and privacy isn't enough. You need tangible examples of how people's lives are made worse by this spying.
> It isn't that people don't think they are being spied on.
> It is that people don't really care that they are being
> spied on.
Well, my experience is that people care but don't have an idea on how they could change that. They feel powerless, have no idea what to do, and they are apathic. They accept their shackles like they deserve it. They know they are abused but since they are human, they use coping mechanisms to continue using apps they believe are actually not so nice for them.
Of course they have thoughts like "actually, my picture is not private anymore", but for their sanity of mind they carry on because of network effects/ease of use/etc. They choose to push those thoughts off, as they are outside of their control. To us, it might sound like they just don't care. That's wrong!
At least, that is what I conclude after talking with non-techies about this stuff.
I am sure you can sell privacy as a big plus, but you need to deal with above aspects as well.
You suggest this is impossible; but I still remember that time I asked Alexa what colours the Lotus Elise was available in. For the next few weeks, whenever I went out, I'd see at least one Lotus parked on the street or at the mall or driving by.
Similar to my experience of surveying vacuum cleaners on Amazon, then going to get lunch at Whole Foods where a clerk appeared suddenly at the checkout I was at to vacuum up a non-existent mess, with one of the models Amazon had offered up. The ratio of profit to sales cost on a high-end vacuum might be similar to a Lotus Elise. Or maybe it's just confirmation bias.
If this phenomenon isn't already a PKD short then it could be a SCP entry.
There's only about 5,000 "real" people on the planet. The rest are unconscious echoes. Thus the weird pressure and "Truman show" feeling those people face.
None of us are "real". We are all living in a simulation.
Even more edgy: None of us are "real", and it is _not_ a simulation.
(To be pedantic, it doesn't matter if it's a simulation or not. The important part is that _we are not what we think we are_.)
Of course it's possible for us to be "real" and still be part of a simulation. If we go deeper into philosophy and explore the concept of "free will", another question arises: Are we "real" if all of our choices and actions are preordained?
Of course this is way off topic, so I'll try to steer us back.
The NSA has a choice between improving domestic security by helping to improve standards and protocols, or choosing to deliberately weaken them so they can collect more. (As an aside, it is nonsensical to collect any more since they cannot even process what they are collecting now.) NSA has chosen to support and encourage the weakening of information security, and that has had serious consequences for both national and global security. One good example of the consequences is the Shadow Brokers dump.
https://en.wikipedia.org/wiki/The_Shadow_Brokers
This seems more probable. My viewers would have tuned out long ago.
The people at Alexa have been very busy for you :) And Lotus got a lot of sales as well.
>Snowden didn't fail to change things because people didn't believe him. He failed to change things because he didn't articulate a compelling enough reason for people to be fearful of what he revealed.
People feel that they are powerless to change this state of affairs and they are correct. Snowden told people it was happening, most people felt it was bad, but what they going to do? Stop using the internet? Elect someone that will shut down domestic surveillance? Throw away your phone? You might as well tell people to go live in a cave, eat lichen for food and lick the walls for water. People given no other option will accept what options remain. This even includes the option of facing certain death.
People now view going on the Internet as akin to going outside. Yes, other people can see you, and yes, you have limited expectations of privacy. No, it's not problematic that you have police keeping an eye on things. If you have a problem with that, and you never go outside without your "disguise" aka VPN, you are operating outside of social norms (and it's probably not helping anyway).
This is not a valid judgement on any way. I just think some people may not realize the way others may perceive and think about this privacy dilemma.
I hear this "the internet is like outside, don't expect privacy" argument a lot from americans, who i think are taught some 18th century definition of privacy by their media, as in "in your private rooms" and not a 21st century definition as in "about your private data". If you go to the city there are no agents of third party marketing agencies keeping notes of your movement and what items you look at in the stores to profile you.
Imagine going to the city and there is this trenchcoat and hat wearing private agent following you all day and you go into a store and see him handing the salesman a note and pointing at you, and then the sales guy comes over to you and says "good day - do you want to buy _red things?_ and you are like "actually i am looking ..." and the agent is now uncomfortably leaning into you conversation, "... for green things". Sales says "sure this way, please" and the agent is writing "green!" in his notebook, circling it three times. That is what the internet is like today. And you look around and everyone has these agents following them, keeping notes. You ask someone about it they say "well most people don't even notice them" or "that is how things are" or "people shouldn't expect not to be spied on by private corporations". So you hurry home while from every side street more agents come and try to follow you until you have this horde on your track and you hasten into your door with a crowd outside holding up signs like "buy red things!" and "green thing is green!" - but you are now at home so you relax and walk through your hallway to your room and say "computer: play some _licensed music_" and guitar music starts playing and -shocker- there are agents in your living room, one sitting on your couch playing the guitar, one is standing in front of your bookshelf taking notes of its content and another one is looking through your fridge, then stares directly at you and holds a sign up: "buy food"
The internet is nothing like outside.
A couple decades back when internet was a bit younger, there was a quite popular metaphor of the Global Village, shrinking the world and connecting people. However, that focused only on the positive aspects, but as time has gone on, I think that this has materialized in quite a literal way.
Currently most of us are used to the pseudo-anonymity of big cities, where people technically _can_ know a lot stuff about us (because it happens in 'public' space, as you describe) but they overwhelmingly don't, because the vast majority of them are strangers who don't care. The new digital environment, on the other hand, is quite a lot like a small village.
The grocer can make effective suggestions for your food because they remember every purchase you ever made, they will know your consumption habits better than Amazon or anyone else in the modern world. They will know if you're expecting guests tonight just because of your purchases (and might gossip about that), and in that case they'll point you towards their cousin who's selling wine across the street. They will know if you're eating something that their other cousin, the local doctor, has said that you should avoid, and might refuse to sell you that.
The local lender (whether a banker or just a wealthy farmer who's a loan shark) does not need to 'profile' you - they know your dealings and your character, they'll know even if you've been stingy in giving back borrowed things as a teenager. If you buy condoms, the pharmacist will likely know with whom you're planning to use them. The contents of your bookshelf, as in your example? The village knows about that, people have been to your house, if there's anything unusual, word will get around - and if people have not been to your house, you've kept your privacy and the village does not know you, then you'll be treated as an untrustworthy weirdo with maximum prejudice; because keeping private is just not How Things Are Done Around Here. If your political opinions or religious views or sexual preferences don't fit what the village expects, good luck mentioning about it - their condemnation will be much more fierce than any Twitter mob.
So in that aspect, it's not something new, the level of privacy is slowly becoming as low as it was historically when we lived in much smaller communities. We have had some centuries of urban pseudo-anonymity, but it's fading now. It has been just a temporary reprieve, when you could move from a literal village to a big city, get lost in the crowd and be free and anonymous. It was difficult to do in ancient times, and it might be difficult to do again in the future.
Very well put. It's the automation of the nosy village neighbor. People can decide whether this is good or bad, but it's less novel than they act like it is.
Yes, I totally get that perspective. As I said, I'm explaining why many people don't see it that way. They perceive it as a difference of scale and not kind. You have painted a very vivid analogy that shows how it is different. Do you really disagree that some people have no qualms about other people seeing what they do online?
Well i can't disagree with people having opinions, only with their opinions, and even that might be a useless endeavor. I disagree with the "the internet is like outside", the "the internet is like a tribal village" and with the "corporations are like people" metaphors.
But to answer your question: I believe that the constitution must limit the data, which government agencies and private corporations can legally aggregate and process. Our european constitution says that personal data belongs to the person, and refers to the concept of consent for limitation of processing. So to answer your question: no, if people are well informed and freely share their data with a corporation, i would not restrict their freedom to do that.
I do however disagree that this is what is happening right now. Corporations behave like its a gold rush and the one whi mines the data owns it. In my honest opinion the relationship between the data aggregating corporations an the data subjects is highly abusive. Many people have little to no understanding who collects their data for what and many of those who understand say they have no real choice but to let it happen.
This is where the "like outside" argumentation happens: well you can't prevent your neighbor seeing you leaving the house. Sure that might be true in some way, but this neighbor installed a surveillance camera and makes photos every time i leave the house, then follows me to the store, takes notes what i buy and tries to hold a microphone into my conversation with the clerc. That is why i split between the spy and the clerc in my analogy, the agents work for a "Lead Intelligence Service" or similar adtech entity.
Lets look at facebookistan with its population larger then the USA. In the anthropomorphic village metaphor, who is this "Facebook person"? For many it is an every day companion that is present in most of their interactions with other people or companies. The person they go shopping with. Facebook is not a clerc or a neighbor, but a clingy spouse that is also trying to sell you stuff and is gossiping about you behind your back. And that is too positive, as it lacks the asymmetry: FB throws your stuff away if it doesn't like it, rats you out to the government and hands you a divorce without ever having any feelings for you at all. Also almost everyone in the village is married to this one person, who can be in all living rooms at the same time. And not being married to FB has serious downsides, like being the only one who does not go to church. FB is not like the village clerc, at all.
The Anthropomorphism is an illusion.
I think you'll have more constructive conversations on this topic if, instead of disagreeing with an analogy wholesale, you seem to understand _the ways in which it is accurate_ and then respond to those. Yes, of course, the internet is not outside. It's an analogy that illustrates a broader point, that what you consider a reasonable expectation of privacy looks to others like tin foil hat wearing.
The truth is, despite all of the analogies you've presented about neighbors with security cameras and clingy spouses, most people do understand that and they simply don't care. What realistic future so you see where that comes back to bite them, beyond feeling like it's creepy?
I think the analogies are faulty. The anthropomorphism is used to argue that companies should be allowed to harvest data on a massive scale, because you can not reasonably expect your neighbor not to look out of the window. I find that ridiculous and reject the argument. It also paints a romanticized picture that makes people emphasize with an abstract inhumane entity as if its brand was a person within ones social circle, and that is biased by design. That can be seen when i try to explain the data harvest by some such corporations within the limits of the analogy: my counter example requires metaphors you find absurd and which you describe as "tin foil hatty", because they don't normally happen outside in villages - yet you probably have an extension in your browser that blocks trackers, know how those work and know perfectly well what i reference with the trenchcoat wearing agents of adtech.
> most people do understand that and they simply don't care
That's the thing: if they are well informed, of the appropriate age, and give consent, that is fine by me. But in my opinion the relationship between the mega-corporations and the people is one sided and abusive, so such careless consent isn't worth much. Imagine a village and i say to you "hey that farmer is beating his wife", would you say "well that is how they do things here, most farmers are beating their spouses, and they don't seem to care"? There is something wrong with that village. But i think the corporations as people analogy is overused. For most data farmers the users are more like cattle, not spouses or neighbors. This asymmetry can be seen with other freedoms as well: many people don't read contracts anymore, leave alone know about the freedom of contract. They simply have accepted that the corporations give them one and they sign that unread. After all, what alternatives exist to _<monopolised proprietary technology everyone uses>_?
> What realistic future do you see where that _[unregulated data farming]_ comes back to bite them
A change of society away from "Liberal Democratic Capitalism" to "Totalitarian Surveillance Capitalism" enabled by mega-corporations abusing their position as gatekeepers for social communication, capitalist markets and even government services.
... wow we strayed far away from nsa backdoors. Let me just say this: as someone who had "east german ministry of state security" as part of the school curriculum, i can only warn those who did not about the immense dangers of a database with a profile of every citizen created by invasive surveillance into their private lives. In less realistic scenario: they might be building a baslilisk in that utah data center that ranks citizens for termination by drone strike and that can go very wrong in case of a singularity. Arnie even traveled back to 1984 to warn us ...
You are 100% correct. Itâs legal fetishism, which allows legislators to abrogate their responsibilities and keeps the moneyed stakeholders happy.
The notion that my papers inside of my rented apartment have dramatically more protection than my data inside of a rented server is absurd.
I should read up on that cloud act some time. Is it true your government can search any data you store in a rented netspace without telling you?
_Edit: or more precise the "Stored Communications Act" - Cloud Act seems to deal with offshore servers in particular._
We have something called the third party doctrine, which stems from Supreme Court cases in the 1960s and 70s.
Basically you have âno reasonable expectation of privacyâ with respect to any information that you provide to a third party who is not an attorney providing counsel or a doctor. Your bank records for example, do not require a warrant to access under this principle.
All of this put in place by the courts. Stranger still, this sort of thing has become something that âconservativeâ judges are champions of.
Wonder if there is a business model for attorney privileged data storage.
There was an article on HN recently about how Google does something like that, internally. It claimed employees CC in house lawyers to tag attorney client priviledge on emails they wouldn't want, e.g. antitrust investigators, to obtain too easily. Even if it just delays discovery or adds friction, mission accomplished.
https://news.ycombinator.com/item?id=24769847
Isn't it more similar to your privacy in a rented PO box or storage unit?
Huh, your imaginary city reminisces one in The Murderer by Ray Bradbury.
About a year ago i wanted to get a used car. Did a few searches, including facebook marketplace. did the purchase not long after that. a little over a year later and i'm still getting ads from facebook
He failed to change things because he was a spy, with the objective of sowing chaos.
Look, my estimation of "general technology consumer mass" is incredibly low, but I promise you nearly every American adult knows who Edward Snowden is and probably has at least a vague idea of what he was trying to communicate. I agree that many â maybe even most â people don't understand the issue very well, but I think it did have a pretty large impact at the time and since.
>but I promise you nearly every American adult knows who Edward Snowden is and probably has at least a vague idea of what he was trying to communicate.
I highly doubt this. In 2015, only 60% of Americans had some idea of who Snowden was, and only half of those had a positive opinion of him. I doubt this has improved over the past five years either.
https://www.aclu.org/snowden-poll-results
60% of Americans having some idea of the issues he raised is assumably a vast increase in awareness of the topic compared to the time before his leaks became public.
> 60% of Americans having some idea of the issues he raised
His comment says an idea of "who [Snowden] was", not of what he was trying to say.
> only 60% of Americans had some idea of who Snowden was
It's things like this and people who believe the moon landing was faked that convinced me universal suffrage isn't a good thing, and we need some sort of poll test to make sure people are educated on issues before voting. I realize the US has a bad history with "literacy" tests, but it's clear that most people have no business voting.
I sympathize with the frustration, but the tests themselves will just be another attack vector for voter suppression (history proves this).
Probably better off spending resources on improving education and political awareness.
I personally think that if we arenât going to let someone vote then we shouldnât ask them to pay tax either.
>I personally think that if we arenât going to let someone vote then we shouldnât ask them to pay tax either.
Agreed.
Conversely I believe that people who haven't paid tax in a reasonable amount of years, through either not generating it in the first place, avoision or being a net beneficiary of state aid shouldn't be offered a vote.
Frankly that's a horrifying prospect - if I get seriously injured and have to go on permanent disability, I'd rather not be (further?) disenfranchised.
This is the same as saying "I don't believe disabled/poor people should be able to vote"
The disabled aside, no, I do not believe people who are withdrawing more from their society than they are depositing should be given a say in the governance of that society.
Doesnât this create an incentive for those who make enough to vote to enact more laws to make it harder for those who canât?
you say 'disabled aside' but what about the myriad of other reasons? Mental health, unemployment, pregnancy that year, international travel but still a citizen, w/e. As soon as you start pointing to reasons that a government can/ can't take away your power to vote you are screwed as a populace. Not that i have much faith in the voting system anyways cause' who knows how they count the votes anyways. It seems the incredibly old voting machines that they have could easily be hacked by a nation-state level effort.
>Mental health
If you're mentally unfit to contribute to society then I believe you to be unfit to weigh in on our governance.
>unemployment
I previously mentioned within x amount of years (where x is deemed reasonable) to account for short stints of unemployment. I do not want the long term unemployed weighing in on our governance.
>pregnancy that year
Already covered
>international travel but still a citizen
If you're not present and contributing to a society, in my view, you should absolutely not have a say in the governance of that society. In fact, I find the idea abhorrent.
>As soon as you start pointing to reasons that a government can/ can't take away your power to vote you are screwed as a populace.
Not really. Our species has survived and thrived for tens of thousands of years before widespread "voting" became available. The free-for-all in terms of access to voting is _very_ modern, and _very_ Western.
The modern West is, coincidentally enough, now in a freefall downward spiral from which it likely won't recover. We've went from high trust, well functioning societies where one person could go out to work in a blue collar job and support a family, to a very low trust society now hanging on to false premises like a house of cards, where even two people working full time can struggle to put food on the table.
Screwed as a populace? We're already frogs in the pot and that _is with_ this fancy "everyone gets a say" notion in place.
>Not that i have much faith in the voting system anyways cause' who knows how they count the votes anyways.
My lack of faith in the voting system is that some entity, barely through puberty, highly influence-able, no skin in the game and therefore nothing to lose, can be told by some troglodyte celebrity to go vote for their (the celebrity's) candidate of choice and _that vote_ is exactly equal to that of someone who contributes to society and invests their time in keeping on top of the issues that society faces.
Sorry, but when it comes to _governing a society_ in the name of preserving and advancing its wellbeing, the above is nothing more than a joke and a cruel one at that.
"If you're not present and contributing to a society, in my view, you should absolutely not have a say in the governance of that society. In fact, I find the idea abhorrent."
Then perhaps folks living internationally shouldn't be taxed. the truth of the matter is that living elsewhere doesn't release you from being taxed or filing tax returns: Folks in high-tax countries won't get additional tax, but folks in cheap places do.
I'll add that there are myriads of reasons folks won't pay taxes: Staying home to take care of children or parents is one of them.
>Then perhaps folks living internationally shouldn't be taxed.
I 100% agree. This is unique to the USA, as far as I understand it, and only applicable to those earning over $100K, but in my opinion no non-resident should be taxed.
Okay - I totally concede on all points. What would be the cutoff for 'contributing to society'. If you had a minimum wage job that you worked 20 hours a week earn you a vote?
> Not that i have much faith in the voting system anyways cause' who knows how they count the votes anyways.
Your stateâs Secretary of State should be able to describe the vote counting process and how it is monitored by third parties. Confidence in the voting system is crucial in a democracy. Having questions is good but the answers do exist.
Governmental legitimacy comes from much more than just property and taxation. The government is entrusted with the monopoly on violence, and thus anyone on whom this violence is expected to be applied deserves a vote. There are other reasons too, but this is an important one.
> and thus anyone on whom this violence is expected to be applied deserves a vote.
Or people who might be expected to get sent away to inflict violence and suffer the consequent dangers of doing so.
Heinlein was all sorts of fucked up, but his repeated idea of ex serving military being more equipped to vote for the people who get to choose to deploy the military certainly has some merit.
So the poor shouldn't be able to vote?
Let's come out and say it: this is a policy designed to consolidate power in the hands of the rich.
Universal suffrage is important.
If it were so important youâd think people would treat it as such, and yet a look at any election or referendum shows the majority simply do not. Indeed the USA, that great âexporter of democracyâ has turned their right to vote into something akin to duelling religions, or sports teams.
Low information voting isnât new either.
If it helps, Iâd also stop the elderly from getting a vote once theyâre within x years of the average life expectancy for their gender. If youâre not going to have to live with the consequences, you really shouldnât be getting a say in things.
I agree that low information voting is problematic.
But don't use that as an excuse to disenfranchise the poor. Poor people are often better informed the richer people.
>Poor people are often better informed the richer people.
I wouldn't be surprised, but I'm still going to ask for some proof to the above?
Sorry but no - universal suffrage has been proven historically to be far less flawed than any of the other suffrage limits we've ever had - giving everyone, including the idiots and the deplorables, a voice lets us see what our society is actually made of and might just make[1] education a bigger priority in the US budget.
1. Future tense because right now the US doesn't have 1 person 1 vote equivalence for most elections.
> a voice lets us see what our society is actually made of and might just make[1] education a bigger priority in the US budget.
How does that work once the idiots are in charge of the budget?
> 1. Future tense because right now the US doesn't have 1 person 1 vote equivalence for most elections.
Well it does. The confusion is about what youâre voting for.
> How does that work once the idiots are in charge of the budget?
Society collapses and we become a failed state - but states fail all the time, universal suffrage appears to minimize the number of states that need to fail.
> Well it does. The confusion is about what youâre voting for.
When it comes to voting for president, my vote as a Vermonter is objectively worth 2.63 times as much as my friend from Washington - additionally the FPTP voting approach and winner take-all electoral college causes a lot of other oddities that make my VT vote essentially worthless when compared with a resident of PA.
There are a few ways we break 1 person 1 vote equivalence and while we can argue whether that's a good or bad thing you can't argue against it being the case.
> Society collapses and we become a failed state - but states fail all the time, universal suffrage appears to minimize the number of states that need to fail.
Curious claim. Has there been any research that shows states are less likely to fail with universal suffrage?
> When it comes to voting for president, my vote as a Vermonter is objectively worth 2.63 times as much as my friend from Washington
See, thatâs the confusion. Youâre not voting for president directly. Youâre voting for who you want your electoral college to vote for. In most states if youâre on the losing side of the vote in your state, your presidential vote literally means nothing.
Your individual vote in Vermont is not âworth moreâ than your friendâs vote in Washington because your both just voting in state level decisions about who the college should vote for.
The legitimate claim is about the number of delegates and (arguably much more important) the number of house representatives each state is getting.
Reiterated, there isnât a lack of 1 person 1 vote equivalence in any elections I know of in the US (e.g. landowners donât get extra votes). There are just elections people think are direct democracy when they are far from it.
Regarding research - hrm, not seeing super much out there but societies have evolved (or devolved if you care) into democracies pretty reliably and democratization seems to be a general government trend.
I don't disagree on the point of voting - it's not technically a direct election of the president. But we're still voting to impact the presidential election and my vote counts more toward that decision than my friend in WA.
I don't follow how states evolving/devolving into democracies being a general trend supports the initial claim that universal suffrage minimizes the number of failed states?
> Society collapses and we become a failed state - but states fail all the time, universal suffrage appears to minimize the number of states that need to fail.
The only society's that i can think of that lasted a long time were society's that didn't have universal suffrage. The idea of a republic is pretty stupid to be honest. What you end up with is a bunch of people with completely different agendas to ensure that every issue gets hotly debated and when a decision is 'made', barely enforced or executed on. Additionally, it seems to give rise to massive paternalism and loss of freedom which is suppose to be the opposite of what it was meant to do.
>we need some sort of poll test to make sure people are educated on issues before voting
We've decided to go the opposite direction. The US media, celebrities, big companies, etc. have all decided that a huge low-information voter turnout > smaller but better informed voter turnout.
Indeed, apparently democracy is better when everyone participates, regardless of whether a vast amount of those people have the slightest iota of what they're participating about.
>we need some sort of poll test to make sure people are educated on issues before voting.
Okay, now start thinking about what happens when the political party you like least takes power and starts rewriting the poll test questions to advantage themselves. Then perhaps you'll see why this would be a catastrophically bad policy.
Are there not measures we could put in place to limit the possibility of this? E.g. Write a very basic and non-partisan test with clear answers and no room for subjectivity. Require x% of each party to approve the original test and any amendments in the future.
> we need some sort of poll test to make sure people are educated on issues before voting
In principle, that's a great idea. I mean, we do have to take driving tests before we are allowed to operate dangerous machinery. We should be required to take tests before we are allowed to affect the lives of millions of people.
You can have a similar argument for parenthood. Require classes before people are allowed to bring another human into their care. Nurses have to, why not parents?
The problem with that is that these tests/lectures are defined by other humans. This shifts an enormous amount of power into the hands of a few. Next thing you know, you now have a handpicked elite eligible to vote. The US has historically used this mechanism for segregation.
Having universal suffrage (which is not yet very universal in a few countries, US included) at least allows the average to smooth out outliers. It does create perverse incentives towards not allowing the population to get TOO literate, otherwise they will be educated enough to see through all the BS.
Collectively, we need to focus on improving education for everyone and fighting disinformation. World War 3 has already begun - except it's using words, not weapons.
> these tests/lectures are defined by other humans
Are driving tests not designed by other humans? Drivers test writer could already design the tests in such a way that would have them favour certain groups. They ensure a minimum level of competency, which seems reasonable to expect from those who are voting or raising children.
> Next thing you know, you now have a handpicked elite eligible to vote
This seems like the slippery slope fallacy.
> not yet very universal in a few countries, US included
Who isn't allowed to vote?
Australia's citizenship test used to (perhaps still does) ask "What was Donald Bradman's batting average?"
A not-so-subtly hidden and totally racist/anglophile question, designed to weed out people/cultures who don't historically follow England vs Australia cricket and know it's "legends". Upper middle class middle aged Englishman? Welcome in sir! Your skin isn't pure white except for the 4 days of summer it turns lobster colour? Well you're not "a good cultural fit" here, sorry.
History proves that anything less than universal suffrage, even if ostensibly for the "right reasons" will be abused.
On the grander scheme, any avenue for political groups to obtain or retain power will be abused. This is why we don't require licenses for people to have children, because the system will be abused in order to ensure a politically desirable future generation.
I absolutely agree that most people are stupid and should not vote (to put it bluntly), but the alternative is much worse.
Who designs the test?
I was going to ask the same thing.
"The issues" vary between people. How many do you include? Are they just the basic stuff the news covers?
Do you need to know federal, state, and local issues?
If you vote in a federal election, do you need to know issues in different parts of the country?
Wouldn't the test show the biases of the test makers?
Parties write the test together and it must have x% approval from both parties in order to pass and be amended in the future. It is short and simple, covering only basic topics at the federal level that are relevant to the whole population regardless of location. E.g. What person currently holds position A, who was the first B, what is the purpose department C, etc. These can be multiple choice with fairly clear answers. Test would be released 1 year before each election, can be re-taken as many times as you'd like, and you need y% to pass. This seems like it would be a good start that would weed out people who are completely uninformed and unwilling to do the bare minimum to vote.
That's exactly the argument those who implemented those maligned poll tests made. They were made to keep the wrong people from voting on the basis they didn't know what was best.
That's why they're a bad idea and should not return.
It's comments like this that convince me most programmers are arogant douchebags. Just because someone has a weird idea about an event that had almost no direct affect on the general population doesn't mean we should remove those peoples ability to have a choice in matters which will effect them.
Knowing more than someone else does not make you morally superior or give you more of a right to have a say in your own fate.
If that were the case we would give babies, kids and teenagers the right to vote. Kids would always vote in a superhero or ice cream. And chocolate would win in a landslide.
We only allow those of a certain age to vote because they are able to understand and weigh the issues fairly.
We only allow those of a certain age to be juriors for that reason.
> We only allow those of a certain age to vote because they are able to understand and weigh the issues fairly.
Yes, but we draw a simple, arbitrary rule at a fixed age because everyone grows older, so it isn't manipulable by anyone who is motivated to do so.
If the vote permission line is drawn by more complex means that gives a different answer for different people, it becomes a primary target for manipulation, abuse, and group selectivity.
For example if it was based on IQ tests or even general knowledge tests, it is already well understood that these are heavily biased tests which test for social background, culture and upbringing, rather than general intelligence.
If there's going to be a voter test, it needs to be extremely robust, something just about everyone has confidence in to be fair and appropriate.
Maturity is different than intelligence.
The best example of the Snowden fallout and the apathy around it was when John Oliver interviewed both Snowden and many people on the street. People on the street did not comprehend what NSA monitoring meant and did not care until John put it in terms they could understand. "So you are ok with the NSA seeing pictures and videos of your significant others junk you text (sext) back and forth?" "Oh, I would be furious if they were seeing that". That was how nearly every conversation went.
I think THAT is where the apathy comes in. THAT is probably the biggest concern of your average internet surfer. They think, "I don't trade any high level secrets... I'm a nobody". So the worst thing they can conceive is, "but I did send some pics to that person I met on Facebook. I sure would hate for my significant other to find out". That's something that can resonate with a far larger group. Many honestly don't care because they feel there's nothing they can do. Perhaps they're right. It's not like the US Gov (or any other) said, "oh, you caught us.... fine we'll shut down the program"
I totally agree that it's sad that we're in this place of apathy. But it's hard to get folks all excited when they don't believe it'll really affect them personally.
But that is not what the NSA monitoring meant. They do not get to see pictures of your SO's junk. They do know who you called and when but not tied to your name.
Maybe, but they do for sure listen to your calls. I used their software in a wireless provider. "She" was fascinating. She could understand any language, dialect, voice inflection, and so much more. No training required whatsoever. She listens to all international calls and flags phrases and key words.
They don't listen to your phone calls either. If they did, Snowden would have leaked it, and it would have been a bombshell revelation. If you have information otherwise, you should blow the whistle.
There is no whistle to blow. It is fairly well known that all international calls into or out of each country are monitored by bots using speech recognition by the related agency for each repsective country. This has been the case for a very long time. Before bots, there were listening stations with thousands of people monitoring calls. There would be nothing for Snowden to leak in that regard. The only place this has been taboo is when the NSA is doing it within the country. They too use bots, as there is no way you could hire enough people to listen to the calls. Only flagged calls are listened to by people.
Confirmed in this gem:
https://web.archive.org/web/20200618030047/https://www.balti...
I am almost certain this has never been reported, I am also almost certain it is not the case. Can you provide a link?
What you claim is "fairly well known" is directly disputed by Snowden's leaks, which say they cannot. They can only tap calls where both endpoints are outside the US and are people who they have reason to believe are not US citizens.
https://www.latimes.com/archives/la-xpm-2009-jan-16-na-wiret...
They do, Snowden and others have leaked it.
https://www.cnet.com/news/nsa-spying-flap-extends-to-content...
None of Snowden's documents say so. If they did, that would have been the biggest story in his leaks. Your own article says that they cannot.
He released the details of xkeyscore, which details the system involved with tapping into anyone's personal communication. It doesn't explicitly mention wiretapping, but it seems likely that connecting to a server containing those recordings would also show up in a search.
And we know that they have such servers from the events surrounding Room 641A. Snowden also released documents from that incident, such as the NSA attempt to stop publication.
And in my article, the NSA claims they can not legally search such data without a warrant. It doesn't say they are unable to access the data illegally though
> He released the details of xkeyscore, which details the system involved with tapping into anyone's personal communication.
No, that is not what xkeyscore is. Xkeyscore is a database for metadata.
> And we know that they have such servers from the events surrounding Room 641A.
And thanks to Snowden's leaks, we now know that these are for tapping communications between foreigners where both foreigners are outside the US.
> It doesn't say they are unable to access the data illegally though
Within the US, they can only do so by asking the phone company to set up a tap, just like the FBI. Your article does not dispute this.
This is a bit of a term of art. "They" don't "listen" to your calls. A computer does.
Says who? Not Snowden's leaks. Not the NSA. Not Ron Wyden.
> They do know who you called and when but not tied to your name.
For a state-level actor (or the mobile provider itself or those other corporations to which it sells data for advertising purposes) to identify by name the human being who is the source of phone calls, is trivial in most countries today.
However trivial it may be, it is illegal for them to do so even under their lawyers' interpretation, and Snowden's leaks did not show that they did so.
according to Snowden, they did:
https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webca...
That is not the NSA, which (as your article says) cannot access any of that data that comes from Americans without a warrant.
Piggybacking on your point about the general public: historically something like 25 to 30 percent of people don't even know who the Vice President of the United States is...and this goes back to at least the 70s. Simply asking someone if they know who Snowden is doesn't really prove much. What percentage of people will just lie and say they know?
They don't know who he is. American adults are uninformed about most issues and will just parrot what they're told to believe in. Mass media paints him as a bad person so that's his public image.
N = 1 blah blah, but my Dad is a West Virginian factory worker who couldn't name one current Supreme Court Justice (including the one just appointed), but he has spoken positively about Snowden for years.
Zero doubt that the common people of this country have much more affinity for Edward Snowden and anti-surveillance viewpoints than the psychos at the top running things.
Eh Appalachian labor has a history of being on right side of morals and the wrong side of force
>but I promise you nearly every American adult knows
If the next thing you are going to say is not "The current President of the United States", then sadly you are extremely mistaken because that's the only political fact you can confidently say that all Americans know (and even then, it's not 100%).
Source: A political science degree that I don't use, but this sad fact is well known.
I dont think this is a given. Not a perfect source, but man this was depressing
https://youtu.be/XEVlyP4_11M?t=422
>They totally still call you paranoid.
People really don't. You can search comments here or elsewhere, you really won't find anyone calling anyone else paranoid for suggesting the government is watching everyone, intercepting communications, listening in on conversations, whatever. Find me a single example of anyone doing so in the past 2 years without an immediate reply from someone else (i.e. somene other than the OP) saying "No. Sorry. Since snowden you don't get to call anyone paranoid for thinking the government is listening."
In fact, quite the opposite I bet if you asked anyone with an Amazon Echo, "Do you think the government can listen to private conversations using an Amazon Echo" my guess is most people would say, "I don't know. If they really needed to, I guess?"
Nobody would say, "Of course not. Don't be paranoid."
>They totally still call you paranoid
Id' say it's weirder still. A lot of people are well aware, and some even spout the wildest speculations about data usage, but if you actually go beyond shallow comments and suggest action (preemptive, legislative, etc) you are often met with a general "well, you care too much" attitude.
I get it, there's a lot of effort to be put in just to understand these matters, let alone remedy them.
John Oliver did an episode on surveillance where he actually interviewed Snowden as well as "people on the street". Although most had no idea who Snowden was, there was (among the people shown in his interviews - could have been selectively chosen) a heightened awareness of the surveillance state.
https://www.youtube.com/watch?v=XEVlyP4_11M
Nowadays the right wing nutbars are actually pro-government because they think that a large fascist government complete with secret police and massive surveillance will protect them from pedophile vampires. No I'm not joking. It's the same alex jones types who used to be all about neoliberalism and deregulation. The people who were afraid of "the chip" are now begging to be tagged because they think it will save them from human trafficking. That's what happens when Americans are trapped at home with nothing to do but go on facebook and youtube: they get indoctrinated into stupid christian deathcults.
You could say the same thing about early coronavirus victims. Nobody learned from them. Look where we are now.
In my country, law enforcement (police) apparently uses or has used hardware to allow secure / encrypted communications, whose encryption was supplied by a Swiss company (Crypto AG) which was secretly owned by the CIA which built in backdoors since the 70's.
So basically the CIA and by extension the US government has compromised their allies' communications. I hope there are massive consequences, but probably not.
> Many don't trust Intel processors and Cisco routers anymore
In fairness, my lack of trust for Cisco products pre-dated the Snowden revelations, and were based on the products themselves.
Nothing I've seen since has caused me to change my opinion.
https://hub.packtpub.com/cisco-merely-blacklisted-a-curl-ins...
> Many don't trust Intel processors and Cisco routers anymore
That's Cisco's own fault given that there are rarely more than 6 months between critical firmware releases that either have some way of hardcoded backdoor account, remote code execution or other similar bugs.
Itâs not Ciscoâs fault if the NSA has compelled them to add those âbugsâ
It absolutely is. There can be a duty to resist. People get killed based solely on data collected from signals intercepts. More people and companies should take the brave stand Lavabit did, rather than be complicit in oppression and state-sponsored killings.
While I dislike the NSA as much as practically everyone else here, Iâm not aware of any state-sponsored killings done by the NSA. Sure, the executive branch _has_ ordered killings, but the branch is so large, lumping it all together makes no sense. The NSA, FCC, FTC, EPA, etc. donât kill.
Now, you should resist, yes, but _most people donât._ It takes a _very_ brave soul to resist and hope the Supreme Court will side with you. Civil disobedience generally also requires vast public support who would rally behind you. Practically everyone knows Rosa Parks, but polls have shown only about 60% of Americans have even _heard_ of Snowden. Public support is a fraction of that.
Ciscoâs executives would also end up being involved in some _massive_ lawsuits if they shut down the company to take a stand. Lavabit, OTOH, was _multiple_ orders of magnitude smaller than Cisco is, and they could afford the backlash. It also didnât help that Lavabit catered to tech people who would understand why they shut down. Cisco, OTOH, is used by virtually every large business; many of the employees of which would not understand _why_ they shut down.
You expect the agency responsible for putting secret backdoors everywhere to be publicizing their state-sponsored killings?
The NSA isnât really in charge of the killing part anyway, thatâs the CIA/FBIâs job
Ah so they aren't killing anyone, they are just gathering the intel which uniquely enables other agencies to kill people, that's very different, got it
"Sometimes paranoia's just having all the facts" - William S Burroughs
> Before Snowden they would call you "paranoid"
No. They'd call you a "conspiracy theorist". By "they", I mean the news/media would call you a "conspiracy theorist".
It's cool how "conspiracy theories" are always false, because the instant something which had been dismissed using the term is confirmed to be true, it's no longer a theory!
> It is not fun anymore
You like Castlevania, don't you?
I think it's a lot of fun. Like Gandalf talking to that butterfly on Sauroman's tower. Add some life to some old video games. Let power dress up like commoners to see what's up and help out good people. Odds are, stuff like this went on since prehistory.
It has always been true that any computer connected to the internet could be accessed by an unauthorized party, even before the leaks. Disconnect from the internet and nobody is getting in, including the NSA.
> Disconnect from the internet and nobody is getting in, including the NSA.
Oh boy. That's some serious delusion in 2020. Wireless cards and higher end network interface cards are independent computers. Your processor has another processor (Intel ME and others) in it. Baseband Management Controllers are also independent computers on their own right.
With closed firmware and wireless capabilities, you can never know what they're doing at a given time.
Stuxnet reached systems which were seriously air gapped. Consider a what a laptop with a _witty_ wireless card firmware can do.
I'm not getting into TEMPEST attacks and their newer versions, passive surveillance, etc.
I've listened tales about Cisco devices which were configured to isolate and prevent internet traffic but, they _mistakenly forgot_ to drop some magic packets. Uh.
---
Random facts about this stuff:
- Your Intel system runs a special version of Minix on its Management Engine. A version of Minix customized for Intel by its original developer.
- There are photos of Cisco devices which were _delightfully enchanced_ by NSA before shipping to its customer via special firmware and/or hardware. NSA still retains this capability.
Stuxnet is interesting. Apparently, the US and Israeli agents threw away a number of USB devices around target facilities. What do you do when you find a USB stick? Well, eventually someone working in an air gapped facility picked up one and used it inside.
The NSA apparently perfectly aligned 4 zeros days in Siemens and Microsoft products to spread the malware from USB into the Iranian LAN (shared printers, industrial PICs etc).
The fact that they could choose and align 4 zero days indicates that the NSA probably has a large list of zeros days.
Its more nuanced than that. Didn't read the book completely but read a long report. What I remember:
- They got exact hardware details and topology of the centrifuges somehow.
- They've stolen Realtek's driver signing keys.
- The virus looks like a simple worm which can infect other USB devices and doesn't unpack beyond a certain point if it can't find the SCADA equipment and the correct device ID & topology (It's like a homing cruise missile which looks like an RC plane from distance until it finds its target).
It's possibly the most sophisticated hacking campaign when social and technical aspects combined.
> It's possibly the most sophisticated hacking campaign when social and technical aspects combined.
Itâs the most sophisticated one _we know of_
And it's 10 year old now...
Frankly I expect basically all computers are compromised at this point.
And I expect all food is unhealthy, so all I eat is pancakes.
The hardware-software combination that was used to compromise the Iranian nuclear facilities was amazingly old and primitive, though. It truly was a weak link that I cannot fathom how this wasn't upgraded looong before. I mean, I guess it just didn't matter that much, after all, it's _only a uranium enrichment facility, after all._ What could possibly go wrong?
You're overestimating SCADA systems (and industrial control systems in particular) about their pace of evolution.
Some ideas about the reason they had this particular hardware and software combination:
- The SCADA hardware they got was not compatible with newer software which runs on more modern OSes.
- The SCADA software didn't have any newer version which runs on newer OSes (Windows 7 and further versions are more restrictive in terms of direct HW access).
- Since there are sanctions it was the only hardware and software combo they were able to legally obtain.
Industrial control is like automotive industry. Everything is improved in minuscule steps and by encapsulating everything in more modern carriers. A good example is MODBUS. They still carry the same data, the old way. Only thing is it's either encapsulated in USB or TCP/IP. Why? Because it works and allows perfect backward compatibility.
Since neither the hardware and the software has to run latest version of Doom (metaphorically), if the application is reliable, it's left as is. Even if it runs on DOS 6.22.
Fun fact: There's an auto repair shop in Poland which runs its main application on a C64 [0].
[0]:
https://www.popularmechanics.com/technology/gadgets/a23139/c...
> - They've stolen Realtek's driver signing keys.
I have been to Realtek's offices in Hsinchu many times. While the other efforts may have taken major resources I don't think getting their private keys would have been hard at all. Especially back then. IMHO the building and some people could be easily compromised and I suspect they didn't really care much about security.
Morality aside, the whole system was a work of art.
If anyone is interested in this, or wanna refresh your memory, you should watch the docufilm Zero Days (2016) by Alex Gibney (most of his âmoviesâ are quite interesting)
https://www.imdb.com/title/tt5446858/
Book?
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon - by Kim Zetter [0]
[0]:
https://www.goodreads.com/book/show/18465875-countdown-to-ze...
You know, I've heard so many variations of those "USB drives in the parking lot" stories, I wonder if that isn't a cover for something else. Or maybe just someone covering their asses and not willing to take blame for something else.
"USB drives in the parking lot" could be the tech industry's Korean fan death.
> In one test of how well a USB scam can work, Trustwave planted five USB drives decorated with the targeted companyâs logos in the vicinity of the organizationâs building. Two of the five âlost & foundâ drives were opened at the organization. One of the openings even enabled the researchers to glimpse software employed to control the organizationâs physical security.
https://www.redteamsecure.com/blog/usb-drop-attacks-the-dang...
They are used to great effect in pentesting. I think it's natural to see a drive and think "Oh no, I need to get this back to a coworker."
I have a friend who does pentesting and she collects many cool and interesting looking usb flash drives for this very purpose. She says "60% of the time, it works every time."
I agree. I'm sure the level of this organization operates at utilizes teams of their own vulnerability researchers to provide themselves with the ability to create new and novel zero-day exploits that are not-disclosed to the big players. This is Internet warfare.
I tend to repeat these types of concerns: the number of powerful and complex black boxes are increasing, with things like 5G making it even easier to low-key pass information without us knowing.
A common counterargument comes up when discussing devices like smart speakers. Defenders say that the devices are too low-power and that we would be able to notice power usage changes and sniff network data being sent if spying were happening. IMO, this is true to an extent, but also any onboard preconfigured recognition of certain products could easily send info back to, say, Amazon servers and you wouldn't be able to distinguish it from a "false positive" question to "Alexa". Knowing the extent to which these capabilities are plausible and/or would have been caught by now if they existed is, to me, murky.
This also applies to on-board chips and wireless data. Would we not notice from power usage and sniffing?
> - Your Intel system runs a special version of Minix on its Management Engine. A version of Minix customized for Intel by its original developer.
I hear a lot about Intel's ME, but not much about AMD's PSP. I assume it's just as bad. At least we know how to hobble the ME.
> At least we know how to hobble the ME.
No, we just _think_ we know how to hobble the ME.
I'm actually kinda curious if TEMPEST attacks or similar have been used spy on citizens ever now.
Here's a hobby-grade GSM modem dev board you can add to any 'offline' device for $40.
https://www.adafruit.com/product/1946
There are cheaper alternatives. A basic SIM800 based board can cost just above $3 on Ebay, probably less on Aliexpress, or less than $10 for a similar one with Raspberry PI compatible connections (useable with other systems as well).
Also interesting is the SIM7600 module which supports 4G LTE down to GSM plus GPS. Also available in Mini PCI-E boards.
https://www.ebay.com/itm/191879410081
https://www.ebay.com/itm/292237166116
https://www.ebay.com/itm/293802495042
Dang i might have to order some, thanks!
Fine, make a Faraday cage around the PC. Are you happy now?
Not enough:
https://news.ycombinator.com/item?id=24919589
> - Your Intel system runs a special version of Minix on its Management Engine. A version of Minix customized for Intel by its original developer
Not on all systems. It's neutralized and disabled on my Librem 15:
https://puri.sm/learn/intel-me/
.
When Russian hackers discovered and started using Intel ME backdoor Intel immediately published (already prepared?) instructions on how to disable it...
Please stop posting this disinformation.
How is this disinformation? The Intel ME is replaced with zeroes, except a few percent:
https://puri.sm/posts/neutralizing-intel-management-engine-o...
, and itâs hardly functional.
> Disconnect from the internet and nobody is getting in, including the NSA.
Wait until they put 5g chips in every single product to make them "smart". Few people talk about that but I believe it's the main use case for 5g. Everything will be connected and you'll have no way to opt out
> 4G can support about 4,000 devices per square kilometre, whereas 5G will support around one million
Who pays for the connection?
I assume for the radio to stay on, it's either subsidized by the parent company (Amazon pays for Alexa's 5G) or I'm paying for a subscription (Xbox subscription pays for 5G on some future mobile XBox)
Maybe you could get the cost down to $1 / month. If you invest $400 in the market it should pay out about that much, so you could make it a one-time payment of $400 for a 5G chip.
Consumer network connections, of any kind I'm aware of, don't go down to $1 per month. Maybe with a big volume order and a low bandwidth cap the cell companies would do it, or maybe 5G itself is just cheaper, but where does that monthly cost come from?
I have no answer but the amount of data that could be collected and the possibility to transmit ads to anything with a speaker or screen even if they're not connected to your wifi would be attractive to many companies.
> Disconnect from the internet and nobody is getting in, including the NSA.
That is patently false.
> Disconnect from the internet and nobody is getting in, including the NSA.
Ah, the "just move to the wilderness and grow your own food if you don't like the government infringing your constitutional rights" argument. I want to be able to meaningfully engage in normal society by buying consumer goods and connecting them to communications platforms _and_ I want my 4th amendment rights protected. I really don't think that is too much to ask.
a little interdiction while that new airgapped laptop is shipped to you and they got you, even though you never connected to a network
Exactly _what_ have they got, if you never connect it to a network afterward, either? A key-log that never makes it back to them?
(Iâm presuming here that the laptop is openable, and that you will do so and physically remove any wi-fi M.2 card from it â and associated antennae â since you wonât be using it. There might be some sort of extra surface-mount snooper chip left onboard that could replicate the same function â but without big antennas, howâs it going to report?)
You might not understand the depth to which you can be exploited. They will simply let you use your laptop and switch your USB cable, which has a built in 6ft antenna.
https://en.m.wikipedia.org/wiki/File:NSA_COTTONMOUTH-I.jpg
Researchers have been able to make integrated circuits emit radio waves.
Perhaps with something like this?
https://www.schneier.com/blog/archives/2014/03/ragemaster_ns...
Or this?
https://www.schneier.com/blog/archives/2014/03/cottonmouth-i...
If you have actually attracted the attention of the NSA, pulling your NIC is playground stuff.
Ignoring the larger context, but just technologically, RAGEMASTER sounds freakin' sweet. Like that's actually amazing.
And it can add a slight flicker that can be used as a signal and detected from outside.
Hope you have your bluetooth also turned off
And your mic and speaker. And the light sensors while you're at it. All can be used for exfiltration.
And never use USB devices (see: BadUSB).
or rather they're not getting in _or_ out. they might already be in. as long as both in _and_ out are disconnected, you're set.
A 2g or 3g module is <$100 and easy enough to hide without RF detection equipment. Plain radio is easier.
If the NSA has enough of an interest to be intercepting your packages, they're not going to shy away at adding in a transmitter or two of their own preference.
Quite considerably less. This one from Adafruit (hardly the cheapest supplier) is $30 and has GPS built in too:
https://www.adafruit.com/product/2637
And yet I have to buy a new phone because 3G is getting shut down.
I guess if I was the NSA I'd bring my own Stingray, but then you have to amortize in the cost of the van.
Have you heard of Stuxnet?
Three former senior intelligence agency figures told Reuters that the NSA now requires that before a back door is sought, the agency must weigh the potential fallout and arrange for some kind of warning if the back door gets discovered and manipulated by adversaries.
Meaning that before, they were free to plant as many back doors as they pleased without any concern for the consequences. And even now, they just need to think about it a bit and warn somebody, no idea who they tell, if they notice it being used.
NSA now asserts that it cannot locate this document
This is fairly clear proof of either corruption or complete incompetence.
"Meaning that before, they were free to plant as many back doors as they pleased without any concern for the consequences."
Kinda. There apparently is some approval process and such but I'm not sure everyone at he agency was able to make such requests in the first place...
I'm with your gist, I'm just not sure we know how widespread it really was. I'm not inclined to agree that it must have been ultra widespread.
We know that just one of the NSA's related programs, Bullrun, had a budget of $250 million a year from 2011. And by their own admission this gave them access to "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable". Further, their reports mention much more activity that Snowden did not have clearance for.
We don't know the full extent of their activities, but it clearly far surpassed what should be tolerable.
and it's not consideration of how many rights are violated; it's a consideration of the PR fallout.
The NSA needs to be disbanded.
The director of the NSA lied while under oath to congress, and nothing happened. As far as I'm concerned, what 3 letter agencies say publically is irrelevant.
It's an interesting case of cognitive dissonance. Most will admit when pressed a bit that the CIA/NSA/FBI do not have our best interests at heart and are out of control. They have repeatedly lied under oath, lied to congress, lied to the public, run human experiments on unwitting citizens, collect data on all of us, etc with complete impunity.
However many people somehow simultaneously hold the belief that these agencies should continue to exist, are deserving of our taxpayer dollars, and are generally Good Guys who happen to do bad things sometimes. Perhaps it's just too exhausting to consider the extent of corruption in the USA.
> Perhaps it's just too exhausting to consider the extent of corruption in the USA.
Abolish the (secret) police?
It's basically the same debate; people need to feel that the threat from the "protectors" is greater than the threat they are allegedly protecting against before something gets done. And, realistically, being spied on by the CIA is fairly low down the average person's list of problems. Even the citizens who are most directly threatened by American policing would prefer dealing with the immediate threat of street violence and gunshot murders by the police than the distant, nebulous threat of the CIA plane over the protests.
Having your _candidate_ spied on by the CIA, FSB, Met police, or Jim-Bob's Laptop Repair Shop is more of a problem.
While the threat (expressed as P(harm)*harm) from XYAgency surveillance is low or medium, the unmitigated threat from the things their surveillance practices protect against - namely, terrorism - is also low. The mitigation effect is lower still.
Objectively, even in 2001 terrorism was a negligible risk compared to everyday risks, and subjectively, there hasn't been a major terrorist attack for years. The only reason mass surveillance exists is a rationale by the US state that "more power is good". This may apply to the US army, but not to the spies.
Also, like you say, once the american spies start to (pun intended) "Interfere in american elections", then the problem affects everybody with P=1. Personally I could live with it trump were the only candidate they work against, but if they do it to trump, they likely do it to others. (I see no evidence of interference or other abuse of collected data currently, but I think it's dangerous to give them the power to collect all this info that can in principle be abused for selective prosecution and/or blackmail).
Also, it affects not just politicians, but also corporate execs, who can be further pressured using the other means of the state, and who themselves have power the state can deputize.
A democracy should have the surveillance powers that are proportionate to the benefit from these powers and no more. There is a positive value in minimizing state surveillance power; this concept seems lost on america. (In fairness, it seems lost on conservative parties worldwide.)
I think it's clear that they are out of control, from the examples you list among others. The harder argument is that they're not doing it in our best interest. Without good visibility into their activities (which could very well inhibit those activities), it's hard to tell which of their activities are a net benefit to our country.
My guess is that most Americans would expect that they sometimes do things that aren't legal, but that generally they are at least intending to do it with the best interest of our country in mind. That second part is the primary reason why they aren't being wholesale shut down, and why they're able to get away with things like lying to congress.
> The harder argument is that they're not doing it in our best interest.
I disagree. I think they absolutely _believe_ they are doing what is best for the country, but without actual accountability and meaningful outside oversight and input, I would say it is far more likely they have become myopically focused. That they are unable to accurately judge or weigh the effects of persistent surveillance against oneâs own citizens and how that negatively impacts a free and open democracy and a government that feels accountable to its citizens, vs their own very skewed perspective of looking at nothing but âthreatsâ and thinking about nothing but threats, and planning for nothing but threats. The âeverything is a nail to a hammerâ saying comes to mind.
> That second part is the primary reason why they aren't being wholesale shut down
Two thoughts:
1) Even if most Americans decided they needed to be shut down, how would we enact that? It seems to me there are very few people who have that power, and even if a great majority of us wanted it, we have no way to enact it (and no way of knowing if it was actually enacted; we could be told it had been done, but that could easily be an inscrutable lie)
2) If they were actually shut down, what would the people who worked there do? Highly intelligent, skilled, with low morals, used to performing nefarious activities; they would go on to be in shadow NGOs, organized crime, reform under other names, etc.
> _If they were actually shut down, what would the people who worked there do?_
Prison time, like any other criminal enterprise.
This is kind of ridiculous. These are high level conflicts between equally valid government entities about how they should operate as well as nebulous questions on how constitutional law applies. I would assume there are legal memos, signed authorizations, etc. for what is going on. We could argue that secret authorizations for these kinds of things shouldnât exist, but the fact is they do. If the president authorizes something, and years later, a court decides this action was unconstitutional, the employees are not criminally responsible. This isnât a Nuremburg trial situation where crimes against humanity are committed under the guise of âjust following ordersâ. This is a case of following orders because the best legal experts cannot 100% agree on constructional law and how it applies to different circumstances and different powers given to the various branches of government.
The straightforward way to eliminate the ambiguity is to submit the programs to democratic oversight, including by The People. But instead they've worked hard to do the exact opposite, going so far as to blatantly lie to congress. This points to a criminal conspiracy, regardless of how many employees are working to craft dubious legal justifications. Usually criminals don't get to just say "my bad" and walk away after being caught, and I don't see why higher crimes should carry less punishment.
These are intelligence agencies. Being secretive about what they do is largely the point. Some degree of oversight is of course required to ensure that the organizations havenât been subverted and are still on-mission, but the responsibilities of an intelligence agency are too fragile and too essential to be subjected to political meddling.
"Blindly trust us, or bad things will happen" has no place in a Free society - especially after they've been repeatedly caught abusing that trust. There are many steps NSA could take to increase their transparency without exposing the details of operations, but as I said the problem is that they actively oppose oversight. This is likely due to the usual authoritarian delusion ("taking more power will help accomplish our benevolent goal"), which is at odds with democracy.
The only reason the law is so complicated is so they can justify their clearly illegal actions.
If you took the NSA's "incidentals records" database and said you were purposely tracking Americans, it would obviously be unconstitutional. So they created a loophole to claim the obviously illegal act is allowed.
To be fair, Clapper did come back for a follow up, and basically said, "oops, looks like I was wrong." That's it. Congress didn't push back, and thanked him for his service. So looks like Congress is complicit as well.
Clapper was forced to issue a retraction after Snowden leaked material showing he perjured himself. He defended his then answer as the âleast untruthful answerâ he could give, maybe thatâs a term of art in intelligence when you intentionally suborn oversight.
That's pretty much part of their job.
Their mindset: we own the United States of America, and the rest of you are just sheep. We are doing shepherd's job and you don't need to understand it. We are doing wolf's job because there are wolves at the gate so we better fight back with bigger teeth. We the people do not include your ordinary sheep, and only the privileged ones are "people".
three letter agencies are to the US that the pretorian guard was to Rome after the fall of the republic. They seem to have their own level of authority above and beyond that of congress or even the emperors themselves. However in the US this authority not gained through threat of violence but through information. They have all the scandals, controversial issues about EVERY SINGLE MEMBER OF CONGRESS AND PRESIDENT. Who wants to pick that battle?
Wyden is great.
The big issue with backdoors, is that it's only a matter of time, before they become "front doors."
Presented for your approval. Imagine, if you will, a software engineer; probably based in the US, that writes a backdoor into equipment used to manage a banking transaction network. This is a fairly natural place to have it, as "follow the money" is a classic forensic technique.
Of course, access to this network could net nefarious (probably non-state) actors a _lot_ of money.
Said software engineer suddenly quits and buys a Bugatti.
The back door is now a front door, and it's baked into some hardware that can't easily be changed, as no one trusts the patches, now.
is that it's only a matter of time, before they become "front doors."
Look no further than Plaid banking service. They collect your banking login information. I guarantee there are blanket warrants to monitor accounts from multiple agencies.
You don't even need a warrant for that. SARs are a thing. It could potentially even be considered business records, which are just subject to a subpoena, not a warrant. The police have been able to request phone records since forever.
https://en.wikipedia.org/wiki/Third-party_doctrine
Root everything. FOSS all the things. Tear everything apart.
There will always be a BBEG, no matter what part of the world you are in or what sort of government you live under.
You are the only one who acts in your best interest.
> You are the only one who acts in your best interest.
No, you aren't. And it's impossible to do everything alone.
https://news.ycombinator.com/item?id=24881988
I agree with the second part of your statement, but I think being alone in acting in your own best interest still holds. Good projects such as those are a result of many similarly aligned self-interests.
I'll admit I was being a bit dramatic, and as you have pointed out it's certainly more complex than a single sentence. I was trying to highlight that blindly trusting another human or organization can leave you vulnerable.
For most people, rooting makes them less secure not more. It all depends on who you're securing against.
That's certainly fair, especially if the password is then set to some variation of "password"...
Although for some devices if you can root it, you probably also know methods of securing it.
Rooting a device does not enable setting a password for it. You can host sshd without root, or host sshd but disable root login. Rooting and setting a password, or opening remote command channels for that matter, are separate things. Root allows you to shoot yourself in the foot more than you could otherwise, but you do need to pull the trigger.
The default root methods just enable apps to request root, after which the user gets a prompt. It's like the camera, microphone, or any other special permission.
"Device" has taken on a few different meanings in this thread. To clarify I was speaking generally and not specifically about mobile phones, which is certainly in error due to the context of the article.
They say itâs for large scale cloud management, but, think of worst case scenario:
https://www.zdnet.com/article/minix-intels-hidden-in-chip-op...
It seems like a massive waste of chip transistors and R&D with limited gain. The hidden minix OS runs at a higher privilege than your host OS. Even if your data is encrypted, any time you decrypt locally, they can see it. I get it, they are looking for bad guys, what if the bad guys take over? There will be nowhere to hide. Yes, I am wearing a tinfoil hat.
Oh come on, any answer but 'no' is yes. Also 'no' is yes.
@dang Can we change the title to include "NSA"? It's silly that the headline doesn't say which spy agency.
Spy agency denies performing main purpose for existing.
Reminds me of one of my favorite comments on HN (when the NSA discouraged quickly adopting post-quantum cryptography):
https://news.ycombinator.com/item?id=21587571
Is anyone actually surprised of a _"we can neither confirm nor deny"_ type of answer coming from intelligence agencies?
Yes. After the Snowden leaks and Shadowbrokers/Vault7/WannaCry disasters, the agencies put a lot of effort into reassuring the public that US technology was trustworthy. This included things like making public the Vulnerabilities Equities Process [1], and other work to restore trust in cryptographic standards agencies like NIST [2]. It also included more public engagement with industry to report serious vulnerabilities [3].
The intelligence community didn't open up like this because they wanted to be nice. They did it because there was a very real concern that US industry would be damaged in the eyes of global consumers -- primarily as a result of our intelligence agencies being being too aggressive and, frankly, being sloppy. (It's bad enough to pay for and hoard backdoors, it's another thing entirely when those backdoors are repeatedly stolen and leaked for bad actors to use.)
I guess the news here is that the NSA didn't learn very much from these episodes, or at least, it no longer feels like it needs to repair the damage.
[1]
https://en.wikipedia.org/wiki/Vulnerabilities_Equities_Proce...
[2]
https://www.nist.gov/system/files/documents/2017/05/09/VCAT-...
[3]
https://www.thesslstore.com/blog/nsa-microsoft-releases-patc...
_I guess the news here is that the NSA didn't learn very much from these episodes, or at least, it no longer feels like it needs to repair the damage._
This seems to be a common thread in American political corruption. After a certain point, the public just doesn't remember or can't be bothered to care or feels powerless to do anything. Then you can basically do whatever you want as long as you stay quiet enough to avoid another wave of media outrage.
Couldn't they just have said "no we have no backdoors"? NSA would look good, Congress would look good for asking the tough questions. When eventually new evidence comes to light that they do have backdoors, they have the choice then between continuing to deny deny deny, or pointing to national security interests.
_>Couldn't they just have said "no we have no backdoors"?_
No, because once their backdoors are (inevitably) going to be found/leaked, they'll come off as liars. Plus, if they would have said no, nobody would buy that or would think they're asleep at the wheel.
Lying to Congress is also a crime, publishable by prison time.
I would expect they do, and I'm not entirely against it depending on the circumstances around it and so forth.
To me a 'back door' could range from 'don't fix that bug for a week' to 'push this update to this user' to some absurd 'hey can you add this remote desktop client to your code, the password has to be 1234'.
By no means is it a light thing to do but I do believe there is a range of actions that would constitute a 'back door' to me.
Granted I'm all for more congressional oversight and I'd like to see MUCH more aggressive congressional action.
The problem with your first and third examples is that it leaves it open and vulnerable to anyone other than the NSA. Like if a "backdoor" is left open for encryption, as soon as it's discovered then that door is open to anyone.
The problem with your second example, targeting a specific user, is that they're doing this without any kind of warrant.
I completely agree on all points.
Operate under the assumption that government is reading all of your text messages, internet history, payment history, and phone calls. Then when you need privacy, enhance as needed. Even if privacy technologies like VPN or Tor are compromised, the government is less likely to reveal in order to keep the fact they can do it secret. Good luck out there! It's an unfair and scary world, once you try to do anything non-conformist.
No, you should try to have privacy at all times. Otherwise those who really need it will be in the minority and easily hacked.
_Even if privacy technologies like VPN or Tor are compromised, the government is less likely to reveal in order to keep the fact they can do it secret_
That is what parallel construction exists for. Also known as fruit of the poisoned tree.
So the US was exposed for doing what it accused China of doing.
I canât tell from this - is Wyden also against back doors for the purpose of FBI/law enforcement use?
Quote from Wyden in the article
>Secret encryption back doors are a threat to national security and the safety of our families â itâs only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security
In other words: NSA paved the way for foreign hackers and criminals...
It's certainly possible, but I suspect just traditional bugs and poor software is more likely the cause for such events.
Software / hardware industry is PLENTY good at paving the way all on its own.
The article presents an example where we basically know that it happened with Juniper Networks.
As you say, the hardware/software industries have enough difficulties with security acting on their own. They don't need the NSA purposely making more holes.
Maybe they "need" many such "holes" (which are treated as "bugs") just to make sure that if they disable some of those "holes" (because hackers/public found it out) whey still have others ready for the same purpose...
And likewise, foreign hackers and criminals may have paved the way for the NSA - which is considered a foreign hacker and criminal in other jurisdictions.
He was the one who got James Clapper to lie and state to Congress that he was "not wittingly" collecting American phone records in bulk. Though I do not believe he has ever come out and explicitly stated his views on the matter, his actions do suggest that he is against backdoors in all circumstances.
EDIT: Another reply has provided a quote that shows Wyden's views on backdoors. He appears pretty strongly against them.
..arrange for some kind of warning if the back door gets discovered and manipulated by adversaries
"Hello Support? My computer just popped up a message to say that a bad actor has taken over my computer; should I reboot it?"
If, hypothetically, you worked for one of these vendors, then, hypothetically, you might find that while waiting for a shipment of new product test gear to your lab, a shipment from California to Maryland may get waylayed - by U.S. Customs, in Texas. Two weeks later you finally get your gear. And you don't talk about it outside your immediate team. Such is life in a big company.
Hypothetically.
Meanwhile government can read any email without a warrant that is six months old for the past THREE DECADES
Why does the press never mention this?
It's in part why there was an email server in the basement, most people should have theirs there but gmail mostly won that battle due to spam management.
Maybe they reverse-engineered China's hardware backdoors and don't need additional backdoors now.
I always assumed there would be insecurities in everything you buy and if there weren't backdoors it was normal for spooks in various nations to be able to crack it sooner or later. Using cloud services makes this even more likely. Does anyone really think they are 100% safe?
Thought this was an article about ducks who are spies[0]... too bad.
[0] eg
http://agentyduck.blogspot.com/
The starkest example of the risks inherent in the NSAâs approach involved an encryption-system component known as Dual Elliptic Curve
Only example perhaps.
What other back doors have they done?
Literal secret rooms where they tap data, these are not conventionally called backdoors. Nor are unpatched zero days the supplier originally didn't know about.
I don't think any country can install literal backdoors on products without getting caught. Backdoors seem like a Hollywood thing straight out of WarGames.
Why attack the Chinese or visa versa when you'd be basically working for them by damaging your own companies when you get caught.
Some of the numerous Cisco vulnerabilities have all the hallmarks of government _persuasion_.
Not to mention the wholesale hacking of their products bound for export:
https://www.infoworld.com/article/2608141/snowden--the-nsa-p...
Crypto AG and paying RSA come to mind.
I didn't know much about Crypto AG. Thanks, that's interesting. Also through encryption weaknesses. It's an interesting way to backdoor.
https://en.wikipedia.org/wiki/Crypto_AG
Does anyone really believe that they don't add backdoors? If it's a major tech / internet business, they require access to a backdoor.
Off topic: anyone know why Reuters always 404s when I click on a link to it in Tor Browser? Desktop and Android.
Y'all reading into it too much. They're under no obligation to tell the truth. Might as well said "there's no backdoors" but that's not a PR happy answer.
Doesn't having a Congress that can't demand the truth by force of law (ie create an obligation; they of course won't necessarily get the truth) mean that you're no longer a democracy. I mean starkly that's an indication that rule of law no longer stands.
I thought the problem was Huawei...
I believe the US government is actively undermining products that _don't_ have such backdoors.
For example, the US DoD now classifies JetBrains products as prohibited, which trickles down from the 2020 National Defense Authorization Act. I'm guessing this is because they are foreign-controlled, and refuse to comply with National Security Letters requesting backdoor insertions.
An excellent movie on how Israel/US/EU used a Computer virus to destroy Centrifuges in Iran Nuclear Plants
https://yts.mx/movies/zero-days-2016
Goverment + Central Banks + Corporations ARE THE PROBLEM, never the solution
I have a friend that works for a chip company and he said he couldnât get into details but the amount of back doors in communication companies and in chips would scare the shit out of me.
I question this. Actually I'm going to assert this is only true if your friend is referring to hidden back doors that he believes exist. I don't believe any employee of a chip company is aware of a back door knowingly added to their own product (with one exception see below).
I say this because NSA seems more clever than that, and because any scheme to explicitly add back doors is bound to be eventually exposed.
Instead they do things like have their former employees and contractors hired into tech companies, and those folks add innocuous bugs that can plausibly be denied as back doors. Also I bet they look for bugs that can be used as back doors, given access to source code and chip design data, then fail to fix them.
> I don't believe any employee of a chip company is aware of a back door knowingly added to their own product (with one exception see below).
Most if not all ICs above a certain intelligence level have JTAG, which effectively is a backdoor. All you now need is (for those chips that support it, in the first place...) a way to bypass the OTP fuses "preventing" JTAG access - this kind of vulnerability turns out often enough to be saying it's commonplace.
Of course everyone knows about JTAG. It's not a "backdoor".
Counterpoint: I actually do work at a chip company and have never heard of any of this internally. Even from the people working on secure biometrics.
Neither of these anecdotes proves anything.
The first rule of fight club is you do not talk about fight club. If a chip company was placing back doors into their products, I doubt it would be something they would talk about around the water cooler. However, if a back door was implemented on this level, if some one broke rule #1 and rule #2 of fight club, then I don't see how it would be able to be kept quite after that.
So we only believe people who claim something is happening with no proof ... because anyone who doesn't see it happening just isn't in the special circle of folks doing it?
what are you on about? if nobody in the know talks, how does anyone find out about it? if people are talking about it, then anyone with any know-how will start to investigate. if you choose to believe something someone tells you with no proof, then that's on you. claiming we do the same thing is a broad brush that i'm not getting painted on by thank you very much
I don't understand what you're saying.
We had one anecdote saying a thing is happening, the second from someone who says it isn't. Your post seemed to indicate that the second post isn't true because maybe that person just doesn't know about it.
That seems to refute the second and assume the first is true.
Isn't telling people about this sort of backdoor the sort of thing that could cause you to commit suicide with multiple gunshot wounds to the back of your head? I don't think any anecdotal evidence one way or the other is worth considering
This anecdote seems consistent with basically all router-modems having hidden root accounts. I'm not sure if the claim as written necessarily goes beyond that.
