Of course they did. And they'll keep doing it, because they can. And because knowledge like that is power, and they like power.
At this point, you can safely assume that anything muttered by a "tin foil hat nutter" sort in about 2005-2010 about the internet, computers, three letter agencies, and the like is correct. It's sure heading in that direction.
> At this point, you can safely assume that anything muttered by a "tin foil hat nutter" sort in about 2005-2010 about the internet, computers, three letter agencies, and the like is correct.
As one of the few software/tech guys for hundreds of miles I get a lot of "I suspect they're doing X, but that's probably not even possible". In regards to BigBrother/BigCo.
wait, are you saying "but that's not even possible" should be s/possible/probable/ in that statement, or trying to say that not only is it possible but probable that they are doing it?
This isn't at all true. For instance, during Snowdonia, it was an article of faith on HN that NSA had a portal they could log into to pop a shell on Google's servers, when in fact what it turned out they had was a crappy web portal that they used to submit FISA directives.
It would be more accurate to say that these concerns are directionally correct, but that the particulars matter a lot.
I agree with GP on this one. When I look at a slide listing "Current Efforts - Google" which is marked TOP SECRET/SI/NOFORN, saying "SSL added and removed here :)" alongside "Traffic in clear text here" it doesn't indicate to me that they're interested in figuring out how does proxy work as much as it makes me think they're looking where to tap into that juice unencrypted data.
Also, Google seems to have believed that this was what that meant, and they rolled out encryption in response:
> "We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," Drummond said in a statement.
> "We are outraged at the lengths to which the government seems to have gone to intercept data from our private fibre networks, and it underscores the need for urgent reform."
I think it's safe to say GP has an opinion of what a "tin foil hat nutter" is, which is reasonable with regards to documented reality. However, there are a number of people who poison the well with absurd claims such as "NSA can break all encryption with quantum computers, so you might as well use unencrypted chats on Whatsapp using Windows". So of course such claims are bogus; documents show that what they do is find ways around the encryption, through bugs or architectural gaps.
In the background of uncertainty I wouldn't restrict this as directional at all. Also not if you extrapolate past behavior of intelligence agencies and incentives to collect data. The agency probably isn't evil, but the point is that such ambitions grow and corrupt and that such data should be protected. So the extend of the access isn't even of primary concern, but there is much to suggest it extends a "shitty web portal".
come now, we all now that you have to stand in front of a mirror holding your ID next to your face to take an image to send to dang to prove who you really are before hiding behind that anonymous username. and there's no way that dang stored those images on a bucket that accidentally got misconfigured to have public access. /s
> After Motherboard reported the U.S. Army and other purchases of Team Cymru data, the Tor Project, the organization behind the Tor anonymity network, said it was moving away from infrastructure that Team Cymru had donated. The Tor Project told Motherboard it expects that migration to be completed this Spring.
Anyone who dealt with government contracts and/or internet knows that those 2 statements don't align in any way. This data has to be extremely, extremely, extremely limited and/or useless.
I have had access to this type of data before commercially for purpose. It's useful for knowing "who" has established connections to "who", but at just an IP level. Powerful for combining with other analysis on either the sender or receiver. You won't know what they said, but you know what ports they used.
So if I see a sudden spike in IP addresses geocoded as being in the United States, and the destination is an unusual but specific port hosted in Belarus, it might be worth looking at a new C2 malware.
It's time to think about extending certain constitutional restrictions to corporations. It's becoming all to common that the government contracts out its rights violations to the private sector.
This is the most important point! Again and again corporations and the government demonstrate that they are one-and-the-same, with the gov't using corporations to do the work that wouldn't (yet) be allowed for them to do directly.
Ah yes, at my company many years ago we sold data to law enforcement when they didn't have a warrant but had a case someone really wanted to pursue. They were happy to pay quite high prices, and on a semi regular basis because we were a large "small business" that handled a lot of data.
We'd allow them to come in and image disks, span ports, modify software, you name it.
Hmm yes. Find a loophole around my rights to privacy and make me pay for it with my own tax dollars and while you’re at it make sure you pay a crazy prices. Thanks Uncle Sam.
A note that if the data is in fact NetFlow data (it's labeled "flow" in the contract data, but that's likely because there's a bunch of vendor-specific flow formats), then it by definition won't contain things like URLs and email addresses; NetFlow is 5-tuple keyed (src, dst, sport, dport, proto) packet and byte counts. It's usually heavily sampled.
It is, of course, bad that Team Cymru is running a side hustle selling this stuff to the FBI. On the other hand, if this alarms you, you should be much more upset by how ISPs are monetizing your data elsewhere. Also: turn DOH on.
I wonder if this will be the silver lining of AI-generated spam. Online information might plummet in value due to reduced signal-noise ratio. People will become harder to read and manipulate.
"Team Cymru explicitly markets its product’s capability of being able to track traffic through virtual private networks, and show which server traffic is originating from. "
If you see N bytes flow from IP A to a VPN server then N bytes from that VPN server to IP B at the same time, you can assume that A is accessing B through the VPN. It doesn't always work but the Feds only need to get lucky one time.
Not only prisoners, "slaves" being ruled by those (rich) in power with little ability to have any say. Similarly to how US prisoners are paid slave wages to manufacture american goods.
I'm glad that in the EU, GDPR would make it illegal for ISPs to sell this kind of data (and culture would make it costly beyond just the cost of the fine).
Y'all need not just GDPR, but a variant of it that comes with criminal penalties as well. Right now, if illegal behavior increases profit by more than 4% of your company's revenue, just doing it for as long as you can get away with it then paying the fine is unfortunately a no-brainer for companies.
> I'm glad that in the EU, GDPR would make it illegal for ISPs to sell this kind of data
As much as I wish this were true, they carved out exemptions for themselves and their own goals. As such, GDPR doesn't apply to abuses of data for "law enforcement" purposes or other government operations.
Ok, that's a bit snarky. But seriously, the problem here is surveillance capitalism and the willingness of surveillance capitalism to enable, well, anyone with a buck: good, bad, or indifferent, all while lobbying against any restrictions on doing so. Is TikTok bad? Is it's close relationship with the CCP awful? Yes. But this is, fundamentally, no different.
At this point, you can safely assume that anything muttered by a "tin foil hat nutter" sort in about 2005-2010 about the internet, computers, three letter agencies, and the like is correct. It's sure heading in that direction.