NSA Scraping Buddy Lists and Address Books From Live Internet Traffic 188
Charliemopps writes that the Washington Post reports "The NSA is collecting hundreds of millions of contact lists from all over the world, many of them belonging to Americans. The intercept them from instant messaging services as they move across global data links. The NSA is gathering contact lists in large numbers that amount to a sizable fraction of the world's e-mail and instant messaging accounts."
According to the leaked document (original as a PDF), the NSA is intercepting some chat protocols and at least IMAP, and then analyzing the data for buddy list information and inbox contents.
Raspberry Pi to the rescue! (Score:5, Insightful)
Host your own email server on a Pi. Encrypt everything. Go back to Fidonet or even to snail mail.
I am in the process of doing just that.
Fidonet (Score:2)
I do not even know if the Fidonet infrastructure is still working or not.
Yes, I was a sysop back then.
Re: (Score:2)
Re: (Score:2)
It's not a bad idea - I'm pondering doing the same (albeit with a more powerful machine) for a range of domains I have. The reason being it's a bitch to migrate the email when changing providers rather than NSA monitoring.
However, it's a problem when you ISP implements carrier-grade NAT or doesn't allow incoming connections on TCP 25.You could use their MX server and then use something like fetchmail to pull down new mail (we used to do that before hosting our own MX server), but that of course leaves you r
Re: (Score:2)
Then use submission ports if your ISP blocks 25. Most ISPs I've found don't block them, even if they block port 25.
Re: (Score:2)
I was under the impression that to receive inbound public mail, TCP 25 had to be used.
Re: (Score:2)
In theory you could use name@server.com:port, but I don't imagine most mail software would be happy to parse that.
Re: (Score:2)
Why would that help when they're intercepting the email traffic itself?
Re: (Score:2)
Yeah, I can't brain today.
Re: (Score:2)
No, but assigning random addresses (or aliases, rather) and having people use them would.
Re:Raspberry Pi to the rescue! (Score:4, Insightful)
Great idea, now all we need is to found a nation based on Raspberry Pi ownership and/or the ability to host your own servers for email and other communication, outlaw communication with foreigners, and then we should be all set!
The world could really use someone or some corporation with lots of resources and no ties to government to fund, and fund indefinitely, an effort at remaking the internet from the ground up. I just can't think of who or what that someone is.
Trying to do it yourself is pointless.
Re: (Score:2)
Re: (Score:3)
I agree that doing it yourself is pointless but not hopeless. The internet has lost it's goal
of routing around failures. We should try to move to a decentralized internet. The simplest
and easiest way to do this is with sharing wifi routers. Most people in a city can see
multiple wifi routers. If the routers all talked to each other and shared bandwidth then you
have dozens of paths to the internet. This could even be expanded to cars. While
driving on the highway there is typically a string of cars stre
Re: (Score:2)
Mesh networking. It's good, but doesn't scale infinitely. If you're looking at re-decentralising the internet, it's going to have to be part of the solution, but not everything.
I hold some hope for content-addressible networks and distributed caches. They could handle the bulk distribution of data very effectively, greatly reducing the demand on any mesh network and rendering it more practical.
Re: (Score:2)
It's a great idea, but can it be done? Even if connections over the large number of hops inherent in such a system were acceptable, is existing consumer-grade hardware capable of running BGP with reasonable performance and storing the (extra large!) routing tables necessary?
In fact, given that routing tables grow exponentially, is it even theoretically possible for a full peer-to-peer Internet scale mesh to work?
Re:Raspberry Pi to the rescue! (Score:4, Interesting)
>
> In fact, given that routing tables grow exponentially, is it even theoretically possible for a full peer-to-peer Internet scale mesh to work?
>
If current routing tables can't scale then maybe a different type of routing table or a different solution entirely is needed.
For instance if every router was location aware and knew it's geographic location and the geographic location of the place it was
trying to reach it could send the encrypted packet in the general direction with the knowledge that each node would get it
one step physically closer to it's destination. Large hops is still a problem but large hops is really only a problem with stuff
that needs to be close to real-time. For email this isn't really much of a problem as even a 5-10 minute delay or longer isn't
really a big deal.
Re: (Score:3)
True. But ten thousand bedroom tinkerers and enthusiast coders working together could be a force of some capability.
I'm not a good enough coder to make much, so I do my part by shamelessly plugging Retroshare to everyone. It's a really nice program. Encrypted IM software, fully decentralised. Crypto that, while the NSA might get through, will certainly make them work for it. Plus a good file-sharing capability, mail, even distributed forums. All based on public-key authentication of your contacts, and never
Re: (Score:2)
Enthusiasm is a great start, but enthusiasm alone has a divisive effect on groups of intelligent and creative people. You get lots of little groups going off and inventing incompatible stuff.
Cash has a cohesive effect on groups of intelligent and creative people. With cash you can get people to work in the same direction even though they'd prefer to work on their pet projects.
There are probably some exceptions to the rule where people stick together and focus on a single project, but I bet most of them also
Re: (Score:3)
Go back to Fidonet...
Riiight! Because the NSA can't decode modem traffic.
Re:Raspberry Pi to the rescue! (Score:4, Informative)
As long as you don't transfer your data through sneakernet stored on your phone in the 44 states that allow this without a warrant...
http://truth-out.org/opinion/item/18983-police-can-search-your-phone-without-a-warrant [truth-out.org]
Re: (Score:2)
Don't know about your country, but in mine they cannot force you to fork over the pin number. So the first thing when the police comes knocking is to turn your cell off or simply remove the battery pack.
Re: (Score:2)
and that again is why we use encryption. they can slurp up the encrypted true-crypt container and hack at it for the next thousand years for all I care. Or you could use a easily concealable sd or microsd card.
Re: (Score:2)
I'd prefer black bar glasses (google them if you don't know what I mean). Sends a more ... comprehensive message.
I still say a flash mob of a few hundred people using them in an area well known to be under CCTV surveillance would be quite neat. Especially if repeated globally.
Re: (Score:3)
Encrypt everything.
Indeed. Self-signed SSL certs are going to take on a whole new purpose now since the NSA doesn't hold your CA cert.
Re: (Score:2)
And yet Firefox will still scream blue murder if you so much as attempt to open a https page with a self signed cert.
More and more, I wonder about the real reasons behinds Mozilla's decision to declare an encrypted web off bounds.
Re: (Score:2)
Just add your self-signed root CA to the browser. I have a root CA I use to sign all my certs, and I add the root to my laptop, servers, and mobile devices. That way they validate.
Those are pitiful suggestions (Score:2)
For one thing, your email domain is unlikely to be taken seriously by existing email providers if you run a server from your home (and consumer ISP plans won't let you do this anyway); running it from a hosting provider would hardly improve privacy even with encryption. The call to "encrypt everything" would, for email, imply using PGP which leaves the 'who' and subject parts of the messages unencrypted.
If you want to run something really effective against corporate-state mass surveillance, then go for this [geti2p.net]
Re: (Score:3)
Can't send mail from a domestic connection. Those IP ranges are on every spam blacklist, as most mail sent from them is the work of spam-sending malware. You can recieve, but not send.
Re: (Score:2)
I'm sure uucp is still around. My earliest "Internet" feed was new and mail and news feeds over UUCap. Bring back bang paths and modems!
Re: (Score:2)
Guess what everyone who these bozos should be spying on is already doing. Has been for a long time.
What sucks and blows about the whole deal is that their whole effort not only invades the lives of millions, if not billions, of innocent people, it doesn't even come close to accomplishing its alleged goal.
If you think terrorists are by definition dumb, think again. Terrorists work like any kind of decentralized, illegal groups. There is not "THE terrorists", rather think of them like you would of, say, drug
Re: (Score:2)
That's actually a viable option.
In a lot of places where the internet is firewalled, monitored, etc (basically everywhere), a lot of people used fidonet to send messages out because the censors never investigated that traffic - they monitor your email, but not your modem.
So for a lot of people (and journalists and all that), fidonet really is the network of freedom because it's the only valid way out.
Foreigners (Score:5, Insightful)
I am so sick of hearing this idea that just because I am not a citizen of the USA then somehow I have less rights to privacy.
Re:Foreigners (Score:4, Insightful)
Then do something about it and stop using US-based web services.
Re:Foreigners (Score:5, Insightful)
Then do something about it and stop using US-based web services.
Also European and Australian ones, in fact any web services that are in a country where there is an NSA-affiliated tap point, or where your traffic crosses one of those countries. In fact, if you are a 'foreigner' best disconnect completely and go live in a cave -- but not one dug by the CIA because then you're a terrorist and we will send drones.
Re: (Score:2, Informative)
Then do something about it and stop using US-based web services.
Also European and Australian ones, in fact any web services that are in a country where there is an NSA-affiliated tap point, or where your traffic crosses one of those countries. In fact, if you are a 'foreigner' best disconnect completely and go live in a cave -- but not one dug by the CIA because then you're a terrorist and we will send drones.
"European" is much too broad stroke here, there are major differences between the countries. If you host online services in Norway fx law enforcement have to go through normal official court proceedings and get a specific court order for a provider to have to give them any information on the customer covered by the court order. No blanket access, they have to go through normal due process in each case, there are no special laws that circumvent this. They/NSA could of course still tap at the network level at
Re: (Score:2, Insightful)
They're not snooping on one, specific service at a point in the US. They're looking at any appropriate traffic that happens to pass through the US. Any information that passes through the US must be considered compromised by the NSA.
Re: (Score:2)
Define appropriate
Re: (Score:2)
Email and chat protocols, per the article.
Re: (Score:2)
Re:Foreigners (Score:5, Informative)
The article explicitly says this does not appear to be based on the co-operation of US providers but rather international fibre taps - presumably placed or operated by compliant intelligence agencies that are merely extensions of the NSA. The US might be a ringleader in this activity, but other countries have out of control security services as well. After a long period of political silence in the UK we finally got some discussion this week, after senior cabinet members who served on the national security committees admitted they had no clue anything like that was happening. Cameron's response was priceless, he said the agencies would have told them about it if they'd asked!
Re: (Score:3)
doesn't help when US has taken the liberty of acting like it's legal for them to hack and intercept services that are abroad(even if they themselves declared such actions as comparable to war/terrorism).
personally I think the rest of the world should just declare US services as free targets for hacking(and subsequently deny any extradition requests or information requests for such activities). oh and don't pretend there's not economic impact from hacking ceo's and politicians - and thanks to piss poor insid
Re: (Score:2)
Even if they are doing the same themselves?
Anti-NSA service ads already out there. (Score:2)
There are already ads for local email and web services based on recently revealed truth about USA.
Don't want 'friends' to read your communication?
Use {local brand name}.
Of course if you use them, things will be still read by your country's services, but at least they are your compatriotes, not foreigners, they fall under your law, not USA twisted law (except where some corporation long hands will reach for you), and you might be arrested by friendlies, not by illegally invading Seals or Rabbits.
Re: (Score:2)
"Comms giant pushes anti-spy network"
http://www.thelocal.de/sci-tech/20131014-52385.html [thelocal.de]
http://www.dw.de/telekom-hopes-to-stave-off-nsa-snoops-by-keeping-internet-traffic-in- [www.dw.de]
Re:Foreigners (Score:4, Insightful)
You have *less* rights to privacy than a USA citizen? In this case of privacy is there a number less than zero?
The USA citizen that has no special associations is a peon, pal. We're in the same boat.
Re:Foreigners (Score:4, Insightful)
I guess your privacy zero when the Secret Police comes up to your door to arrest you in the middle of the night.
This has happened before, in Europe and in many other countries around the globe.
Funny thing is, the Secret Police was often financed, equipped and trained by the CIA.
Re: (Score:2)
Drama queen, are you? The CIA wasn't created until 1947, and it was nothing like it is now until about 20 years ago when black budgets went their way.
Really? The Iranian revolution was in 1953 and the CIA trained the SAVAK, the Shah's secret police.
It shouldn't matter, but it does. (Score:4, Insightful)
Speaking as a non-American, I think it shouldn't matter whether I'm American, Austrian, or Azerbaijani. We're all human and we all have the same rights. I find it offensive when I read these articles and there's always the "including Americans" tagged onto the article headline, like somehow it's OK if it's done to non-Americans. I realize it wouldn't be much different if any other country had been caught with their pants down. It's just that in this case it's the US (again).
Re: (Score:3)
Then why do practically all US based news sources emphasise that this snooping may also be happening to Americans? As if that's where the line is getting crossed?
Either they think their readers need it to be happening to them before they'll give a shit. Or they think their readers are entirely OK with snooping on innocent foreigners, but not innocent Americans. Either way, that's worrying.
Re: (Score:2)
Let's not presume that this has anything to do with parties, lest we fall into the same 'Look!' trap you described above.
Tell me, if this be a Republican problem, what was the Democrats response to it? Tell me about how they cleaned it up once they took control of the white house and the Senate.
Truth be told, your best bet for seeing this fought is through the Tea Party - simply because they'd rather not pay the taxes to fund it.
Re: (Score:3)
No, I don't hire a lunatic to clean up a mess. The Tea Party (as I see them separate from the Republican Party) carries a lot of weight for what has happened in our recent political environment. The RNC would be best served by forcing a split or not recognizing members that associate with the Tea Party. Let them attempt to stand outside the power structure the RNC has built.
As to the Democratic response, it has always been the case that the Democratic party was more fractious, less prone to lock step vot
Re: (Score:2)
I'll use plain language -
The parties are a ploy to fool the weak minded.
Rather like the illusion in the Emerald City. Never mind the man behind the curtain.
Re: (Score:2)
Of course they are, them who controls the masses, controls the wealth and the power. That is not lost on me. Still they have to work with the system they created. A party sets the tone for how the masses can be controlled. The problem is that when the public apparatus gets out of control it can break things and can do so without discrimination. Think mob mentality gone wild (Lord of the Flies). We would be better off with a party that governs from the left and allows moments of radical right commentar
Re: (Score:2)
I'm not aware how you'd have any idea what suits me and what does not.
And you're still laboring under the delusion that Obama's policies were not identical to Bush's, by way of implying there's a 'tone' to be set.
Unless 'tone' is nothing more than 'spin'.
Re: (Score:2)
It seems sarcastic wit is your norm so I was just returning the favor. You are seemingly blind to the fact the the general Democratic platform is different from the republican platform and that it does not matter if the name at the top is Obama or Bush, the parties do seek different agendas at times. Obama has pushed through programs that would never have been presented by Bush. He has continued some nasty programs started by Bush, but then he's not been able to focus on much more then the economy, thank
Re: (Score:2)
Judge them not by their words, but by their actions.
Or not. It's kind of a red pill/blue pill thing. Some people take comfort in the illusion.
Re: (Score:2)
We elected people that wrote the PATRIOT Act and gave those powers to the NSA.
Did you? I thought those were artifacts of the Military Industrial Complex hard at work; things above and beyond the power and control of the electorate and elected officials.
Re: (Score:2)
Well...from a realpolitik viewpoint...you do. Countries are only interested in protecting their own (f*ck the world...and their allies), and even then, only so much as is necessary to stay in power.
Allow me to explain this to you in more pragmatic terms: if your country could, with reasonable effort, turn everyone outside its borders into slaves, sell them and their children on the open market, as well as anyone inside its own borders (up to 50% + 1 to keep itself in power 'democratically), it totally would
Re:Foreigners (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
From US Government Agencies? You certainly do!
Just like *I* have no reasonable expectation of privacy from the GCHQ, the German spy agency, the Russian one, or any other foreign government's espionage apparat.
Or do you really believe that foreigners in foreign countries are bound by YOUR laws?
Re: (Score:2)
Re: (Score:2)
It's not that you have no right to privacy, it's just that where the NSA is concerned, it's actions against U.S. Citizens is the most clear and incontrovertible evidence that it is out of control and acting beyond it's charter and authority.
In the same way, when protesting your own government's involvement, actively cooperating and allowing the NSA to have an active tap in your country is a more clear violation of trust than simply failing to protest the NSA in the U.N. would be.
Re: (Score:2)
Many of them never visit other countries.
Re: (Score:2)
the constitution - if read by anyone who considers all men to born equal - doesn't limit the freedoms and rights to american citizens.
however when they wrote it back in the day they didn't consider themselves to blatantly have any authority over rest of the world.
uh and why should the usa care about international treaties and declarations about crime, property, basic human rights and all that? uh? maybe so that they would have some expectation that the rest of the word cares about those treaties.
Re:Foreigners (Score:4, Interesting)
The US government doesn't have any special obligations with regards to not stabbing every non-American in the world with a pencil, but that doesn't mean that it's acceptable for them to do so.
Re: (Score:2)
They might get better rates on US military upgrades. Their troops get to take part in more advanced projects.
Their experts get something back over the years on unrel
Cloud Service Security = Oxymoron (Score:3)
Yes. Posting all your contacts on the Internet is open to breaches of privacy (regardless of zero-day exploits).
Amazon, Apple, Google, Microsoft - all of them kowtow to the NSA, the CIA, the FBI. Why?
Because in return their lobbyists get to bend the ears of the legislators.
Why is anyone surprised by any of this?
Re: (Score:2)
Who said anything about cloud services?
Re: (Score:2)
If recent revelations are any indication, it's not like the people who didn't have lobbyists had much choice in the matter either.
Most transparent administration ever (Score:5, Insightful)
Bandwidth? (Score:2)
It's been an open secret for years now that the branches of the federal government tend to "bury" their budget inside of other allocations to hide them from outsiders, supposedly explaining the existence of $500 hammers and $1,000 toilets. Is the NSA also doing this, but with bandwidth rather than dollars? It might explain how suddenly the various ISPs are up in arms about bandwidth hogs and how a small percent are using up the majority of the bandwidth available on the network....
Re: (Score:2)
The only unhappy time for the US and UK was a very short period in the 1950's when the Soviet Union strangely used onetime pads and kept its communications chatter down.
Apart of the odd break down or political issues with NZ or the UK the US has always seemed to keep pace by setting telco standards before bandwidth issues b
Clapper... (Score:4, Interesting)
What the FUCK has happened to this country?
Re:Clapper... (Score:5, Informative)
For people who aren't aware:
"I responded in what I thought was the most truthful, or least untruthful manner by saying no."
http://www.nbcumv.com/mediavillage/networks/nbcnews/pressreleases?pr=contents/press-releases/2013/06/09/nbcnewsexclusiv1370799482417.xml [nbcumv.com]
Re: (Score:3)
Under his programming it was the most truthful response available:
The First Law of Polticians: A politician must obey the will of the the agencies under his oversight.
The Second Law: A politician must obey the will of his lobbyists, except where this conflicts with the first law.
The Third Law: A politican must obey the will of the people he represents, except where this conflicts with the first and second laws.
Re: (Score:3)
The Zeroth Law of politicians: A politician must above all act to retain their own position.
Re: (Score:2)
"least untruthful"
He should go to jail. When testifying publicly before Congress on something that touches secret issues, you get to say two things only:
1. The truth
2. "This involves secret issues that should be discussed behind closed doors."
That is it. Assuming you aren't a crook pleading the Fifth.
Re: (Score:2)
This is what's happening:
http://www.youtube.com/watch?app=desktop&persist_app=1&v=A3BHujm3cpY [youtube.com]
TL;DW: The rich are extracting trillions of $ from us all. Rep. and Dem. parties, Wall Street and regulators are *all* complicit. (How do you think Bernie Madoff got so far?)
The NSA is just helping them figuring out who's life to ruin before the whistle get blown.
Re: (Score:2)
Blame Clapper for allowing the program. But don't blame him for his testimony, because there was no correct answer here.
No = lie that preserves top-secret information.
Yes = releases top-secret information.
No answer = Yes
Re: (Score:2)
Sorry. I read that as Crapper.
I thought the NSA was developing fiber optic periscopes that they could snake up the sewer lines.
But it's only the metadata! (Score:3)
But they're only tracking who is talking to whom, so that's ok right? Right?
What do they need it for? (Score:2)
What the hell is the NSA being paid to do? Right now they're spending money, manpower and resources on trolling the internet for people's buddy lists and address books. For what? Because some terrorist might spill the beans on his super plans over AIM?
This is getting ridiculous. The NSA has clearly become a giant black hole of money which can and will hire an office full of people, a warehouse of computer equipment, and a 20 year maintenance plan just to keep tabs on who is sending instant messages to who -
Re: (Score:2)
Just another example of the stupidity of dragnetting. Now, think of the size of the graph produced by analyzing all of these buddy lists. Now, think about the resources they've spent maintaining and developing the ability to scrub all of this internet traffic. Now think about all the potential "suspects" they'll end up with when 2 guys get busted with pipe bombs at the airport.
They didn't have the resources to follow the Boston bomber or keep tabs on what he was up to because they've adopted some predict
Encrypt Everything (Score:2)
Don't use unencrypted sevices.
Use encryption supplied by 3rd parties that uses proveable algorithms.
Don't store your data on 3rd party sites.
Use open source software.
Echelon (Score:2)
At one time, talking about Echelon tagged you as a tinfoil hat wearing nerd...
http://en.wikipedia.org/wiki/ECHELON [wikipedia.org]
who's laughing now :D
Re:Isn't it ironic (Score:4, Insightful)
"I want the good guys to win."
And you think the NSA and the US government are the good guys?
Agh! The stupid! It burns!
Re: (Score:2)
An example of a toothless good guy? Well, Switzerland, for one. They have that citizen militia, but it's unlikely they'll be winning any wars with it.
So maybe Switzerland is a non-entity ... but the Swiss lead pretty good lives. I'd prefer for my country to be a non-entity; that way it would stop taxing me to pay for an oversized military and let me and my countrymen get back to the business of leading ordinary happy lives.
Re:Isn't it ironic (Score:5, Insightful)
You seem to assume that the choices are mutually exclusive: Soviet KGB-style interrogations and intelligence, or total Anarchy.
I ask you, why did we even fight the Cold War, and win it, if we were just going to embrace everything at a later time?
Re: (Score:3)
Re:Isn't it ironic (Score:5, Interesting)
I ask you, why did we even fight the Cold War, and win it, if we were just going to embrace everything at a later time?
You are making the mistake of assuming that the cold war was fought between lovers of freedom, democracy and individual rights, vs totalitarian all controlling power hungry nut jobs.
Truth of the matter is, both sides were all controlling power-hungry nut jobs, and the cold war was a fight over who gets to be the all-controlling big-daddy of the world.
The problems with the Soviets is that they laid their system bare, they didn't bullshit. This is how life is, these are your rights, if you're a party member, or if you work to benefit the system, you will be rewarded with perks (Nicer houses, cushy jobs , nice car, sometimes even nice German/American ones).
If you don't work for the system, but not actively against it, you are pretty much left to your own devices, live and let live, and all that.
If you work against the system, directly or indirectly (or you piss off someone in power), then you can be arrested, tried, stuck in prison/work camp, or otherwise disappear.
Now the western system, that was far more subtle. They told you you were free, they gave you the impression you were, that you could choose who ruled you, but fundamentally I don't think the systems were different, like so:
If you work for the system, or to its benefits, you are rewarded with more tokens than most (currency) with which you can spend on bigger/nicer houses, or a nice foreign car, etc...
If you ignore the system and go about your daily life, you are pretty much left alone. You earn your keeps, pay your dues, and you live you life.
If you work against the system, directly or indirectly (or just piss off someone high up and well connected), you can be arrested, tried, put in a prison/work camp, or disappeared (via drone or otherwise). For minor misdemeanors they can just destroy you financially, which is another, less radical lever they have against you.
Turns out, when push comes to shove, people are more willing to serve you if you give them the illusion of freedom, choice and power. One ideology was in your face, the other was in the background. Turns out this worked well for a long time, until the internet came around and made knowledge dissipation so easy, that people began to realise what their world really looks like.
For some the revelations were not a surprise, for others it was a confirmation of what they suspected, but some are in shock about it all, and more are in denial about it.
Re: (Score:2)
A little too much efficiency leads to a police state, or a surveillance state, or a security state.
Re:Isn't it ironic (Score:5, Insightful)
I'm a Canadian, but I support the NSA, and the job it does to protect American (and indirectly) Canadian interests.
"But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother."
Re: (Score:2)
Man, if you think countries shouldn't have spy agencies you're nuts. Big Brother was a totalitarian government, not a spy agency. Remember, the only thing the NSA did wrong was to spy on Americans. If you think other countries aren't working overtime to spy on America, you're froot loops.
Re: (Score:3)
Should a distinction be made between 'spying on the American government' and 'spying on the American people?' It makes perfect sense that another country would want to know what US military capabilities and diplomatic ambitions might be, but it's another thing altogether when they are reading the emails of people with no involvement in international affairs just on the off-chance that something interesting might turn up.
Re: (Score:2)
That when a government department actually does its job, and does it well, everyone seems upset. I want my intelligence community to be competent, get all the information we need to protect our interests, and do it well, and the NSA has done this and then some. Their only mistake was perhaps a lack of internal security. Instead of criticism, they should be commended for a job well done. The world is not a safe place, and information is power. I want the good guys to win. I'm a Canadian, but I support the NSA, and the job it does to protect American (and indirectly) Canadian interests.
How do you know the USA or NSA are the "good guys"? Because they told you they were? Because the news portrays them that way? Would you feel the same way if these powers were used to blackmail those in public office, or to harass legitimate political protesters? What if they were used for industrial espionage, giving American companies an advantage over Canadian companies? It's a secret program, so no one really knows the extent of what it is used for. Do you just trust that the people in charge are ho
Re: (Score:2)
Which email providers offer IMAP without using SSL?
Or does the NSA perform MitM extensively (it would be easy to detect - just keep copies of the certificates forever and create a white-list of proven certificates)
Recent revelations show the NSA can perform mitm against PKI at will. Within that context they can decrypt SSL traffic. You would have to implement SSL so that the key exchange does not rely on PKI for validation.
Re: (Score:2)
Only if they don't have access to the certificates. At this point, I wouldn't be at all surprised if they do - either by 'tell no-one' top-secret requests, or by hacking into servers and just stealing them. Remember that only larger companies actually run and secure their own servers: If the server is hosted colo or a cloudy VM, what's do stop them just requesting access from whoever has physical control? You think Amazon would tell Mom and Pop's Email Co if the NSA gave a secret order for a copy of their s
Re: (Score:2)
You forgot the part where they are building a 40 square-mile, 70 billion dollar warehouse in Utah to house everyone's garbage.