NSA is buying Americans’ internet browsing records without a warrant::“Web browsing records can reveal sensitive, private information about a person based on where they go on the internet,” said Sen. Ron Wyden.
This right here. All the people bitching about wanting to use Opera and wanting to use Chrome and wanting to use Edge and Brave, this is what we’re trying to fight. This is what we’re trying to minimize.
Even though the NSA is probably trying to use this for ‘good’ at the moment, It’s not a hard stretch that a couple of changes in power later that information’s still going to be there.
I wonder how much of this is to provide a plausible paper trail for parallel construction to hide illegal signals collection in legal proceedings.
“No your honor, we didn’t find this out because of domestic spying programs, it was from this data we bought from Google.”
props to senator wyden for declassifying this shit. oregon picks good ones.
Absolute legend. Held the confirmation of the next NSA Director until they declassified it.
Also, he’s privy to classified information he can’t disclose. I’m thinking going forward he could say “I wish I could hold confirmation of the NSA Director again until they declassify XYZ“ and we would know he’s been plugged in to something unethical re: XYZ. Maybe it’s already possible to read in between the lines of his public statements.
I’m thinking going forward he could say “I wish I could hold confirmation of the NSA Director again until they declassify XYZ“
I’m thinking he absolutely can’t do that because
he’s privy to classified information he can’t disclose.
Oftentimes you can’t even reveal what classified stuff you may have access to, as that info by itself could be classified. Giving little hints and letting people “read between the lines” would almost certainly count as mishandling classified information, especially if you’re a high-profile politician doing that in public statements.
This has been commonplace for decades. The government agencies went big into it after 9/11. Funny thing was that I found out about it from a competing company telling me about how the company I worked for at the time was doing it.
I should note that I’m firmly against it, just that it’s not new.
It’s illegal to spy on your own citizens in the US, but completely okay if someone else does the spying and you buy the data.
Hell, Verizon got caught installing spy hardware for the government in phone data centers in the mid-90’s.
There was a brief storm about it, then the news media moved on to something else.
I’m sure it’s still there, at every phone provider, or something like it.
Verizon got caught installing spy hardware for the government in phone data centers in the mid-90’s.
There was no Verizon until 2000. It might have been Bell Atlantic.
Try puri.sm
You may as well consider them government employees if they’re doing it at the government’s buying power.
It’s quite likely a lot of Americans’ data is already being stored and perhaps mined in the Utah Data Center.
https://en.wikipedia.org/wiki/Utah_Data_Center
I would just assume your data could be there unless your computer has never been connected to the Internet. It’s simply too easy to hide surveillance in the processor (in the form of remote administration capabilities), the operating system (with remote updates), or the browser, or in the numerous security holes or likely zero-day exploits out there. The state of computer security is an absolute joke, and your 4096-bit RSA key is not keeping your data safe.
Here’s the summary for the wikipedia article you mentioned in your comment:
The Utah Data Center (UDC), also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store data estimated to be on the order of exabytes or larger. Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI), though its precise mission is classified. The National Security Agency (NSA) leads operations at the facility as the executive agent for the Director of National Intelligence. It is located at Camp Williams near Bluffdale, Utah, between Utah Lake and Great Salt Lake and was completed in May 2014 at a cost of $1. 5 billion.
Does anyone know where I can buy my own personal information?
There’s always shop.nsa.gov
We’re all shocked, so shocked
Kinda surprised they even needed to…
it turns out you can just buy the data now.
I still wonder what they are buying and from who. If it’s the ISP I kind of wonder what they still get from me since I don’t use their DNS servers and the ones I point to are setup for DoH for all traffic at home. I also use other stuff for added privacy. It doesn’t take a lot of effort, I hope more people start taking their networks seriously and setup some easy bare minimum precautions to help make it at least slightly harder to track you.
With the NSA’s whatever the fuck they want budget, nothing’s off the table. Dark web, Google, Microsoft, probably whoever will sell it and then they probably slapped them with a gag order If they’re an entity likely to publicize it.
My pi holes are set up to pull dot and doh, but they still have to get there traffic from a provider. I should probably funnel that through my VPN but making my DNS unpredictably slow doesn’t sound like much fun.
I’m sure ISPs will sell whatever they can see. Smart TV manufacturers use some crazy database to be able to detect what you’re watching You know that’s going off to everybody that would give them a $20 bill. Then anywhere where you’ve used the same email to sign up for multiple services all those services will be more than happy to sell their data.
Your bank, LexusNexis with credit data, your school, All the places that your parents and your kids use.
It’s not that hard to use a password manager and a catch-all email and start diversifying your user accounts.
Tour and VPN start to degrade your service quality.
Using open source browsers and anonymizing as much as you can is good and yes even DNS over HTTPS plays a role in reduction.
In the end though, I wonder how much it really matters. If they just get one or two chunks out of that list, how much are the rest of it do they get for free or cheap. If you had the eye of sauron on you and they were really trying they would know everything you do.
In the end though, I wonder how much it really matters. … If you had the eye of sauron on you and they were really trying they would know everything you do.
If the Fed specifically targets you, I imagine eventually they’ll dig up what they need one way or another. (Widespread E2EE should be a barrier of course.)
Given the average person will never be targeted, I think taking the lowest hanging fruit privacy protections is good for a little bit of peace of mind and a little bit of security against data leaks. NSA gets hacked? Maybe when the dump hits blackhat forums or The Pirate Bay it won’t be as obvious how much time you spend on UnixSocks.
i tought this was common knowledge? like this is what they have been doing for a big while now?
Ironically, what bothered me at first is the use of internet instead of Internet. An internet is a network of networks. The Internet is the global network of networks. I know that internet is becoming the standard but having been a network administrator, it does annoy me.
Just heard a podcast mention this.
I like your distinction, though I would believe it’s an uncommon one today.
