Xander Fulton
United States
Astoria
Oregon
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
Beyond the PRISM system, under which Google and Yahoo have been cooperating with the NSA and providing access or information as prompted, the NSA appears to have cracked into the internal structure of the companies in such a way that cloud-replicated data is being decrypted and parsed for information of interest.

Quote:
Google and Yahoo also pay for premium data links, designed to be faster, more reliable and more secure. In recent years, each of them is said to have bought or leased thousands of miles of fiber optic cables for their own exclusive use. They had reason to think, insiders said, that their private, internal networks were safe from prying eyes.

In an NSA presentation slide on “Google Cloud Exploitation,” however, a sketch shows where the “Public Internet” meets the internal “Google Cloud” where their data resides. In hand-printed letters, the drawing notes that encryption is “added and removed here!” The artist adds a smiley face, a cheeky celebration of victory over Google security.


I'm sure this is all okay, though, "because terrorisms" or something.
5 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
TrueCrypt is your anti-NSA friend in this situation
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
jeremy cobert
United States
cedar rapids
Iowa
flag msg tools
Avatar
mbmbmbmbmb
jmilum wrote:
TrueCrypt is your anti-NSA friend in this situation


I thought Snowdens report said they have cracked the known encryption tools.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
No, that's not true.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Xander Fulton
United States
Astoria
Oregon
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
jmilum wrote:
TrueCrypt is your anti-NSA friend in this situation


Unless I'm much mistaken, you cannot encrypt the data you have on Google's servers - they handle the encryption internally (which is why this breach into what would appear to be their internal networks is problematic).
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
jeremy cobert
United States
cedar rapids
Iowa
flag msg tools
Avatar
mbmbmbmbmb
jmilum wrote:
No, that's not true.


really ? dont trust anyone.

http://www.reuters.com/article/2013/09/05/net-us-usa-securit...
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Xander Fulton
United States
Astoria
Oregon
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
jmilum wrote:
No, that's not true.


Well, we don't know what systems they have and haven't cracked.

The claim is "According to the reports, the NSA, alongside its UK equivalent, Government Communications Headquarters, better known as GCHQ, has been able to unscramble much of the encoding that protects everything from personal e-mails to banking systems, medical records and Internet chats." - however, given recent revelations of access to the data centers, directly, it's not clear whether this claim references THAT, or (less likely) the ability to actually crack the encryption, itself, in human-relevant-timeframes.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
XanderF wrote:
Unless I'm much mistaken, you cannot encrypt the data you have on Google's servers - they handle the encryption internally (which is why this breach into what would appear to be their internal networks is problematic).

TrueCrypt would be used for securing your data on cloud services like GoogleDrive or DropBox. PGP (or its derivatives like GnuPG) could be used to encrypt emails.

As long as you make sure that all Google sees is encrypted data, it doesn't matter what they do internally or if the NSA has access to it.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Clay
United States
Alabama
flag msg tools
Avatar
mbmbmbmbmb
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Xander Fulton
United States
Astoria
Oregon
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Because the NSA even publicly admits some agents use the information they have access to for personal reasons?
16 
 Thumb up
0.01
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
jeremycobert wrote:
jmilum wrote:
No, that's not true.


really ? dont trust anyone.

http://www.reuters.com/article/2013/09/05/net-us-usa-securit...

What do you think that link actually says? What types of encryption do you think the Snowden documents say the NSA can break?
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Dave G
United States
Illinois
flag msg tools
badge
El Chupacabratwurst
Avatar
mbmbmbmbmb
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Why does anyone still bother to post this question every time there's a thread about privacy? You know the answers you're going to get already. Why bother?
4 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Clay
United States
Alabama
flag msg tools
Avatar
mbmbmbmbmb
XanderF wrote:
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Because the NSA even publicly admits some agents use the information they have access to for personal reasons?


How does that apply to the general populace? It is an issue with employees that should be fired, and their actions can only be negative to people that already know there is a risk by virtue of being associated with someone in that position. That's such a specialized set of problems that it's barely even worth mentioning.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Clay
United States
Alabama
flag msg tools
Avatar
mbmbmbmbmb
djgutierrez77 wrote:
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Why does anyone still bother to post this question every time there's a thread about privacy? You know the answers you're going to get already. Why bother?


Well, time has passed. Maybe someone will have a good answer for once. Or at least admit to being in the mafia.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Moshe Callen
Israel
Jerusalem
flag msg tools
designer
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ/ πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν./...
badge
μῆνιν ἄειδε θεὰ Πηληϊάδεω Ἀχιλῆος/ οὐλομένην, ἣ μυρί᾽ Ἀχαιοῖς ἄλγε᾽ ἔθηκε,/...
Avatar
mbmbmbmbmb
For me, it's about abuse of power. If the gov't has that kind of power, it will abuse it-- not a question. Are the odds it will effect me personally? I assume not. What difference does that make?
11 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Xander Fulton
United States
Astoria
Oregon
flag msg tools
designer
badge
Avatar
mbmbmbmbmb
The Message wrote:
XanderF wrote:
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Because the NSA even publicly admits some agents use the information they have access to for personal reasons?


How does that apply to the general populace? It is an issue with employees that should be fired, and their actions can only be negative to people that already know there is a risk by virtue of being associated with someone in that position. That's such a specialized set of problems that it's barely even worth mentioning.


Sure, because they totally admitted to ALL abuses of power. Absolutely for sure, just a dozen employees, and totally 'only spying on family members', that's all - not going to affect you, John Q Public, so don't worry. Only NSA family members!

They clearly wouldn't use that information to stalk the hot barista at their local Starbucks, or figure out when the sales clerk at the local sports equipment store will be at home by herself, or ANYONE else that the general public might see a reflection of themselves in, no sir, not at all. After all, we've freely admitted to ALL the abuses of power in our organization, and it's only ever a small fraction of the employees - no, wait, not even a small fraction, I mean just 12 employees - and they only ever use it on their own families.

No problems, nothing to worry about! Total transparency!!
21 
 Thumb up
0.26
 tip
 Hide
  • [+] Dice rolls
Daniel Edwards
United Kingdom
London
Unspecified
flag msg tools
Avatar
mbmbmbmb
Its quite chilling when you think how much Twilight fan fiction they'll have aggregated from google docs alone.

Noone can be trusted with that kind of weapon.
13 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Gary Tanner
United States
Logan
Utah
flag msg tools
BryceCon Game Convention Jan 15-18 in Southern Utah www.brycecon.com
Avatar
mbmbmbmbmb
I know I should be bothered by this, but I just can't bring myself to be. If someone wants to read my emails, they're not going to find anything very interesting. And in fact, there's probably been dozens upon dozens of hackers who've already read my emails. I'm more worried by that than I am by the government. The hackers may show up at my house while I'm on vacation and clean me out. The government will just compile info and try to prove I'm a terrorist (easy to do, afterall, since I play wargames).

I've broken the law on many occasions, made threats of violence, and commented on things I've done, but it'd take a real idiot to put anything concrete in their email or any other permanent or semi-permanent medium.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Ken
United States
Crystal Lake
Illinois
flag msg tools
badge
Avatar
mbmbmbmbmb
XanderF wrote:
jmilum wrote:
TrueCrypt is your anti-NSA friend in this situation


Unless I'm much mistaken, you cannot encrypt the data you have on Google's servers - they handle the encryption internally (which is why this breach into what would appear to be their internal networks is problematic).


Sure you can. You can encrypt before you transmit to any cloud service provider. For email, things like GPG or PGP work. For files, you can use clients like TrueCrypt, BoxCryptor, Cloudfogger, or Viivo. There are others around.

You generally forgo using the web interfaces when you use these tools - because you've encrypted the content, Google & Yahoo get what looks like garbage to them and therefore can't do anything with it. But if you're worried about security, then you use tools like that for the secure stuff and go without for things that aren't sensitive.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
CHAPEL
United States
Round Rock
Texas
flag msg tools
badge
"that's a smith and wesson, and you've had your six"
Avatar
mbmbmbmbmb
The encryption algorithms aren't the issue, uses AES256 with SHA-512 hash and your safe.

The REAL issue is using software packages like TrueCrypt is that you have to "Trust" that they haven't put a backdoor in the software for government entities. Because no matter what they say, can you really say for certain they haven't? Or have they downloaded the binary that wasn't tampered with?

The best way to be "certain" is to know the source, and build the source locally.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
J
United States
Lexington
Kentucky
flag msg tools
admin
Avatar
mbmbmbmbmb
TrueCrypt is open source and is constantly under review.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
CHAPEL
United States
Round Rock
Texas
flag msg tools
badge
"that's a smith and wesson, and you've had your six"
Avatar
mbmbmbmbmb
jmilum wrote:
TrueCrypt is open source and is constantly under review.


Famous last words.
4 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Clay
United States
Alabama
flag msg tools
Avatar
mbmbmbmbmb
whac3 wrote:
For me, it's about abuse of power. If the gov't has that kind of power, it will abuse it-- not a question. Are the odds it will effect me personally? I assume not. What difference does that make?


I'm just having difficulty seeing what this abuse could actually lead to in reality. What is one negative outcome that can result from this? What, like, figure out someone's work schedule? Well, no, that's silly enough that nobody would suggest it as a sinister outcome.

XanderF wrote:
The Message wrote:
XanderF wrote:
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Because the NSA even publicly admits some agents use the information they have access to for personal reasons?


How does that apply to the general populace? It is an issue with employees that should be fired, and their actions can only be negative to people that already know there is a risk by virtue of being associated with someone in that position. That's such a specialized set of problems that it's barely even worth mentioning.


Sure, because they totally admitted to ALL abuses of power. Absolutely for sure, just a dozen employees, and totally 'only spying on family members', that's all - not going to affect you, John Q Public, so don't worry. Only NSA family members!

They clearly wouldn't use that information to stalk the hot barista at their local Starbucks, or figure out when the sales clerk at the local sports equipment store will be at home by herself, or ANYONE else that the general public might see a reflection of themselves in, no sir, not at all. After all, we've freely admitted to ALL the abuses of power in our organization, and it's only ever a small fraction of the employees - no, wait, not even a small fraction, I mean just 12 employees - and they only ever use it on their own families.

No problems, nothing to worry about! Total transparency!!


Oh wait, nevermind, someone is totally pointing to that as a sinister outcome.

Dude, you're afraid that some creep might use this to stalk somebody? And what would result from that? If they do anything criminal to the person I doubt they're going to get off with a free pass, so it's not like this is open season for rapists and murderers in the organization.

I don't care about transparency. I just want to know some concrete negative outcome that you're getting from "government people can read my geekmail." Unless there's anything they can do with it I don't care how secretive they are about it.

DCAnderson wrote:
The Message wrote:
Why should anyone care? Your deepest darkest secrets are probably utterly irrelevant to the government and any human eyes that glimpse them will forget the image within moments. What am I missing here?


Probably the main thing is that they aren't even being subtle with their overreach of power here when they're just stealing people's personal information straight from Google and Yahoo.


Right, but what can they even do with that? They can find out who had an affair, who likes what movies, who cheated on an exam, who had cereal for breakfast and who is secretly a bestiality erotica author but how does any of that lead to a compelling negative outcome?

The thing is, there is no shortage of government scandals. Focusing on something with such a limited application in terms of negativity just seems like a massive waste of effort.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Jorge Montero
United States
St Louis
Missouri
flag msg tools
badge
I'll take Manhattan in a garbage bag. With Latin written on it that says "It's hard to give a shit these days"
Avatar
mbmbmbmbmb
So let's see, what would happen if you hand me access to all electronic communications in and out of the US, and a powerful way to search them:

First, I would make sure I am very well funded, by using privileged information taken from publicly traded companies. I'd be playing the market with loaded dice.

Second, I'd be able to have major control of the political agenda, by just being very aware of everything relevant opponents are planning. Being able to trigger political scandals on demand 3 weeks before an election sounds like a very powerful thing.

Enough work in that direction, and I have more political power than anyone. No president that would go after me could get elected.

After I am done playing with the world, I could find a friendly successor to gather even more power.
17 
 Thumb up
0.01
 tip
 Hide
  • [+] Dice rolls
Clay
United States
Alabama
flag msg tools
Avatar
mbmbmbmbmb
hibikir wrote:
So let's see, what would happen if you hand me access to all electronic communications in and out of the US, and a powerful way to search them:

First, I would make sure I am very well funded, by using privileged information taken from publicly traded companies. I'd be playing the market with loaded dice.

Second, I'd be able to have major control of the political agenda, by just being very aware of everything relevant opponents are planning. Being able to trigger political scandals on demand 3 weeks before an election sounds like a very powerful thing.

Enough work in that direction, and I have more political power than anyone. No president that would go after me could get elected.

After I am done playing with the world, I could find a friendly successor to gather even more power.


That's so much better than "hit on the Starbuck's barista."

I'm still not entirely convinced. If this is the Batman scenario and one guy has all of this information then you're right. However, this information is being spread across an entire organization (and then through human nature any particularly interesting bits will be leaked further outside that). One person can't play mastermind here, it just wouldn't work. If anything that's just an argument that we should inject more eyes into this network to increase accountability and decrease the potential for any single like-minded group to capitalize on an advantageous situation.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
1 , 2 , 3 , 4 , 5  Next »   | 
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.