If companies would respect the spirit behind GDPR and not store data that is not needed to fulfill a user's requests and protect the data that they must have in a way that makes dragnet searches impossible, this would not be a problem.
Instead, we have sites not being ashamed in informing you about literally thousands of external ad broker, tracking, notifications and whatnotelse integrations.
To u/decremental: you seem to be shadowbanned, here's an Archive link: https://archive.ph/kAXQ1
For fuck's sake, there are thousands upon thousands of companies and individuals with totally legit commercial interest in this tech. I bet Zwift and the likes are doing just that.
Entrapment?
Saving user watch history is useful for users. Sure, make it optional, but I find it really useful that youtube shows me if I've already watched a video, and that I can find recently seen videos in my watch history.
Viewing the links and using technology covered by those is anything but. This is trying to make crime suspects out of thin air. So much for fucking free democratic society.
Like an ip gathering honeypot website. Except they probably assumed the criminal would be too smart to click a link to some random website. But they would visit some youtube links. And then they knew Google would roll over and give them the info of all viewers.
It's a scummy plan, but mostly because Google will give away that info without putting up any fight.
This is ridiculous. Literally the authorities are the one demanding information, so that they can abuse that power.
And you're blaming the people with information?
Stop fighting the wrong war: hold the people with power accountable. That's the government here. They can use force and put you in jail. That's power.
The first one where the police uploaded videos and wanted viewer information is absolutely egregious and makes me wonder how a court could authorize that.
The next one, which I didn’t fully understand, but appeared to be in response to a swatting incident where the culprit is believed to have watched a specific camera livestream and the police provided a lot of narrowing details (time period, certain other characteristics, etc) appears far more legitimate.
Havent fully swallowed this pill but its feeling inevitable.
No judge needed. Just ask and say "open sesame"
Why isn't "I want _you_ to know but I don't want you to use it against me." an option?
Take the crime they are investigating and ignore that; it is a red herring. Say that there is a stalker who hacked someone's devices and pulled private information and videos from them, and posted them publicly. Something unequivocally bad. We would all agree that there needs to be a way to investigate and stop this person and seek justice for the victims.
Until recently, taking this to the cops would get you a blank stare and nothing would happen. At least now in certain places it is taken seriously. But traditional investigative methods don't work. They would need to get access logs to the places where that data was uploaded, at the very least.
Cops are not particularly great at investigating (most crime is solved by confessions or just catching them in the act). They don't have any reason not to just blindly grab all the data and sort through it by hand, because that's what they know how to do, and if they request it and get denied, why would they care? They either try something else or say 'fuck it'.
Local Judges see a request for records and a block of time and it seems reasonable to get that info. No one is sitting and explaining to them the implications of allowing cops access to personal information from viewer logs. Historically, the lower courts are not the place to seek enlightened rulings.
Google? I honestly have no love for them, and they bend over for China every day for worse stuff, so I would be surprised if they gave two shits about their users, except that if this becomes common enough they might actually have to devote support to these requests, and they hate giving support, so they might fight it just for their own self-interest.
The problem is that there is no settled case law here and no clear legislation, and I would hesitate to take any important cases to the Supreme Court until at least Mr. "Is This a Pube on My Coke Can" is gone.
In other words you can plan around the worst case, but don't let go of the opinion/social-value that it's too-common and wrong and aberrant.
Being able to sell histories means being able to sell supposedly more effective ADS. Also shows ads were viewed and by whom.
Precision of any kind in demographics is worth a lot of money.
A list of public instances (which you probably want to use if you're concerned about being identified) here: https://docs.invidious.io/instances/
They shouldn't need to keep your history; you can use your own programs to do so.
Likely the same with any other major nation state (I bet the chinese govt once showed Google it could at will access all their data, in order to capitulate cooperation, while the US is given full access at any time for any reason)
This person is suspected of selling Bitcoin for cash.
It says so right in the article:
"undercover cops sought to identify the individual behind the online moniker “elonmuskwhm,” who they suspect of selling bitcoin for cash"
Says it right there.
To anyone who thinks that is acceptable or that there is some sort of overreaction by the authorities, I don't even need three words to refute you. Three numbers is enough:
9-11
It seems to me that there's still good reason to prefer using invidious on an instance used by many people as opposed to youtube directly. Can't make perfect the enemy of the good.
There must be more to it than that; buying and selling Bitcoin isn't illegal.
YMMV, but ime a lot of people have this bogeyman caricature of who the feds really are. The reality is that these are government agencies that pay significantly below market rate for really intense, highly demanding work shrouded with multiple layers of government grade red tape.
Hopefully that clarifies for some folks why these big tech/social media companies insist on having your phone number as a “2FA for security” despite all the sim-swap attacks.. simply for this moment, because you might be using a VPN, and address/name aren’t in your google account, but definitely your phone number is there, it’s even worse if you’re using an android too, as they probably will pull out all your app/browsing history..
Interesting aside: Viacom used a similar broad request back in 2008 [1] in its lawsuit that nearly put YouTube out of business in its infancy. This time, it's the government making the request, and Google has way more data to potentially provide.
[1]: https://web.archive.org/web/20100702111029/http://afp.google...
As I see it, our only choice is to make privacy and anonymity trivial. Not for techies, but for our tech illiterate grandparents. Push hard for tools like Signal where people can get encryption without having to think about encryption. People want privacy and security but they just don't know how or don't understand what leaks data. But there's the clear irony that the sector __we__ are critical to is the one who is creating this problem.
I'm not ready to swallow that pill. I'm unconvinced we have to. Clearly __we__ can do something about this. Even if that is refusing to build such things, let alone build defenses. Apathy is no different than supporting these authoritarian takeover, because that's what it is. Authoritarian creep.
This is already too hard. But anything that can be done needs to be wrapped up into a trivial to use interface. It has to be for everyone, not just people who are technologically {capable,knowledgeable} and have the time and energy to do this all the time every time. It needs to be standard.
Of course, we should fight this from both ends. Many ends. We shouldn't collect the data. We shouldn't process it. And we should build defenses.
Although the thread root refutation makes no sense. Freely trading bitcoin leading to 9-11 is going to have to involve some flexible mental gymnastics since 9-11 happened in a pre-Bitcoin world. In practice AML style laws are generally targeting tax evasion.
So if you get high enough on the list, it’s like those ‘immortal snail’/snail assassin scenarios.
Even Bin Laden got taken out and dumped in the ocean eventually.
So like Jan 6th - it had better work, or your goose is very likely cooked eventually.
On the other hand, it seems like the Tor users who get caught make clear, glaring mistakes in their opsec. And I always remember how long it took to catch the Unabomber, and how they apparently only managed to catch him because of his brother.
That said, credit where it's due: https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
If you don't like it, walk away, seems reasonable to me. We don't own these corporate web sites and can only vote with our eyeballs (so to speak).
They asked for information about a video watched 30k times. Supposing every person watched that video 10 times AND supposing the target was one of the viewers (it really isn't clear that this is true), that's 2999 people who have had their rights violated to search for one. I believe Blackstone has something to say about this[0]. Literally 30x Blackstone's ratio, who heavily influenced the founding fathers.
I don't think any of this appears legitimate.
Edit: Ops [0] https://en.wikipedia.org/wiki/Blackstone%27s_ratio
That being said, I suspect it was just an unfortunate use of words (current / right leaders) that might lead some people to think I was being politically tribal. (nothing could be further from the truth)
Huh? Why? Is this because some country doesn't like people having good mapping technology? Israel and China object to precision mapping, but the US historically has not.
On the one hand, a narrow warrant that reveals a lot of people (classic example are warrants on motels to provide the names of everyone who checked in on a certain date, or was registered on a certain date) are certainly constitutional and have been upheld many times.
The first seems, odd.
They had control for decades, then traditional television/cable media started to collapse. They're trying to take control of "new media," in the internet.
Did you happen to pass by a cell tower in a major city around the time a crime was committed? We all have.
Well, your IEMI was included in a cell tower dump. Probably dozens of times.
Did you happen to drive your car over any bridge in the Bay Area lately? Did a municipal vehicle pass you and catch your license plate with their ALPR camera?
Guess what? Your name went through a database of an LEO search if they wanted to find a perp for that time/location.
Privacy has been dead for a long time. The worst part is people don’t care.
The Snowden files changed nothing. If there was ever a point in history where people would have given up their cell phones for their civil liberties, that would have been the time to do it.
Edit: this is also not the federal government, state and local government has even less juice than the little the Feds possess.
https://securitycurrent.com/privacy-is-dead-long-live-privac...
The only way to solve the problem would be to elect politicians who would either dismantle most of the surveillance system or address crime and terrorism so decisively that there was no longer any plausible threat to justify continuing to maintain a mass surveillance apparatus in which case it would (hopefully) eventually wither away as part of budget cuts once politicians forget why it was even "necessary" in the first place. There is no solution to political problems without obtaining and using political power to solve them.
The strategy of eliminating the system's justification isn't foolproof though because the bureaucracy that runs the military draft (Selective Service) somehow still exists even though the draft was ended around half a century ago and is almost certainly never coming back. Politicians only noticed it existed a few years ago long enough to debate whether to extend the wrong of registration for it to include women in addition to men. The eventual decision was to leave the status quo intact[3]. The sensible option of abolishing that relic of a past rights violation rather than continuing to waste money on maintaining the bureaucracy was not seriously considered. That means the direct route is almost certainly the better approach.
[0]: https://www.theregister.com/2022/08/10/github_tornado_cookie...
[1]: https://en.wikipedia.org/wiki/Silk_Road_(marketplace)
[2]: https://www.reddit.com/r/TOR/comments/rjgq8s/ok_so_what_has_...
[3]: https://www.politico.com/news/2021/12/06/ndaa-women-draft-dr...
So not sure where you got the impression he's okay with up to 100 people being disturbed so we can catch one bad guy.
But then, he wasn't really talking about that was he? Better the guilty go free than the innocent suffer what? He was, essentially, talking about the principle of innocent until proven guilty; that innocent people shouldn't suffer by being punished for a crime unjustly.
2999 innocent people, in your formulation, though, are not being punished for a crime. They're not even being accused of a crime.
Even better might have been to directly link to some service that they already control on a honeypot URL, and then gone after the ISP for customer details.
Are you familiar with Aurora? It was that time in 2009 when a Chinese military unit broke into Google and started poking around for information about some known dissidents. They were expunged quickly and the level at which Google stepped up their security game is unparalleled in the history of infosec.
Yes, the NSA or various law enforcement groups can get information from Google if it goes through the proper channels, and there's probably a handful of intelligence community insiders who hand data out of Google from time to time as well, even as part of various intelligence sharing agreements, but the idea that the NSA just has free access to whatever they want there is ridiculous.
Also, getting doxxed isn't entirely bad because it can open doors as well as closing them. Depends on how you leverage it. You just don't want the US government and/or the government where you live as your adversary.
Justice Department withdraws FBI subpoena for USA Today records ID'ing readers - >>27408647 - Jun 2021 (174 comments)
Someone posting up illegal videos? We already got laws for that, you sons of bitches. WATCHING videos? Like, "everyone in the country who watches this video?" Get the hell out of here.
Other commentators have echoed the principle. Benjamin Franklin stated it as: "it is better 100 guilty Persons should escape than that one innocent Person should suffer"
If you're a legit threat to national security, then yeah, they're probably going to find you no matter what you do.
I was mad then. I'm more mad now. Stop these arguments because it isn't like one implies the other. And who the fuck cares if someone wasn't but is now. What's the argument, that you're a hipster? That's not solving problems. I don't want to gatekeep people from joining the movement to protect rights. I don't care if they joined as a tin foil hat or just yesterday after having literally been complacent in these atrocities. If you're here now, that's what matters.
> Privacy has been dead for a long time. The worst part is people don’t care.
Bull, and bull.
There are plenty of people fighting back. I'm pretty sure me getting ads in languages I don't speaks is at least some good sign. Maybe I can't beat the NSA, sure, but can I beat mass surveillance? Can I beat 10%? 50%? 80%? 1% is better than 0% and privacy will die when we decide everything is binary.
People care. People are tired. People feel defeated. These are different things. If people didn't care Apple (and even Google) wouldn't advertise themselves as privacy conscious. Signal wouldn't exist and wouldn't have 50 million users. It's not time to lay down and give up.
> mingus88 36 minutes ago | parent | context | flag | on: Google Ordered to Identify Who Watched Certain You...
Cell phone tower data has been used for a decade now in pretty much the same way.
Did you happen to pass by a cell tower in a major city around the time a crime was committed? We all have.
Well, your IEMI was included in a cell tower dump. Probably dozens of times.
Did you happen to drive your car over any bridge in the Bay Area lately? Did a municipal vehicle pass you and catch your license plate with their ALPR camera?
Guess what? Your name went through a database of an LEO search if they wanted to find a perp for that time/location.
Privacy has been dead for a long time. The worst part is people don’t care.
> The Snowden files changed nothing.
They didn't change enough, but that isn't nothing.
Which I think we can all agree with.
But that's not what's happening here, is it?
If anyone can solve this problem, it is us.
Any tech we create to "solve" this issue will be worked around and/or used to cause more problems.
Tech isn't the solution.
They are, however, being harmed.
It's easier to use historical examples because they're not afflicted with modern politics.
The FBI was known to investigate and harass civil rights leaders during the civil rights movement. Suppose they want to do that today.
Step one, come up with some pretext for why they should get a list of all the people who watched some video. It only has to be strong enough to get the list, not result in a conviction, because the point is only to get the list. Meanwhile the system is designed to punish them for a thin pretext by excluding the evidence when they go to charge someone and their lawyer provides context and an adversarial voice, but since their goal here isn't to gather evidence for a particular investigation, that's no deterrent.
Step two, now that they have the list of people interested in this type of content they can go on a fishing expedition looking for ways to harass them or charge them with unrelated crimes. This harms them, they're innocent people, therefore this should be prevented. Ideally by never recording this type of information to begin with.
There is a reason good librarians are wary about keeping a history of who borrowed a particular book.
Yes. "100 people" (or whatever) had their rights violated. Sure, not as bad as jail, but it is still in the spirit. I'm not sure why you think I have it backwards, I think we're just using different perspectives.
But I'm not into being pedantic if we understand one another.
If you add a redirector plugin for your browser, you can add a capture for something like this:
https?://(.*?\.)?youtube.com/(.*)
https://farside.link/invidious/$2
[0] https://github.com/iv-org/invidious
Blackstone was talking in the abstract. Clearly Franklin was too considering many of the other things he's known for saying.
In a just-unsealed case from Kentucky reviewed by Forbes, undercover cops sought to identify the individual behind the online moniker “elonmuskwhm,” who they suspect of selling bitcoin for cash, potentially running afoul of money laundering laws and rules around unlicensed money transmitting.
In conversations with the user in early January, undercover agents sent links of YouTube tutorials for mapping via drones and augmented reality software, then asked Google for information on who had viewed the videos, which collectively have been watched over 30,000 times.
I think whether their rights are violated depends entirely on what sort of information is handed over. Consider acquiring surveillance footage that has plenty of foot traffic, but a suspect is known to have passed by. The police are typically permitted to review that footage even though plenty of innocent people were captured on that video.
No they're not. Which ones will live a day less of their lives?
If I'm on surveillance footage near a crime scene, police have the right to look for me and question me. This isn't any different. It's just different sets of photons and electrons.
I respect the rights to privacy, but a crime happened, and the police have the tools to investigate. It's barely an inconvenience.
The burden of proof will still be on the investigators and prosecution to find out and show beyond a shadow of a doubt who performed the swatting.
Can't make perfect the enemy of the good.
https://docs.invidious.io/faq/#q-what-data-is-shared-with-yo...
Plus of course
https://docs.invidious.io/faq/#q-what-data-is-collected-by-i...
At least some of those people wouldn't have thought of committing that crime without being exposed to those videos.
That's not at the level of a cop saying "hey, let's go rob a bank" to some sap, but ...
Wait, what? So is Bitcoin illegal to use as a currency now? Special casing exchanges for cash seems completely pointless if you could just buy some of <any commodity> for cash and then turn around and sell it back to the same person for the same amount in Bitcoin, but if every customer has to do KYC of the merchant when they're paying with Bitcoin, how is that ever going to be feasible?
Your liberties encompass so much more than this and a government that treads on them recklessly does far more damage than to simply waste an individuals time.
> It's barely an inconvenience.
You assume it's not. How would you verify this? Why should you have to?
An aside on invidious collecting data - I am a lot more comfortable with some random guy in Europe having my data than Google.
They just have to make it painful enough for enough people to get the vast majority of the rest to "fly right."
I'm certain that this is not terrorism.
I very much agree that (some, probably minimal) harm is being done to these people. Pretending that they "suffer" in the sense Blackstone was using the word is disingenuous.
The ones who, having had their political inclinations revealed to adversarial law enforcement, then become subject to harassment for those views which should have been private.
> If I'm on surveillance footage near a crime scene, police have the right to look for me and question me.
The question is whether they should have the right to seize the surveillance footage by force if the proprietors would rather protect the privacy of their users. The third party doctrine is wrongful.
And given that it exists, so is keeping records like this that can then be seized using it.
> The burden of proof will still be on the investigators and prosecution to find out and show beyond a shadow of a doubt who performed the swatting.
This is assuming they're trying to prosecute a particular crime rather than using a crime as a pretext to get a list of names.
And it's about the principle, not the particular case. Suppose a protester commits a crime and now they want a list of all the protesters. Any possibility for harm there?
These are innocent bystanders. There is nothing suspicious about their activities other than they did something that a suspected criminal did. A perfectly legal activity? To take this to the ridiculous side, are we going to investigate everyone who took a poop at a specific time because a criminal did?
I would argue “people don’t care” because… there isn’t a high enough number of people who suffer negative consequences from “their privacy being invaded”.
If there was a crime committed outside your home and you have surveillance footage that has captured passers by, you would not offer it to the police because you would rather protect the privacy of the all the anonymous passers by when one of them is likely the culprit?
That strikes me as highly unlikely. And if you wouldn’t, I am willing to bet that most people would. Why care about the privacy of anonymous passers by when you can help catch the perpetrator and increase safety around your home?
You are wrong. Punishment is when you impose a penalty as retribution for an offense.
I expect so. But pretending that's what he was talking about in the quote you were referencing is going to undermine your (our, probably) position with those not already convinced.
I wonder what kind of video it is. Maybe a shared link, so only people who secretly know about it knew about it, and they have become suspects. Is it mentioned in the forbes article?
And i wonder if people abuse videos on youtube by encrypting the content with a key and the key is then shared.
There are cases like the bombing in Madrid where the US agencies cast out a wide net over possible suspects using data about people who converted to Islam and then used a bad finger print match (which everyone told them was garbage) to terrorize one suspect for weeks. They had no evidence that the guy was involved, they had no evidence that any of their suspects was involved, but they had a narrative and where happy about every bit of data that supported it. Meanwhile Spain convicted the actual bombers.
You think the world’s geniuses are hanging out here? The world’s brightest are here and you’re going to inspire them to solve what you frame should be a very high priority? There are much bigger problems to solve.
I really think your vanity is warping your perspective.
Not at all. I would say that it's usually (not always!) small in the particulars but adds up in aggregate, and that we should be a lot more careful with how much surveillance we allow.
I just would also say that the kinds or amounts of harm being done there are manifestly not what Blackstone was talking about in his "formulation" as it leads immediately to absurd conclusions that go very well past the present case.
I will not here that "there is a concern here analogous to Blackstone's ratio" is a different thing than, paraphrasing what was up thread, "this is substantially more extreme than Blackstone's ratio should forbid".
And in case I haven't said it in thread anywhere, I share concerns about surveillance. I just think if we are enlisting support from historical figures, we should find a quote where they're talking about the question or acknowledge the distance, rather than pretending the quote means something it didn't - that will only turn off those who might be persuaded.
In Berlin there used to be a notification system if you were subjected to cell surveillance in Berlin. It was recently stopped [0]. IMHO we need the same for all IP assignment or account lookups. The problem IMHO is that we, individualy, and particularly vulnerable groups like journalists and activists, might be subject to far more of such activities than we know.
[0] https://netzpolitik.org/2024/rolle-rueckwaerts-berlin-beende...
Some hyperbole in your telling of the story and failure to mention that he was awarded restitution. According to Wikipedia:
Brandon Mayfield (born July 15, 1966) is a Muslim-American convert in Washington County, Oregon, who was wrongfully detained in connection with the 2004 Madrid train bombings on the basis of a faulty fingerprint match. On May 6, 2004, the FBI arrested Mayfield as a material witness in connection with the Madrid attacks, and held him for two weeks, before releasing him with a public apology following Spanish authorities identifying another suspect.[1] A United States DOJ internal review later acknowledged serious errors in the FBI investigation. Ensuing lawsuits resulted in a $2 million settlement.
https://en.wikipedia.org/wiki/Brandon_Mayfield
What point are you trying to make with this example?
And a dictator is just another set of cells and organic compounds? You can't break things down into this because then literally everything is the same. Literally everything you see is just a different set of photons and electrons. But those things have real effects. They aren't fungible. I don't care that my partner sees pictures of me naked, but I sure do care if cops or "the government" is, despite it being "just a different set of photons and electrons."
> The burden of proof will still be on the investigators and prosecution to find out and show beyond a shadow of a doubt who performed the swatting.
The burden of proof is step by step. I don't think I should have to cite the 4th Amendment but
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and ***no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.***
[0] https://en.wikipedia.org/wiki/Negative_and_positive_rights
[1] https://encyclopedia.ushmm.org/content/en/article/martin-nie...
These are not the same. You might think the difference is subtle, but I'll tell you that that subtly matters. And matters a lot.
And tbh, these two scenarios are quite different.
TBH, if the above would be true, I would even be happy. But I'm biased, because I sincerely hate thieves and extorsionists.
I understand why you think I'm wrong, but I hope you understand why I think that way. We can disagree, and that is fine, but let's not act as if there are objective answers in social constructs.
Because, I do think punishment is an imposed penalty. In this case, on your rights. Rights are abstract, and these are not binary nor clearly discrete. House arrest is not jail, nor are fines. But as communicated to you elsewhere, the 4th amendment is about ensuring friction for removing someone's negative rights.
But I disagree that punishment is imposed as a penalty as retribution for an offense. You imply that this requires an actual offense to have been made. I assure you that punishment can be imposed for any arbitrary reason. I can also assure you that punishment is a spectrum, from extremely minor (as I think we'd agree is in this case) and extremely harsh.
I agree with this. What's happening here is different than the scenario in the original ratio, even though it's a similar concern.
> I just would also say that the kinds or amounts of harm being done there are manifestly not what Blackstone was talking about in his "formulation" as it leads immediately to absurd conclusions that go very well past the present case.
If we direct ourselves to the case at hand, I'm not sure that a general rule that the government can't compel innocent bystanders to assist an investigation against their will would even be a net negative, much less cause serious problems. When a crime is committed people will generally be inclined to help bring the perpetrators to justice, because who wants thieves and murderers and so on going unpunished? Whereas if someone is disinclined to help, we might consider that they could have a reason, e.g. because the law being enforced is unjust or they believe the investigation is not being conducted in good faith, or they simply don't trust the government with the information, at which point the ability to refuse acts as a reasonable check on government power.
> I just think if we are enlisting support from historical figures, we should find a quote where they're talking about the question or acknowledge the distance, rather than pretending the quote means something it didn't - that will only turn off those who might be persuaded.
I feel like historical quotes tend to detract from discussions in general, because they're effectively an appeal to authority and then the discussion turns to exactly where we are now, debating whether the current situation can be distinguished from the original, which is a separate matter from whether what's happening in the modern case is reasonable or satisfactory in its own right.
The biggest change IMHO was the entire industry got off their collective assets to finally move to HTTPS.
We don't care if this wall might possibly be easy to simply walk around and obviate, we shouldn't even look, or even talk about looking. The only rational way to attack any problem is to just look exactly in the direction you were led to look, bang your head on that same spot forever.
More-generally, imagine if every citizen was entitled to a yearly report on all how many times law-enforcement received records containing their names or personally identifying information, except in cases that are formally unsolved and in-progress.
So a line item might be something like:
{Ref ID}, {Date}, "All Youtube accounts that watched {Video Title}"Yes. But that's not the same
> potentially investigate if there's something off?
If you're asking information from people who witnessed a crime *and volunteering information* (which is not investigating that person and not accusing them of a crime, nor is lack of volunteering information a suspicious activity) and they then generate suspicious evidence, then yes, that enables capacity for investigation. It is true that things are not static, time exists, and entropy marches on.
That's the difference. There is nothing that these people did that warrants suspicion. These people are not being asked or questioned. This was not done voluntarily. They didn't even know this was happening to them. This was a thing imposed upon them, full stop.
I want to give a scenario to help make things clear. Suppose I send nudes to my partner. The government intercepts these without my knowledge, looks at these, and deletes them, and literally nothing else happens. Is this okay? I did not know this happened to me. No "harm" has fallen upon me. And as far as I know, nothing has changed in my life. But then later I find out this happened. Let's say 20 years later. I feel upset. Do you not think I am justified in being upset? I think I do. My rights were violated. It is worse that it was done in secrecy because it is difficult for me to seek justice. It is because I have the right to privacy. It is a natural, de facto, negative, but a god given right. They put my information at risk by simply intercepting it and making a copy. It was unnecessary and unjustified.
Why can't a court order be mass surveillance? In these cases, the videos were viewed 30,000 times and more than 130,000 times (if I understand the latter correctly). How is that not mass? Nobody suggests that more than a few of those people are suspects.
I don't disagree that wrong things should not be tolerated and that giving up and accepting is no answer.
Whenever someone tries to tell a complainer to shut up, I frequently point out that in the entire history of the Earth, not one thing ever got better by accepting things as they are. It's one of my favorite things to point out. So I'm very much in the reject giving up camp.
But I don't think it's necessarily giving up or cooperating to merely explore any and all other possible solutions to any given problem, and that comment struck me that way.
My impression might be unjust, and so by disclosing it I may take a few arrows myself, but for once, one is explained. :)
Correct me if I'm wrong, but I'm pretty sure Blackstone wrote about negative or natural rights.
In fact, let me pull out more context around the exact quote. He specifically addresses direct punishment but immediately after is the nature of having the duty to defend one's innocence. Which is exactly the case here.
Fourthly, all presumptive evidence of felony should be admitted cautiously, for the law holds that ***it is better that ten guilty persons escape than that one innocent suffer.*** And Sir Matthew Hale in particular lays down two rules most prudent and necessary to be observed: 1. Never to convict a man for stealing the goods of a person unknown, merely because he will give no account how he came by them, unless an actual felony be proved of such goods; and, 2. Never to convict any person of murder or manslaughter till at least the body be found dead; on account of two instances he mentions where persons were executed for the murder of others who were then alive but missing.
Lastly, it was an antient and commonly-received practice that as counsel was not allowed to any prisoner accused of a capital crime, so neither should he be suffered to exculpate himself by the testimony of any witnesses.
I know that this is a point of contention in this (these) discussions, but I stand by that a right is being violated and harm is being done by the simple act of investigation. Mass surveillance (which is mass investigation), is an infringement on our god given rights. The point is to have friction for the infringement of rights. All rights can be violated, but they must need sufficient reason. It does not matter if these rights seem inconsequential or not. Because at the end of the day, that is a matter of opinion and perspective. Blackstone was writing about authoritarian governments and the birth of America was similarly founded on the idea of treating government as an adversary. These were all part of the same conversation, and they were happening at the same time.
I do not think I am taking the historical quote out of context. I think it is more in context than most realize. But I'm neither a historian nor a lawyer, so maybe there is additional context I am missing. But as far as I can tell, this is all related and we should not be distinguishing investigation (or from the other side of the same coin, exculpation) from punishment as these are in the same concept of reducing one's rights. They are just a matter of degree.
https://oll.libertyfund.org/titles/sharswood-commentaries-on...
The police didn't upload they videos. It's not entrapment, and it doesn't sound like the actual content of the videos is illegal.
Instead, they had an open communication channel with their target and were able to send them various links to youtube videos.
Their theory being if they can find any user who clicked on all (or most of) those links, it's probably their target. And it's unlikely some random user would have accidentally viewed all those videos.
The actual request for the raw list of all viewers seems unconstitutional to me. Too broad, gives the police a lot of infomation about all users who watched just one of the videos. But I suspect a much narrower request where google identified the target user and past just that user's info on would be constitutional.
Saying that some PM at Google decided decade ago something like "hey guys let's build a database of our user's phone numbers to satisfy some theoretical future dragnet surveillance request from law enforcement and tell our users that it is for their own security" is actually quite ridiculous conspiracy theory if you think about it.
As far as I can tell, this is explicitly within the context of the quote.
That said, I do see your point and appreciate your feedback. Maybe this can be an opportunity to turn this into a lesson? It seems too cumbersome to bring up from the get-go and similarly backfire. But discussing in the abstract is a difficult task when it is neither a natural way of thinking nor is it a common way that is taught. But I still think it is an important tool and something that does distinguish humanity. I am open to suggestions (I think HN of all places is more likely to be successful when discussing things in the abstract, but it is still general public).
[0] >>39798280
Tech is too abstracted, and we must concentrate on the application. There is time for abstraction and time for specification. Tech is used to extract information as well as tech is used to protect information. These are actions, not objects or attributes.
And yes, it isn't the only tool in the toolbox. But it is a tool everyone here shares in common. It is a tool that many here are using to create this problem. One that many are probably not even aware that they are contributing to. But due to the commonality of our community and the commonality in its usage to create or exacerbate the problem, it is worth mentioning and considering.
Don't pass the buck. There are no singular causes nor solutions. So if we dismiss something because it is incomplete, we will never create any solution.
Maybe. But they at least frequent here.
> I really think your vanity is warping your perspective.
I think you undervalue yourself. I don't see myself as a big cog, but neither am I disillusioned to believe that just because I'm a cog in a much larger and more complex machine means that I have little to no importance. Lesser, but non-zero. Were I to have the vanity you suspect I have, I would not be calling for your support as I would use my ego to solve it alone. But I am not. I can't do this alone. Nor am I drumming up people to collect wood and assign tasks, but I am trying to help those find a longing for the endless immensity of the sea. I am trying to help us realize we aren't inconsequential and that together, we have meaningful power. The big cog may be shiny and may have a lot more power, but it is still supported by a thousand smaller ones.
I have no illusion that people here work for Google, Meta, Apple, Amazon, Microsoft, and so on. Do you really think differently?
The issue is that the ratio can't mean much outside the realm of a criminal conviction when any of the rest of it would need a different standard.
Suppose we want to evaluate if it's reasonable for the police to search your residence for a murder weapon. Should we let 100 guilty people go free to avoid one search of an innocent person? That's probably not right, a search is enough of an imposition to require probable cause, but if you had to prove the crime to the same level as would be necessary for a conviction in order to get a warrant then searches would always be superfluous because they could only happen in cases where guilt is already fully established without the results of the search.
Conversely, with this YouTube kind of situation where the police want data on large numbers of people, the majority of whom are fully expected to be innocent, they're not even reaching probable cause for those people. Which is a lesser standard for justifiable reasons but it's still not one which is being met for those people. And so it's still a problem, but it's a different problem with a different standard.
Certainly Blackstone was not saying that infringement of rights (punishment) should not happen under any circumstance. Rather that there should be significant friction and that we should take great care to ensure that this is not eroded.
https://transparencyreport.google.com/https/overview
https://transparencyreport.google.com/safer-email/overview - transmitting email with some form of encryption is probably a bigger and completely unseen problem that is similar
I make a difference between leaving loggable traces of living (which we leave all the time, no matter what) and sometimes filtering to recapture the past.
If some person was able to pick me out from a lineup because they physically saw me then that wasn't private and privacy laws don't apply.
So for instance capturing my face on CCTV in a public place isn't a privacy violation, same with my license plate in a pulic place.
However what happens on my private property is a privacy violation if it is recorded without consent.
Certian information isn't private, and that being stored is fine. Where the line gets drawn is what's up for debate.
I surely would want my contact details and name saved by a company that I intend to do business with in either direction. However if they spam me with information I should be able to lodge an harrassment claim against them. It's not a privacy issue but a decency issue.
And the biggest enablers of violation are things like ring doorbells and dashcams. There is no comeback in my country, don’t know about the US.
Governmental and commercial cctv has checks and balances. Domestic just goes onto planet wide databases with no control.
> If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
which you can read either as a terrible "nothing to hide nothing to fear" comment or as a good warning about the factual state of things.
I have no hope that the people who created the very tools that led to these problems, are in anyway going to try and solve this problem.
And that’s great Google are trying to fight back, a little. Though I wonder that for us Non-American Brits that they’d do the same for us too (doubtful)
Isn't that worse? Essentially making Google do the job of the police and the police having to trust the work of Google for it.
Charitably speaking that is.
https://www.autoweek.com/news/a2055556/venom-law-police-put-...
Before Snowden encryption was something that was mostly seen as a way to protect login forms. People knew it'd be nice to use it for everything but there were difficult technical and capacity/budget problems in the way because SSL was slow.
After Snowden two things happened:
1. Encryption of everything became the companies top priority. Budget became unlimited, other projects were shelved, whole teams were staffed to solve the latency problems. Not only for Google's own public facing web servers but all internal traffic, and they began working explicitly on working out what it'd take to get the entire internet to be encrypted.
2. End-to-end encryption of messengers (a misnomer IMHO but that's what they call it) went from an obscure feature for privacy and crypto nerds to a top priority project for every consumer facing app that took itself seriously.
The result was a massive increase in the amount of traffic that was encrypted. Maybe that would have eventually happened anyway, but it would have been far, far slower without Edward.
Credential stuffing is a huge issue for large providers and requiring 2FA is a huge mitigation. Sure, a targeting attack will make the SIM swap, but that is a huge difficulty upgrade from generic credential stuffing.
I'm all for finding a balance, it's just that many times people are against surveillance that does actually improve security or enforcement but mildy infringes on their "rights" when in reality they never had privacy in that situation to start with and the use of technology didn't substantially change that.
Youtube being forced to give up personal information based on who viewed a video is something I don't see as an issue. How is this any different from any other website getting the exact same order?
If you are doing something shady you know how to obfuscate that information, if you aren't, sure your "privacy" was "violated" for sure but it was violated in a way that was legally allowed and by law enforcement at that.
Living in a surveillance state where I have no choice but for the government to be able to track every single transaction I make financially and being able to link my cell number amongst other details directly to me, I feel like if I had to try to fight that I would only be causing myself undue anxiety and I've got enough legitimate reasons to be anxious.
"DEFAULT DENY ALL"
After which you can -of course- start opening up ports and start trusting people with information. Even if done imperfectly, one's attack surface is at least under some sort of control. I mean -at least- a semblance of control can be taken, however aspirational in practice. It allows conscious control of ones information flows.
As you may have experienced yourself a posture of "DEFAULT ALLOW ALL" is effectively impossible to manage, since tracking down and plugging new leaks faster than they show up is pretty much like bailing out a boat with -well- a squillion leaks (and more every minute).
Getting muggles to a safe default posture is going to be difficult. However, seeing the growing awareness in society it might not be impossible.
Think of nascent privacy initiatives by the EU (no matter how (in)effective as yet). Or you could think of starting school programs akin to "just say no" for instance, promoting more conscious and careful online behavior. It might never be perfect, but some level of herd resilience might be attainable?
This would then be mixed in with the question of whether or not new forms of data (like video views) would equate to previous forms of similar data searches that police have obtained warrants for (like reviewing CCTV).
+1 on citing the constitution's wisdom of treating the government itself as adversarial, due to the enormous power it has.
+1 on pointing at the difference between positive and negative rights in this context.
In contrast mass surveillance is just "oh, we have a BIG database, and we query whenever for whatever purpose, and nobody knows who searched for what and when and why, and nobody EXTERNAL TO THE AGENCY needs to approve it (lack of control). And today, Bob, who works for the police, background-searched his new girlfriend as well."
Treat it as a public postcard signed with your name, and never for a minute assume that someone doesn't link what you say to your identity.
This mode of operating means you will be more polite when angered by some troll online, as you are not hiding behind some pseudonym.
And at least you won't be shocked when a Website does what Glasdoor recently did, i.e. convert from pseudonyms to people's real names WITHOUT CONSENT OR WARNING. Surely by using always your real name you will not bitch about your employer on a Website when you name is shown as the poster and you will still want to get promoted, or at least retained as an employee.
Google was driven not out of some panicked rush to protect user privacy, but to protect Google's collection and storage of user data.
Google has 10+ years of my email. It doesn't treat that like Fort Knox because it gives a shit about my privacy; it treats it like Fort Knox because it wants to use that for itself and provide services to others based off it.
You do know that Google was heavily seed-funded by the NSA, right?
I guarantee the very wealthy or politically powerful have plenty of very-well-hidden cameras surrounding their properties.
Those rules are to keep you from catching and proving the powerful doing something they shouldn't.
If they're not guilty, why are they running?"
This is complete BS. Technology made it scalable to track where everyone is and query it historically. This used to require tailing someone so it couldn’t be done at scale.
What makes that one different than a court order demanding that a business release security footage that covers the scene of a crime for the time window in which the crime occurred? Or would you consider such a court order to also be illegitimate?
I agree it would be bad if they were making the request in furtherance of a conspiracy to do either of those things.
But the police asking Google for a list of people who viewed a video, though, is in itself not one of those things. It’s similar them asking a business owner whose business has a camera overlooking a street near a crime scene to hand over surveillance footage (which will include innocent passers by) or a business that sells a product which was known to be used by a criminal to provide a list of purchasers of that product (which will include innocent purchasers).
Many such businesses will voluntarily hand over such information to assist with an enquiry. Some businesses might refuse, or might choose not to have such information.
And this is why judges are involved in the process of issuing warrants and grand juries in the process of issuing subpoenas when the police or a prosecutor want to compel the production of evidence of that sort.
But it just seems inevitable that, at the beginning of an investigation into a crime where the perpetrator is unknown, the first step is to identify possible suspects; by definition not all of the people so identified will end up being investigated. How are the police to do that if they can’t ask anyone for information that might bring innocent people’s names to their attention?
I appreciate it seems idealistic maybe, but it feels to me that we need rules that ensure ‘coming to the attention of the police in the course of an investigation’ is genuinely harmless; not rules that assume it automatically exposes you to harm.
Maybe because John Smith was one of only eleven people who signed in to a building on the day a crime took place, and he signed out right after the crime happened.
But should the police not look at the sign-in sheet at the building because that will infringe the privacy of ten innocent people?
Anytime you willing share data with a 3rd party the law assumes you aren't keeping it private.
https://en.wikipedia.org/wiki/Pen_register
If you want to keep something private don't share it outside of your house.
“Security
Tailscale and WireGuard offer identical point-to-point traffic encryption.
Using Tailscale introduces a dependency on Tailscale’s security. Using WireGuard directly does not. It is important to note that a device’s private key never leaves the device and thus Tailscale cannot decrypt network traffic. Our client code is open source, so you can confirm that yourself.”
the water is already boiling, its time to jump out
It isn't.
Democracy is fake.
Our justice system is fake.
Everything is fake.
(Where "fake" = "not what they are advertised or perceived to be.)
If all of the same things were occurring in another country, or even better: in a video game, you would have little difficulty and zero aversion to accepting these facts.
However: put a person into these things, and the brain malfunctions.
If you are a reasonably normal person, your mind will now be filled with objections to this proposition, reasons why I am incorrect. But if you were to state those objections, I can punch holes in every single one of them without even breaking a sweat.
We live in a literal simulation, but not the kind that everyone has been hypnotized to believe is the only kind possible - have you ever noticed that when the notion of simulation theory comes up, it is always The simulation theory (Nick Bostrom's)?
This is a pretty neat trick eh? And there seems to be nothing that can be done about it, because people will fight tooth and nail (using Meme Magic, aka "The Facts", "The Reality", etc) against being extracted.
Thankfully, it is simultaneously hilarious. Well, except the part where millions of children are dying, but nobody cares....but oh boy when a big scary "pandemic" comes along, pull out all the stops.
I hope that there is a Hell, because I would like to see every single member of this despicable 21st century society end up there some day. Seeing justice finally being served for once would be worth suffering for eternity.
What I said is for this specific point a smart criminal won't get caught and you too can very easily obfuscate that very same data.
Data isn't free and processing big data isn't cheap. As much as Google has the data, that means they need to store that data.
You know what used to happen before and still happens now, an example. I live in a restricted access area. Restricted in the sense rhat to get in some guy needs to take your name and license plate.
For many many businesses parks in my country that is still the defacto. There isn't really a camera watching that other than general CCTV that probably doesn't have the resolution to pick up text on our license plates. It's cheaper for them to literally pay a guy to stand at a boom and get that information than to install the technology required to track that automatically.
-Nobody ever.
Come on, use your brain. Even if you are talking about smaller entities who might otherwise only have names and emails, why would they want phone numbers? They don't care about identifying you. And even if they did they already have your email and name.
Step away from the tin foil...
It’s not an invasion of privacy. But it is a problem for other reasons
https://nobaproject.com/modules/eyewitness-testimony-and-mem....
(Never not seen an archive link of a paywalled article buried so carrying my part of that responsibility)
I don't even drink bourbon.
The adtech industry made data and its processing not just free (as in more than covered by the ad revenue) but outright profitable.
This is frankly a one-in-a-lifetime gift to the government because we've not only built an unaccountable industrial-grade spying machine but the government doesn't even have to pay for it as it pays for itself and incentivizes its own expansion.
What changed after Snowden was how Google encrypts traffic on its network, according to an article quoting you at the time.[5]
[1]https://gmail.googleblog.com/2010/01/default-https-access-fo...
[2]https://googleblog.blogspot.com/2011/10/making-search-more-s...
[3]https://www.zdnet.com/article/yahoo-finally-enables-https-en...
[4]https://techcrunch.com/2012/11/18/facebook-https/
[5]https://arstechnica.com/information-technology/2013/11/googl...
It’s a nonsense argument to say Google can’t handle credential stuffing without SMS 2FA in place, as in not pushing all 2FA via Google Authenticator and using the very wide reach and talented security team for baseline cred stuffing. Sec tools for this, even without being Google and their very talented sec team, are pretty good.
Wanting a hard phone number is a pure identification play and also about the more likely pragmatic concern (than cred stuffing) of using Google for burner accounts.
Fingerprinting to a user, especially for a bulk request, without something to anchor on like a device id (or phone number), is harder than you make it out to be. End of third party cookies and so on has had an effect.
Tracking and the firms that do it is incredibly extensive and hard to beat (ie browser ad you just scroll by can fingerprint you well enough).
Because it is trivial to make a burner/secondary email address, but much less trivial to do the same with a phone number. Furthermore, everyone adds phone numbers to their contacts but very few add emails, so phone numbers are much more valuable from the perspective of inferring social graphs.
Both of these are extremely valuable for adtech and generic "growth & engagement" scum, thus why all companies matching this criteria started effectively requiring phone numbers. The 2FA/security angle is just an excuse for the true reason behind it.
if [pecadillo] must remain secret when your nieghbour is investigated for [crime?] then encrypt at least twice, and obfusicate the original message
We've literally created this problem by making industrial-scale stalking profitable and socially-acceptable. We've created an entire self-sustaining industry that spies on everyone, is not accountable and that the government can just ask for data when needed.
2022-06-30 >>31938350
For me that's awesome. But it really really really didn't sit well with members of Congress I guess, and boomers in general.
I'd buy the spam reduction angle - it's a bit easier to get an email address than a phone number. But I have never seen a service require 2FA (except things like NPM and PyPI; but that's clearly for security) so I don't think it's that either.
I think it's pretty clear that the reason really is security. There's no conspiracy.
I'd say this egotistical god-complex is exactly what got us into the current mess.
Agreed. But I disagree that the true reason is security. The true reason is better stalking which is valuable to adtech scum which now happens to be the vast majority of consumer-grade tech.
> I have never seen a service require 2FA
Try register on Twitter. They'll let you register but then randomly suspend your account for alleged ToS violations (even if the account was outright inactive) but will give you the option of instantly unbanning yourself following phone number verification. Microsoft will randomly lock out MS accounts without a phone number attached and will require a phone number for "security" upon the next login (the security angle being very dubious considering they don't have a number on file to compare to, so even an attacker can pass this challenge just fine). Etc.
> There's no conspiracy.
It's true, there's no conspiracy, it's just business and can be explained by common sense and economics. Phone numbers help tracking people. Adtech makes more money the better it can target its ads. Most consumer tech nowadays is intertwined with adtech. Said consumer tech thus optimizes for higher profit by collecting more data to help adtech.
2 examples are not having an amazon prime account and running my own mail server.
Apple looked at the pen register cases and realized the best position to be in as a third party is to not possess usable data.
The US case from my point of view is trying to fore Apple to share user data with third parties.
The police will still get the exact same raw data of that one target user. The change just means that they won't get any data on other users.
I'm usually not super into video content, so even if I'm "younger" i never got into it but imo it's better than say, Facebook for this type of stuff. Even with the algorithm you still get exposed to people you don't follow, by design, which makes it harder to spread fake news in an echo chamber. so I'm not too concerned about the narrative control aspect.
As I said, most of the Palestine related stuff (that I started looking into afterwards) wasn't some pundits or grifters trying to get people outraged about a fictional "other side", it was mostly raw footage of what was happening in Gaza.
You don't have a liberty from being investigated if they have evidence. They're not snooping around in your home without cause. The swatter was watching the live stream, and the timestamped IP logs can corroborate.
Just because it was an IP address and not a face or license plate on camera doesn't make it any different. You can't hide behind a chosen technology stack as a shield when the fundamentals of the case are the same.
[1] https://en.m.wikipedia.org/wiki/Firesheep [2] https://www.imperialviolet.org/2010/06/25/overclocking-ssl.h...
An IP address is no different from a license plate on camera. It's a lead and the evidence was gathered at a crime scene. Nobody's home is being entered into. Nobody's iCloud account is being unlocked and ransacked. Gathering these logs alone won't lead to those things happening either.
I'm all for limits on power, but this seems to be entirely reasonable. This isn't a fishing expedition. IANAL, but I don't see how the 4th would be violated with either a court order or willing third party handing over the logs.
If the investigators get the IP logs, they shouldn't then be able to take those logs and ask the ISP for everything that those people were doing. The burden will be on the investigators to find more evidence linking one of those IPs to the call.
More crime will happen digitally year by year. Swatting has already entered the public consciousness. Just wait until people start strapping bombs to FPV drones or calling grandma with your voice.
We shouldn't stop at the software stack as some kind of impenetrable legal barrier that shrouds investigation. We should respect and enhance limits on power, but we also need to modernize the judicial tools to tackle the new reality.
The framers couldn't have imagined "swatting". The law needs to understand this. It should provide scoped-down investigatory tools that simultaneously guard and respect our constitutional rights and privacy. Access to anything beyond the scope of an actual crime that took place should be restricted.
Google and meta (et al) receive money in exchange for the info of their user base. That they're playing 3 card monte (shell game?) with the data to "hide PII" - which has been mathematically proven to be impossible (currently, perhaps forever) seems a hair not worth splitting, considering their market caps.
Put simply, if there wasn't a financial reason to do the data collection google would simply not do it. You don't get rich shareholders by writing a lot of checks to seagate.
Most people are helpless to make change. Greater than one million adults serve in uniform services of some kind where they literally must comply. The ad budgets and massive, overflowing volumes of money generated by "surveillance capitalism" buy the consent of the mercenary finance occupations. None of this means "nobody cares"
People even got internal schwag shirts made of the iconic "SSL added and removed here" note [1]. It became part of the culture.
Over a decade later I still see most environments incur a lot of dev & ops overhead to get anywhere close to what Google got working completely transparently. The leak might have motivated the work, but the insight that it had to be automatic, foolproof, and universal is what made it so effective.
[1] https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-her...
You're right that I might be mis-remembering the ordering of things, but I'm pretty sure by the time Snowden came around the vast majority of traffic was still unencrypted. Bearing in mind that lot of Google's traffic was stuff you wouldn't necessarily think of, like YouTube Thumbnails, map tiles and Omaha pings (for software update). Web search and Gmail by that point made up a relatively small amount of it, albeit valuable. Look at how the Chrome updater does update checks and you'll discover it uses some weird custom protocol which exists purely because at the time it was designed Google was in a massive LB CPU capacity crunch caused by turning on SSL for as many services as possible. Omaha controlled the client so had the flexibility to do cryptographic offload and was pushed to do so, to free up capacity for other services.
> What changed after Snowden was how Google encrypts traffic on its network, according to an article quoting you at the time.[5]
That also changed and did so at enormous speed, but I'm pretty sure by June 2013 most external traffic still didn't have TLS applied. It looks like Facebook started going all-SSL just 8 months before Snowden.
But otherwise you're totally right. I suspect the NSA got a nasty shock when the internal RPCs started becoming encrypted nearly overnight, just weeks after the "added and removed here" presentation. The fact that Google could roll out a change of that magnitude and at that speed, across the entire organization, would have been quite astonishing to them. And to think... all that work reverse engineering the internal protocols, burned in a matter of weeks.
The evidence has to be specific to an individual. In these cases they're obviously not.
> The swatter was watching the live stream, and the timestamped IP logs can corroborate.
He wasn't the only one doing so.
> Just because it was an IP address and not a face or license plate on camera doesn't make it any different.
Yes it does. There are wildly different expectations of privacy between these two scenarios, this is immediately apparent, and easily demonstrable.
I feel like you're just trying to win an argument and not actually thinking this through. I'm not saying you're fundamentally wrong on facts it's just that to follow your conclusions blindly does in fact violate individual rights, and those rights are superior to the governments "right" to investigate crime.
> You can't hide behind a chosen technology stack as a shield when the fundamentals of the case are the same.
You can't hide behind weak evidence to violate the privacy of groups of individuals. The crime has already occurred. The damage is done. You can't solve that problem by causing _more_ damage.
Youtube only sees the Invidious instance, not the end-user clients. That's probably as good as it gets.
It depends of the local cost of labor, also the technology is easier to scale, imagine New York City having employees at the bridges writing all the entering license plates! And searching through those records how many times a certain plate entered the city on a given time frame. To me the problem with technology is that they’re used for lazy policing to just inflate the numbers of solved cases. There were cases of cops feeding hand-drawn suspects to face recognition software. Every case becomes a “throw something to the wall and see what sticks”.
That's the conspiracy. They don't need phone numbers for that.
It's mainly security with a sprinkling of spam/bot reduction.
Do you really think NPM and PyPI are doing it to improve their targeted advertising?
Just keep in mind that if you write comments, and you also write under your real name, it's relatively easy to identify you by the writing style.
And how do we classify special government and law enforcement access projects, grants, and the like?
I won't say it is selling, but it is for economic gains.
And when they "anonymize" data, basically selling derivative data products of various kinds, what do we call it when that is enough for another entity to identify many, despite the stated intent being otherwise?
I did not intend to talk anyone down.
I did intend to just state the truth because sometimes we need someone to do that.
If said truths feel/smell/appear somehow bad, I am not sure what to say. Bet lots of us have that problem.
Got any tips?
Edit: Here it is. Only 25% of YouTube's traffic was encrypted at the start of 2014. https://web.archive.org/web/20160802000052/https://youtube-e...
And then promptly moved most things behind cloudflare, which is MITMing everything, undoing the benefit of HTTPS.
Remember "SSL added and removed here!"? Now it happens at cloudflare.
The victims go to the police and tell them that John Smith stole from them, so the police go and seize his files to confirm that the victims are telling the truth.
> But should the police not look at the sign-in sheet at the building because that will infringe the privacy of ten innocent people?
Asking for the sign-in sheet and seizing the sign-in sheet by force against the wishes of its owner are two different things.
No, that doesn’t seem very familiar.
Legitimately if an investigator put a hard drawn sketch through facial recognition and that was even remotely allowed into evidence by the court then the suspect evidence wasn't the issue
For the German context, and for the kind of CCTV I'm talking about, it makes no sense thou.
Tailnet lock helps mitigate this by requiring that node public keys are signed by a trusted signing node, but it isn't bulletproof.
It’s an attempt to unmask someone the police are investigating for completely unrelated criminal activity (money laundering with cryptocurrencies). The video was apparently something completely innocuous about drone surveying.
I have accounts with both of these orgs, not equipped with 2FA and none of what you describe has ever occurred.
> Supposing every person watched that video 10 times AND supposing the target was one of the viewers (it really isn't clear that this is true), that's 2999 people who have had their rights violated to search for one. I believe Blackstone has something to say about this[0]. Literally 30x Blackstone's ratio
"3000 innocent people for every one possibly guilty" isn't 30x Blackstone's ratio, it's 300,000x and worse, because the ratio is "100 actually guilty people for every one innocent". Of course, this actually helps your argument -- violating the rights of thousands of innocent people is unjustifiable -- but once you've given everyone cause to pause and work out what's wrong, they're going to reply with whatever they can find.
It's worth pointing out, but not worth derailing an entire conversation. It generates noise that prevents us from actually discussing the issues at hand. We're people, not computers. We can handle mistakes (and look how much work we put into computers to make them do this). And this thread blew up, you aren't the first to point it out. So forgive me if I'm a bit exhausted.[0]
I've made several mistakes (including the first blackstone link not pasting and pasting the whole comment instead of the specific part I was responding to (thanks firefox)), and so have you, and others. But let's not make the conversation about that. We'll never get shit done. We can take an aside to resolve any confusion, but it is an aside. Clearly by your explanation here you understood the point. And clearly we know that the number itself is arbitrary. Are we gonna shit talk everything Franklin said because he used 100 instead of Blackstone's original 10? No, because the number isn't what's consequential.
[0] We do meet each other here a lot and I have respect for you. It's why I'll take the time to respond to you. But I also know you to be better than this. I think you can also understand why it can be exhausting to be overloaded with responses and with a large number of people trying to tear down my argument by things that are not actually important to the argument. Specifically when the complaints make it clear that the correct interpretation was actually found. I'm happy to correct and appreciate mistakes being pointed out, but too many internet conversations just get derailed this way. The distinction of correcting vs derailing is critical, and the subsequent emotional response is clearly different in the two cases.
I'm happy to continue the conversation w.r.t the actual topic (even where we disagree), but it seems like wasted time to argue over a gaff that we both know was made and we understand what was said despite this.
The difference is how information was gathered.
People volunteering information to an authority? Perfectly fine (especially in cases when information was not requested).
People being compelled to provide information? Needs friction (checks and balances).
People being compelled to provide information about others who then unknowningly being investigated? Needs even more friction.
It's also important to note that in the hypothetical that random passerbyers are not being investigated either. A specific type of behavior is being sought. Either the explicit act of the crime being committed or a STRONG correlation with another piece of evidence (such as already knowing what the criminal looks like and trying to find a better view). Random people are not considered suspect.
In the article's case all viewers were considered suspect.
We're following the ideas of Blackstone and subsequently those that founded the country in question. The US was founded under the idea that natural (or negative) rights were exceptionally important[0] AND that the government should be treated as an adversary (since this is the main body that could impinge upon natural rights). The idea isn't that natural rights can't be violated for any reason, but rather that there needs be friction at every step, including the smallest amount. The reasoning being that they were intimately familiar with power creep.
So yeah, semantics, but literally the semantics that we the topic of overthrowing an entire government for. ¯\_(ツ)_/¯
[0] So much so that they appear in the second paragraph of the Declaration of Independence[1] (which goes on essentially ranting about this topic)
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
[1] https://www.archives.gov/founding-docs/declaration-transcrip...
https://github.com/iamcryptoki/snowden-archive/blob/master/d...
It's heavily redacted but the parts that are visible show they were targeting BigTable replication traffic (BTI_TabletServer RPCs) for "kansas-gaia" (Gaia is their account system), specifically the gaia_permission_whitelist table which was one of the tables used for the login risk analysis. You can see the string "last_logins" in the dump.
Note that the NSA didn't fully understand what they were looking at. They thought it was some sort of authentication or authorization RPC, but it wasn't.
In order to detect suspicious logins, e.g. from a new country or from an IP that's unlikely to be logging in to accounts, the datacenters processing logins needed to have a history of recent logins for every account. Before around 2011 they didn't have this - such data existed but only in logs processing clusters. To do real time analytics required the data to be replicated with low latency between clusters. The NSA were delighted by this because real-time IP address info tied to account names is exactly what they wanted. They didn't have it previously because a login was processed within a cluster, and user-to-cluster traffic was protected by SSL. After the authentication was done inter-cluster traffic related to a user was done using opaque IDs and tokens. I know all about this because I initiated and ran the anti-hijacking project there in about 2010.
The pie chart on slide 6 shows how valuable this traffic was to them. "Google Authorization, Security Question" and "gaia // permission_whitelist" (which are references to the same system) are their top target by far, followed by "no content" (presumably that means failed captures or something). The rest is some junk like indexing traffic that wouldn't have been useful to them.
Fortunately the BT replication traffic was easy to encrypt, as all the infrastructure was there already. It just needed a massive devops and capacity planning effort to get it turned on for everything.
Getting rid of First Past The Post voting in favor of something like Ranked Choice voting would allow people to vote 3rd party with no chance of a spoiler effect. This would introduce competition into the electoral process, improving the quality of candidates available to choose from. Even from within the current two mainstream political parties.
Like what? I'm saying both sides of the connection would be given the wrong public keys by the coordination server. The private keys of which would be held by a MITM.
That's what influences the people who sign our paychecks.
I don't agree. NSA can hack/pressure smaller companies much easier than a giant like Apple.
That we are nothing in the ocean of people who don't care. Someone upended their entire life to whistleblow on the government doing it as hard proof and no one cares (from a statistical POV, not a "literally 100% of the population" way).
They cared more about the boston bombing the month prior, which while tragic is a statistical molecule compared to the impact of what Snowden revealed.
>There are plenty of people fighting back.
This can be a game of numbers, but it isn't. This can be a game of power, but it isn't. Not enough people are fighting back and not enough powerful people are fighting back.
>People care. People are tired. People feel defeated. These are different things
well it sounds like they gave up. Different words, samae results
Mail servers, sure. The big issue there is another annoying pseudo-monopoly issue where so many major email servers assume anything not from [major email server] is spam, so you may not even get to communicate properly. More sticks for the fire.
Scale. This isn't "supbpeona to get all of Bob's info", it's "subpeona to get information on all of the people's info tangentially related to bob". Imagine if this was as tangential as "who watched this video with 10m views"? is the YT history of 10m people worth it? Is it even useful?
The issue comes down to whether or not "Youtube" is a public place. All logistical terms point to "no", hence this story.
>your "privacy" was "violated" for sure but it was violated in a way that was legally allowed and by law enforcement at that.
That isn't how court orders work. They cannot make a single order to search an entire neighborhood's worth of houses because of drugs or whatever. That'd be N orders which may or may not go through based on the arguments made.
Society, please stop making it true.
>Most people are helpless to make change.
you get even 10,000 people to petition something to the government and you can get something rolling. This relatively moderate post probably had 10,000 views. You don't need to do much but you just got to get enough people to care enough to spend 10 minutes making a request. If they can't even do that much... well, they don't care.
This is the issue with an individualistic mindset, you hyperfocus on what immediately benefits you. Not the wider community around you which is needed for such petitioning.
well if we're resorting to hyperbole comparing a murder to "watching a youtube video": say you knew and had multiple whistleblowers pass by in your footage, and they are all wanted by the government. You turning over the footage puts those whistleblowers in danger, who's only "crime" is revealing government corruption. Is catching one crook worth endangering multiple good people?
That's the issue, court orders aren't free to make and factors like "it is filming a public street" are taken into account. There isn't anything "public" about "viewing a video stored on a server of a large private website". And there enlies the rub.
Also, the story here isn't just "get me a list of 30k people who watched a video", which may be reasonable:
>The court orders show the government telling Google to provide the names, addresses, telephone numbers and user activity for all Google account users who accessed the YouTube videos between January 1 and January 8, 2023. The government also wanted the IP addresses of non-Google account owners who viewed the videos.
They want ALL your Google activity for a week, because you watched a video that may or may not have been recommended to you by Google itself. that can include schedules, emails, financial transactions, Maps inquiries, chat records, etc. Depends on how much you use google, but Google can power a lot of aspects of life these days.
Even if you aren't on Google you have your IP revealed for simply viewing a video. That feels like an overreach.
------
The second factor is that they barely have a specific suspect. That just think "they saw this video -> they may be money laundering":
> Google to hand over the information as part of an investigation into someone who uses the name "elonmuskwhm" online.
I can't believe that passed a court order. some random handle is selling bitcoin and may have watched this video, so lets get all the data of everyone who watched this tutorial at this time.
>How are the police to do that if they can’t ask anyone for information that might bring innocent people’s names to their attention?
by narrowing it down to more than 30k people. That can be an entire town for some smaller areas
>but it feels to me that we need rules that ensure ‘coming to the attention of the police in the course of an investigation’ is genuinely harmless; not rules that assume it automatically exposes you to harm.
in my mind this is the more idealistic scenario. They've had decades to espouse this sentiment and they aren't even close to doing so.
Also, the issue is that it's not like the government deletes this data after they are done. Quite the contrary. Maybe the US government needs its own GDPR protocol so this won't be pulled up on record down the line.
if your entire family is "interrogated" over some crime you did not do, is that "punishment"? Maybe not legally, but it's a stressful time that may or may not cause strains on your relationship between your spouse and kids. And it's not like this is an investigator coming in for tea and asking a few questions, either.
morally, it would indeed be a punishment. There is now a bunch of nervous sentiment among your family for no reason, all because you were at the wrong place at the wrong time. Or if we want to be frank, you looked the wrong race at the wrong place at the wrong time.
Apparently:
>The court orders show the government telling Google to provide the names, addresses, telephone numbers and user activity for all Google account users who accessed the YouTube videos between January 1 and January 8, 2023. The government also wanted the IP addresses of non-Google account owners who viewed the videos.
That definitely seems like an overreach.
No one is in danger, this is an absurd request for an absurd result of... catching a dude using cryptocurrency the way the government doesn't like. Screw the government.
You MAY have had a point somewhere in those ramblings, but this right here just kind of undoes any credibility.
Occasionally people have a vanity domain email that bounces back to me. I have to search the headers for the actual email address and re-send.
[0] Because, among other things, the whole "Surprise and Delight" doctrine demands internal controls and secret-keeping discipline not that far off from an actual intelligence agency
I think it's fun to imagine that pandemics are some sort of supernatural punishment for human hubris in Western nations.