If companies would respect the spirit behind GDPR and not store data that is not needed to fulfill a user's requests and protect the data that they must have in a way that makes dragnet searches impossible, this would not be a problem.
Instead, we have sites not being ashamed in informing you about literally thousands of external ad broker, tracking, notifications and whatnotelse integrations.
To u/decremental: you seem to be shadowbanned, here's an Archive link: https://archive.ph/kAXQ1
A list of public instances (which you probably want to use if you're concerned about being identified) here: https://docs.invidious.io/instances/
Interesting aside: Viacom used a similar broad request back in 2008 [1] in its lawsuit that nearly put YouTube out of business in its infancy. This time, it's the government making the request, and Google has way more data to potentially provide.
[1]: https://web.archive.org/web/20100702111029/http://afp.google...
That said, credit where it's due: https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
They asked for information about a video watched 30k times. Supposing every person watched that video 10 times AND supposing the target was one of the viewers (it really isn't clear that this is true), that's 2999 people who have had their rights violated to search for one. I believe Blackstone has something to say about this[0]. Literally 30x Blackstone's ratio, who heavily influenced the founding fathers.
I don't think any of this appears legitimate.
Edit: Ops [0] https://en.wikipedia.org/wiki/Blackstone%27s_ratio
https://securitycurrent.com/privacy-is-dead-long-live-privac...
The only way to solve the problem would be to elect politicians who would either dismantle most of the surveillance system or address crime and terrorism so decisively that there was no longer any plausible threat to justify continuing to maintain a mass surveillance apparatus in which case it would (hopefully) eventually wither away as part of budget cuts once politicians forget why it was even "necessary" in the first place. There is no solution to political problems without obtaining and using political power to solve them.
The strategy of eliminating the system's justification isn't foolproof though because the bureaucracy that runs the military draft (Selective Service) somehow still exists even though the draft was ended around half a century ago and is almost certainly never coming back. Politicians only noticed it existed a few years ago long enough to debate whether to extend the wrong of registration for it to include women in addition to men. The eventual decision was to leave the status quo intact[3]. The sensible option of abolishing that relic of a past rights violation rather than continuing to waste money on maintaining the bureaucracy was not seriously considered. That means the direct route is almost certainly the better approach.
[0]: https://www.theregister.com/2022/08/10/github_tornado_cookie...
[1]: https://en.wikipedia.org/wiki/Silk_Road_(marketplace)
[2]: https://www.reddit.com/r/TOR/comments/rjgq8s/ok_so_what_has_...
[3]: https://www.politico.com/news/2021/12/06/ndaa-women-draft-dr...
Justice Department withdraws FBI subpoena for USA Today records ID'ing readers - >>27408647 - Jun 2021 (174 comments)
Other commentators have echoed the principle. Benjamin Franklin stated it as: "it is better 100 guilty Persons should escape than that one innocent Person should suffer"
If you add a redirector plugin for your browser, you can add a capture for something like this:
https?://(.*?\.)?youtube.com/(.*)
https://farside.link/invidious/$2
[0] https://github.com/iv-org/invidious
Can't make perfect the enemy of the good.
https://docs.invidious.io/faq/#q-what-data-is-shared-with-yo...
Plus of course
https://docs.invidious.io/faq/#q-what-data-is-collected-by-i...
These are innocent bystanders. There is nothing suspicious about their activities other than they did something that a suspected criminal did. A perfectly legal activity? To take this to the ridiculous side, are we going to investigate everyone who took a poop at a specific time because a criminal did?
In Berlin there used to be a notification system if you were subjected to cell surveillance in Berlin. It was recently stopped [0]. IMHO we need the same for all IP assignment or account lookups. The problem IMHO is that we, individualy, and particularly vulnerable groups like journalists and activists, might be subject to far more of such activities than we know.
[0] https://netzpolitik.org/2024/rolle-rueckwaerts-berlin-beende...
Some hyperbole in your telling of the story and failure to mention that he was awarded restitution. According to Wikipedia:
Brandon Mayfield (born July 15, 1966) is a Muslim-American convert in Washington County, Oregon, who was wrongfully detained in connection with the 2004 Madrid train bombings on the basis of a faulty fingerprint match. On May 6, 2004, the FBI arrested Mayfield as a material witness in connection with the Madrid attacks, and held him for two weeks, before releasing him with a public apology following Spanish authorities identifying another suspect.[1] A United States DOJ internal review later acknowledged serious errors in the FBI investigation. Ensuing lawsuits resulted in a $2 million settlement.
https://en.wikipedia.org/wiki/Brandon_Mayfield
What point are you trying to make with this example?
And a dictator is just another set of cells and organic compounds? You can't break things down into this because then literally everything is the same. Literally everything you see is just a different set of photons and electrons. But those things have real effects. They aren't fungible. I don't care that my partner sees pictures of me naked, but I sure do care if cops or "the government" is, despite it being "just a different set of photons and electrons."
> The burden of proof will still be on the investigators and prosecution to find out and show beyond a shadow of a doubt who performed the swatting.
The burden of proof is step by step. I don't think I should have to cite the 4th Amendment but
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and ***no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.***
[0] https://en.wikipedia.org/wiki/Negative_and_positive_rights
[1] https://encyclopedia.ushmm.org/content/en/article/martin-nie...
Correct me if I'm wrong, but I'm pretty sure Blackstone wrote about negative or natural rights.
In fact, let me pull out more context around the exact quote. He specifically addresses direct punishment but immediately after is the nature of having the duty to defend one's innocence. Which is exactly the case here.
Fourthly, all presumptive evidence of felony should be admitted cautiously, for the law holds that ***it is better that ten guilty persons escape than that one innocent suffer.*** And Sir Matthew Hale in particular lays down two rules most prudent and necessary to be observed: 1. Never to convict a man for stealing the goods of a person unknown, merely because he will give no account how he came by them, unless an actual felony be proved of such goods; and, 2. Never to convict any person of murder or manslaughter till at least the body be found dead; on account of two instances he mentions where persons were executed for the murder of others who were then alive but missing.
Lastly, it was an antient and commonly-received practice that as counsel was not allowed to any prisoner accused of a capital crime, so neither should he be suffered to exculpate himself by the testimony of any witnesses.
I know that this is a point of contention in this (these) discussions, but I stand by that a right is being violated and harm is being done by the simple act of investigation. Mass surveillance (which is mass investigation), is an infringement on our god given rights. The point is to have friction for the infringement of rights. All rights can be violated, but they must need sufficient reason. It does not matter if these rights seem inconsequential or not. Because at the end of the day, that is a matter of opinion and perspective. Blackstone was writing about authoritarian governments and the birth of America was similarly founded on the idea of treating government as an adversary. These were all part of the same conversation, and they were happening at the same time.
I do not think I am taking the historical quote out of context. I think it is more in context than most realize. But I'm neither a historian nor a lawyer, so maybe there is additional context I am missing. But as far as I can tell, this is all related and we should not be distinguishing investigation (or from the other side of the same coin, exculpation) from punishment as these are in the same concept of reducing one's rights. They are just a matter of degree.
https://oll.libertyfund.org/titles/sharswood-commentaries-on...
As far as I can tell, this is explicitly within the context of the quote.
That said, I do see your point and appreciate your feedback. Maybe this can be an opportunity to turn this into a lesson? It seems too cumbersome to bring up from the get-go and similarly backfire. But discussing in the abstract is a difficult task when it is neither a natural way of thinking nor is it a common way that is taught. But I still think it is an important tool and something that does distinguish humanity. I am open to suggestions (I think HN of all places is more likely to be successful when discussing things in the abstract, but it is still general public).
[0] >>39798280
Charitably speaking that is.
https://www.autoweek.com/news/a2055556/venom-law-police-put-...
Anytime you willing share data with a 3rd party the law assumes you aren't keeping it private.
https://en.wikipedia.org/wiki/Pen_register
If you want to keep something private don't share it outside of your house.
“Security
Tailscale and WireGuard offer identical point-to-point traffic encryption.
Using Tailscale introduces a dependency on Tailscale’s security. Using WireGuard directly does not. It is important to note that a device’s private key never leaves the device and thus Tailscale cannot decrypt network traffic. Our client code is open source, so you can confirm that yourself.”
It’s not an invasion of privacy. But it is a problem for other reasons
https://nobaproject.com/modules/eyewitness-testimony-and-mem....
(Never not seen an archive link of a paywalled article buried so carrying my part of that responsibility)
What changed after Snowden was how Google encrypts traffic on its network, according to an article quoting you at the time.[5]
[1]https://gmail.googleblog.com/2010/01/default-https-access-fo...
[2]https://googleblog.blogspot.com/2011/10/making-search-more-s...
[3]https://www.zdnet.com/article/yahoo-finally-enables-https-en...
[4]https://techcrunch.com/2012/11/18/facebook-https/
[5]https://arstechnica.com/information-technology/2013/11/googl...
2022-06-30 >>31938350
People even got internal schwag shirts made of the iconic "SSL added and removed here" note [1]. It became part of the culture.
Over a decade later I still see most environments incur a lot of dev & ops overhead to get anywhere close to what Google got working completely transparently. The leak might have motivated the work, but the insight that it had to be automatic, foolproof, and universal is what made it so effective.
[1] https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-her...
We're following the ideas of Blackstone and subsequently those that founded the country in question. The US was founded under the idea that natural (or negative) rights were exceptionally important[0] AND that the government should be treated as an adversary (since this is the main body that could impinge upon natural rights). The idea isn't that natural rights can't be violated for any reason, but rather that there needs be friction at every step, including the smallest amount. The reasoning being that they were intimately familiar with power creep.
So yeah, semantics, but literally the semantics that we the topic of overthrowing an entire government for. ¯\_(ツ)_/¯
[0] So much so that they appear in the second paragraph of the Declaration of Independence[1] (which goes on essentially ranting about this topic)
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
[1] https://www.archives.gov/founding-docs/declaration-transcrip...
https://github.com/iamcryptoki/snowden-archive/blob/master/d...
It's heavily redacted but the parts that are visible show they were targeting BigTable replication traffic (BTI_TabletServer RPCs) for "kansas-gaia" (Gaia is their account system), specifically the gaia_permission_whitelist table which was one of the tables used for the login risk analysis. You can see the string "last_logins" in the dump.
Note that the NSA didn't fully understand what they were looking at. They thought it was some sort of authentication or authorization RPC, but it wasn't.
In order to detect suspicious logins, e.g. from a new country or from an IP that's unlikely to be logging in to accounts, the datacenters processing logins needed to have a history of recent logins for every account. Before around 2011 they didn't have this - such data existed but only in logs processing clusters. To do real time analytics required the data to be replicated with low latency between clusters. The NSA were delighted by this because real-time IP address info tied to account names is exactly what they wanted. They didn't have it previously because a login was processed within a cluster, and user-to-cluster traffic was protected by SSL. After the authentication was done inter-cluster traffic related to a user was done using opaque IDs and tokens. I know all about this because I initiated and ran the anti-hijacking project there in about 2010.
The pie chart on slide 6 shows how valuable this traffic was to them. "Google Authorization, Security Question" and "gaia // permission_whitelist" (which are references to the same system) are their top target by far, followed by "no content" (presumably that means failed captures or something). The rest is some junk like indexing traffic that wouldn't have been useful to them.
Fortunately the BT replication traffic was easy to encrypt, as all the infrastructure was there already. It just needed a massive devops and capacity planning effort to get it turned on for everything.