
By the numbers: The NSA's super-secret spy program, PRISM - Lightning
http://blog.foreignpolicy.com/posts/2013/06/06/by_the_numbers_the_nsas_super_secret_spy_program_prism
======
downandout
How did an article behind a very invasive, multi-step registration wall (which
is just a copy of a time magazine article) wind up on the front page? Seems
like a lot of friction for something to legitimately land all of these
upvotes. I've been seeing alot of suspect articles on the front page recently.

~~~
robin_reala
It’s annoying, but at least there’s a one step bypass from the console:
$('#TB_overlay,#TB_window').remove()

------
uvdiv
_248 percent: The increase in 2012 in the number of Skype communications
intercepted via PRISM_

Is Skype no longer end-to-end encrypted? I'm surprised to see it confirmed (?)
that NSA is siphoning up Skype video. How does this MITM work technically?

~~~
nallerooth
You might be interested in this article.
[http://www.h-online.com/security/news/item/Skype-with-
care-M...](http://www.h-online.com/security/news/item/Skype-with-care-
Microsoft-is-reading-everything-you-write-1862870.html) (Microsoft visiting
all HTTPS-links sent over skype). They do, however, still tell you that the
connection is end-to-end encrypted
[http://download.skype.com/share/security/2005-031%20security...](http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf)
(See section 1.2, Security Policy). Now, if they can read all your links using
https, they can read anything else too.

Edited: Spelling

~~~
tetha
Just pondering wordplays: Assume I implement a messenger, and I want to obtain
full access to messages, but I also want to be able to put "end-to-end
encrypted" on my product.

Couldn't I go ahead and encrypt everything with an encryption system where I
know all the keys? It end-to-end encrypted, since your client encrypts and my
client decryptys and hey, it might even be some good asymmetric encryption,
but nothing matters as long as I don't disclose my key management or, even
better, put all key management into your hands.

And even worse, if I don't give my transmission servers access to these keys,
"no intermediate node" has access to this information, because only secondary
nodes have access to the information.

It's a scary twist of words, but I dunno... I could probably convince a lot of
standard users with such smoke and mirrors.

~~~
nallerooth
I completely agree. For a couple of years, I've been living by the rule "If
it's supposed to be secret, don't put it anywhere near the Internet". The
problem is that a lot of people trust statements like "unbreakable encryption"
and "your password cannot be recovered, by any means".

My biggest issue, in a way, is the stupidity of claiming to have end-to-end
encryption and then visit https-URIs sent via Skype.

------
ratsbane
$20 million to run the whole program? That doesn't make sense. That amount
wouldn't buy the hard drives to hold a firehose feed from any one of those
companies.

