
From Radio to Porn, British Spies Track Web Users’ Online Identities - jakobdabo
https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/
======
junto
Ladies and gentlemen. This is how you do blackmail, corporate espionage, and
sway politicians on a truly industrial scale.

Want to push a bill through the House of Commons to curb GCHQ's powers? Think
again Mr. Politician. Someone might just leak your sexual deviances to the
newspaper.

~~~
rm_-rf_slash
I think we're due for a second sexual revolution, one where we once and for
all settle our relationship between individual, society, and sex, where the
only reason you should be concerned with someone else's consensual behavior is
if:

1: You're banging them

2: You want to bang them

3: It's your kid and they're underage.

~~~
Asbostos
Isn't that just a statement of contemporary popular standards? They're not
rules set in stone. The definitions of "underage" and "consent" are not nearly
as clear cut as you might hope. Lots of people (in couples) have sex as a kind
of trade for something they want. Is that consensual? What if it's a trade for
something really really important to them? What if it's a trade to avoid being
verbally abused by your partner? What if it's for money you need to survive?

Regarding age of consent, what if a mature 15yr old seduces a naive and
vulnerable 21yr old and causes lasting emotional harm? How is that "none of my
business" but the reverse isn't?

What if a 16 year old from England travels to America and has sex with a 20
year old? Is that OK (UK law) or not (US law)?

What you call a revolution sounds more like the way it already is for many
people, and is full of arbitrary and changeable definitions that unfairly
discriminate against harmless activity while also allowing harmful activity.

~~~
gaius
This is one thing the EU has yet to work up the courage for, "harmonizing" the
age of consent, which varies from 13 to 16 in member countries.

~~~
kwhitefoot
Why should the EU harmonize such things? I'm not necessarily disagreeing but
it would be interesting to see the reasoning.

~~~
gaius
Because harmonizing things is what it does, it is bound to make the attempt at
some point. It will be very interesting see how member countries react...

------
logn
Selectors accept wildcards: [https://firstlook.org/wp-
uploads/sites/1/2015/09/mutant-brot...](https://firstlook.org/wp-
uploads/sites/1/2015/09/mutant-broth1.png)

I wonder what this query returns: _@_

or: _._._._

And the justification textbox has a default width that accommodates about 7
words.

At one point in the article it says the domain of a logged website is
considered metadata but the path (full URL) is considered content. However,
this screenshot shows a logged HTTP GET including its full path:
[https://firstlook.org/wp-
uploads/sites/1/2015/09/cryptome.pn...](https://firstlook.org/wp-
uploads/sites/1/2015/09/cryptome.png)

"When compared to surveillance rules in place in the U.S., GCHQ notes in one
document that the U.K. has 'a light oversight regime.'" ... and UK is one of
the US's Five Eyes partners, so the US has a light oversight regime, in
effect.

At least the GCHQ shows some honest self-awareness in naming their
surveillance apps. _Karma Police_. For a minute here, it seems like the
intelligence agencies have lost themselves. [http://genius.com/Radiohead-
karma-police-lyrics](http://genius.com/Radiohead-karma-police-lyrics) ... I
particularly like the last comment on the page analyzing the song, which
begins, "This song is about the projection of guilt onto the Other", and
concludes: "Prisoners, soldiers, soldiers' victims; these are all sacrifices,
onto which we project our guilt, so that we can be saved."

------
ionised
I've never been so ashamed to be British.

These last few years have really started to wear me down. The indiscriminate
mass-surveillance, the savaging of our public services by an obviously corrupt
government, the blatent hyprocrisy of our foreign policy, the repeated and
unfettered fraud of the City of London financial sector that has yet to see
anyone prosecuted or any institution meaningfully punished.

I really hate this place.

~~~
branchless
Just get out. However this ends it's not a happy ending.

The UK establishment are nuts.

~~~
voidz
Get out? To where?!

~~~
fencepost
Well, there's Canada..... Where the Harper government is in the process of
eliminating all historical archives and scientific libraries...

Australia? Hmm, wasn't there something about data retention? And maybe Western
Australia trying to change the laws so protestors would have to prove that
they _weren 't_ about to do something illegal when they were arrested?

New Zealand? Baaah.

~~~
ansible
Don't forget the moves towards Internet censorship in Australia too.

Aside from lots of sheep, what's wrong with New Zealand?

~~~
aidos
Here's the PM of NZ on the GCSB bill that allowed sweeping powers for the NZ
spy agency (under his control) [1].

"All they can do is protect you, so it's against malware or a virus. ... On
your computer at home you almost certainly have Norton Antivirus...that is
exactly what that is, at a much higher level."

And the good people of NZ decided they didn't mind. Because. I don't know. I
give up. It's like the world is determined to make a mess of itself.

[1] [http://www.3news.co.nz/tvshows/campbelllive/john-key-
defends...](http://www.3news.co.nz/tvshows/campbelllive/john-key-defends-the-
gcsb-bill-2013081419) (from 8:00 in the video)

------
cryoshon
Yep. Why do you think they're tracking porn habits, if not for blackmail
material?

There's no legitimate reason why a government needs to know anything about
citizens sexual preferences or habits, but such information is perfect for
shaming or threatening. I will note that the collection and analysis of this
sort of information far surpasses anything envisioned in dystopian fiction or
actually practiced by the likes of Stasi/KGB during the worst of times.

EDIT: there were actually a bunch of documents published with this article.
I'll check those out then re-comment.

~~~
rm_-rf_slash
It can be useful for blackmailing prominent figures of adversarial foreign
regimes, though to be fair Britain's spies will have to sift through their own
Parliament first.

------
branchless
I love the way this article cites loop-holes. These guys do whatever they
like. They have no mandate and they do it anyway with the blessing of
politicians who then pretend to be concerned.

For me as a Brit the UK establishment is the biggest threat to people in the
West. I really hope the UK has a big financial crash and the resulting chaos
leads to a full regime change.

The UK really scares me a lot more than Isis.

~~~
JupiterMoon
The trouble is that any regime change could be worse and the full tools of
oppression are already built...

~~~
noir_lord
Could be worse, could be a lot better.

We are in diminishing returns for how much _worse_ our government could be
without going outright "pick up that can" authoritarian.

The list of scandals, corruption, privacy invasions and out right shittiness
just goes on and on.

To echo the GP, I worry alot more about what the politicians are up to than I
do terrorists.

------
mavdi
With all honesty, if you're a programmer or a hacker working for GCHQ (I'm
certain there are some of you around here) you should really bury your head in
shame. No excuses, you are simply disgusting.

~~~
Afforess
I completely disagree. GCHQ, NSA, CIA, et al do serve a _legitimate_ purpose.
The world is not all roses and sunshine, there are rogue nation-states and
rogue actors, and they do want to harm the public. It is the duty of the
government to protect its citizens from attackers. These agencies exist to
protect the public by identifying threats, and preventing attacks.

I know you are upset about the spying on private citizens for deceptive
purposes, but lets not throw out the good with the bad. Yes, the agencies are
overzealous and have overstepped their mandate, but that does not mean every
single person working for them is an evil person out to get you. Real people
work there, and nearly all of them probably have nothing to do with this.
_Reform_ , not harassing innocent bystanders, should be the aim here.

~~~
baconner
The question is - is reform even possible in organizations like these that
have repeatedly broken the law with impunity? Is oversight possible at all
when those who are supposed to have the power of oversight are unable to do so
because these organizations are actively and intentionally hiding what they
are doing?

When what they've done, effectively, is surveil everyone including the very
people who are supposed to be able to exercise oversight and enact reforms how
can oversight succeed?

I for one think the corruption is simply too deep to root out while keeping
these orgs intact. They need to be torn down and rebuilt with clear missions
consistent with our constitution (in the us), strict boundaries, and
oversight. Reform is insurmountable when they still hold this wealth of
illegally gathered surveillance data and retain their existing command
structure.

The data must be destroyed. These orgs must be broken up and rebuilt so they
are fit for purpose. Criminal, not overzealous is the word for what they've
done. That in no way makes every person working there a criminal and I don't
think demonizing the rank and file is productive or appropriate but we cannot
keep watering down the severity of the problem for the sake of their feelings
either.

~~~
pjc50
_The data must be destroyed_

History shows that the only way this is likely to happen is when the
revolutionaries storm the building, such as the collapse of East Germany and
the Stasi, or the Libyan security files blowing around in the street after the
airstrikes.

~~~
baconner
You aren't wrong. Frankly I'm not sure anything I said is reasonably possible
or how to make it happen.

------
zenocon
It sucks that it has come to this. I am afraid to do certain types of
searches. The other day, I wanted to learn more about "Azan" \-- the Muslim
morning call to prayer that is often broadcast over loudspeakers from a
mosque. I find the topic interesting and started poking around, but it landed
me on several websites that made me start to feel uncomfortable that I was
going to incite some trigger. I'm betting most people in my neighborhood
aren't searching for this information, and I don't really want to be flagged.
Pre-Snowden, I wouldn't have given it a second thought and thought it
ridiculously paranoid. Now, I am very careful how I use the computer when it
is connected to the wider network...and I think this is really sad and
Orwellian.

------
rm_-rf_slash
I have two takeaways from this piece:

1: We should never assume any online activity isn't being tracked by someone.

2: The above doesn't give the government a pass on due process when citizens
choose to avoid tracking by encryption or otherwise.

~~~
LouisSayers
Except where they have a warrant and reach their dirty little fingers into
certificate authorities. Unless you're doing key exchange yourself I would
assume nothing is truly private.

~~~
M2Ys4U
They don't need warrants. They'll just hack in like they did with Belgacom.

And even if they don't, they won't get a warrant. They'll get a certificate
from the relevant _politician_ that'll authorise them to do it.

------
cynoclast
"HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the
website browsing habits of “every visible user on the Internet.”

Jesus fucking christ.

~~~
clort
Heh, not trying to be pendantic because I actually thought that first sentence
didn't make much sense.. there is a graphic T on the left, so it actually read
"There was a simple aim"

------
raspasov
Slightly off topic, but recently watched Citizenfour - great documentary about
Snowden and why he chose to reveal all of this information. It has real
footage of Snowden himself right before the leaks, communicating via PGP with
journalists, etc.

Even though I already knew most of the stuff, rehashing it all over again
makes it so much more impactful. Overall, highly recommended for anyone who
cares about our world now and in the future.

P.S. The government's idea that by somehow ingesting all of this data and
effectively spying on everyone collectively will somehow protect us the
helpless citizens sounds pretty bonkers (to use an UK phrase) to me. It's all
just wasteful money spending as usual.

Stop the scaremongering.

------
zby
This is just the beginning - the problem we are facing are the digital
personal assistants. They are like servants - but their loyalty is first to
the corporation that runs the server not to the user. This is where the really
rich data will come from. And the data will be useful in all kinds of criminal
investigations - there will be more and more legitimate cases and there will
be no will to limit it.

[https://medium.com/the-wtf-economy/we-ve-got-this-whole-
unic...](https://medium.com/the-wtf-economy/we-ve-got-this-whole-unicorn-
thing-all-wrong-3f3d108cc71d) \- see how useful the assistants can be - people
will use them

------
multinglets
The solution is for everyone to mess with their signal-to-noise ratio. Make
alts. Tell lies. Use VPNs. Encrypt trivial conversations. Use steganography
for real secrets. If they like the job security, give them their damn job
security by giving them nothing else.

~~~
Asparagirl
Alternately, you can take the attitude that you will practice radical
transparency in your online and offline preferences and habits, so there's
nothing to potentially blackmail you with because you live your life
unashamed.

I mean, personally my initial reaction when I first heard about the early
Snowden leaks two years ago was "welp, hope the NSA enjoyed reading all that
Tony Stark/Bruce Banner fanfic as much as I did."

~~~
JupiterMoon
If this the case for you then please walk down the street naked whilst
reciting your banking password... I doubt you want to do that. Everyone has
something to hide.

------
AdmiralAsshat
I wonder if Radiohead would be disgusted to find that their song title had
been appropriated for this kind of alarming surveillance.

~~~
madaxe_again
They approve...

------
misiti3780
"Black Hole contains data collected by GCHQ as part of bulk “unselected”
surveillance, meaning it is not focused on particular “selected” targets and
instead includes troves of data indiscriminately swept up about ordinary
people’s online activities. Between August 2007 and March 2009, GCHQ documents
say that Black Hole was used to store more than 1.1 trillion “events” — a term
the agency uses to refer to metadata records — with about 10 billion new
entries added every day. "

I wonder if this "black hole" is backed by a huge HDFS cluster? When I was
working in government consulting a few years back I used to alway see job
posting at Fort Meade for Hadoop experts, and I know the government is (or
was) a customer of Cloudera as of 2009. Incidentally, Amazon created a
separate cloud service like EC2 for government data a few years back also I
believe.

I assume the NSA must be utilizing Hadoop, HDFS, Impala and/or Facebook Presto
- or have a system they built internally but never released that can
processing and store data at the same order of magnitude.

If these documents are all true and we assume they are currently collecting
more, not less data, then they were in 2012, then they are probably storing
more data than Facebook/google on a daily basis

EDIT - i guess the might not be storing as much data as Facebook or google
because this sounds like mostly text, no images or video. It still must be a
shitload of data though! I also realize that GCHQ is not the same thing as the
NSA, but I assume they are doing similar things with similar size data sets

Thoughts?

~~~
nhf
This presentation (GCHQ) specifically notes use of HDFS and Hadoop to process
data: [https://theintercept.com/document/2015/09/25/gchq-
analytic-c...](https://theintercept.com/document/2015/09/25/gchq-analytic-
cloud-challenges/)

~~~
misiti3780
thank you!

------
qiqing
Can you imagine if the GCHQ had a breach and all the dirt on all everyone they
spied on suddenly became public?

~~~
facetube
You won't have to imagine – if NSA and GCHQ continue on their current course,
it'll eventually happen. It's only a matter of time.

------
venomsnake
But Snowden is the criminal.

So do the brits have all my porn records or only the porn I watched in the
last 60 days? The article didn't make it clear.

------
acd
This is also how you decloak users from VPN, first you profile their online
behaviour without vpn, track cookies and graph site visits. Then when people
use vpn you still see and track their identity.

------
te_chris
Worst part of all this? It's not a feature on any of the major british news
outlets. Go look for yourself.

~~~
igravious
Let's make a list of the UK[0] press and see who reports. Correct as of 6pm
GMT Sept. 26th. The story is just breaking but only the Daily Mail and Daily
Mirror have reported it so far. I'll probably be on a nice list now having
made all those searches : ) Advice on how to search The Sun's website welcome.

    
    
      - The Sun[1], can't find a search box
      - Daily Mail[2], yes!
      - Daily Mirror[3], yes!
      - Evening Standard[4], no
      - Daily Telegraph[5], no
      - Daily Express[6], no
      - Daily Star[7], no
      - The Times[8], no
      - i / The Independent[9], no
      - Financial Times[10], no
      - Daily Record[11], no
      - The Guardian[12], no
    

[0]
[https://en.wikipedia.org/wiki/List_of_newspapers_in_the_Unit...](https://en.wikipedia.org/wiki/List_of_newspapers_in_the_United_Kingdom_by_circulation)

[1] uh [2]
[http://www.dailymail.co.uk/home/search.html?sel=site&searchP...](http://www.dailymail.co.uk/home/search.html?sel=site&searchPhrase=gchq)
[3]
[http://www.mirror.co.uk/search/simple.do?destinationSectionI...](http://www.mirror.co.uk/search/simple.do?destinationSectionId=219&publicationName=mirror&sortString=publishdate&sortOrder=desc&sectionId=69&articleTypes=+news+opinion+advice&pageNumber=1&pageLength=5&searchString=gchq)
[4]
[http://www.standard.co.uk/search/site/gchq](http://www.standard.co.uk/search/site/gchq)
[5]
[http://www.telegraph.co.uk/search/?queryText=gchq&sort=recen...](http://www.telegraph.co.uk/search/?queryText=gchq&sort=recent)
[6]
[http://www.express.co.uk/search/gchq](http://www.express.co.uk/search/gchq)
[7]
[http://www.dailystar.co.uk/search/gchq](http://www.dailystar.co.uk/search/gchq)
[8]
[http://www.thetimes.co.uk/tto/public/sitesearch.do?querystri...](http://www.thetimes.co.uk/tto/public/sitesearch.do?querystring=gchq&p=tto&pf=all&bl=on)
[9]
[http://www.independent.co.uk/search/site/gchq](http://www.independent.co.uk/search/site/gchq)
[10]
[http://search.ft.com/search?queryText=gchq](http://search.ft.com/search?queryText=gchq)
[11]
[http://www.dailyrecord.co.uk/search/simple.do?destinationSec...](http://www.dailyrecord.co.uk/search/simple.do?destinationSectionId=3156&publicationName=dailyrecord&sortString=publishdate&sortOrder=desc&sectionId=3151&articleTypes=+news+opinion+advice&pageNumber=1&pageLength=5&searchString=gchq)
[12] [http://www.theguardian.com/uk/gchq](http://www.theguardian.com/uk/gchq)

------
nly
Well sites like YouPorn, RedTube and PornTube etc, despite being ridiculously
popular, haven't deployed any kind of TLS. They don't care about your privacy.
It's low hanging fruit... far too tempting for the likes of GCHQ, with their
capabilities, to just ignore.

If you don't want people spying on your porn habits then boycott sites like
this. And if you're running a porn site, consider going HTTPS only, turning
off access_logs (or purging them regularly), and providing a Tor hidden
service.

------
rl3
> _Separate programs were built to keep tabs on “suspicious” Google searches
> and usage of Google Maps._

I always figured virtual geo-fencing of online maps usage was probably a
thing.

------
caf
It would be nice if web browsers had an option to "only send cookies on
HTTPS".

Also: "MEMORY HOLE"? Someone seriously approved that as a code name?

~~~
adeelx
Already available, secure cookies:
[https://www.owasp.org/index.php/SecureFlag](https://www.owasp.org/index.php/SecureFlag)

~~~
caf
I am aware of that, and it's not what I'm talking about. That has to be set by
the site to be effective.

I'm suggesting a global setting in the browser that means it won't send any
cookies to any plain HTTP site, regardless of what the site says.

If enough people enabled an option like this, sites would have to move to
HTTPS if they wanted to reliably use cookies, which doesn't seem problematic.

------
dotBen
Does the fact that GCHQ have been able to scrape cookies from Hotmail,
YouTube, Facebook, Reddit, WordPress, Amazon, CNN, BBC, Channel 4 indicate
that https encryption has been broken?

In many cases of the above sites, authenticated requests _(ie those with
cookies)_ are made via https and so they would not have otherwise had access
to the plaintext version to extract the identifying usernames/etc.

~~~
stordoff
Do all of those sites only send cookies over HTTPS (or did they at the time
the GCHQ document was written)? I know, for example, that the Amazon homepage
is sent in the clear - is that sufficient to ID the user?

My gut reaction is that HTTPS isn't generally broken (though is probably
susceptible to implementation flaws and targeted attacks to e.g. steal a priv.
key) or we'd have seen more direct evidence in the leaked documents. That
said, given the volume of documents that remain unpublished (or even
unleaked), and the time that has passed since they were written, it's
difficult to say for sure.

~~~
JupiterMoon
The trouble with https is that if you control the certificate authorities you
can easily beat https. I don't see how the NSA doesn't control at least some
certificate authorities and they work closely with GCHQ (even paying the UK
money to fund some of these programs).

------
cm2187
The comparison with the Stasi is usually perceived as a Godwin point, but I
think it is now a very reasonable comparison. I am amazed and honestly
surprised how easily the secret services turned against their own population
in the world's oldest democracy. It happens slowly and like the boiling frog
we won't realise we are in a totalitarian regime until we're there.

~~~
rakoo
> The comparison with the Stasi is usually perceived as a Godwin point

I don't see how, the Stasi was Communist, not Nazi. Perhaps you're thinking
about the Gestapo.

------
heurist
There's a huge economic incentive in having this data available - predict
markets, sell or provide predictions to businesses, understand what your
citizens are thinking at any point in time... Facebook, twitter, et. al. are
all sitting on gold mines as well. Ignoring the privacy concerns (which are
substantial) this would be an amazing set of data to work with. I'm not
surprised there are people willing to do this.

An interesting article [1] was published in Nature a few days ago. I haven't
read the entire paper yet but the abstract claims, "group-level ability to
produce complex innovations is maximized when social information is easy to
acquire and when individuals are organized into large and partially connected
populations." Imagine the innovations and industries that would be created if
all the information governments and corporations are sitting on were freely
available.

I hope there will eventually be a broad 'free data' movement. If Google and
Facebook are secretly pushing propoganda that privacy is dead (as stated in
some conspiracy theory I recently saw on HN), and if these campaigns work,
then the public will eventually not mind having their data open and available.
But they should mind that it's all locked behind closed doors. Data is power!
Do we want these massive corporations or governments to have so much power
over the economy? Should they hinder social and technological progress by
keeping their data unavailable? I have no answers but I think these problems
will grow in time.

[1]
[http://www.nature.com/articles/ncomms9398.epdf?shared_access...](http://www.nature.com/articles/ncomms9398.epdf?shared_access_token=yJOtLFlNNS_IfWp7euQPrtRgN0jAjWel9jnR3ZoTv0MvQ0FUG1dCDOKxBE_POWNPMiP1CverdZ95VFKJiIndDRw-u8n5b_kk6j_4inTe_-
aBd9RAU_6AQawhdEGUPM_Bn7ASXW-q-aqfnS1lzFjnm57djcNDok8Peien0Gt4NZ0%3D)

~~~
legel
You bring up two very interesting and powerful phenomena: "siren servers" and
"social physics".

The first term is used by Jaron Lanier to describe computer systems that, like
"sirens" of the sea, lure everyone into their beautiful environs, collect all
of the data on them, and statistically model all of this data in ways that
effectively master the nature of this individual - her beliefs, her abilities,
her emotions - until ultimately that individual is made both completely
vulnerable and completely powerless. Lanier's book is intentionally
provocative and controversial, while rather intelligent and compassionate in
its spirit, and I recommend checking it out: [http://www.amazon.com/Who-Owns-
Future-Jaron-Lanier/dp/145165...](http://www.amazon.com/Who-Owns-Future-Jaron-
Lanier/dp/1451654979).

The second term comes from a talk at Google in 2014 called "Social Physics:
How Good Ideas Spread" ([https://www.youtube.com/watch?v=HMBl0ttu-
Ow](https://www.youtube.com/watch?v=HMBl0ttu-Ow)) by MIT Professor Sandy
Pentland. He describes research supporting the recent Nature publication you
link to on social and cultural progress, which concludes that our connectivity
- free and fast flow of data on networks, people on roads, goods and services
across nations, etc. - is our greatest economic and social virtue. His
statistical modeling results really strongly show - "like a law" \- that the
more connected we are, the wealthier we are as a society.

It's really interesting to consider how we could concentrate on using all of
the data and models to make deep positive impacts on our society, while
respecting our human dignity. To quote Pope Francis's address to the U.N.
today: "Integral human development and the full exercise of human dignity
cannot be imposed. They must be built up and allowed to unfold for each
individual, for every family, in communion with others, and in a right
relationship with all those areas in which human social life develops –
friends, communities, towns and cities, schools, businesses and unions,
provinces, nations, etc."

------
akshatpradhan
This has to be the nail on the coffin. They're spying on our porn. Those are
personal details about myself I would never share with anybody and wouldn't
want anybody to know. Fine, keep an image of my penis, but knowing details
about my porn usage?

~~~
36erhefg
Well, most people share more with Google (search text) that with their closest
friends. And most of them are just _fine_ with that. Until of course they are
in the spotlight. Since that almost never happens, we have this privacy apathy
going on.

------
machiaweliczny
I have one question. Any idea how they can extract cookie data from encrypted
connections?

------
rconti
These agencies have all the incentive in the world to "encourage" popular
websites (bbc.co.uk perhaps) to make their cookies particularly detailed and
leaky.

------
IkmoIkmo
Absolutely disgusting.

------
davesque
Absolutely disgusting.

------
MichaelMoser123
When comparing GCHQ or NSA, who is the spookiest of them all? Which one of
them is sucking in more information and who does more with that info ? my
impression is that there is less institutional oversight over spooks in the UK
than in the US, is that true ?

~~~
ionised
Snowden claimed that the UK's surveillance operations were a lot more severe
than the US, basically due to a much weaker oversight framework.

The US might have a secret court with secret judges but all it takes for
surveillance to be signed off on in the UK is the signature of a minister in
the currently governing party.

------
crimsoneer
Just to clarify, these are all currently metadata, right? Eg, this stuff is,
in theory, not linked to any individual people without a warrant/authority?

~~~
azakai
They mention mass tracking of cookies from sources like google, yahoo, reddit,
youtube, etc. - those might technically count as "metadata", but they are used
to track individuals.

~~~
crimsoneer
I'd be fascinated as to how that's justified legally. Mass tracking has been
accepted by the high courts, but the moment you start tracking individual
users, you need some sort of warrant or RIPA authority.

~~~
M2Ys4U
>I'd be fascinated as to how that's justified legally.

They don't feel the need to justify it legally, especially when oversight is
sitting down with the head of GCHQ over dinner and asking if there's anything
dodgy going on.

>Mass tracking has been accepted by the high courts

By the Investigatory Powers Tribunal, maybe - but that's not a real court and
it's barely part of the court system at all.

~~~
kwhitefoot
Not to mention that it can either be 'mass' or 'tracking' not both, at least
not with the implied meaning that 'no individual is tracked'.

Tracking is by definition of an identifiable group or individual. If you can't
be sure that the track you are looking at refers to the same individual
throughout its length then you are not tracking, at least not successfully.
Conversely if you are tracking you cannot reasonably also claim that you don't
know who you are tracking except in the trivial sense that you, perhaps, don't
know their name or some other attribute; although you could look it up.

------
robk
Seems like I should turn On open access for my wifi router to pollute these
results by running am open hotspot.

------
plg
So Tor?

Tails?

------
FooNull
Absolutely disgusting.

------
jjuhl
Sickening.

------
gopowerranger
People jumped down my throat, here on HN, whenever I brought up this very fact
over the last couple of years so I find it interesting to see it reach the
top. I guess we have to rotate targets more slowly over time.

------
nota_bene
I'm done writing stuff online.

Good luck to y'all.

