
Assange in 2011: "They have automated the process." - why-el
http://thenextweb.com/facebook/2011/05/02/wikileaks-founder-facebook-is-the-most-appalling-spy-machine-that-has-ever-been-invented/
======
jeremy6d
The problem with Facebook is not that government has access to it -- at least,
that's not a problem _unique_ to FB (Gmail, as one commenter says, is probably
worse in terms of raw access to personal details). The problem with Facebook
is that it is personal details specifically organized into a dossier-like
format. It's one thing for the NSA, for instance, to be able to tap into the
hose of undifferentiated data streaming through the network. It's quite
another thing for that data to be specifically organized for the purposes of
quickly discovering key information about somebody, such as their social
network, their political interests, their latest photos, etc. all indexed and
searchable. Think about the cost of taking Gmail's data and turning it into
something useable by intelligence organizations -- work that FB "empowers" us
to do for them!

What we need are tools that allow us to connect in ways that are difficult not
only to detect but also to make sense of (not necessarily encryption, but an
ad-hoc format that can't be easily parsed and aggregated). We need the ability
to use the network for our own particular, peculiar interests rather than
having to fit our interactions into some other authority's template for
_their_ interests. The idea that social networking never occurred before
Friendster, FB, MySpace is ridiculous -- it just happened more informally
before.

I'd like to see a return to this informal mode of using TCP/IP, where the
internet itself is the social network rather than merely a transport layer for
some centralized system. This may make it harder for everyday people to
benefit, but it also means they learn how to drive before they use the roads.
Social networking's hyped-up promise has always been to passively connect
people, but the promise of the internet has always been to allow people to
actively connect (or not connect). Once we have a broader suite of tools for
this latter purpose, we'll see people reject centralized dossier services like
FB.

~~~
resu_nimda
> What we need are tools that allow us to connect in ways that are difficult
> not only to detect but also to make sense of (not necessarily encryption,
> but an ad-hoc format that can't be easily parsed and aggregated).

Which would also make it much more difficult to use and less useful. We've
organized our info this way because we like it and it makes sense, it's no
surprise that it's useful to the government as well. In other words, I think
the value to us and the value to them are very tightly coupled.

And the thing is, outside of the hardcore techie bubble, most people don't
care. So what if the government can see their friends and pictures, even track
them to some degree? Why _should_ they care? They're not going to migrate to
some convoluted unstructured system just for the abstract and esoteric benefit
of privacy.

~~~
jeremy6d
> Which would also make it much more difficult to use and less useful.

Maybe. As somebody who's worked in content management system design for a
great deal of his career, I'm not at all convinced that the ongoing enclosure
of information into systems of formatting serves people. Instead, what you
find is people jumping through hoops to fit their information into the format
chosen by others. Paul Goodman critiqued the tyranny of format 50 years ago,
and Douglas Rushkoff authored the natural extension of this critique in his
seminal "Program or Be Programmed". The promise of the internet has to be more
than giving people text boxes, or I give up. :)

> We've organized our info this way because we like it and it makes sense,
> it's no surprise that it's useful to the government as well.

Really? The users of FB have decided that this is the way they'd like to
organize their information? Surprising. I never recall in my use of FB being
given the ability to structure the format as I and my friends see fit. I must
have missed something.

In all seriousness, I think we need to look very carefully at this coupling of
value you speak of. There are almost certainly areas where the format chosen
by an authority (a corporation, a government, any institution really) is that
that free individuals would choose. But not every area, and as the information
gets more personal, the format becomes more restrictive. I'm not sure where
the line between sharing on one's own terms and another's terms gets crossed,
but any network that can aggregate detailed information about BILLIONS of
people has certainly crossed it. The question is simply whether or not we
should be content with this situation.

~~~
resu_nimda
> The users of FB have decided that this is the way they'd like to organize
> their information?

In aggregate, by choosing to use Facebook, and by providing feedback and usage
data that shapes how it changes. I realize that there is a certain stickyness
and network effect at play, but at some level we have chosen this platform and
format, and many (most?) are content with it.

I can't really wrap my head around a useful replacement that has no enforced
formatting/is difficult to aggregate and parse. If you have any more concrete
ideas or examples I would be interested.

~~~
jeremy6d
>> The users of FB have decided that this is the way they'd like to organize
their information?

>In aggregate, by choosing to use Facebook, and by providing feedback and
usage data that shapes how it changes.

I simply draw a different conclusion from that than you do. At some level we
have chosen it, yes. I'm not denying that, but instead trying to figure out
whether that level is necessary. I appreciate the pushback!

------
euroclydon
I've been following these discussions the past couple of days on HN, and there
are a few calm minds who are very knowledgeable of the law, who's comments
have been enlightening and reassuring ('rayiner and others).

But we now live in a completely online world, where nearly all communication
and files are conveyed and hosted by third parties, and soon it will take
several minutes for even a geek to mentally count up the number of internet-
connected computers in their house.

I am comforted by the idea that Jack Bauer and Chloe have timely access to
information to stop the bad guys, and that US secret agencies have little
motivation or bandwidth to use this information for anything but national
security threats (and hopefully kidnapping and such). Bad actors in these
agencies can obviously do a lot of harm to individuals, but those cases will
probably be personal and few, widespread malicious use of this data by agency
employees would be easier to uncover.

What I find most troubling is the ease with which the government can view my
information and how I've steadily made it easier for them over the past five
years by getting that iPhone, using Dropbox and Gmail. But, my life has seemed
safe, prosperous and peaceful over that time and these services I use have had
a profound impact on the efficiency and convenience with which I perform my
daily routine.

~~~
rpgmaker
"Those who do not move, do not notice their chains." \- Rosa Luxemburg

Of course you don't care about privacy, why should you? You're just a peaceful
flock member. never acting against the power of the status quo. But look
around and see what happens to the people that actually do confront power and
you'll see why privacy is important.

~~~
euroclydon
Can you give me an example?

~~~
rpgmaker
[http://www.aclu.org/blog/technology-and-liberty-free-
speech/...](http://www.aclu.org/blog/technology-and-liberty-free-speech/feds-
settle-lawsuit-bradley-manning-supporter-over-border)
[http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_det...](http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_detained_at_border&#x2F);
Entire wikileaks saga. Anonymous.

Really, you just have to pay attention.

~~~
euroclydon
The first link was about a lawyer, who represented the soldier who stole
massive amounts of classified material while stationed in a war zone, being
detained and searched at the border. The second was about a film maker
returning to the country after traveling to a war zone and being detained and
searched.

In both cases their laptops/cameras/etc were searched and confiscated for a
time. Neither person seems to have been detained overnight.

This is just the government being thorough. This is not disturbing to me.

------
junto
I would now consider paying for services that offer real private email, social
networking and file sharing / cloud backups, where none of those services were
controlled by an US controlled entity and where the NSA couldn't snoop around
in my private life. However boring my private life is, it is still mine.

I wonder if anyone else would part with cold hard cash though, or is it just
me? There maybe a niche there.

~~~
wavefunction
Paying with your credit card? That's being tracked. Your back account
transactions are being indexed and collated.

They're probably in all of our computers already. I've been operating a
windows7 honeypot as my "main" computer for several years, generating what
appears to be legit "personal" traffic. You wouldn't believe the shit I've
found, and it doesn't appear to be your garden variety cyber criminals or
foreign state actors. And I'm not even that smart.

~~~
_nb
Could you elaborate a bit on what you found on your honeypot?

~~~
wavefunction
It appears that the honeypot has been compromised in both a domestic botnet
running in system memory by "authorities" local to the US, and also that there
are background processes in Windows that are inspecting the filesystem for
binaries matching certain signatures no matter how the user configures the
system, even "stubbing out" the visible processes that would make sense, like
their anti-malware and indexing services. Basically a Windows machine is owned
from the get go.

Unfortunately this is not exactly my particular area of expertise, so for me
it's like glimpsing a shadow through smoke and a moving window, mostly an
impression but something that has become more and more sophisticated despite
my attempts to prevent it via traditional and modern methods of forensics, and
even weird things like audible and inaudible platter noise when there
shouldn't be heavy (this is the key for me) disk io.

~~~
revscat
Those are pretty explosive claims.

a) How are you identifying the processes? 2) How are you determining that they
are inspecting the filesystem?

~~~
wavefunction
I certainly understand the gravity of what I'm alleging, and I wish I had
formal training in this stuff so I could publish my observations with some
sort of rigour. I will say my methods are pretty crude and consist of:

Process of elimination as far as the processes are concerned. Basically I have
been paring back the processes that are visible to me in memory until it
should be a bare minimum for a functional Windows kernel in memory, and
stubbing out the non-essential processes I find with empty "stubs" so that the
hooks are still there but non-functional. Then observing disk io and memory
usage, and repeating. Not very scientific, but again, I'm an amateur.

The stuff about disk platter noise is simply recording the audible and
inaudible frequencies generated from the platter (I haven't upgraded to a ssd
for the system disk yet), and then running regressions on the wave forms to
detect anomalies via the noise generated by the platter and the reading head
interacting. I was interested in looking into the inaudible frequencies
because it seemed like a good way to cloak disk io from the average user.

As far as the botnet stuff, I've done some MITM packet analysis and some
simple stuff like tracerts and observing changes in routing. Right now the box
is routing all name service through what appears to be another compromised box
in the US state of Georgia, though I'm hesitant to do much network topology
due to port-scanning being considered the same as cracking.

This is all just a hobby, and I'm sure some of the stuff I've mentioned about
is either very crazy sounding or perhaps already known to people more
knowledgeable than me. I grew up when pcs were still a weird hobby for
society, and so this sort of stuff seems like things we should be able to do
without fearing repercussions.

Also, I only posted this to give context to what I had posted before, so take
it for whatever you want to. I'm interested in non-violent solutions to
improving society and I don't want to jeopardize that.

~~~
JamisonM
How do you tie these things back to a domestic botnet controlled by
"authorities" local to the US?

~~~
wavefunction
Just looking at the disk activity of reads, inspecting the memory dumps from
these periods, and picking out what I can via a hex editor as far as what the
"inspection" appears to be looking for via checksums derived from file blocks,
which appear to be tied to images and videos. I'm assuming that this is
domestic and not foreign, which I certainly could be wrong about. I'm also
assuming they're looking for kiddie fiddlers, which I doubt someone like China
would be all that interested in, but maybe the PRC is for blackmail purposes.

A lot of this stuff is sort of ephemeral and I don't have any credentials to
really convince anyone. That's why I would post this, maybe someone else knows
more than me. Like I said, take this as anecdotal and perhaps incorrect...
You'll notice a lot of assumptions by me.

~~~
JamisonM
Well, the behaviour you are describing just sounds like Microsoft's anti-virus
software - and they have a datacenter in Georgia - something to consider.

If you are genuinely concerned I think it is pretty simple to contact real
professionals with whatever data you have.

~~~
wavefunction
I don't know, the name service resolution terminated in a server with an open
smtp relay, which might be what you're talking about but sounds strange. Plus,
it's name service resolution for _all_ outbound traffic. Thanks for the tip
though. Like I said, I'm just a computer hobbyist

------
tshile
I'm curious if my friends, family, and co-workers that rolled their eyes at me
or laughed at me when I explained why I deleted my facebook account years ago
even remember the conversation, or what their response was, when they read the
latest revelations about the government having access to their databases.

~~~
k-mcgrady
Deleting your Facebook account isn't a solution to this problem. Gmail may
contain even more personal information. Dropbox contains your files and is
essentially giving them access to documents you would have stored offline 10
years ago. The problem is that none of these services are safe anymore and we
need specific legislation detailing what the government can and can't do with
the information we have stored on them.

The bigger problem for me is that as my data is being stored in the US by US
companies and my countries laws don't apply - and the safeguards provided by
the US constitution also don't apply. The NSA/FBI can do whatever they want
with my data and have said as much[1]:

"He said reports about Prism contained "numerous inaccuracies". While
admitting the government collected communications from internet firms, he said
the policy only targets "non-US persons"."

I think we might start to see companies having data centres in multiple
countries and allowing you to store your data in the one you choose or the one
that follows your countries laws. Otherwise there will be an exodus of users
from US internet companies.

[1][http://www.bbc.co.uk/news/world-us-
canada-22809541](http://www.bbc.co.uk/news/world-us-canada-22809541)

~~~
grandalf
The best approach is to keep profiles/accounts on all of those services and
use them periodically to create a "clean" trail. Meanwhile, if you need any
actual privacy, find alternate/private channels.

Considering the enormous amount of data being collected and the relative ease
of setting up a clean trail, this kind of spying makes it even easier for
low/moderate-suspicion individuals to achieve secure communications.

For high suspicion individuals, this kind of surveillance makes it easy to
create disinformation that appears to be real intel.

The workflow required to leave a realistic "clean" trail while simultaneously
engaging in secure communication could be designed into a purpose-built linux
distro.

~~~
jedbrown
_purpose-built linux distro_

That seems to be the intent of Tails [1]; see also [2].

[1] [https://tails.boum.org](https://tails.boum.org)

[2]
[https://news.ycombinator.com/item?id=5838140](https://news.ycombinator.com/item?id=5838140)

------
dsleno
Prescient.

Will these NSA spy revelations hurt US internet companies? If I am German or
Russian or Brazilian... do I really want to go out of my way to feed the U.S.
intelligence beast?

~~~
pointernil
First: as such you probably already do feed them

Second: that kind of thinking could be a nice way to "motivate" the creation
of alternative products out side of the us of a.

Third: but how realistic are such endeavors in today's world?

~~~
kcorbitt
On the other hand, there are relatively few governments worldwide that I would
trust more (or distrust less, I guess) than that of the US to abuse this kind
of information. The US isn't perfect, but a lot of places out there are worse.

~~~
koralatov
``Being stabbed by a handsome gentleman is awful, but being stabbed by an ugly
man is worse, so thank God I'm only being stabbed by a handsome gentleman!''

------
kevinbluer
"CIA calls Facebook 'Reason We Invented The Internet'" [1], gotta love The
Onion :)

[1] [http://www.theonion.com/video/cias-facebook-program-
dramatic...](http://www.theonion.com/video/cias-facebook-program-dramatically-
cut-agencys-cos,19753&#x2F);

------
pstuart
Government spying on my Facebook account is bothersome in regards to privacy
limits of power but it is Facebook and anything I put there I should expect to
be public at some point.

We need more public spying on the government....

~~~
cinquemb
> _We need more public spying on the government..._

Are there public databases that collect information on officers/ agents?

If not what kinds of information would be valuable (to the public) to collect/
what kind of processes would be good to use(crowd-sourcing, web-scraping, .gov
apis, etc)?

------
Shivetya
Lets be honest. Most people scream about privacy violations but in turn are
more than willing, hell you cannot shut them up, to tell you all about
themselves, their stuff, their friends, and such.

Even with legislation do you expect it not to be easy for any agency to just
gather the information? At worst we will get an "Online Users Bill of Rights"
which will only codify their rights to our privacy.

------
pvnick
I think the real question we should be asking ourselves is "What sort of
society are we trying to protect?"

------
znowi
Assange is an exemplary case of how secret services operate. Containment plan
is generally to discredit an inconvenient person via a character attack, which
directs attention to a single person (and boy do the crowd loves gossip and
celebrities), overshadowing whatever sensitive information there is to
disclose. Make this person an unreliable source before they have anything to
say.

He's been labeled a rapist, a crackpot, or even an agent of the evil, with
little regard to atrocities exposed by the Wikileaks.

Yet like our beloved RMS, if you read the early texts, it is clear that they
had seen it coming way before us - _sane_ , _normal_ people.

------
6d0debc071
I wonder whether the time has come to build some better tools for protecting
privacy. Looking at the common implementations of encryption the publicly
available free stuff has some fairly awful interfaces. It's especially a mess
if you're looking at securely communicating with a website - I can't think of
a single browser that supports anything like a decent standard of encryption
for that.

------
pajju
\+ We haven't committed any crime — then there's nothing to worry! And so
spying on certain accounts is fine, if they need to investigate, track and
analyze data for Intelligence.

\+ I'm perfectly fine if they take my data — till its serving in the good
interests of my family and people's safety.

\+ _It should only be_ in the good interests of our system and society.

\+ But such credible data, should not be misused by the govt bodies or elected
representatives!

~~~
smoorman1024
Who is to decide what is in the "interest" of your family and people's safety?
This is subjective and cedes power to whoever is in control of the
surveillance mechanism. The surveyor may have motives that are not as
benevolent as you would like to think.

~~~
rahoulb
Or worse still, what if the definition of what is "safe" changes, following
some sort of incident (9/11?)

Once they have amassed all this data about you they can mine it to their
heart's content and use it to make predictions - those books you read before
the "incident" that seemed innocent now get you flagged as a potential
terrorist.

