I've found that journos rely on sources to essentially write their story for them and many clearly know nothing about the subject they're covering.
I don't think they realize this is the reason many people don't get their news from main stream media anymore. Because you can just read the source's blog and twitter feed.
So in this case a journo is frustrated that a source who they should have been able to echo, and call that news, has their own agenda.
The problem with this article isnt that the NYT fails to take responisbility for their poor reporting, it's the implication that "there's nothing to see here folks, wikileaks is just paper tiger" as depicted in the accompanying image. The tweet doesnt matter, the illegal domestic spying operations do.
Or maybe, "The Truth About the Media's Persistent Vulnerability to Convenient Misinformation"
I mean: We're still dealing with climate change denialism after years of the media allowing false equivalence to obscure the overwhelming scientific consensus around it. Major news organizations will run headlines based straight off the contents of tweets by wikileaks inspite of their repeated false claims in the past like with the "leaks" post-coup in Turkey, or Assange's statements about the Panama papers
It's stuff like this that give me, someone who believes fake news are just articles about things that didn't happen published by news organizations that don't exist on social media, major trust issues with American media today (and don't even get me started on British media)
> after years of the media allowing false equivalence to obscure the overwhelming scientific consensus around it
Grouping all "media" together isn't meaningful; it's like saying "all programmers are lazy". It doesn't provide information that helps identify and solve a problem.
Some specific news outlets, especially Fox and the WSJ, actively promote climate denial.
I understand what you're saying and agree about Fox and WSJ, but the fact is for years all major media corporations gave airtime to "opposing arguments" made by Think Tank talking heads on global warming despite the universal scientific agreement on it. That's what I mean by false equivalence and that's the attitude, and not purposeful misinformation by some outlets, that's the problem.
Yes, mainstream media has gotten better about that topic in particular, but in general journalists still go for the easier "stories" that can be portrayed as competing sides, or simple narratives in general rather than what would actually inform people about the world.
> in general journalists still go for the easier "stories" that can be portrayed as competing sides, or simple narratives in general rather than what would actually inform people about the world.
Journalists, AFAIK, are supposed to avoid inserting their own judgement, give the reader the information (including opinions of different sides), and let the reader make their own decisions.
We can say that journalists should present "facts", but who says what the facts are? In the end, it comes down to expressed judgments by humans.
That being said, that can be taken to too much of an extreme, as it has been with climate change. I don't need opposing opinions about whether the Sun will rise tomorrow.
Can people who have read the article address specific facts the author brings up, or specific errors in the analysis? Maybe we can have a serious discussion right here.
I read the article and it looks straightforward to me, but I don't independently know the facts. The analysis seems solid, but perhaps someone knows something I don't.
Unfortunately I've rarely seen so much noise (i.e., non-contributing comments) on HN, though the level tends to rise when someone doesn't buy into a Wikileaks' message.
The article gets all the facts and analysis right. The article is most likely meant for a less tech savvy audience than HN i.e the average internet user who falls for fake news such as "WhatsApp is hacked". Yes, such nonsense is circulating on social media.
Since this article does not bring anything new to the table for us HNers and has a reasonable number of upvotes, people start creating noise here.
Agreed, and here's a way one can easily tell. Summarize the article's new content that it brings to the table in one or two sentences. These sentence(s) will be easier to classify as fact or opinion as the article as a whole. I would summarize her unique message as "Wikileaks over-sensationalizes their releases", which may be fact if it's true (and she offered good evidence), but 90% of the rest of the writeup had little to do with that new content.
Off topic: Maybe I'm too cynical, but whenever I see an article titled "The Truth About X", I immediately expect that it contains someone's crackpot theory about X, rather than anything resembling truth.
Pithy statement there. But I would hope a school teacher would harp on it, and further, that they would explain just why it is the truth. Part of their job is taking students to detect and evaluate the truth of something.
Not sure if this is the right place to post this, but is there some place where one can read a description of the exploits?
On the surface, Whatsapp, Signal, etc being compromised can mean either they are individually compromised or the platform they're on is somehow compromised, or something else... in my experience journalists have the incentive to just pick the headline that is the most sensational rather than the most informative.
Generally speaking, most of the "exploits" I've seen so far have fallen into the mundane category of "if you have full access to the computer/device, you can inject code into target applications to exfiltrate information". This is more of a demonstration of the platform's security than of any specific application -- if you can get the user to run code, all bets are off.
For what it's worth, iOS has come out of this looking very safe. The CIA is essentially riding on the coattails of jailbreaks, which have been getting increasingly rare.
The point of the article is that there are no exploits and those apps aren't mentioned by the leaked data. The leaked data merely says that if you gain full access to someone's phone then you can see what the user sees, which would include their Whatsapp and Signal messages.
> in my experience journalists have the incentive to just pick the headline that is the most sensational rather than the most informative.
Considering what the article actually says, it seems this author and publication didn't do that.
Oh cool another round of "but they can't spy on the whole internet" from media stooges and their dumbass readership who haven't seen the pattern that's been going on for 20 fucking years now.
> Device and information insecurity, overzealous surveillance by governments — these are real concerns that call for real attention.
I'm looking forward to The NY Time's Zeynep Tufekci's real discussion about Operating Systems that spy on us, collect our data and share that data; tracking across the internet; lack of security updates on phones; a tie-in with PRISM (allowing the NSA unfettered access to company databases) and anything else her top-notch "security researchers" turn up.
Maybe she can add a few words about the lack of oversight, transparency and accountability our tech & phone companies enjoy for the privilege of cooperating with certain government agencies. Let's get your "sources" to add a few words about backroom deals that circumvent The Constitution and the laws of this land too. It's a big topic with many players.
Be careful though, Mrs Tufekci. This kind of real news will get you into hot water with your masters.
I'm sure she'll get to it after another hit-piece on Wikileaks for actually bringing this discussion to the table instead of trying to kill it. That is, once she gets over her political biases (which are sprinkled throughout the article) and does some real journalism.
Security and Privacy are issues that need "real attention" and not something that gets tacked on at the end of an article and forgotten.
I'll restate what the article actually said, since some people seem to have missed it. She writes that Wikileaks characterized Signal and WhatsApp as being useless for secure communication; that this is not the case; and that the media reported this uncritically.
Rather than raise questions about Tufekci, I think it's more important to ask why Wikileaks is now trying to spread FUD about some of the best tools that we have.
In this connection, she's particularly concerned that misreporting the nature of attacks, (edit:) or reporting them without context, will cause people to make bad security decisions. That issue is raised in reporting on these tools just as it was raised in the WhatsApp reporting, and it's the focus of her editorial here.
I don't think Tufekci wants people to refrain from talking about the terrible state of information security in general, or about how we could improve it. (While she also dislikes Wikileaks in general, which is very apparent in this editorial and slightly complicates the point, I don't think she means to suggest that we shouldn't know or talk about these capabilities or how to respond to them.)
This isn't news because we've known for ages and ages that governments do evil things, known for ages. None of the evils listed are new or that interesting. Nothing to see here.
To me, that is like saying, "come on, it's murder. We've had murder since Cain killed Abel. Wikileaks attempt to expose such an ancient crime isn't news. Now look what Kanye said..."
There is a huge difference between a hacker being able to read your encrypted messages, vs a hacker being able to read your encrypted messages if they have malware on your phone.
Conflating the two is dangerous, people will stop using Signal if they think it's insecure. She's right to call out Wikileaks for lying about this stuff, and at no point in the article does she imply the governments actions are acceptable either.
So you are saying that it was ok for Wikileaks to misrepresent the material it was releasing because the mainstream media has been saying for years that the government is spying on us.
If the argument is this tweet is misleading, this 14 words of content, a link and a hashtag. If that requires a 5,000+ character response to show how, I'm cool with that argument. I really am. I can see how it is misleading.
Equally, if you can read into those 14 words something misleading, I think a non-misleading interpretation is equally valid. In which case, the argument "the 14 words set the wrong agenda it's no big deal" is a little less compelling, and reads exactly like what I wrote. But what do I know? We are all free to disagree.
This is standard operating procedure at propaganda outlets like NYT/Washington Post Et Al. It's called "burying the lead". When the crux of an issue is buried as a footnote in the last paragraph.
The controlled media will quibble over symantics of a Tweet and ignore the shocking truth that innumerous government agencies can aquire blackmail on anyone they want at any time without even breaking the law; and if they fear a journalist or leaker sufficiently, cause a high speed car or plane crash to get rid of them.
> This is standard operating procedure at propaganda outlets like NYT/Washington Post Et Al.
It's an opinion piece. It's literally right there in the title that you should expect someone to be expressing an opinion, not engaging in objective reporting.
This kind of real news will get you into hot water with your masters.
And which masters would those be, Mr. Rodriguez? Perhaps you're unaware of the background, Mr. Rodriguez, but everything I've seen from her and a lot of other people who know and care about security have been laying into mainstream news media for quite a while over their reckless and breathless inaccurate reporting on security and encryption, and pointing out that media outlets are going to get people killed by turning them away from secure options and toward things that major governments can crack and spy on.
But acknowledging that wouldn't let you spout creepy and condescending comments like the one I'm replying to, now would it, Mr. Rodriguez? So I can see why you didn't go there.
I can appreciate comments on HN that counter the prevailing wisdom or even question if something is a conspiracy or not with some (at least circumstantial) evidence and without being too leading but hrodriguez's comment just reads like any other creepy, angry and nasty conspiracy theorist's vitriol. I don't know if it violates any guidelines but I hope we make this kind of comment style unwelcome on HN. There's entire communities dedicated to this style of discussion they can participate in.
Agreed. A main purpose of propaganda is not to persuade people, but to create enough noise that intelligent discussion is impossible. That seems to be working, to some degree, on HN.
When someone insists on that style of writing at someone, complete with the "Mrs Tufekci" bit, I just mentally read it in the voice of Hugo Weaving from The Matrix.
As an outsider whose only contact with New York Times is from submissions here, it seems that they don't know what they are talking about most of the time.
I love how the NYT turns their own ignorance of technology into some condemnation of WikiLeaks. That tweet is perfectly fine. What exactly do they believe "bypass" to mean? Of course their own misstep here is only referred to as "a honest misunderstanding" of the generic "press".
The article then goes on to explain what should have been researched from the beginning and delivers the brilliant sentence
This should not come as a surprise.
Right. Here is the salient excerpt from the WikiLeaks release linked in the tweet (!):
These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
You turned a tweet into a press article, didn't bother to read the referred article and then have the audacity to depict that as some sort of deliberate misinformation campaign in yet another article instead of simply admitting you rushed for the clicks. On the upside, it is now much clearer that it's maybe not only WL that is in the business of misinformation..
Not really, having a rootkit on a device allows you to bypass anything this is a given.
Wikileaks tweets are also quite demagogic and are tailored for maximum effect, these "techniques" do not actually allow the CIA to bypass the encryption, bypassing the encryption is a whole other thing completely what it does is allow the CIA to read anything on the phone and use any of it's hardware sensors.
Overall the problem with this leak specifically it that there is so far nothing damning, this is exactly the toolkit a modern intelligence agency should have, in fact this is likely to kiddy stuff not the rogue nation targeting kinetic payloads.
What it doesn't show is who these tools target, if Wikileaks to be believed the NSA only targets journalists and human rights activists whilst in reality this isn't the case.
Unlike the NSA the CIA is also not interested in mass surveillance, the CIA produces intelligence analysis primarily revolving around humint sources and targets, which means that their operations tend to be much more targeted a SIGINT agency which relies on bulk data collection.
> ...these "techniques" do not actually allow the CIA to bypass the encryption...
The definition of the word bypass is, "a secondary channel, pipe, or connection to allow a flow when the main one is closed or blocked." How is a rootkit not bypassing encryption? It doesn't break encryption.
> Unlike the NSA the CIA is also not interested in mass surveillance...
Why do you believe this to be true?
> Overall the problem with this leak specifically it that there is so far nothing damning
The wholesale violation of 4th Amendment protections isn't damning to you?
> wholesale violation of 4th Amendment protections
Where is there a violation of the 4th Amendment? The 4th Amendment is not about capabilities, which always have existed in one form or another (e.g., reading people's mail), but about legal authorization to use them.
> rubber stamping of surveillance of the entire US population
It would be good to post specific evidence of such a major claim. What "rubber stamping" are you referring to? What are you defining "surveillance" as? I cannot find a solid source for the specific claim above.
The Foreign Intelligence Surveillance Court and the Foreign Intelligence Surveillance Court of Review apply the Foreign Intelligence Surveillance Act, as amended; the USA PATRIOT Act is, AFAIK, largely irrelevant to them.
Their decisions, including the legal reasoning and analysis, are largely themselves classified, and are (like most warrant application procedures) non-assertive, which presents a significant problem of transparency. (Regular warrant application processes, insofar as they support what eventually turns into criminal prosecutions, at least are aimed at feeding into adversarial proceedings which can reject their results, which mitigates the problems stemming from non-adversarial proceedings.)
And the process of creating said legislation out of public view in the first place, and the courts which oversaw challenges to the constitutionality of the US surveillance state who deemed it acceptable. Much like the doctors, lawyers, and others who oversaw approval of US torture programs, they're all reprehensible.
From 1979 to 2013, the FISA courts have denied 12 warrants [1]. That a FISA court actually denied the initial surveillance on Trump Tower, and Obama's DOJ then pushed it through, should be an enormous red flag to people.
> From 1979 to 2013, the FISA courts have denied 12 warrants
That's also true of you change the time period from 2003-2013, since it denied zero from 1979-2012. (It's funny that the low rate of denial over the whole life of the FISC has been cited to support the idea that the court has become a rubber-stamp of the post-9/11 surveillance state, when all of the actual denials are in the post-9/11 period.)
My confusion is regarding the "entire US population" claim because I have never heard anything like this. I could have missed it and would like to know if that is the case. The closest thing I remember is the metadata issue specifically with identifiers related to Verizon account holders. My understanding is that the rules were tightened with regards to US citizen metadata as a result of this disclosure from Snowden, which is probably the best possible outcome (Short of it not happening in the first place).
Again, if I am off base and there was additional approval for any sort of surveillance on the data of the entire USA, I am very interested in learning more.
> bypassing the encryption is a whole other thing completely what it does is allow the CIA to read anything on the phone and use any of it's hardware sensors
I really cannot understand the difference between "bypassing" the encryption and allowing the CIA to read anything on the phone. Those sound like trivial synonyms.
Bypassing encryption means that you are actually bypassing the encryption method, e.g. fooling WhatsApp to not encrypt and not alert the user, forcing WhatsApp to use a specific key again without alerting the user, finding a way to access the clear text messages in the service itself etc.
Reading the clear text pre or post description isn't bypassing encryption because this can be done regardless of the type or method of encryption used.
If I beat you with a wrench until you tell me your password it doesn't mean I managed to bypass the encryption of your password manager.
The definition of bypass seems to be exactly the opposite of what you're saying. Here's one. "a secondary channel, pipe, or connection to allow a flow when the main one is closed or blocked"
I understand bypass to mean "go around" basically. So if I bypass something, I have found a way to avoid it. I really think this is the common usage.
You burn a strawman to explain what bypass means then suggest hooking an app to extract data before encryption after gaining code execution is not bypassing. You took a wrong turn here somewhere.
I'm not really interested in another repeat of the "there is nothing here" discussion. We seem to get that for each of these releases; lots of people swarming in to tell us they were perfectly aware of all these things since, well, forever.
You seem to have confused an editorial written by a college professor with a news article written by a reporter. This is an opinion piece and should be treated as such. Apparently you have a different opinion (which is perfectly fine!), but that has nothing to do with how the NYT covers technology.
Would you please stop using HN primarily for political battle? That's an abuse of the site, and we ban accounts that do it. We have to, because otherwise the entire place would become a battlefield.