How come WikiLeaks is distributing this? I don't see any meaningful connection to government transparency or even corporate transparency... this has nothing to do with abuse of power, it is completely normal and rightful for a company to keep its infrastructure locations secret. Some of this could be found through public records, etc. and that fine to post, but internal operating procedures are not.
Sure, it's fun to look at. But the only people who will really benefit from this being leaked are AWS competitors and malicious actors intending to disrupt international communications.
Amazon is making local governments to compete against each others for data center locations, so it's in the public interest to know the locations. For example, you can compare at the location, electricity cost, infrastructure, tax schemes and tax revenue etc. in local level and see how important they are for Amazon and maybe even estimate the benefit of having Amazon.
The location of Amazon data centers is not hidden from it's large competitors, or any adversary.
Another perhaps less known aspect of these tax giveaways is that the details are kept secret. They are often embarrassingly huge giveaways, that's one of the reasons they aren't public [1]. I wish we could stop corporate giveaways. I love the software work that amazon is pioneering, they are pushing the envelope, doing great work, enabling companies to grow and do new things. But they are one of the richest companies in the world, they shouldn't get tax credits, imho. I don't think this location info should make it risky.
I absolutely agree. Essentially, corporations with huge revenue streams get major tax advantages that are not available to local companies in exchange for "creating jobs".
It turns out that each of those jobs is so costly to taxpayers that the only real benefit is for the politicians that announce the "partnerships" (and the receiving company, obviously).
Here's a couple of interesting articles on the matter:
Then shouldn’t they publish the documents showing those giveaways instead which surely makes more sense, doesn’t put AWS customers at potential risk and holds local governments accountable?
The simple thing is to put anything you get your hands on online under the opaque umbrella of public interest. The responsible thing to do is to run with it, find the local governments in those areas and file requests for the records of any transactions to be made public. That would be in public interest. Dumping anything that has a SECRET written on it is not always a good thing.
I'm not sure why Russian intelligence cares about AWS datacenter locations.
This has largely been an "open secret" for a long time. If you want to know where an AWS datacenter is, ask local taxi drivers and pizza delivery folks. These things are huge, and very hard to hide.
Which assumes that you know the locale. I imagine that there is one in Ashburn, Virginia, maybe an hour's drive from here. But what pizza delivery operation would I ask? I guess I could hail a cab at Dulles and ask to be taken there.
The locale is "the region as announced publicly," and anyone who's in a position to use this information is going to pay more than one person to start digging. It's a crowdsourcing problem.
Yes, the US government does, but the AWS Cloud for government is mostly (entirely?) not included here. This list is also highly incomplete otherwise unrelated to government as well (us-east-2 region isn't covered at all for example).
Why? Why does knowing where it is located a "right"? I feel US citizens have a right to know who is storing the data, and the parameters they must follow. Also you should have a right to know where the data is located, as in "in the USA". But beyond that, isn't having the actual address a security concern?
The public is far more at risk with the CIA around to begin with, so long as it continues to carry out bullshit interventions around the world that so often come back to bite us. The primary impediment to enumerating these risks is the CIA's lack of transparency.
I don't know the answer, but the question works equally well flipped around. If they have it, why not release it? Hiding the information to ward of malicious actors and AWS competitors is security by obscurity, and not reliable. It's nearly impossible to hide a giant data center, so a dedicated person can track most of them down anyway.
I'd be more sympathetic if Amazon weren't holding a competition to see which city would give them the biggest tax breaks. It's only fair that everybody sees what other deals they're getting.
It's not like you can hide a datacenter from aerial photos or space based photography. Giant air handling units and 1 megawatt+ sized generators are huge. You could theoretically camouflage one, but they're built in a cost-sensitive manner, it would cost millions to actually "hide" a datacenter from IMINT techniques.
It is not about Republicans or Democrats -- the reality is that it is operating in a way where we can all be assured it is not doing so in "our" best interest, but instead for some other nation-states purpose. Just because the party you identify with seems to be helped by something they have done recently does not mean you should take them as being honest actors.
> "the reality is that it is operating in a way where we can all be assured it is not doing so in "our" best interest, but instead for some other nation-states purpose"
The reality is that WikiLeaks has exposed a lot of information that we should know, I have yet to see solid evidence it's done for another nation state.
> Just because the party you identify with seems to be helped by something they have done recently does not mean you should take them as being honest actors.
Agreed, but I am also not going to believe the talking points of a party apparatus that cheated one of its own candidates. Would you?
I am not even a U.S. citizen, so I have no dog in this race, but I am well aware that both of the parties do anything to deflect from their own failures and now it's the Democrats, since they lost.
What have the Democrats done to offer a truly progressive platform, instead of the centrist one that lost them the election? Sure, they blame Russia 24/7, but that doesn't offer voters anything. Many Democrats in Congress vote with Trump and the Republicans well over 50% of the time, so this whole thing looks to me like a sham.
I don't remember on which occasion it was -and can't find it now-, but recently (post-2016) both Assange and Wikileaks were clearly riling people up against Snowden. That's right about when I stopped caring what they had to say (and it's such a hard departure from the 2013-era Assange who was supportive of Snowden).
> if you actually read more about WikiLeaks than the surface reports, it is simply that they believe in complete transparency of powerful actors to hold them to account
Sure, but I'd have the same question if Wikileaks published the locations of all DoD internal server farms. What possible importance does that information have beyond its potential to compromise security?
Wikileaks desires a world in which there is high competition between web service providers so none of them gets too powerful. This is consistent with their objectives.
As a resident of Ashburn, VA the locations are hardly a secret. Just about everyone in the area who cares to know, knows. I drive past the place in the header image of https://www.theatlantic.com/technology/archive/2016/01/amazo... on the way home from the Sterling Wal-Mart. My next door neighbor is an HVAC tech for Amazon, and he's only barely secretive about where they are (to me anyway). Everyone at Old Ox and Crooked Run breweries seems to know, etc.
The Google Maps tiles are labeled “Amazon Datacenter Complex” or such on at least one cluster. I don’t mean Wikileak’s pins, I mean the public rendered tiles.
The address in Palo Alto is right off University Avenue behind the Walgreens. The one in Luxembourg is an office building as well. I don't see much value unless one wants to destabilize internet infrastructure.
Most of the ones in the Bay Area are, to my knowledge relatively small "retail" colo spaces.
200 Paul, 528 Bryant is PAIX, 11 Great Oaks is Equinix. SV2 got shut down years ago. I don't remember AWS ever being in 3000 Corvin, which is a tiny, poorly powered data center.
As an example of how old this data is, I reported to someone in 2014 time frame that led data center operations for some AWS regions including North America. He told stories of vacating 200 Paul, I'm guessing in the pre-2010 timeframe.
In any case, none of this information is that big of a secret. It's all in the public record. It's pretty hard to build something that size and with that degree of power consumption without others noticing. There's generally plenty of news media about such things:
I just checked and you are correct. I guess they probably leveled the old building, which was 3030 Corvin. Anyone that was there in the mid 2000s remembers when Facebook heated the place up and they had box fans every where, an extra generator parked in the parking lot, etc.
It is somewhat humorous you would assume a determined attacker would be apprehended, or dissuaded by jail time. Poor threat modeling. It's difficult enough to defend against wild backhoes.
The timing on the release of this information is very _interesting_, considering:
"Currently, Amazon is one of the leading contenders for an up to $10 billion contract to build a private cloud for the Department of Defense. [...] Bids on this contract are due tomorrow."
>"In some cases, Amazon uses pseudonyms to obscure its presence. For example, at its IAD77 data center, the document states that “Amazon is known as ‘Vandalay Industries’ on badges and all correspondence with building manager”."
This made me laugh. Vandalay Industries is a reference to a very funny Seinfeld episode. Someone at AWS has a good sense of humor:
Seems like using ‘Vandalay Industries’ is a terrible idea. Doesn't everyone* know that anything called ‘Vandalay Industries’ is an obvious fake?
* Maybe anyone over a certain age? Do people under... I dunno, 40? 30?... watch much Seinfeld? Seems like TV shows are largely generational things... I'm aware of MASH and Dick Van Dyke, but I wouldn't get the semi obscure jokes from those shows since they were on when I was super young.
I'd guess the goal is more to keep this list from coming up in public records searches than to serve as a truly effective disguise. I can't imagine the datacenter employees are expected to lie to everyone about where they work.
Which reminds me of the article on HN a few months/years back about how you could identify most spies because they all appeared the same way in embassy listings (which was all public information).
With a lot of things like this, you're really squatting at a particular point in the effort-reward curve. You're not going to make something of this scale absolutely secret; there are hundreds of people involved, deliveries of material over years, and ongoing services. It's not like Amazon can bury the workers on site after they finish their work, like people always claim the pharaohs of old did but probably didn't.
But being a little secret might solve some problems, so if there are low-effort ways to make it a little secret, you go ahead and do those. You make a shell company, even if it has a stupid name. You don't tell contractors or delivery people who the real owner is. You don't drive up to the building in a car that says "AMAZON1" on the license plate.
It's not going to keep the place totally secret, but if it makes a few things easier - you get fewer break-ins, you have fewer troubles with the local planning boards, whatever - it's probably worth the tiny bit of effort.
(Also, did you know that Dick Van Dyke is still alive and active? He's in the new Mary Poppins.)
>"Which reminds me of the article on HN a few months/years back about how you could identify most spies because they all appeared the same way in embassy listings (which was all public information)."
>"Seems like using ‘Vandalay Industries’ is a terrible idea."
It's obviously meant to be a joke.
>" Maybe anyone over a certain age? Do people under... I dunno, 40? 30?... watch much Seinfeld?"
Seinfeld is one of the most syndicated shows in television history and has been since the show ended. In some markets its on multiple times a day, it's also on Hulu. It's not really a generational thing.
Seems to be outdated. One of the folks named in the document as responsible for a China site is not working for Amazon since a few years ago and is now at Google Cloud, according to his linkedin.
This release shows how desperate wikileaks is. Very old and outdated data that is far from secret. We should all simply ignore them nowedays, thank them for what they did in the past and tell them to move on.
The only reason I see why they published is: get some new media attention because tomorrow they might get a contract with Y who we dont like blabla.
Not the most exciting, or revealing of leaks. Less interesting, then, say, their leaks of Turkish dessert recipes[0]. Great attempt at clickbait though!
Compare the locations with https://www.internetexchangemap.com/ and you'll see that most of these are just the natural locations for datacenters. Most of these locations are within a few kilometers, sometimes within a few hundred meters, of other commercial datacenters.
They generally fall within: Close to major population and finance centers with affordable power, abundant fiber, and local/state governments willing to give subsidies... like every other datacenter.
A lot of the locations look more like POPs, not data centers. The multiple in Brazil are just coloc and meet-me sites run by local companies (UOL, Algar, TIVIT).
I’ve lost all respect for Wikileaks. How about actually leaking documents on day, I dunno, how the Chinese government is trying to brainwash Uighurs and erase their culture and religion? Instead, it’s always the US that’s been the bad guy, and now it’s not even really the government directly. There’s no cultural suppression or a larger public benefit from knowing where amazon data centers are located.
You're assuming that anyone with these sorts of documents:
1) wants to leak them (most of the Chinese people who I've met in China, especially those who work in a government or military capacity, will bend over backwards to defend China from any level of perceived foreign criticism)
2) has the capability to leak them (most Chinese people are unlikely to know much about Wikileaks)
> How about actually leaking documents on day, I dunno, how the Chinese government is trying to brainwash Uighurs and erase their culture and religion?
Wikileaks legitimately may not be in a position to acquire such documents to leak. My understanding is that they mainly distribute documents provided to them by others, and has never exercised much editorial discretion. If Wikileaks is best known in the US/Western Europe, it'll likely only acquire documents related to those regions.
For a Chinese person to leak documents about Xinjiang to Wikileaks, that person must first know about them, then be able to contact them, then be able to send the documents to them. I wouldn't be surprised if Wikileaks itself is blocked by the Great Firewall, and that its typical communication channels for leakers are blocked and/or difficult to use from the PRC, which makes the whole process doubtful.
We'll never know how much "editorial discretion" they exercise by just not releasing things that don't suit the narrative they're building. And I'm guessing it's actually a whole lot. During the 2016 US election, they implied often on twitter that they were sitting on more information about all parties, constantly hyping up more bombshells and then only releasing some one-sided nothingness. It was such an obvious attempt to destabilize the discourse, it's hard to imagine their motives were driven by anything other than the interests of a certain foreign government.
Sure, it's fun to look at. But the only people who will really benefit from this being leaked are AWS competitors and malicious actors intending to disrupt international communications.