Hacker News new | past | comments | ask | show | jobs | submit login
China's social network surveillance databases are apparently leaked to Internet (twitter.com)
369 points by stevefan1999 47 days ago | hide | past | web | favorite | 105 comments

> And the most remarkable part is that this network syncs all this data to open MongoDBs in 18 locations.

Lol, again.

I recall in a previous list of open MongoDBs, the Chinese equivalent of the US Food and Drug Administration had an open MongoDB.

> The most dialogs which are being monitored are typical teenager conversations.

In the picture "你还用说我大", "那是衣服紧" (Translate: "You don't need to tell me that mines was big", "That's because the cloth is tight").

I don't know about the "typical" thing due to lack of context. But my sense tells me, that "teenager" is doing some sex talk.

Another one: "说:!收【【【46--48道士号】】】卖的微信XXXXXXXXXXX" ("Buying 46~48 level Taoist account, contact me using WeChat XXXXXXXXXXX"). I guess this person is trying to buy a in-game character. Taoist is a type of character similar to magician.

I think the message is captured by some type of Internet Cafe managing software, which can be installed on the machine so the admin could remotely control and "auditing" it. Typical feature includes shutdown, force logout, timer etc. I don't know it can also record chat messages, but the fact it can does not surprise me that much to be honest.

Where is this data? It sounds like they haven't disclosed it, just announced it?

I have no idea. Those messages I've quoted is from the Twitter page.

Just leaving aside for a second what a crime against humanity this surveillance is...

It never ceases to amaze me how many of these massive data leaks are simply "mongodb in default configuration".

I just don't understand how it was thought, at any point in time, to be a good idea that mongodb in its default configuration, would be open to the world with no authentication.

That what happened when DevOps started to mean “we don’t need an ops team, the devs can do it”.

"we don't need dbas, the ops team can do it."

At least the ports would be closed :P

From the screencaps it looks like surveillance systems used to monitor internet cafes and public access points where people must use their real ID to login, so it's a bit easier to link accounts to actual identities. A number of these IM suits are actually encrypted in transit that it's very unlikely that this level of interception is possible without a root certificate installed on the client machine.

It's my understanding that if you want to play ball in China, you have to give govt the keys to the kingdom.

Here's one article of apple doing this. I'm not meaning to pick on Apple here, but imo they're the most security/privacy conscious of the really big players, and they've caved.


Couldn't this data be coming directly from these IM services' servers? I doubt any of them are E2EE.

It's possible but I really doubt it, considering the sheer volume of message being generated every moment. It would be much easier and less likely to have hiccups like these if they just give them server access on demand, rather than having a live data feed replicated to 18 separate locations. Moreover the tweets actually show names and addresses of various internet cafes in one of the pictures. This information should not be available if the data is coming from the service provider's backend.

Contrary to popular opinion on HN and other forums in the Anglosphere, surveillance in China is a nuanced problem and tech companies are far from completely passive. Local police are often denied when they request information because technically they lack jurisdiction on companies located in a different town or province. As a result they resort to catch-all interception using devices like these makeshift DPI systems(there is no clear legal requirement, but internet cafe owners are easily coerced into installing them or risk having their business hut down over various infractions) and Stingray-like fake cell sites (a constant source of conflict with major telcos because they are often poorly installed and would interfere with normal cell sites).

These ad-hoc schemes are usually put together by the lowest bidder, so they tend to be horribly inefficient and insecure like what's been shown in this case. But to local LE it's still preferable to going dark, not to mention there is usually little accountability when their system breaks.

> I really doubt it, considering the sheer volume

I feel like most people felt that way about the NSA's capabilities pre-Snowden

Or did they? The global SIGNIT capacity of the NSA has been pretty well known before Snowden. The more revealing part of the Snowden leaks was that the NSA has been spying on US soil without clear authorisation.

Personally speaking, Snowdon actually made me a lot less paranoid about the NSA: They are, like every other nation state backed blackhat, relys on having physical access and 0day exploits to do their bidding. No magical backdoor or quantum computers involved.

NSA spying on US soil was long known[1] (and of course "clear authorization" was never granted if you interpret that phrase to mean "public" and "accountable")

I'm not sure where you got the notion that they need physical access to anything either. Apart from intercepting comms on the wire, they deliberately subvert crypto standards in such a way that only they have access [2]. That is as close to a "magical backdoor" as it's possible to get.

[1] https://en.wikipedia.org/wiki/Room_641A [2] https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encry...

Well, Room 641A is a form of physical access. They are not yet capable of breaking into any commpany's network from outside.

The slides in the guardian article is pretty vague. The only proven case of NSA inserting a backdoor would have been the DUAL_EC_DRBG algo, and people have been alleging that from the very beginning. IIRC, Bernstein went on further and suggested that the NIST ECC curves may be compromised, but that's far from proven.

Most real life attacks we have seen such as logjam and beast arises from longstanding vulnerabilities that are in no way exclusive to the NSA, but they are probably in a better position to analyse past interceptions once an.exploit has been found.

> They are not yet capable of breaking into any commpany's network from outside.

They can break into any company's network but they can't break into every company's network.

I believe that if the NSA targets a company, they'll almost certainly be able to infiltrate the network after some nontrivial targeted and sustained effort. Maybe someone like Google could fend off the NSA but I doubt it. The NSA only has to get lucky once, Google has to be secure 100% of the time. It's a tough battle.

But the NSA isn't currently monitoring every private corporate network, that's just crazy talk. I think.

You might have missed the part about PRISM. [1]

"Internal NSA presentation slides included in the various media disclosures show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."[13]"

That would fully qualify as a "magical backdoor" in my opinion. Companies stated as participating in the PRISM program include Microsoft, Facebook, Google, and Apple, among others.

[1] - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)

It's rare to see comments like yours from people who know about the technical details of how the Chinese government manage the internet. Could you share some please? How often do people actually get into trouble for their internet usage?

>the technical details of how the Chinese government manage the internet

This is a very broad topic that require several books to cover, but I will try to outline the more prominent features in a short few paragraphs. Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced. In time, everyone is likely to have already committed some crime as a matter of necessity and thus nobody is safe from the law; the constant threat of law enforcement make people fear the authorities.

Every website serving users in China needs to apply and hold an ICP license[0]. Without a license, no hosting company will do business with you and your domain name run the risk of getting blacklisted if you decide to host it on a foreign server instead. If you have an established online presence, it is in your best interest to avoid anything transgressions that might result in the loss of your license, including but not limited to:

- Hosting illegal content - Not promptly deleting content at the request of authorities - Not complying with any of the cyber security laws

Additional permits are required if the website hosts music/video, publish games or offer money handling services. These permits are often intentionally kept scarce to make the industries more restrictive and compliant.

As for internet users, every service they use require an account tied to their real ID. This is usually done by registering a mobile phone number which is technically always tied to a real identity. Public internet access also require phone verification to access. Therefore anything posted to the internet can theoretically be traced back to its author.

>How often do people actually get into trouble for their internet usage?

This is a really tricky question. Because of all the issues I mentioned above, service providers are strongly incentivized to practice self censorship. Thus a lot of contentious stuff people say will disappear before the authorities gets involved, especially if they are on the open web. Over at the more closed platforms such as WeChat the standards are somewhat relaxed, but from time to time people do get in trouble for what they post. In any case it's hard to tell because the standards being used to judge your words are in a constant state of flux.

What happens after that really depends on where you live. In large cities, the police have more real problems to deal with and are subject to more oversight, so they tend to turn a blind eye except for the most blatantly seditious messages. And even in the latter case most people are let go after a formal warning without much consequence. Small town cops, on the other hand, are a lot more eager to seek prosecution, especially if they are corrupt or have a personal vendetta against you. Conflict zones like Xinjiang are the worst because they are under effective martial law, so anything remotely out of the line will get a follow-up.


> Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced.

as a complete sidenote, aside from your excellent comment, I'd like to point out that this is true in 'The West' too.

EDIT: Let me give a specific example in my home country (The Netherlands). Weed is 'tolerated', but not legalized. You might feel free: you can buy weed at coffeeshops, even smoke it in front of a cop but it's still illegal.

Woe is you when you smoke it with any regularity and drive a car! If for some reason you're stopped for 'erratic behavior' in traffic, you can be submitted to a saliva test. Depending on your online sources, these can tell whether you've smoked weed in at least the past 24 hours. But when the cops are not friendly, they can make you take a blood/urine test, in which use of weed can be detected for up to 3 months, chronic or otherwise, at least.

What this means is that in The Netherlands, which weirdly is often seen as a laissez-faire place to smoke, you can be caught as a 'drug user' even if you've not smoked 3 months after your last joint.

What happens next is that your license is revoked, you might be imprisoned, and for the next year or so you need to take various tests to prove that you're safe on the road, and you might have to talk to a psychiatrist. Costs very well might exceed 1000 euro for all of this.

To be clear, if you never smoke weed, and light up once, you'll be safe after about 24 hours. But any usage beyond that puts you into a murky world that potentially leads to all of the aforementioned, no nuance.

My point is that is 'authoritarian' has quite a few dimensions, and even a 'liberal', 'western' country like The Netherlands is quite authoritarian from certain perspectives. That's not to diminish what you're saying about China, but just something to keep in mind.

Thanks for the comment. Maybe I am reading it wrong, but what you described sounds rather reasonable to me. After all, marijuana does impair one's ability to drive[0]. The traffic laws may be a bit draconian but I find it hard to argue against it in principle.

To give you a related, and hopefully less political example: People who suffer from epilepsy in my country are technically disqualified from driving for 12 months after a major seizure. In that event their affliction is probably not controlled by medicine and there is a chance that they might start seizing behind the wheel.

An unintended consequence of the law is that epileptics would go to great lengths to hide the extent of their condition for the fear of losing their driving priviledge. It's not uncommon for epileptics to lie to doctors, or even refuse to go to a hospital after an ambulance has been called for them, just so an episode could remain off the book.

Some might be doing it for vain reasons, but there is also a good number of patients who cannot afford to lose their license as their job security may depend on it. The balance between public safety and personal freedom is never easy.


> Thanks for the comment. Maybe I am reading it wrong, but what you described sounds rather reasonable to me. After all, marijuana does impair one's ability to drive[0]. The traffic laws may be a bit draconian but I find it hard to argue against it in principle.

I do agree that driving while high, or shortly after, is not a good idea.

The problem is that smoking with any regularity at all is effectively illegal, regardless of how sober you are when you're stopped, and the punishment is ridiculously heavy.

I mainly used the example in response to the earlier comment ("Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced."). Specifically when it comes to driving and weed, I'm definitely in favor of some regulation, similar to how we treat alcohol and driving.

I agree this is quite a problem, and not fair. But, what alternative do the police have? Refuse to arrest people for driving while high, because they have no test for it?

I don't mean this rhetorically: it seems that we have to err in one direction or the other until we come up with a better test. What do you think?

The tests that exist are fine.

A saliva test is decently accurate as a first pass to detect smoking in the past 48 hours or so. A blood test is more accurate, but can have 'positive' result for chronic smokers even if they've not smoked for weeks or months.

The problem is rather that unlike alcohol, 1) there's no matter of degrees and the cut-off point for testing 'positive' is extremely low, plus the punishment is unusually high, especially when compared to alcohol which provably impairs driving significantly (and almost certainly more severely than weed). And 2), contrary to all other drugs, the 'evidence' of smoking is stored in your body's fat, which means you can test positive even if you've not smoked in a long time (and are almost certainly not driving-impaired).

> it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced. In time, everyone is likely to have already committed some crime as a matter of necessity and thus nobody is safe from the law; the constant threat of law enforcement make people fear the authorities.

Expanding a little on the point mercer is making, the legal situation in the US (and other "friendly" countries) does not differ from what is described here. What's different is that people mostly don't fear the authorities so much.

But since the legal situation isn't different, it can't explain why the authorities are feared in China. I suggest that the fear is based more around "what is the government likely to do" than "what is the government allowed to do".

>I suggest that the fear is based more around "what is the government likely to do" than "what is the government allowed to do".

Government is not a monolithic being. Each branch have their own intention and goals.

In any case, due process is underdeveloped in China and the police does have a lot of arbitrary powers that will affect people's lifes. For example, the police is allowed to detain anybody at their pleasure for up to 15 days; there is no appeal and the incident stays on your record forever.

Most time they don't have any reason to mess with a random individual, but they won't be sorry about it either when it happens.

Public APs don't require ID for login. Only the IM services require ID.

They require your phone number which is always tied to an ID.

Oops. I forgot that.

Tangentially, regarding your other comment that surveillance systems are often set up in an ad hoc way, could you provide some references? This is quite interesting to hear.

I don't have a write-up on hand but you can get a gist of these systems by looking at the product page of one of the major providers: https://www.wwwscn.com/page/show/service.html

What isn't shown is that they also inject ads into web traffic and (allegedly) can be controlled like a botnet.

And what happens if I log in with someone else's phone number?

The opening statement of the author is really overblown and sensationalist. Only at the end of the thread did he admit that all data there apparently come from net cafes, but 1. there is no evidence that messages from private devices are being included in this database 2. one has to understand that China is vast, and each local authority differs a lot from the next one in deciding what it does. It totally wouldn't surprise me that the local authorities of several cities/provinces decided to sign a contract with this net cafe management software provider, who essentially installs a spyware on each net cafe computer and routes the traffic to the police. Doesn't suggest it's any sort of coordinated, deliberate action from the central government though. Comparing it to PRISM and NSA is highly misleading and irresponsible, and just putting a blanket word "China's" in the title is inaccurate. Sadly it's how most news stories are done these days.

Where are these leaks available?

It sounds like the leak is just the mongodb instances being open to incoming traffic from the internet without authentication. This a common problem with MongoDB, because its default configuration is insecure.

Who are the leakers and how easy would it be for the government to track them?

is the _index key common to nosql dbs? looks like elastic at first glance, but i haven't used mongodb ever

We knew this all alone, but seeing the screenshot still turns my blood boiling. FK THEM

How typical is it for the Chinese to use English headers in their DBs?

Could this “solution” be off the shelf, or developed by non-Chinese?

The front-end users wouldn’t see the backend structure.

Along with some native English speaker names like “CertificateNo” for certificate number.

As a non-latin language user, I can say that we do use English headers most of the time because nobody wants to deal with potential locale/coding problems.

> How typical is it for the Chinese to use English headers in their DBs?

very typical. because unicode table names or key names are rare.

Is there any research that proves the causal relationship between surveillance and crime rate ? I've been constantly shut up with this statement "Don't you want your country to be safe" when I talk about privacy intrusion by Govt .

There are hidden assumptions in the question "Don't you want your country to be safe?"

What the question is really asking is this: "Don't you want your country to be safe no matter what?"

No, I do not. I want my country to be a place where I am proud of living. It doesn't have to be perfect, it just has to have traditions that are important to me that stay the same over time and try to get better over time.

I want my country to stay a place I am happy living in. I can live with some danger much easier than I can a surveillance state. Danger is a situation that is stable over time. Operating a panopticon is not.

The second premise is that it is possible to make some universal rules that will make everybody safe. Throughout history we have lots of examples of places where large groups of people were "completely" controlled. Modern prisons in the U.S. are a good contemporary example.

These places are not safe. In fact, the tighter we grip a population in order to make them safe, the more we create criminals who are part of the surveillance system itself. These criminals are in many cases impossible to discover. So now you have a lot of control and surveillance with criminals you can't identify or catch. The Chinese deal with this by every now and then sacrificing some of the party apparatchiks to the mob. The jury is still out on whether that actually works over several decades or not. I doubt it. But even if it did, it's still an unstable system.

Nations don't exist to extol one virtue over all others. "Safety" is a great thing, but it's not the end of the conversation when it comes to decision-making. It's a complex balance that should dynamically change over time as conditions force. When you systematize things like massive surveillance, you actually hurt the cause of public safety. It gets better for a short while -- then the rebound happens. And it's not pretty.

Indeed, safety also has different aspects. You might be safer from getting mugged, but less safe from getting arrested and tortured, run over by a car, or from breathing polluted air and getting cancer. The same apparatus that makes people afraid to be muggers, will also make them afraid to point out abuses.

There are way more hidden assumptions than just "Don't you want your country to be safe no matter what?".

What's really happening when you agree to surveillance, is you're agreeing to give power in the form of information asymmetry to people you don't know. You assume those people will use that power for your benefit. In reality, there is very little guarantee that that's true - though there is some statistical likelihood that it's true.

At the end of the day, there is no such thing as law and order, no such thing as values and ethics, no such thing as society and civilization. All there really is is groups of people with varying levels of power and cohesion, varying overlap of shared interests, rather predictable human nature, and game theory. If you lose sight of that, you do so at your own peril.

I must say this is the sort of quality comment that makes me come back to HN again and again. I've never been fully able to articulate why the "safety" argument is a farce, and I think you've done a cogent, lucid, commendable job here.

I guess you could look at major European cities like London where CCTV is pervasive and other cities with considerably less.

It seems to me that most of the justification for surveillance systems is focused on edge cases, terrorism and paedophilia which are statistically unlikely of affect the vast majority of people.

If you watch some of the reality TV you see in UK about CCTV surveillance you’d think the county is suffering from a crime epidemic when in fact a lot of the situations are minor and often escalated by overly aggressive police officers interacting with uneducated angry drunk people.

Better social policy regarding education and alcohol would be the better solution.

> If you watch some of the reality TV you see in UK about CCTV surveillance you’d think the county is suffering from a crime epidemic when in fact a lot of the situations are minor and often escalated by overly aggressive police officers interacting with uneducated angry drunk people.

I couldn't find London's murder rate further back than 1990 for some reason, but for England, the murder rate is higher now than it's been since at least 1900.

We don't know if CCTV surveillance, gun bans, and silverware purchasing restrictions have had an effect reducing violent crime, but at the very least it hasn't been enough to counter the increase.

> Better social policy regarding education and alcohol would be the better solution.

I'm pretty skeptical that this would decrease violent crime and/or murders. Do you have any evidence for this?

Murder rate or murder rate per capita? Please, please source stats on this kind of thing or we end up talking past each other.

Watch out for "exceptions" causing confusing numbers, e.g. https://www.theguardian.com/uk-news/2017/jul/20/official-fig... : "The official figures [for 2017] also show a 26% rise to 723 in the homicide rate, which includes the 96 cases of manslaughter at Hillsborough in 1989."

This article also mentions consistently falling police numbers. The police and court services are stretched very thin.

I never said it would decrease either, I said that better social policy would reduce the need for surveillance and aggressive policing — which seem to be more reactionary and designed to appease the typical Daily Mail reader. There are a lot of angry young men with little or no skills in the U.K. with nothing to do. This ASBO generation is who should be helped with better social policy.

The fact is that the homocide rate has utterly collapsed[0]. It’s difficult to compare the murder rate today with 1900 due to economic and cultural shifts. We may as well compare the execution rate, the domestic violence rate and the sexual assault rate too.


This is probably the best study out there, and it hits the alcohol point pretty well:


Alcohol is involved in 40% of violent crime in the US.


What happens when you remove "angry drunk picks a fight" type of crimes from those stats?

Drunk people getting in fights is categorically different from violent crime committed for material gain (robbery, carjacking, etc). The causes for the problem and the way to go about solving the problem are totally different. Keeping people from getting angry drunk is not going to stop a home invasion. Stopping a home invasion is not going to improve crime stats because it's a single instance of violent crime. It's very possible to have a society relatively devoid of "violent crime" in which drunken brawls are fairly common. It's also possible to live in a society with lots of violent crime but no bar fights.

Including or excluding drunks to make the crime stats look how you want them to is no more honest than using gang violence to make the "mass shooting" statistics look how you want them to.

You can't just paint with a broad brush when it comes to violent crime (well you can but it's stupid and counterproductive if your goal is to understand crime for the purpose of advocating for public policy that reduces it). A drunk guy getting in a fight is different from domestic violence is different from robbing a delivery driver but they'll all show up when you "select * where includes_assault = true;"

It's true that they're different types of crime, but that doesn't make it not crime and it doesn't make it not violent.

Where did I say otherwise? Of course it's still violent crime.

That might be technically true, but it looks like the murder rate in the UK hasn't varied greatly over the course of the past century-and-a-bit, at least according to https://en.wikipedia.org/wiki/List_of_countries_by_intention....

If you watch reality TV then you aren't getting the facts.

Of course, it’s not something I would normally watch. It is however very popular with my parents generation. They get very invested in the whole idea of the world falling apart when the data shows that crime is falling.

Maybe because of the "it was better when we were young" kind of ideas? Obviously it was and it will be for us too. We were younger, healthier, stronger and living in the environment we were raised into, not something made by younger and unfathomable minds.

I've seen some English reality / cop TV, it's entertaining enough - mostly because most of the crime shown there is benign, like idk, people driving without a license or drunk people. They probably make those shows on purpose though, showing on the one side that crime isn't that bad, and on the other to remind people to keep their insurance up to date because the cops are watching.

> when in fact a lot of the situations are minor and often escalated by overly aggressive police officers

Do you have a citation for this?

There appears to be a good bit of literature on the Stop and Search tactic[0] and also the examples of the harassment of law abiding photographers in the U.K.[1]

It’s race to the bottom policing that’s approaching the US model. Assume everyone is a criminal (when crime is at an all tome low), dress police officers up in tactical gear, and turn them into enforcers rather than protectors.

[0] https://www.ncjrs.gov/App/abstractdb/AbstractDBDetails.aspx?... [1]https://www.theguardian.com/uk/2010/jan/23/photographers-pro...

You can visit many town centres in the UK on a Friday evening and witness it yourself, to a degree. The Police also have a habit of speaking some other kind of language that has the effect of causing people who are already bad tempered to become even more so.

Of course no data, purely observational.


The current Mayor of London (Sadiq Khan), his religion (Islam) and immigration are unrelated.

Sadiq Khan is the Labour candidate who succeeded the previous Conservative mayor by majority in a democratic vote. Swings between the two major parties are common.

In other totally unrelated news, 12% of the population of London are Muslim.

Your reckless conflation of facts paints you as a troll of religious discrimination if not outright racism.

So it’s okay for England to colonise half the planet and then get upset when some of their subjects move there?

The fact is that crime in Europe has utterly collapsed.

While I may disagree with the parent post, I do not agree with this one either. Just because some people did horrible things in the past from the country that I had no control over does not mean that these evil things should be done to me, too. It does not justify it. Not at all.

The point is that many of the Rule Britannia white nationalists in the UK point out anyone who is not white Anglo Saxon as immigrants who should all be deported when in fact many of the wide range of ethnicities that call the UK home first settled there during the days of empire or from commonwealth countries.

I guess it’s not unlike the situation with the recent treatment of Puerto Rico by the US.

I'm not sure where you're getting your info, it's a load of nonsense.

You can see net migration explode from 1990 onwards, compared to what was negligible migration in the decades before that.

How is legal immigration an evil thing?

I did not intend to say that legal immigration is an "evil thing". As far as I am concerned the parent comment tried to justify it in such a way that just because some people from England colonized some parts of the planet through aggression in the past, then somehow it necessarily follows that people who live in England today must agree to open borders, or say, illegal immigration. Illegal immigration because, "after all, people from England colonized the planet through aggression before! You deserve it!". See what I mean? This is what I thought the parent meant. It might be the case that I am biased because I did argue with too many people holding this belief: "your ancestors did terrible things, therefore you should keep quiet and take it!". I do not agree. In case this is not what the parent meant, or you think he meant something else, please do not hesitate to correct me.

England doesn't have subjects. Britain has a mere 829 subjects who do not have the right of abode in the UK.

There's no convincing research that establishes causality on such complex sociological matters, since you can't create clean experiments, and observations are not useful since there are too many confounding factors.

However, you don't really need research on this, it's obvious that surveillance offers meaningful safety benefits. I think the problem some people have with surveillance is that its costs may outweigh its benefits.

For example surveillance can be used to shift political system in the authoritarian direction, by suppressing political opposition. It can be used to sustain inequality since it provides those with money or power a powerful leverage to entrench their positions. It can be used by corrupt officials and hackers to commit serious crimes (partly offsetting its crime reduction benefits). Finally, even if surveillance isn't abused, it can be uncomfortable to some people who just don't like being watched.

> it's obvious that surveillance offers meaningful safety benefits.

Is it, though? As far as I know, most crime is of the "spur of the moment" type, decided on the stop, without much regard for the consequences. Thus, I'd expect more surveillance to be able to increase the odds of getting caught, but to not actually reduce the amount of crime.

I'd also be ware for increased surveillance to hamper the ability to correct "wrong" laws.

Oh you're right, I didn't think about it. I take it back, it's not that obvious that it offers meaningful safety benefits.

Still, I suppose if the probability of being caught goes from 1% to over 50%, it might be enough to scare off even the spur of the moment criminals.

Also, a decent fraction of crimes are at least somewhat planned or even repeated, and those should be affected by the chance of being caught.

On the other hand, there are also more things I didn't think about. Suppose surveillance actually catches all car thieves. Will most of them go get a job? Or will they just switch to crimes that are harder to detect with surveillance? My guess is that most criminals will either stop committing crimes or spend most of their life in jail. But I may underestimate the creativity and capability of criminals.

> partly offsetting its crime reduction benefits

No, potentially outweighing them. There is no reason to think surveillance cannot enable more crime than it solves, and the more surveillance you have the more likely that gets.


Although if I have to guess, the new crimes it enables are less destructive than the ones it catches. As an example, a mugger has a risk of killing or seriously injuring the person. On the other hand, someone who steals surveillance data for blackmail purposes will not cause nearly as much harm.

No expert on US law, but I think mass surveillance is illegal. So yes, there is a very direct connection between surveillance and criminality.

An argument can be made that any prevented crimes are not published, with the intent of lulling would-be criminals or terrorists into a safe sense of security - that is, that communicating via a certain platform is safe enough, not knowing the NSA is listening in.

And on the other hand, what makes you feel safer: no news at all, or "1000 potential terrorist threats thwarted through surveillance". The former is dull, but dull is good right? The latter is stressful on both sides, on the one hand that apparently there are at least 1000 terrorists active - and what about the ones they didn't catch - and on the other that the government is listening.

So that's my theory; if government surveillance is effective, it's kept under wraps so it remains effective.

> An argument can be made that any prevented crimes are not published

Between the police fighting for funding, media fighting for content (Florida man), and police force for recognition (police posing with stashes of money/drugs/guns), I'm not sure there's much strategic hiding going on.

I do believe higher levels of surveillance will have higher levels of inhibition for petty crime.

But it will not inhibit white collar crime (such as corruption or fraud etc). It won't inhibit crimes of passion. And it won't inhibit premeditated crimes that require lots of planning and hardcore execution (like drug/human trafficking etc).

Apparently the appearance of surveillance was enough. "The cardboard cutout cop":


It's classified

Based on this leak, probably not for long

Well, a policeman on the beat or patrolling in a car is surveillance.

Based on that surveillance does work.

The question is rather at what level surveillance does not meaningfully reduce crime anymore but becomes a (political) control tool.

I still differentiate between public and private spaces.

I do believe surveillance and the threat of surveillance does heavily undermine public trust in a society and its institutions and that this can be easily deduced by reasoning. Good thing trust is not an issue in 2019...

Ever wondered why so many constitutions around the world forbid surveillance?

I believe the studies about people becoming dumber...

In my country I'm more afraid of police than of thugs, tbh

Fixed, thanks.


Why are you copying the first twitter reply here?

He will be a Hero of China in 21 century to save Chinese from communist party.

Please keep political and ideological flamebait off HN. Ditto for nationalistic flamebait.

It's a copy/paste of one of the comments on Twitter. No idea to what purpose though.


But who need it?


I don't condone surveillance. It is a reality of life. However, I would expect that it is done responsibly and securely. I don't consider surveillance a big violation BUT doing a poor job at protecting the collected data is an egregious violation of privacy.

The only reason to collect data is to use it and those collecting and storing the data are fully responsible for how it is used. The reasons for collecting and retaining it should be explicitly stated and it should only be used for those purposes. It doesn't matter who is doing it - Facebook, Google, a random web site or a government.

Well, perhaps the fact that you justify surveillance is mostly the result of what those organizations have done around the world.


Who will hurt you more than authorities can?

In the case of the US, the government is bound by due process, at least theoretically, which makes it far less likely to hurt me than private entities.

Granted, that may not be the case when it comes to China.

That's putting the cart before the house. Due process isn't an agent that enforces your rights, due process is a convention of how things are done. Nothing fundamentally prevents anyone from simply not following due process, other than the actual power structure of society, i.e., what people could get away with. That actual power structure depends on stuff like knowing things about people allowing you to control them. To illustrate what I mean: If your opponent can blackmail all judges, there is no due process for you.

Due process can also be used to oppress. Totalitarian systems are about 'process'. Customs officers going through your personal papers in US airports like the stasi is 'due process'. Secret courts and secret orders are also 'due process', not being able to speak out against arbitrary gag orders is also 'due process'.

Whistle blowers and activists being harassed, surveilled or infiltrated by law enforcement or not a single person being held to account after the NSA revelations is 'due process'. Users being spied and stalked on by an assortment of SV companies and state agencies via the internet, phones, facial recognition, licence plates do not seem to have access to the basic right to privacy or any recourse to due process.

These binary statements about 'rule of law', 'due process', dissent, democracy comes across as theoretical and disconnected from the complexity and events in the real world.


> Government doesn't care about me

Until they do.

Hi from Germany.

You dont even have to worry only about your own/current government. Take the Netherlands, with detailed census data (conveniently as punchcards) about their population before the German invasion. With the threat of an invasion looming some suggested to at least trike out the information about religious believes. Unfortunately this didnt happen. Amsterdam had one of the highest rates of deported Jews for a reason.


This is the timeline we live in now, this is how it's turning out, this is who we are becoming, and it makes me sick to my stomach.

I wonder if India's neighbor also engages in "our ability to arrest you proves our network is secure" tactic. Aadhar, the BS cattle-tagging project is premised on this principle, while they ship Indian citizens' information to Inqtel backed corporations ... because "it's nationalist" to do so.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact