I recall in a previous list of open MongoDBs, the Chinese equivalent of the US Food and Drug Administration had an open MongoDB.
In the picture "你还用说我大", "那是衣服紧" (Translate: "You don't need to tell me that mines was big", "That's because the cloth is tight").
I don't know about the "typical" thing due to lack of context. But my sense tells me, that "teenager" is doing some sex talk.
Another one: "说:!收【【【46--48道士号】】】卖的微信XXXXXXXXXXX" ("Buying 46~48 level Taoist account, contact me using WeChat XXXXXXXXXXX"). I guess this person is trying to buy a in-game character. Taoist is a type of character similar to magician.
I think the message is captured by some type of Internet Cafe managing software, which can be installed on the machine so the admin could remotely control and "auditing" it. Typical feature includes shutdown, force logout, timer etc. I don't know it can also record chat messages, but the fact it can does not surprise me that much to be honest.
It never ceases to amaze me how many of these massive data leaks are simply "mongodb in default configuration".
I just don't understand how it was thought, at any point in time, to be a good idea that mongodb in its default configuration, would be open to the world with no authentication.
Here's one article of apple doing this. I'm not meaning to pick on Apple here, but imo they're the most security/privacy conscious of the really big players, and they've caved.
Contrary to popular opinion on HN and other forums in the Anglosphere, surveillance in China is a nuanced problem and tech companies are far from completely passive. Local police are often denied when they request information because technically they lack jurisdiction on companies located in a different town or province. As a result they resort to catch-all interception using devices like these makeshift DPI systems(there is no clear legal requirement, but internet cafe owners are easily coerced into installing them or risk having their business hut down over various infractions) and Stingray-like fake cell sites (a constant source of conflict with major telcos because they are often poorly installed and would interfere with normal cell sites).
These ad-hoc schemes are usually put together by the lowest bidder, so they tend to be horribly inefficient and insecure like what's been shown in this case. But to local LE it's still preferable to going dark, not to mention there is usually little accountability when their system breaks.
I feel like most people felt that way about the NSA's capabilities pre-Snowden
Personally speaking, Snowdon actually made me a lot less paranoid about the NSA: They are, like every other nation state backed blackhat, relys on having physical access and 0day exploits to do their bidding. No magical backdoor or quantum computers involved.
I'm not sure where you got the notion that they need physical access to anything either. Apart from intercepting comms on the wire, they deliberately subvert crypto standards in such a way that only they have access . That is as close to a "magical backdoor" as it's possible to get.
The slides in the guardian article is pretty vague. The only proven case of NSA inserting a backdoor would have been the DUAL_EC_DRBG algo, and people have been alleging that from the very beginning. IIRC, Bernstein went on further and suggested that the NIST ECC curves may be compromised, but that's far from proven.
Most real life attacks we have seen such as logjam and beast arises from longstanding vulnerabilities that are in no way exclusive to the NSA, but they are probably in a better position to analyse past interceptions once an.exploit has been found.
They can break into any company's network but they can't break into every company's network.
I believe that if the NSA targets a company, they'll almost certainly be able to infiltrate the network after some nontrivial targeted and sustained effort. Maybe someone like Google could fend off the NSA but I doubt it. The NSA only has to get lucky once, Google has to be secure 100% of the time. It's a tough battle.
But the NSA isn't currently monitoring every private corporate network, that's just crazy talk. I think.
"Internal NSA presentation slides included in the various media disclosures show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details. Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want.""
That would fully qualify as a "magical backdoor" in my opinion. Companies stated as participating in the PRISM program include Microsoft, Facebook, Google, and Apple, among others.
 - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
This is a very broad topic that require several books to cover, but I will try to outline the more prominent features in a short few paragraphs. Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced. In time, everyone is likely to have already committed some crime as a matter of necessity and thus nobody is safe from the law; the constant threat of law enforcement make people fear the authorities.
Every website serving users in China needs to apply and hold an ICP license. Without a license, no hosting company will do business with you and your domain name run the risk of getting blacklisted if you decide to host it on a foreign server instead. If you have an established online presence, it is in your best interest to avoid anything transgressions that might result in the loss of your license, including but not limited to:
- Hosting illegal content
- Not promptly deleting content at the request of authorities
- Not complying with any of the cyber security laws
Additional permits are required if the website hosts music/video, publish games or offer money handling services. These permits are often intentionally kept scarce to make the industries more restrictive and compliant.
As for internet users, every service they use require an account tied to their real ID. This is usually done by registering a mobile phone number which is technically always tied to a real identity. Public internet access also require phone verification to access. Therefore anything posted to the internet can theoretically be traced back to its author.
>How often do people actually get into trouble for their internet usage?
This is a really tricky question. Because of all the issues I mentioned above, service providers are strongly incentivized to practice self censorship. Thus a lot of contentious stuff people say will disappear before the authorities gets involved, especially if they are on the open web. Over at the more closed platforms such as WeChat the standards are somewhat relaxed, but from time to time people do get in trouble for what they post. In any case it's hard to tell because the standards being used to judge your words are in a constant state of flux.
What happens after that really depends on where you live. In large cities, the police have more real problems to deal with and are subject to more oversight, so they tend to turn a blind eye except for the most blatantly seditious messages. And even in the latter case most people are let go after a formal warning without much consequence. Small town cops, on the other hand, are a lot more eager to seek prosecution, especially if they are corrupt or have a personal vendetta against you. Conflict zones like Xinjiang are the worst because they are under effective martial law, so anything remotely out of the line will get a follow-up.
as a complete sidenote, aside from your excellent comment, I'd like to point out that this is true in 'The West' too.
EDIT: Let me give a specific example in my home country (The Netherlands). Weed is 'tolerated', but not legalized. You might feel free: you can buy weed at coffeeshops, even smoke it in front of a cop but it's still illegal.
Woe is you when you smoke it with any regularity and drive a car! If for some reason you're stopped for 'erratic behavior' in traffic, you can be submitted to a saliva test. Depending on your online sources, these can tell whether you've smoked weed in at least the past 24 hours. But when the cops are not friendly, they can make you take a blood/urine test, in which use of weed can be detected for up to 3 months, chronic or otherwise, at least.
What this means is that in The Netherlands, which weirdly is often seen as a laissez-faire place to smoke, you can be caught as a 'drug user' even if you've not smoked 3 months after your last joint.
What happens next is that your license is revoked, you might be imprisoned, and for the next year or so you need to take various tests to prove that you're safe on the road, and you might have to talk to a psychiatrist. Costs very well might exceed 1000 euro for all of this.
To be clear, if you never smoke weed, and light up once, you'll be safe after about 24 hours. But any usage beyond that puts you into a murky world that potentially leads to all of the aforementioned, no nuance.
My point is that is 'authoritarian' has quite a few dimensions, and even a 'liberal', 'western' country like The Netherlands is quite authoritarian from certain perspectives. That's not to diminish what you're saying about China, but just something to keep in mind.
To give you a related, and hopefully less political example: People who suffer from epilepsy in my country are technically disqualified from driving for 12 months after a major seizure. In that event their affliction is probably not controlled by medicine and there is a chance that they might start seizing behind the wheel.
An unintended consequence of the law is that epileptics would go to great lengths to hide the extent of their condition for the fear of losing their driving priviledge. It's not uncommon for epileptics to lie to doctors, or even refuse to go to a hospital after an ambulance has been called for them, just so an episode could remain off the book.
Some might be doing it for vain reasons, but there is also a good number of patients who cannot afford to lose their license as their job security may depend on it. The balance between public safety and personal freedom is never easy.
I do agree that driving while high, or shortly after, is not a good idea.
The problem is that smoking with any regularity at all is effectively illegal, regardless of how sober you are when you're stopped, and the punishment is ridiculously heavy.
I mainly used the example in response to the earlier comment ("Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced."). Specifically when it comes to driving and weed, I'm definitely in favor of some regulation, similar to how we treat alcohol and driving.
I don't mean this rhetorically: it seems that we have to err in one direction or the other until we come up with a better test. What do you think?
A saliva test is decently accurate as a first pass to detect smoking in the past 48 hours or so. A blood test is more accurate, but can have 'positive' result for chronic smokers even if they've not smoked for weeks or months.
The problem is rather that unlike alcohol, 1) there's no matter of degrees and the cut-off point for testing 'positive' is extremely low, plus the punishment is unusually high, especially when compared to alcohol which provably impairs driving significantly (and almost certainly more severely than weed). And 2), contrary to all other drugs, the 'evidence' of smoking is stored in your body's fat, which means you can test positive even if you've not smoked in a long time (and are almost certainly not driving-impaired).
Expanding a little on the point mercer is making, the legal situation in the US (and other "friendly" countries) does not differ from what is described here. What's different is that people mostly don't fear the authorities so much.
But since the legal situation isn't different, it can't explain why the authorities are feared in China. I suggest that the fear is based more around "what is the government likely to do" than "what is the government allowed to do".
Government is not a monolithic being. Each branch have their own intention and goals.
In any case, due process is underdeveloped in China and the police does have a lot of arbitrary powers that will affect people's lifes. For example, the police is allowed to detain anybody at their pleasure for up to 15 days; there is no appeal and the incident stays on your record forever.
Most time they don't have any reason to mess with a random individual, but they won't be sorry about it either when it happens.
Tangentially, regarding your other comment that surveillance systems are often set up in an ad hoc way, could you provide some references? This is quite interesting to hear.
What isn't shown is that they also inject ads into web traffic and (allegedly) can be controlled like a botnet.
Could this “solution” be off the shelf, or developed by non-Chinese?
The front-end users wouldn’t see the backend structure.
Along with some native English speaker names like “CertificateNo” for certificate number.
very typical. because unicode table names or key names are rare.
What the question is really asking is this: "Don't you want your country to be safe no matter what?"
No, I do not. I want my country to be a place where I am proud of living. It doesn't have to be perfect, it just has to have traditions that are important to me that stay the same over time and try to get better over time.
I want my country to stay a place I am happy living in. I can live with some danger much easier than I can a surveillance state. Danger is a situation that is stable over time. Operating a panopticon is not.
The second premise is that it is possible to make some universal rules that will make everybody safe. Throughout history we have lots of examples of places where large groups of people were "completely" controlled. Modern prisons in the U.S. are a good contemporary example.
These places are not safe. In fact, the tighter we grip a population in order to make them safe, the more we create criminals who are part of the surveillance system itself. These criminals are in many cases impossible to discover. So now you have a lot of control and surveillance with criminals you can't identify or catch. The Chinese deal with this by every now and then sacrificing some of the party apparatchiks to the mob. The jury is still out on whether that actually works over several decades or not. I doubt it. But even if it did, it's still an unstable system.
Nations don't exist to extol one virtue over all others. "Safety" is a great thing, but it's not the end of the conversation when it comes to decision-making. It's a complex balance that should dynamically change over time as conditions force. When you systematize things like massive surveillance, you actually hurt the cause of public safety. It gets better for a short while -- then the rebound happens. And it's not pretty.
What's really happening when you agree to surveillance, is you're agreeing to give power in the form of information asymmetry to people you don't know. You assume those people will use that power for your benefit. In reality, there is very little guarantee that that's true - though there is some statistical likelihood that it's true.
At the end of the day, there is no such thing as law and order, no such thing as values and ethics, no such thing as society and civilization. All there really is is groups of people with varying levels of power and cohesion, varying overlap of shared interests, rather predictable human nature, and game theory. If you lose sight of that, you do so at your own peril.
It seems to me that most of the justification for surveillance systems is focused on edge cases, terrorism and paedophilia which are statistically unlikely of affect the vast majority of people.
If you watch some of the reality TV you see in UK about CCTV surveillance you’d think the county is suffering from a crime epidemic when in fact a lot of the situations are minor and often escalated by overly aggressive police officers interacting with uneducated angry drunk people.
Better social policy regarding education and alcohol would be the better solution.
I couldn't find London's murder rate further back than 1990 for some reason, but for England, the murder rate is higher now than it's been since at least 1900.
We don't know if CCTV surveillance, gun bans, and silverware purchasing restrictions have had an effect reducing violent crime, but at the very least it hasn't been enough to counter the increase.
> Better social policy regarding education and alcohol would be the better solution.
I'm pretty skeptical that this would decrease violent crime and/or murders. Do you have any evidence for this?
Watch out for "exceptions" causing confusing numbers, e.g. https://www.theguardian.com/uk-news/2017/jul/20/official-fig... : "The official figures [for 2017] also show a 26% rise to 723 in the homicide rate, which includes the 96 cases of manslaughter at Hillsborough in 1989."
This article also mentions consistently falling police numbers. The police and court services are stretched very thin.
The fact is that the homocide rate has utterly collapsed.
It’s difficult to compare the murder rate today with 1900 due to economic and cultural shifts. We may as well compare the execution rate, the domestic violence rate and the sexual assault rate too.
Drunk people getting in fights is categorically different from violent crime committed for material gain (robbery, carjacking, etc). The causes for the problem and the way to go about solving the problem are totally different. Keeping people from getting angry drunk is not going to stop a home invasion. Stopping a home invasion is not going to improve crime stats because it's a single instance of violent crime. It's very possible to have a society relatively devoid of "violent crime" in which drunken brawls are fairly common. It's also possible to live in a society with lots of violent crime but no bar fights.
Including or excluding drunks to make the crime stats look how you want them to is no more honest than using gang violence to make the "mass shooting" statistics look how you want them to.
You can't just paint with a broad brush when it comes to violent crime (well you can but it's stupid and counterproductive if your goal is to understand crime for the purpose of advocating for public policy that reduces it). A drunk guy getting in a fight is different from domestic violence is different from robbing a delivery driver but they'll all show up when you "select * where includes_assault = true;"
Do you have a citation for this?
It’s race to the bottom policing that’s approaching the US model. Assume everyone is a criminal (when crime is at an all tome low), dress police officers up in tactical gear, and turn them into enforcers rather than protectors.
Of course no data, purely observational.
Sadiq Khan is the Labour candidate who succeeded the previous Conservative mayor by majority in a democratic vote. Swings between the two major parties are common.
In other totally unrelated news, 12% of the population of London are Muslim.
Your reckless conflation of facts paints you as a troll of religious discrimination if not outright racism.
The fact is that crime in Europe has utterly collapsed.
I guess it’s not unlike the situation with the recent treatment of Puerto Rico by the US.
You can see net migration explode from 1990 onwards, compared to what was negligible migration in the decades before that.
However, you don't really need research on this, it's obvious that surveillance offers meaningful safety benefits. I think the problem some people have with surveillance is that its costs may outweigh its benefits.
For example surveillance can be used to shift political system in the authoritarian direction, by suppressing political opposition. It can be used to sustain inequality since it provides those with money or power a powerful leverage to entrench their positions. It can be used by corrupt officials and hackers to commit serious crimes (partly offsetting its crime reduction benefits). Finally, even if surveillance isn't abused, it can be uncomfortable to some people who just don't like being watched.
Is it, though? As far as I know, most crime is of the "spur of the moment" type, decided on the stop, without much regard for the consequences. Thus, I'd expect more surveillance to be able to increase the odds of getting caught, but to not actually reduce the amount of crime.
I'd also be ware for increased surveillance to hamper the ability to correct "wrong" laws.
Still, I suppose if the probability of being caught goes from 1% to over 50%, it might be enough to scare off even the spur of the moment criminals.
Also, a decent fraction of crimes are at least somewhat planned or even repeated, and those should be affected by the chance of being caught.
On the other hand, there are also more things I didn't think about. Suppose surveillance actually catches all car thieves. Will most of them go get a job? Or will they just switch to crimes that are harder to detect with surveillance? My guess is that most criminals will either stop committing crimes or spend most of their life in jail. But I may underestimate the creativity and capability of criminals.
No, potentially outweighing them. There is no reason to think surveillance cannot enable more crime than it solves, and the more surveillance you have the more likely that gets.
Although if I have to guess, the new crimes it enables are less destructive than the ones it catches. As an example, a mugger has a risk of killing or seriously injuring the person. On the other hand, someone who steals surveillance data for blackmail purposes will not cause nearly as much harm.
And on the other hand, what makes you feel safer: no news at all, or "1000 potential terrorist threats thwarted through surveillance". The former is dull, but dull is good right? The latter is stressful on both sides, on the one hand that apparently there are at least 1000 terrorists active - and what about the ones they didn't catch - and on the other that the government is listening.
So that's my theory; if government surveillance is effective, it's kept under wraps so it remains effective.
Between the police fighting for funding, media fighting for content (Florida man), and police force for recognition (police posing with stashes of money/drugs/guns), I'm not sure there's much strategic hiding going on.
But it will not inhibit white collar crime (such as corruption or fraud etc). It won't inhibit crimes of passion. And it won't inhibit premeditated crimes that require lots of planning and hardcore execution (like drug/human trafficking etc).
Based on that surveillance does work.
The question is rather at what level surveillance does not meaningfully reduce crime anymore but becomes a (political) control tool.
I do believe surveillance and the threat of surveillance does heavily undermine public trust in a society and its institutions and that this can be easily deduced by reasoning. Good thing trust is not an issue in 2019...
Ever wondered why so many constitutions around the world forbid surveillance?
I believe the studies about people becoming dumber...
I don't condone surveillance. It is a reality of life. However, I would expect that it is done responsibly and securely. I don't consider surveillance a big violation BUT doing a poor job at protecting the collected data is an egregious violation of privacy.
Who will hurt you more than authorities can?
Granted, that may not be the case when it comes to China.
Whistle blowers and activists being harassed, surveilled or infiltrated by law enforcement or not a single person being held to account after the NSA revelations is 'due process'. Users being spied and stalked on by an assortment of SV companies and state agencies via the internet, phones, facial recognition, licence plates do not seem to have access to the basic right to privacy or any recourse to due process.
These binary statements about 'rule of law', 'due process', dissent, democracy comes across as theoretical and disconnected from the complexity and events in the real world.
Until they do.
Hi from Germany.
This is the timeline we live in now, this is how it's turning out, this is who we are becoming, and it makes me sick to my stomach.