Hacker News new | past | comments | ask | show | jobs | submit login
Edward Snowden: Permanent Record (amazon.com)
759 points by peterkelly 10 months ago | hide | past | favorite | 429 comments



I can't speak for the US but this man has shifted so much of the political debate in my country and I think also in the EU in general. If you talked about the massive surveillance from governments people tossed you aside as a paranoid lunatic. After Snowden no one could ignore you anymore and privacy is an aspect in any public debate.


That's great to hear. Unfortunately, his actions haven't really done anything in the US. I wish I could say otherwise, but I haven't seen a single thing change. Privacy still isn't an issue that's on most people's radar. The government still does what it did before and likely a lot more. I have a ton of respect for Snowden, but he severely overestimated how much Americans care about privacy, spying, surveillance, or anything like that they mostly can't even understand.


>That's great to hear. Unfortunately, his actions haven't really done anything in the US.

At the very least it produced some dissonance between democratic establishment and their support base. Bill and Hilary continue to tour the country and I attended their road show in Seattle. Crowed cheered at every statement until they got to, and I quote, “Snowden is a traitor”, which produced very confused and subdued cheer. It was very fun to watch.


encryption by default and privacy as an intrinsic good have been pervasive if subtle shifts in the culture


Yup. Even the dark fiber back haul networks used by data centers that were once thought to be private are now being encrypted (Google, Microsoft, etc have mentioned this).

This is exactly what PRISM was, not taking data from servers, but tapping into the data networks between them and siphoning off whatever the NSA wanted. And it just so happens that to mirror a fiber optic line you use a crystal prism.


It's one for the history books. We can't say we weren't warned. To many of the public bemoan the state of things while ignoring the events that lead up to the current state.


> Unfortunately, his actions haven't really done anything in the US.

It actually changed a lot how some companies handle government requests for data. Apple for example, completely switched their strategy because they wanted to be seen as protective of customer data. They realized that data requests would eventually leak so they avoid storing identifiable data on the servers. They saw privacy as a competitive advantage.

https://www.apple.com/privacy/government-information-request...


Section 215 of the Patriot Act was not reauthorized, for one.


> I wish I could say otherwise, but I haven't seen a single thing change

I've seen intranet encryption between internal services become much more commonplace


Can I ask what country this is in?

Here in the UK, nothing had changed, and any debate that wasn't centred around condemning Snowden and justifying the actions of the security services, was very short lived.


I'd disagree that nothing has changed. Consciousness of the fact that mass surveillance is happening is much more widespread, and gets brought up in passing from time to time. People have changed their behaviour somewhat - eg many now try to use encrypted communications quite consciously and even Signal has become quite popular for example. It's influence thinking over e.g. use of facial recognition cameras in public places which is unpopular.

And whilst what eg GCHQ actually do hasn't really changed much as far as I can tell, it's been brought onto an "open" legal footing which is progress. The next step will be for the legal safeguards which are currently rather toothless to evolve to have real teeth. I think that will happen eventually but it'll be a slow journey to get there.


It's amazing how people still believe government laws will protect them from spy agencies.

The CIA spied on the Senate and nothing happened.

Naive in the extreme. So naive its hard to believe the opinion is genuine and not Astro turf.


If voting made a difference, they would have outlawed it years ago.


Much much more websites are HTTPS now. LetsEncrypt was set up, and browsers are better at HTTPS. That benefits people in the UK. "Encrypt everything" was a result of knowing the NSA were hooving everything up.


In the EU, the revelations from Snowdon were successfully used in the data protection cases which overturned the Safe Harbour exemption.


Is that the case for both govt and private corporate surveillance? How widespread is the use of Alexa in your area?


The key difference is that you can decide not to buy corporate products you do not want, but have to comply with the laws. I am a lot less concerned about stupid things done by a majority for convenience (and I can choose whether to do participate or not) than about the law that forces the same stupidity down my throat. My 2c.


you can decide not to buy corporate products

That's a fallacy by both choice and externality.

There are cases in which there is no choice but to use specific corporate products, or in which choices are made without an individual's consent or involvement.

Karen Sandler, co-host (with former FSF directory Bradley Kuhn) of the "Free as in Freedom" podcast has an implanted, closed-source proprietary medical device. She can literally chose between non-free software (which includes surveillance), or death.

https://sfconservancy.org/news/2018/mar/26/sandler-fsf-free-...

Emergency medical services, government contracts, third-party contracts by various firms and organisations, third-party use of Gmail either directly or as a hosted email service (see Benjamin Mako Hill's "Google has most of my email because it has all of yours": https://mako.cc/copyrighteous/google-has-most-of-my-email-be...), and the issues of spillover externalities (Amazon Ring doorbell surveillance, third-party tracking of mobile phone SIMs, MACs, and Bluetooth signatures, facial surveillance) mean that, no, actually, you cannot decide not to participate in corporate surveillance.

And, as a final point, both government and corporate surveillance and oppression very often speak to the same underlying dynamic: that of power to defend both itself and its wealth and/or golden geese. Examples are numerous, though the Johnson County War would be a good case history: https://en.wikipedia.org/wiki/Johnson_County_War

Let's please put this canard in its well-deserved grave and bury it.


You cannot escape it completely but you can certainly reduce your exposure. I don't think the parent was talking in binary terms.


Each year you can do less and less to limit your exposure. That argument will not old up over time. When IOT and 5G puts more devices online all of these things can be used for surveillance. This argument is not fair or realistic when looking forward a year or two.


This is essentially true of government surveillance as well. Not really a surprise, since most modern state surveillance issues are essentially about ways in which private and public/state power cooperate.

The overarching point is that it's naive to consider issues of privacy particularly distinct in the public or private sphere. Neither market nor political power are trivial to escape (and they have other things in common). Individual opt-outs will only get you so far from either a Google scale or state scale operation.


There are cases in which there is no choice but to use specific corporate products

"No choice" in the sense that you lose business, lose touch with your high school classmates, or are forced to go out and pick up your own food from the restaurant down the street?

Or "no choice" in the sense that people show up at your door with guns?

What a privilege it is to be able to casually use the same language to describe such disparate outcomes.


I've already given a literal life-or-death example above, which didn't involve guns.

Strategems in which individuals are denied the very fundamentals of life, food, shelter, work, engagement in civic, social, commercial, or cultural practices, access to courts, institutions, and the like, without overt threats of violence, are far more effective than guns.

to fight and conquer in all your battles is not supreme excellence; supreme excellence consists in breaking the enemy's resistance without fighting

https://suntzusaid.com/book/3


Your life or death scenario is an edge case with its own special complexities which should not be lumped in with discussions of the vastly voluntary choices we can make. Healthcare is heavily regulated as we all know. This raises the barrier to entry to new competitors, and leads to a less dynamic market where the status quo can last a long long time. So you end up with only 1 or a very small number of medical devices (with the associated software) for a given situation.

I would expect that the greater debate on privacy will, over time, hopefully lead to some changes in how we are able to control the data generated by our bodies. Until that happens, I’m going to take the thing that saves my wife’s life with the potential for some shadiness or simple distaste at what may happen to her data, or, I might look at it as her voluntary consent which was fully given with her and my knowledge well ahead of time — helps to save others lives, and some loss of control of that data is actually quite noble.

As you might guess, I started at the abstract, but ended up at the concrete, and my wife really does have such a device, similar to your example. And I also work in big data analytics industry, and get involved in these sorts of discussions pretty often.


Okay, let's try a concrete example: Gmail. Let us agree that the point of Gmail is to read people's email so it can send targeted adds. That automating the process (since human employees don't directly read that email) makes the thing more efficient, and thus worse, as well as easier to misuse.

Let us agree that I can indeed avoid having a Gmail account. Can I realistically avoid sending email to a Gmail user?

Nope.

There are just too many users. Maybe I can avoid sending mail to <anything>@gmail.com (though not responding to one will invariably be perceived as incredibly rude), but I cannot avoid having Gmail users send email to me. I cannot realistically notice ahead of time that john.doe@example.com is actually using a Gmail server under the hood, and not send the email. I cannot prevent Gmail users from talking about me.

I can reduce my exposure, but there are limits to what I can reasonably do. Your usage of Gmail is hurting my privacy. Okay, not yours, but definitely half of my friend's. I can't realistically ask them to either stop using Gmail, or stop interacting with me, now can I?

Let us agree that individual choices and individual actions don't work.


That automating the process (since human employees don't directly read that email) makes the thing more efficient, and thus worse, as well as easier to misuse.

While I agree with your larger point, I don't agree with this subjective value judgement and am not sure why it's necessary to lump it in with the rest of your (valid) points. Why do I want to see ads for things I'm not interested in? How is that in any way "better?"

What I definitely don't want is unauthorized humans reading my email. (Even so, I have to assume that is exactly what will happen whenever I type or dictate anything into a computer. I've operated on that basis since before GMail, Google, or even the civilian Internet existed.)


I live in the EU, and as such am pretty much nameless for any Google employee. It's not like they would disrupt my personal life. Automated reading however, scales. The damage to any individual is lowered, but it is also multiplied by the number of users. Reliably so.

And now they have a mighty powerful pattern matching machine, they can easily ask more than where I could possibly spend money. They could ask for my political affiliations, or my sexual orientation, my social network (who knows, I may be related to the second or third degree to some nefarious terrorist?).

That last one is very worrying. Especially since recently, my country (France) is being eerily harsh with political opponents. I've just read a story about a journalist (whose income happens to come from YouTube & donations), who is being judged for… gang theft (the pun also works in French), risking up to 75.000€ in fines and 5 years of imprisonment, just because he covered the unhooking of a 8€ portrait of our current president in a Town Office (which usually have president's portraits, but this is not mandatory). Unhooking, they reportedly did not even take the portrait.

So yeah, I'm more and more worried about giving our governments the means to apply their increasing insanity. Sure, having an individual reading my private email is unacceptable, but that risk is getting smaller and smaller, in comparison, to the mass surveillance that automation enables.


> more efficient, and thus worse,

You'll have to detail this particular implication.

I for one would think the opposite.

* also FWIW, IIRC, they don't read email for ads any more.


Your life or death scenario is an edge case with its own special complexities which should not be lumped in with discussions of the vastly voluntary choices we can make.

Karen's and my 2019 FOSDEM keynote (and accompanying podcasts) discuss her struggles with the medical device industry and how those struggles relate to the larger set of choices related to technology that we make. This isn't an issue that lends itself well to short-form discussion. The issues are quite complex:

https://archive.fosdem.org/2019/schedule/event/full_software...

https://archive.fosdem.org/2019/interviews/bradley-m-kuhn-ka...

http://faif.us/cast/2019/jan/13/0x60/

http://faif.us/cast/2019/feb/19/0x61/

http://faif.us/cast/2019/mar/12/0x62/

http://faif.us/cast/2019/mar/20/0x63/


I've already given a literal life-or-death example above, which didn't involve guns.

But it was far too specific (and frankly too obscure) to serve as a general basis for argument. Pacemakers used to run on plutonium. Should that influence the larger debate over nuclear power versus fossil fuels?

If someone has to use a pacemaker or insulin pump that runs proprietary software, that's unfortunate as far as it goes, but the patient himself/herself is fundamentally fortunate to have that option. It would perhaps be better to focus on developing open-source alternatives than to rail against a particular manufacturer's policy... except the (captive) regulators will have something to say about that, won't they? Specifically, what they will have to say about the idea of an open-source pacemaker is "No."

What you are complaining about in this specific instance isn't corporate policy, but government policy. I'm actually very sympathetic to your argument, personally. I've made the point many times that any sufficiently-dominant corporation is indistinguishable from a government. But you need to be careful to identify the party who is actually forcing or denying choice.


> Specifically, what they will have to say about the idea of an open-source pacemaker is "No."

Not specific enough. What they would most likely object to is code you can modify. Code you can inspect on the other hand is a whole 'nother business. And one could easily guarante their pacemaker runs the code the manufacturer says it runs, by having reproducible builds, signing the source & binary, and have the device itself communicate (at least) a version number.

Being able to modify the source would be potentially even better, but if we could at least inspect it, then we would know of bugs & vulnerabilities (some of which have affected Karen Sandler in the past), and the manufacturer would have no choice but be shamed and correct the error.


So the argument is not invalid, but you take issue with it because you can imagine someone in a worse situation somewhere in the world? I fail to see the point of your comment, this is not a UN hearing regarding some oppressive regime.

If you require home internet access to do your 30k salary job, you move into an apartment, and they tell you you have one option for internet access, you have literally been restricted to a single corporate product and subject to surveillance.


The problem is that you can't always opt out of someone else's decisions.

Example: Doorbell Cams taking video of you walking by, uploading it to a corporate database, identifying you using photo recognition algorithms and your location using the home's address, and using that information to sell you things.


Fair. But even this (at least in the US) is the flip side of the laws that in public areas I can take any photos that I want. And I generally like this setup -- I can snap pictures of friends and kids without worrying about proving my right to take those photos).

This should not be taken for granted -- in the UK I was twice (very politely) asked to leave because I was taking a picture and apparently a gov't building was in the background (and you need a permission to photograph those!!) and the second time because a school volleyball competition was played in the background. This is stupid because if I did it with a phone instead of a DSLR no one would notice.

Maybe some limits on commercial photography in public spaces makes sense, but I would not go as far as putting strong limits on it altogether. My 2c.


Photography in public places is a separate issue from long term stocking by companies. One can enable the other, but this does not mean they are equivalent. It's a very American fallacy to overextrapolate an individual right into a justification for commercial totalitarianism. But if an individual person were to suddenly start following you around and photographing you every few minutes, you would rightfully complain to the police. That this is being done at scale and for a profit motive should make it more worrying, not normalize it.


I don't think that limiting the photography or the means of the data collection is the solution. The law is going to have to apply post-mining.

In my opinion, we need to start treating data about users as intellectual property. Generally speaking, you don't have to worry about intellectual property when you're doing something personal. I can say "Just do it" all I want. In the same vein, I can make casual observations about random people on the street without having to worry about violating their privacy (that guy has cool shoes!). But if I start to use "just do it" in my business marketing materials, I'll be in trouble. Similarly, if I start keeping a database of somebody's shoes every time I see them so I can try to sell them something, that should be illegal.


Think of everything you would have to do to avoid being surveilled today. Heck, think about everything you would have had to do even 40-50 years ago. I think the issue is not wether or not you can avoid being surveilled. I think that debate is largely settled. So the next logical question is, what are the rules governing access to that data? At what point do you need consent and from whom do you need consent? I think the fear, sadly, is that even if we come up with rules there is the challenge of how to apply them retroactively or in a backwards-compatible way. It's quite possible that we now we significant portions of the economy relying on companies having unfettered access to their data. I see parallels between this and the shift to renewable energy. Revenue from oil companies is tightly woven into the fabric of the US economy in many ways.


That's the thing.

All of our legal precedent about privacy, law enforcement surveillance, commercial data gathering, etc, really dates to the 1800's and early 1900's when things were fundamentally different. There is a qualitative difference when information can be automatically processed in aggregate.

I don't really care about individual corporate -- or LE -- surveillance actors if the data is partitioned over many and requires real subpoena power or active, limited sharing. If there's thousands of cameras owned by homes and businesses in my town, and everyone uses the pictures on their own for their own purposes, and law enforcement occasionally asks for and/or subpoenas the data when it'd be particularly useful and there's at least some suspicion-- that's great.

On the other hand, when we automatically read license plates and form a big database about where everyone goes every day, that's not so great. When individuals are all subject to mass-scale surveillance that we use with data processing and machine learning to manipulate those people-- that's not so great either.


> using that information to sell you things.

The horror.

The threat isn't corporations. The threat is when the government goes rogue as governments tend to do unpredictably from time to time. The threat materialises in the government using private corporation data to target arbitrary minorities (although usually the educated, wealthy, foreign and free-spirited).

People seem to think that because it "could never happen here" they can just ignore the possibility. Then it turns out that that sometimes it can.

Privacy isn't just about the world as it stands today. Privacy is an acknowledgement that the present and the future are linked and that the future may be profoundly different from today. People aggressively selling you things is more harassment.


> The threat isn't corporations

In a thread about surveillance, why are you drawing a dichotomy between different surveillers and basically giving one a pass? They're both prongs of the same threat! On the collection side, every bit vacuumed up commercially is available for use by the government. And on the use side, there is little difference between a government proper and corporations that have achieved enough power to exert de facto governmental control - especially when colluding through a common third party.


Corporate surveillance is only a problem because it will sooner or later feed in to government surveillance. If I could wave a wand and stop that happening I'd be fine with corporate surveillance; I'm annoyed but not threatened by the idea that someone will study my every movement trying to sell me things I want. I'm threatened if the extremely arbitrary government decides that I'm an undesirable for some reason.

> corporations that have achieved enough power to exert de facto governmental control

Might be a failure of the imagination, but I really can't see myself ever getting involuntarily dragged out of my apartment by McDonalds employees. The worst I've ever seen a corporation do is set the police on someone. As long as the government is functioning sensibly a rogue corp can only do so much.


Surveillance by corporations is also used for: - creating, maintaining and exploiting information asymmetry - manipulating markets, fostering rent-seeking - finding new ways of externalizing costs that escape easy detection - polluting honest policy debate - manipulating the democratic decision-making process - avoiding responsibility for malfeasance - etc, etc, etc, etc, etc and yet more etc

On the large scale, I do not want these entities to have access to weapons-grade behavioural models. On the small scale, I do not want them to have compromising information about individual behaviour. They will use whatever leverage they gain to enrich themselves far beyond their utility.


> ... trying to sell me things I want.

"want". Do you actually desire them, or were you persuaded/tricked into it? :)

Also do not underestimate the influence of corporations:

* https://en.wikipedia.org/wiki/William_Randolph_Hearst#Spanis...

* https://www.newyorker.com/news/daily-comment/kochland-examin...


I honestly don't have a problem being persuaded into wanting something and being 'tricked' is either fraud or the wrong word. I don't agree that advertising is somehow a mind control technique. It is very effective, but being persuaded to do and not do things is part of how I want to operate. If someone makes a case that something is a good idea I'll go with it.

It seems to me that if an advertiser can convince me to spend money then I wish they'd done it sooner. I can easily imagine having bought my first smartphone after seeing an ad. It wouldn't be a trick.

Corporations are worth keeping an eye on, but governments are more unreliable, less governable and generally have larger professional military. And if a corporation acts it is usually in concert with a government.


> Corporations are worth keeping an eye on, but governments are more unreliable, less governable and generally have larger professional military. And if a corporation acts it is usually in concert with a government.

Are you an American? :)


Simply asserting that you're somehow impervious to corporate power is not an argument. Individuals only have the absolute power to not transact in an ideal market where there is vibrant competition for your business, and our real market is far from ideal.

1. Persistent psychological manipulation (advertising), including political manipulation, based on knowing your weaknesses better than you know yourself.

2. Punitive insurance rates based on unreasonable inferences, especially for mandatory insurances. Like say doubling your auto insurance rate for buying more than a few beers per week. Or your health insurance going up due to buying power tools.

3. Blacklisted and prevented from working industry wide. A good concrete example I got from HN just the other day: https://en.wikipedia.org/wiki/Consulting_Association .

4. Prevented from or price-gouged when using vital services. For example - the unbanked (ChexSystems), recent Internet censorship (Visa/MC), Internet service ("six strikes").

The issue isn't the straw man of being "dragged out of your apartment by McDonalds employees", but rather being prohibited from buying food due to being uniformly banned from McDonalds, Burger King, and Walmart - say you've previously shoplifted but have served your sentence, are simply wrongly accused, or perhaps just didn't respect a sign saying to take off your sunglasses.

I know you're likely to respond to these by defining them away as not being problems in your paradigm, but paradigms are only as good as their constructive results. Our current politicatastrophe is basically due to people clinging to their chosen paradigm way past its utility. FWIW our modern society is indistinguishable from a "Libertarian Paradise" where USG is a private corporation that owns everything and who've you've contracted with to be here. An axiomatic approach of morality-by-construction doesn't work - the only way is to judge qualitative situation.


> Punitive insurance rates based on unreasonable inferences, especially for mandatory insurances. Like say doubling your auto insurance rate for buying more than a few beers per week. Or your health insurance going up from buying a power tools.

Is it just supposed to be self-evident that those inferences are unreasonable?

I've always thought that this was an interesting argument. If there is some form of correlation with beer consumption and and car accidents, wouldn't it make sense to adjust your estimated risk based on that information?

I do find it self-evident that that would be a bad thing, but I also have a hard time putting my finger on why.


The problem is that "correlation" seems objective and mechanical, but the model itself carries the bias by choosing which overly simplistic factors are relevant.

Directing focus at "people who drink a lot of beer" means considering people who who drink a lot of beer at home as guilty by association, ultimately due to the subjective priorities of whomever pushed for that model.

Obviously in the expected value sense, charging on correlations is lucrative for the company (as is any justification for raising prices on a set of customers if your competitors do it too). But in the exact same way as saying certain zip codes are more likely to default on a loan, which we rightfully reject.


Your model sucks if you are arbitrarily choosing factors. You choose the factors with the most significant correlations, because those correlations are least likely to be "overly simplistic".

Why would we reject that zip codes are more likely to default on a loan? Seems like information I would like to be aware of if I was a home lender.

I certainly look at crime rates of a community before I live there. While a bad crime rate certainly doesn't make potential neighbors "guilty by association", it certainly increases the likelihood that one of my neighbors might be actually guilty.


> If there is some form of correlation with beer consumption and and car accidents, wouldn't it make sense to adjust your estimated risk based on that information?

Nope. Because it's flawed reasoning. If many people who get into accidents were driving drunk and everyone who drives drunk buys beer it might seem logical to increase rates for everyone who buys beer, but people who drive drunk are only a small percentage of the people who are beer buyers. That kind of reasoning seems more likely to be a weak justification to raise rates for a large number of people than a reasonable response to a trend.


This is assuming that auto insurance isn't a competiitve industry. If a company attempts to raise rates because of a trend that doesn't actually exist, they will inevitably not be competitive with companies that recognize that the trend doesn't exist, and thus it won't change prices for the consumer.

If the insurance companies could arbitrarily raise rates due to a trend that doesn't exist, than they would have already done so. These companies know their margin and they don't bid above that if they want to be competitive.


> If a company attempts to raise rates because of a trend that doesn't actually exist, they will inevitably not be competitive with companies that recognize that the trend doesn't exist,

that assumes that all companies involved aren't doing the same thing. Corporations figured out a long time ago that when one of their competitors does something that makes them more money at the expense of their customers they could start doing the same thing to their own customers and profits increase for everyone without risking prices being driven down by a truly competitive market. The insurance industry in particular is has a long history of shady practices from good old fashioned collusion and price fixing to new techniques like data mining to charge customers different rates depending on where they live, what jobs they have, or how often they're willing to change insurance companies.


If you have reason to believe that the insurance industry is colluding to artificially inflate prices, that's a criminal accusation. If you want to make criminal accusations you start with evidence.

In my view, the insurance industry looks competitive, which means that even though these shady practices happen they can't effectively dictate the entire market.


Buying beer is legal. Driving while sober is legal. Assuming you have no record of driving drunk, any such alleged correlation should not be used to inflate insurance rates, unless you're also willing to say that other correlations of increased risk are also fair game, even if they're based on race or sexual orientation or income or education level or politics or any other characteristic that can be measured and grouped into risk categories.

One of the tendencies of the neo-puritanism that has become prominent in the last decade is a real willingness to abandon any boundaries that have kept corporations from using certain kinds of information against individuals -- boundaries that were in large part legislated during the civil rights era.


It's not illegal to be a male, and my insurance premium still raises because of it.

It's the job of the insurance company to accurately assess risk and charge me that plus their margin. If the companies can more accurately assess risk, than that makes insurance a less volatile and therefore cheaper market.

Insurance companies don't have access to the actual root causes of accidents. They have no measure of my driving skill or risk tolerance or attention span. They just estimate based on some really primitive data they have about me. What's the harm in including more data?


In the same vein, corporate surveillers are roughly bound by law; government surveillers... aren't.

For example, EU corporations are required by GDPR to comply with deletion requests, unless they are asked to retain the data by a government.


It's ironic to see a comment like this in a thread on Snowden. It's remarkable how quick we are to forget about things such as PRISM [1]. PRISM is a government-corporate surveillance coop. Players include Apple, Google, Microsoft, and many others. Capabilities described in slides never intended for public access indicate unilateral access by the NSA to "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.

Especially in modern society government and corporate interests are increasingly interweaving. And I'm no more comforted by governments having access to dystopic levels of personal information than I am by corporations having that access. It just so happens that, in practice, there's no difference anyhow.

[1] - https://en.wikipedia.org/wiki/PRISM_(surveillance_program)


PRISM was an internal NSA web-form for sending what was considered (by some, but not tested in courts) to be legal data access requests to US cloud app providers.

It was a f---ing web-form for sending targeted, narrowly-scoped, legal notices. Nothing more, nothing less. It was not some magical all-seeing Eye of Sauron that gave the NSA a backdoor into every word you ever said online, your blood type, and the number of nose hairs that you plucked this morning.

The really illegal backdoor, unscoped intercepts, including the cable taps, were done without the consent of most (all?) of the companies in question, and were not done through PRISM, but rather through physical access to, say, cross-datacenter cables, straight up hacking, and similar means.[1]

[1] See: SSL added and removed here :v) https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-her...


This is completely incorrect.

To start with "IS, not WAS". PRISM hasn't gone anywhere and the most reasonable path here is to expect it's only substantially grown - as it already was doing at the time of its initial reveal. This [1] is a snippet of the PRISM collection overview. Data is sent straight from the partners to a DITU - data intercept technology unit which then processes the data in various ways before being sent on for further processing to appropriate nodes and ultimately becoming searchable through PRISM.

An example of a DITU is here [2]. Microsoft provides unencrypted access to the NSA to user emails. One slightly tricky thing here was Microsoft deciding to roll out a new 'alias' feature enabling users to send emails under an alias. The DITU for outlook there ensured that NSA tracking would remain consistent regardless of the identity chosen by the user. Finally this [3] is a snip of the slide revealing the scope of data available from various partners. [3]

And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight. As Snowden emphasized, "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."

So, yes it would be much closer to calling PRISM the all-seeing-eye than it would be to a system for sending out warrants. These systems are the reason that the Utah data center was built with storage estimated on the order of exabytes. One exabyte being a million terabytes.

[1] - https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...

[2] - https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...

[3] - https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%...

[4] - https://en.wikipedia.org/wiki/Utah_Data_Center


None of the facts you have cited contradict anything I said.

The data that is sent into the PRISM system is data that is sent by cloud providers, in response to a targeted warrant. The data is not collected whole-sale - it is targeted to a particular individual. That's the whole bloody point of warrants.

Once it's been sent by the cloud providers to the NSA, it ends up in a searchable database. I don't understand what is remotely controversial about that. The source of the data was not whole-sale collection - it was targeted warrants. That it becomes searchable afterwards is not relevant to anything. There is nothing illegal about police retaining data, and maybe even putting it in a searchable database, as long as that data was legally obtained - at least, in the United States.

> And yes, there is supposed to be a formal request where an analyst requests our secret court system approve a search before they carry it out. That process is unsurprisingly a rubber stamp - the court approves 99.97% of all requests. But more importantly this is something with no meaningful oversight.

I'm not sure you understand what the purpose of search warrants is.

Search warrants are overwhelmingly rubber-stamped by courts, regardless of whether it's a secret FISA court, or a local judge who works two days a week in Small Town, AK. The point of having to get a search warrant is not to obstruct the work of police. The courts don't interpret that to be their job.

The point of having to get a search warrant is to prevent fishing expeditions, and to make sure that police are conducting a narrow, targeted search. Most judges will rubber-stamp a search warrant for Bob Joe, based on incredibly flimsy testimony. Most judges will tell a police department to go pound sand if they wanted a search warrant for an entire town.

As long as those FISA courts were dealing with search warrants of the first kind (And all evidence points to this), rubber-stamping them would not have been any different from how regular courts rubber-stamp targeted search warrants.

> "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."

You are conflating two separate parts of PRISM, in a misleading manner.

The first part is how it requests data from cloud providers. It does so by targeted warrant. This is incredibly similar to how regular police operate. They get a targeted warrant, a judge rubber-stamps it, and they serve it. It is incredibly likely that this is not illegal.

The second part is that after it has retrieved the data, that data goes in a database, where every Tom, Dick, and Harry that works for a TLA can search for it (And go on fishing expeditions, in the already-retrieved set of data). This is also not illegal. If you think it is, please point me to legislature, or court precedent that implies that information obtained by the police in a warrant cannot be put into a searchable database.

You are conflating the two, by making it sound like every Tom, Dick, and Harry that works for a TLA can go on an untargeted, whole-sale, unwarranted fishing expedition on Hotmail.com. The simple fact is, they can't. Not via PRISM, at least. This is why the NSA was conducting criminal tapping of cross-datacenter links - because PRISM only let them serve targeted warrants, and they wanted raw, whole-sale, untargeted, backdoor access to your data. That, for some reason, most of the firms implicated in the leaked NSA files were not granting them, hmm...


Since most of your post here is just repeating yourself, I'll avoid doing the same and again implore you to read the useful thing sources I've provided to support most of every statement I've made. You seem have grossly misinformed yourself on this topic and I would strongly suggest reading about it, ideally from The Guardian or the raw data itself. Suffice to say PRISM is not a fancy way of saying "sending a warrant to Google." This [1] is an article (ironically from the Washington Post) that provides a broad introduction to the program and it's scope, scale, and operation.

[1] - https://www.washingtonpost.com/investigations/us-intelligenc...


The two big differences between private and government surveillance is 1) law 2) quantity. Look at China how the private sector freely hands data over. But ask yourself, is it that hard for your government to obtain that data? Are they trying to access it? The answers are probably no and yes.

If you don't feel comfortable with the government having that data, I wouldn't suggest giving it to private corporations. Even if they are standing up to gov, it means things can change. I think Snowden uses the phrase "turn key tyranny".


Not true. Choice is only as good as your options and also depends on the choices of other people around you. My phone records people standing next to me. They might not have chosen to install the apps on my phone, but they’re subject to the surveillance of my device for example.


How do I decide to stop other people uploading photos of me to Facebook?


> " I am a lot less concerned..."

On one hand, I hear ya and agree.

But the reality is, the deck has been reshuffled such that while we're focused on that front door about rights are being sucked out the back by the likes of Big Tech, social norms, etc.

Yeah, the means differ. But in the end, the ends are the same.


> If you talked about the massive surveillance from governments people tossed you aside as a paranoid lunatic.

I wonder how much that was any given person, or just that the availability of such surveillance has increased dramatically.


My thinking before Snowden was the sheer resources it would take to actually record, catalog and index all that information, let alone into something useful. I thought some people were just a bit too paranoid. Then I learned they did have/spend/use the resources needed for this. It just feels crazy, but true.

Since then, combined with the ability to use AI patterns against video streams and even deep fake capability. My trust in most things is pretty much broken at this point.


My trust in most things is pretty much broken at this point.

Are you me?


> I wonder how much that was any given person, or just that the availability of such surveillance has increased dramatically.

The UK introduced (public) mass surveillance long before Snowden was on the scene.


For me in the US I went from talking like a lunatic to talking about yesterday’s news. Frustrating to say the least.


And yet in the UK we have a notorious data miner in the heart of No 10 giving an edict for all data from government websites to be fed into a central location for targetting.


Sorry, what/who are you referring to?


"Data privacy campaign groups and Labour have expressed alarm after it emerged Downing Street has ordered departments to centralise the collection and analysis of user information from the government’s main public information website ahead of Brexit."

https://www.theguardian.com/world/2019/sep/10/no-10-request-...

Edit: I wonder if this includes the petition site?? Can't say that I'd be too keen on the Dark Lord Cummings getting the details of my personal petition history!

Edit2: Yes, I know that's not his official job title, at least not yet.


I actually think it is specifically targeting petitions.gov.uk, under the guise of the 'wider gov.uk' scope.

It's the only part of that site I can see BJ actually giving enough of a shit about to go out of his way and double down on at this point. The rest of the gov.uk stuff is already very well managed and instrumented (and a great public service).


Dominic Cummings, who openly discusses how he would use government's access to data about the public for his idea of the better ala his prior work with the Brexit referendum/movement. https://www.politico.eu/article/inside-the-mind-of-boris-joh...


My guess is Downing Street, Boris Johnson and London's massive network of CCTV, but I'm not sure.


I think he means Dominic Cummings and his links to Cambridge Analytica during the Brexit campaign



They are at it again apparently.


Much discussion on this topic relies on popular sentiment and media reporting. The redacted and declassified Congressional report should be considered a primary source and contradicts many common beliefs about Mr. Snowden: https://www.congress.gov/114/crpt/hrpt891/CRPT-114hrpt891.pd...

The Executive Summary provides a good overview.

In contrast to the Amazon book page that claims he helped "build" the system, it appears he was primarily a system administrator responsible for tasks such as patching and file transfers.


I think system administrators would take exception to your claim they don't help build anything.

Also, Congressional report prepared by whom? Can't take a report by the fox guarding the hen house seriously.


I was a system administrator with similar responsibilities for several years, and it was quite clear who the system architects were and who the maintainers were. It's a minor point, but speaks to Mr. Snowden's reportedly inflated self-importance.

It's up to all of us to take this report, and news reports and autobiographies, as seriously as you think they deserve. This provides background information not commonly known and is a valuable counter balance to Mr. Snowden's account. How seriously should we take an autobiography written by the person who perpetrated such (in)famous actions?

There is "selective reporting" on all sides, it's up to us to take it all in and form our own opinions. For example: read the report, note Mr. Snowden's length of service at each job, his age and experience, and consider how likely it was that he was a "senior advisor" or a more junior system administrator.

I understand this may be a lost cause, but I'm simply advocating for balance on this issue.


>I was a system administrator with similar responsibilities for several years, and it was quite clear who the system architects were and who the maintainers were

Both groups would have been necessary to build the a long term system.

Beyond that, I don't see how his status while working for the intelligence sector is very important, and I've never gotten the impression Snowden was trying to boast about how achievements there.


Amazon page blurb aside, I don't understand why this question comes up so often.

Even during the initial revelations, people who wanted to downplay the topic regularly pointed out that Snowden was "just a system administrator, not an intelligence agent" and attempted to debate whether he worked directly for the government or only for a contractor. It baffled me, because that doesn't even seem relevant to his claims.

The "government employee" issue would only matter if the authenticity of the leaks was disputed; the various PRISM and XKEYSCORE slideshows were never even challenged, so who cares? And "only a system administrator" sounds backwards to anyone who actually knows what sysadmins do. Dismissing him as a maintainer instead of an architect is a weird sideshow, since his role was mostly important as an answer to the question "how did he get undetected access to so many different files?"


It's a tactic to undermine an opponent. They want to classify him as a minor part of the machine, hoping to discredit his revelations in the process ("why would you listen to anyone with that little of experience and importance"). It's a reverse appeal to authority.

It coming up again of again when Snowden is discussed is part of either controlled or natural occurring propaganda, a talking point of the regime. The one bringing it into this thread is a new throwaway account, go figure. One way or another, directly or indirectly, you are seeing the "controlling public discussions" part of what intelligence agencies do in action here :)


That's an excellent point. Using the "only a sys admin" example was pretty weak. I just chose it quickly as one example of his trustworthiness level from the report. A better example would be that Mr. Snowden claims he began collecting files after James Clapper's testimony, but in fact he began 8 months earlier (third point in the Executive Summary, page iii).

My main takeaway form the report is that Mr. Snowden was misleading/dishonest about elements of his past and motivations. Read the report for other examples of his misrepresentations, mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.

The discussion of the programs themselves is certainly much bigger. I view these programs as the nuclear weapons of our age. It was inevitable that they would be created (with similar capabilities in the hands of other governments and corporations), and there is always the risk of misuse. While the US Government is not the ideal owner of these tools, I generally trust the USG more than other countries and corporations.

The problem with intelligence agencies is that you rarely hear of their successes, and almost always hear of their failures.


> A better example would be that Mr. Snowden claims he began collecting files after James Clapper's testimony, but in fact he began 8 months earlier (third point in the Executive Summary, page iii).

His claim was that testimony was the "breaking point" on the decision to leak, not download files, and soon after he agreed to publicly be named the source.

>mainly that he never reported his suspected abuse of government programs via established internal process and he took and shared material on much more than the programs he was concerned about.

It's his word vs theirs on whether he raised the issue before deciding to leak. And he knew there was a ton of unrelated data in what he leaked, that was why he privately gave it to reporters and didn't publicly post it.


As far as I know, none of the documents leaked by Mr Snowden have been found untrustworthy or fabricated. Digging in his past for inconsistencies and speculating about his motivation seem little more then a weak attempt at character assassination. What exactly are your goals in this discussion?


You have, at this point in time, only three comments on HN, all related to Snowden, and are obviously using a throwaway account. You are also advocating heavily that the report, prepared by intelligence agencies in the US government, should be given credence, while you have developed none yourself. Really hard not to imagine you as a disinformation account created by a three letter organization.


It's really hard to take that report seriously. It basically reads as FUD against snowden. This is what CIA and NSA agents are trained to do professionally.


Snowden was a lowly SharePoint administrator. Nobody has ever denied that. Snowden himself said that he got that job to have easy access to the documents. He never touched the actual systems described in the documents.


Hm... while I think that the report is generally correct, it also comtains a clear bias in some sections. It was written by people on the inside, after all. Also, some of the character background was sourced from journalistic articles. I would have hoped that such a report had better sources for things that should be part of government records.


Why would any non US citizen care about what the Congress has to say about it ? They don't care about any of us in the slightest.


Thanks, I didn't realize that such a report exists. Although I remain skeptical about some things on both sides, I'm glad to understand the official position better.


Customers who bought this item also bought

- ALFA AWUS036NEH Long Range WIRELESS 802.11b/g/n Wi-Fi USBAdapter

- Yubico - YubiKey 5 NFC - Two Factor Authentication USB and NFC Security Key, Fits USB-A Ports and Works with Supported NFC Mobile Devices

EDIT:formatting


Offtopic: You were faster than my comment!

I understand the Yubikey is popular but I do not understand the why the Wi-Fi dongle is popular. Any ideas?


That wifi dongle in particular supports packet injection, and supports aircrack-ng for penetration testing.


Indeed and cheap enough to throw away after each project for improved opsec.


Given that you can change the MAC address, how does throwing it away improve opsec...?


It seems good practice not to assume there are no other ways to id/fingerprint a device then by mac address..


That's actually the opposite of good practice; good practice in security is to base your planning off of facts and research. Throwing away your whole setup after every gig works for Mission: Impossible, and I guess it makes people feel extra-super-ninja, in practice it just perpetuates the endless (and pointless) culture of I-know-something-you-don't.

Opsec should be based on reality and threat modeling, not endless rounds of whatabout.

Edit: if you (the rhetorical you, not parent specifically) actually know something here, chime in!


That really is the difference between "proven secure" vs "not proven insecure", which would you consider best practice? As far as fingerprinting WiFi devices goes: It is an rf device and all rf devices vary in behaviour due to component tolerances. This shows in such things as spurious emissions, power variations across its transmission spectrum, oscillator drift, etc, etc. These are fairly easy to detect remotely. One example is shown in this paper: https://www.cs.ucr.edu/~zhiyunq/pub/infocom18_wireless_finge...


That paper states that the accuracy could be as high as 95%. Apple has sold over a billion iOS devices with WiFi radios in them. I'll let you Google the base-rate fallacy for yourself, and decide if that risk is worth it.

Edit: make that over 2 billion

Edit: also, "proven secure" is impossible.


The paper is only one such method, there are countless and these methods have been in documented use in signal intelligence since at least WW2, combined your accuracy increases. And this is on top of all the other known methods of fingerprinting network devices.. Besides, most of the time you only care whether the same device was used, 95% gives you a lot of certainty. Within propper constraints "proven secure" certainly is possible.


"That's actually the opposite of good practice"

Good security practice is considering all devices as insecure until proven otherwise. Also, mitigating known unknowns where a general problem happens a lot. Devices snooping on you, misleading you, interdiction, hacks on firmwate, etc. Then, you mitigate it in situations where you're unsure of what's going on just in case. So, long as mitigation isn't too costly.

I used to buy and get rid of WiFi devices and throwaway computers for that reason. Also, buy them in person at random places with cash. You can even turn it into charity by using FDE, wiping them afterwards, and reselling cheap or donating to others that cant afford full price. Put Ubuntu and Firefox on them to spread some other good things.


> until proven otherwise

Well that's impossible (see also the halting problem) so that's pretty clearly not good security practice.

Nothing in that says anything about what your threat model is. What risk are you mitigating by doing this? This sounds like the type of "ignore the words and listen to the sound of my voice" security espoused by management and vendor sales people.

It sounds like you have a diverting past time, and I wish you the best with that, but this isn't what security is about. Security is about identifying and mitigating specific risks. This goes doubly for operational security. All else is security theater.


Extra comment to add something I left off. There's at least two types of static analysis and solver tools: unsound and sound. The sound ones, especially RV-Match and Astree Analyzer, use a formal semantics of the code, a formal statement of the property, and automatic analysis to determine if it holds or doesn't depending on the goal. Related, SPARK Ada and Frama-C have their formal specs and code turned into verification conditions that check for code conformance to the specs. The VC's go through Why3 which sends them to multiple, automated solvers to logically check them. Far easier to scale and get adoption of these automated methods than manual proofs.

The main drawback is potential errors in the implementations of the analyzers or solvers that invalidate what they prove. Designs for certifying solvers exist which essentially are verified or produce something verifiable as they go. There's examples like verSAT and Verasco. The tech is there to assure the solvers. Personally, I'm guessing it hasn't been done to industrial solvers due to academic incentives. Their funding authorities push them to focus on quantity of papers published over quality or software improvements with new stuff over re-using good old stuff. Like infrastructure code, everyone is probably just hoping someone else does the tedious, boring work of improving the non-novel code everyone depends on.

Also, given my background in high-assurance research, I'm for each of these tools and methods, mathematical or not, to be proven over many benchmarks of synthetic and real-world examples to assess effectiveness. LAVA is one example. I want them proven in theory and practice. The techniques preventing or catching the most bugs get the most trust.


"Well that's impossible (see also the halting problem) so that's pretty clearly not good security practice."

No it's not. It's been done many times. The halting problem applies to a more general issue than the constrained proofs you need for specific, computer programs. If you were right, tools like RV-Match and Astree Analyzer wouldn't be finding piles of vulnerabilities with mathematical analyses. SPARK Ada code would be as buggy as similar C. Clearly, the analyses are working as intended despite not being perfect.

"Security is about identifying and mitigating specific risks. "

Computer security, when it was invented in the 1970's, was about proving that a system followed a specific, security policy (the security goals) in all circumstances or failed safe. The policy was usually isolation. There's others, such as guaranteed ordering or forms of type safety. High-assurance security's basic approach was turned into certification criteria applied to production systems as early as 1985 with SCOMP being first certified. NSA spent five years analyzing and trying to hack that thing. Most get about two years with minimal problems. I describe some of the prescribed activities here in my own framework from way back when:

https://pastebin.com/y3PufJ0V

I eventually made a summary of all the assurance techniques I learned from studying these commercial/government products and academic projects:

https://pastebin.com/uyNfvqcp

Note that projects in the 1960's were hitting lower defect rates than projects achieve today. For higher cost-benefit, I identified the combination of Design-by-Contract, Cleanroom (optional), multiple rounds of static analysis by tools with lower false positives, test generators (esp considering the contracts), and fuzzing w/ contracts in as runtime checks (think asserts). That with a memory-safe language should knock out most major problems with minimal effort on developers' part (some annotations). Most of it would run in background or on build servers.

https://www.win.tue.nl/~wstomv/edu/2ip30/references/design-b...

https://web.archive.org/web/20190428052851/http://infohost.n...

Meanwhile, the state of development for a major OS leads to about 10,000 bugs that even a fuzzer can find:

https://events.linuxfoundation.org/wp-content/uploads/2017/1...

Modern OS's, routers, basic apps, etc aren't as secure as software designed in 1960's-1980's. People are defining secure as mitigates some specific things hackers are doing (they'll do something else) instead of properties the systems must maintain in all executions on all inputs. We have tools and development methods to do this but they're just not applied in general. Some still do, like INTEGRITY-178B and Muen Separation Kernel. Heck, even IRONSIDES DNS and TrustDNS done in SPARK Ada and Rust respectively. Many tools to achieve higher quality/security are free. Don't pretend like it's just genius mathematicians or Fortune 25 companies that can, say, run a fuzzer after developing in a disciplined way with Ada or Rust.


It's less a culture of I-know-something-you-don't than a culture of someone-may-know-something-I-don't. I don't understand your implication of intellectual delusions of grandeur here; I see it as the opposite.


If you read the other reply to my comment, you'll see that it was in fact a case of I-know-something-you-don't, although in this instance they are in fact wrong about the implications of the thing that they know. The gate keeping that goes on in security (saying that there's a threat but not saying what it is) is extremely frustrating to me.


I actually recycle my entire person after each pen test attempt to prevent people from cottoning on to each body’s unique tics.


Makes you feel more like an operator, I guess?


Why would you care about opsec for consensual "penetration testing"?


Your security profile needs to exceed that set for the highest level of clearance you could possibly gain. In practice that means exceeding the highest level of security used in an organisation. You wouldn't want to inadvertently exfiltrate a clients data would you? Aside from that, it is not uncommon for say a department to not be aware they are being pen-tested with consent of their management, and you don't want to trigger counter measures.


I upvoted you because your first sentence is a useful observation, but I'm having a hard time using any of that to justify throwing away a wifi adapter. Even if it were possible to fingerprint the adapter beyond its MAC address, there's no global database of whitehat pentester wifi adapter fingerprints, and such a thing would be worthless anyway. You're not going trigger countermeasures by reusing a wifi adapter. The only threat model that remotely makes sense for that kind of precaution is fear of nation-state level resources trying to identify and catch you. And that's well outside of the realm of "pentesting".

(And the idea of accidentally exfiltrating data through a reused wifi adapter is ludicrous)


I've bought an Alfa adapter 10+ years ago because you can use them in promiscuous mode. So you can snoop wifi traffic, listen for handshakes and doing so crack WEP/WPA (wifi) encryption.

Things probably haven't changed..


They have a little. 5ghz is more common, so you won't get any thing there. WPA2 is significantly harder to crack, and I usually do it on GPU with pyrit or hashcat-ocl and a wordlist. WPA3 is out now, too, and I'm there aren't really any well-established procedures for it yet.


Just FYI WPA2 is pretty solidly and quickly broken (lookup KRACK attacks). WPA3 is unfortunately already partially broken (though currently joining the network / password breaking aren't fully broken, see Dragonblood attacks).


KRACK was a nonce re-use, not a core protocol flaw. WPA2's flaws are more around un-encrypted control packets; i.e. I can de-auth you without having to get session keys.


KRACK is patched on most platforms.

What weaknesses in WPA2 remain?


This was a popular adapter more recently because of the WPS pin exploit using something like the reaver tool.


> Description The best wireless adapter for those who use the penetration platform Kali Linux & BackTrack. The wireless USB adapter has been tested to work with Aircrack-ng and supports packet injection along with monitor mode.


Someone know a good 2.4/5.0 GHz wifi adapter for these kind of things?


The Alfa AWUS1900 is a nice model, but if you want something cheaper (and will put up with 2.4ghz-only), the TP-Link TL-WN722N is cheap, but get the v1 chipset! It's the best-supported with drivers on linux. Oh yeah, and you will probably need to do monitor mode on linux.


Not sure if it is what you are looking for but this site has various products regarding tapping, sniffing and pen testing.

https://www.wallofsheep.com/


a good directional antenna makes THE difference.


any recommendations?


Is it even safe to buy yubikeys on Amazon given the counterfeit problem?


Don't know about counterfeiting, but when I tried to order yubikeys via German amazon, every single one of the blisters looked suspiciously as though they had been tampered with[1]. They were opened juuust slightly on the side - enough to potentially slide the key out and in again, definitely something that you could miss if you weren't paying close attention. I placed a second order and the exact same thing happened. It was quite weird and I've since ordered from yubico directly.

[1] http://imgur.com/gallery/1c8uMFr


You can verify whether you received a genuine key at:

https://www.yubico.com/genuine/


Unless some entity can man-in-the-middle attack your attempt at verifying it.


https is not safe against the government....


... because they can force CAs to give them the keys to decrypt all traffic.


That's not true, since CAs don't have "the keys to decrypt all traffic." They have the ability to sign website operators' public keys, but they do not have access to the website operators' private keys.

Of course, the CA could also issue a fake certificate with attacker-controlled keys, but if they tried to do so, they would get caught by Certificate Transparency.


Guess there could be two attack vectors, one that is easier to avoid and the other not so much.

The first one being a targeted attack. Then any ordering of Yubikeys can leave to vulnerable as the supply chain can be intercepted (because they see it's you and switch out the key to a counterfeit one). This can be solved by going to a in-person store and buying it there. Then there is no risk of you being personally targeted as you can go to any store.

The second one, is where all keys sold being counterfeit, which you cannot solve by going to a in-person store or ordering online. Not sure how you could avoid this vector.


>Not sure how you could avoid this vector.

While this is a theoretical problem anywhere, it's a practical problem when ordering from Amazon far more often than anywhere else. Going to a reputable physical store likely shields you from the second scenario nearly as well as the first. Also, in the case of Yubico at least, you can order directly from their website, which presumably minimizes the number of hands the product has to go through, thus minimizing opportunities for a counterfeit to be swapped in.


There isn't an actual Amazon counterfeit problem, so yeah, it's safe.


It recommended me "20 ORANGE SNAPPY GRIP -Bucket Handles -Mining-Gold Prospecting-Gardening" under the customers also bought... I guess I'm just not leet enough. This in spite of the fact that I've actually bought a few external wifi adapters from amazon.


No kidding. I got the same: https://imgur.com/a/jroD1Ji


More interesting is what the people who will go to their local book store to buy it with cash will also buy, but we'll never know.


send from my KaliPhone


Recommended products: Alexa


It's probably part of the reading material for military cybersec.


Before his story broke there was an AMA on Reddit about govt surveillance, I'm 90% this was Snowden. Does anyone else remember this?

The person spoke of these things happening in ways we "couldn't imagine". People were guessing at what he meant and his responses were mostly "it's much worse". One redditor posted some highly technical speculations to which the author responded "you're getting close".

Reddit's search isn't good enough to retrieve this but I would LOVE to find that post again.


Funny enough Google has great tools for searching within that time period. Snowden broke around Q1 2013 right? So I tried searching from Q4 2012 to Q1 2014 and the first thing that came up on government surveillance was actually this[1].

Which I assume is not what you meant but it's pretty early in the timeline of Snowden's revelations.

Setting the timeline to 2012-01-01 - 2013-07-03 is just before Greenwald broke Snowden's story and those results are very different.

Interspersed are results that were likely updated in Google's index after july 3rd so there are some false positives so to speak.

You'd have to browse more of those results. I've only got 3 pages in.[2]

Edit: Actually this IAmA from Cory Doctorow could be it.[3] He's definitely in the know about what the government is capable of and speaking from that experience. Which pretty much predicts Snowden's revelations.

Of course I remember when AT&T was implicated in mass surveillance by a former employee back around 2004, that story just got lost in the ether.

1. https://www.reddit.com/r/IAmA/comments/2wwdep/we_are_edward_...

2. https://www.google.com/search?q=site:reddit.com+%22IAmA%22+g...

3. https://www.reddit.com/r/IAmA/comments/11bm9i/iam_cory_docto...


It was an anonymous AMA, author specifically stated he was "inside" so not Doctorow


I remember the DefCon 20 talk, Bigger Monsters, Weaker Chains with William Binney - https://youtu.be/sqIz-RNUL1g

This was in 2012, 2013 was when Snowden did what he did.

I always wondered if he saw this talk and was motivated by it.


I'm going to 'recycle' an older comment of mine, pertaining to the comments about the book. The original comment can be found here: https://news.ycombinator.com/item?id=20583363

I was annoyed that someone called Ed Snowden a 'Traitor'. Hopefully it gets a bit more recognition in this thread

__________________________________

For me he made the Great Game of Privacy a lot fairer. You should read the excellent entry on Wikipedia about the aftermath of the leaks[0]. If the leaks meant that privacy-loving folk went 'dark' in light of the leaks, then this is a net plus. Snowden's actions possibly hindered NSA in catching undesirables, but it's a small price to pay for a bolstered Internet and privacy-respecting comms. And who's to say that the apparatus even worked that well in foiling the efforts of plotters? Bill Binney[1] consistently drives his message home that the NSA's surveillance apparatus is very inefficient at foiling plots, and I agree with him.

Even if it stopped one plot in all the time of its existence, it's still an enormous effort and an enormous amount of money spent just to foil one plot. Old fashioned police work is better at foiling plots because it doesn't have to rely on big data algorithms sifting through the noise of Internet traffic (most of which is innocuous). Old fashioned methods work because they employ simple detective work - it doesn't need the NSA at every choke point and decrypting countless crypto.

[0] https://en.wikipedia.org/wiki/Snowden_Effect

[1]https://en.wikipedia.org/wiki/William_Binney_%28U.S._intelli...


Wow, I thought Binney was just some random analysist news shows brought on to discredit the 2016 hacking thing. Didn't realize he was the key catalyst for the Snowden leak after the government shafted him when he tried to reveal the same NSA overreach using the "proper" channels.


Bill Binney is an American patriot and a hero.


I find that "traitor" argument very troublesome. To make the argument, you must believe that

A) Privacy is a liability, so that by curtailing privacy we strengthen the country (and conversely, by having more privacy the country is weakened)

B) The government must allow us only what measure of privacy it deems appropriate, and even has the authority to balance based on factors it need not disclose.

Both of those ideas should be repugnant in a free society.


At a fundamental level, I trust the moral compass of the average person more than I trust the moral compass of government which has incentives to do the wrong thing.

The most basic tool of law enforcement investigation is the average citizen calling the police when they see someone doing something wrong. Unethical laws are more difficult to enforce, because the average citizen doesn't call the police when they see someone breaking an unethical law. Most people don't call the police when they see someone smoking marijuana, for example, because the average person has a moral compass which tells them that putting someone in jail for smoking marijuana is reprehensible. Historically, whenever the law has been wrong, many people have been saved by people refusing to report them: the underground railroad, hiding of Jews in Nazi Germany, gays under anti-sodomy laws, etc.

In contrast, I believe that when someone is actually doing something wrong, people call the police on them. If I witness a murder, rape, child abuse, etc., I would absolutely call the police. And while there are certainly high profile cases of people standing by and letting bad things happen, I trust people to do the right thing most of the time.

Pervasive surveillance bypasses witnesses as the basic tool of law enforcement, which takes the power out of the hands of the average person. This might allow law enforcement to catch more bad guys, and if that were the only concern, violating our privacy might make sense. But the flipside is that it allows law enforcement to put more people in jail who aren't bad guys--people who smoke weed, teenagers who sext, etc. As long as there are unethical laws, privacy is the fundamental tool which allows average people to trust their own moral compasses and not call the police on people who are breaking unethical laws.


Pervasive surveillance also takes responsibility and knowledge of their rights, out of the hands of the average person. Witnessing should lead to empathy, the imagination that the same thing could happen to me, and if I think that would be wrong, I need to call out that wrongness when it happens to others. That is civility. That is how we build trust. That is foundational whether it's the average person or the average lawmaker or the average police person.

When we're carving out areas of society where we accept less trust, then we can only lose trust, and that area becomes dangerous to us and a safe haven for corruption.


Honestly, saying that the NSA has done maybe one useful thing in its entire existence and that everything it does could be replaced by "simple detective work" just shows you to be incredibly uninformed and ignorant about what the job of the NSA actually is.


So inform us. Present evidence for your opinion or keep your opinion to yourself.


Here's a decent article highlighting 4 attacks of the 50 they claim to have foiled since 2001. https://www.ibtimes.com/four-times-nsa-surveillance-programs...


> The first example was the case of Najibullah Zazi, who confessed to plotting to bomb the New York City subway system in 2009. Joyce confirmed that the NSA’s Internet surveillance program led officials to a suspect in Colorado who turned out to be Zazi. The FBI took the necessary legal steps to identify him and ultimately capture him, in concert with authorities in New York. Under Section 215's authority, Joyce said, the NSA was also able to nail down a “previously unknown [phone] number of one of the co-conspirators.”

> “Without the 702 tool, we would not have identified Najibullah Zazi,” Joyce said later in the hearing.

Okay, sounds pretty legit. His plea bargain was partly informed by threatening his parents[1], but it does sound like there was a lot of other evidence collected through traditional police methods.

> The second instance described was a thwarted plot to bomb the New York Stock Exchange. Under Section 702's authority, the NSA monitored a known extremist in Yemen who was communicating with a man in Kansas City, Mo. This information led the FBI to Khalid Ouazzani, his co-conspirators and ultimately the plot to bomb the NYSE. Ouazzani ultimately confessed to sending money to al-Qaeda and was never convicted for the stock exchange plot.

Okay, so we... removed a small funding source of Al Queda? Maybe it's just me, but if I were trying to attack Al Queda's funding, I'd start with not having the CIA give them millions of dollars[2] before going the "surveil all Americans" route. For comparison, the CIA gave them $2 million in one payment[2], while Ouazzani gave them $23K[3]. The NSA yearly budget is ~$10 billion.[4] The NYC police budget was $5.6 billion in 2018[5] and they handled 295 homicide cases in 2018[6].

> The third instance cited by Joyce was the case of David Headley, an American in Chicago who aided the 2008 Mumbai terrorist attacks. The FBI had received a tip about his involvement in the attacks when the NSA’s 702 surveillance also identified Headley as involved in a plot to bomb a Danish newspaper office that had published cartoons of the Prophet Mohamed that were considered offensive by some Muslims. “Headley later confessed to personally conducting surveillance of the Danish newspaper office,” Joyce said.

So basically, this guy was already going to be arrested for the 2008 Mumbai Terrorist Attacks, but due to surveillance they were able to also charge him for... surveiling. The irony is staggering.

> Regarding the final case, Joyce testified that data collection under Section 215 helped uncover terrorist activity that the FBI had been unable to detect previously. In 2007, the FBI closed an investigation it had launched shortly after Sept. 11, when it could not connect the subject of the investigation to terrorist activity. Years later, under its Section 215-sanctioned metadata collection program, the NSA identified a phone number in San Diego that was in contact with a known terrorist overseas. The NSA’s discovery allowed the FBI to reopen the investigation and disrupt the terrorist activity. Joyce later confirmed that the activity involved providing financial support to a designated terrorist group overseas.

This could not possibly be more vague.

Ostensibly, since the source is the NSA's PR team, these were the best cases the NSA could come up with? This sounds like a strong argument that the money should be better spent on traditional law enforcement.

[1] https://en.wikipedia.org/wiki/Najibullah_Zazi#Guilty_plea

[2] https://www.nytimes.com/2015/03/15/world/asia/cia-funds-foun...

[3] https://archives.fbi.gov/archives/kansascity/press-releases/...

[4] https://threatpost.com/nsa-metadata-program-likely-not-cost-...

[5] https://en.wikipedia.org/wiki/New_York_City_Police_Departmen...

[6] [Excel File Warning] https://www1.nyc.gov/assets/nypd/downloads/excel/analysis_an...


He didn't give any less evidence than OP.


I claim there isn't a teapot. You claim there is. Who has to provide evidence? What happens when one applies this to claims about an organization?


To explain the other response you received:

It's common knowledge that NSA dragnet surveillance recorded the phone calls and captured the metadata of almost every American for a few years, and probably still is. This, I would argue, we can agree upon without having to present evidence.

If you're going to argue that this violation of human rights was necessary, the burden of proof is on you to prove this extraordinary claim.


You are kidding right? The whole cold war?


During the Cold War, the US government did a lot of things which were extraordinarily harmful to US Citizens and contributed nothing to fighting Soviet totalitarianism. Soviet totalitarianism was certainly a threat, but US repsonses to Soviet totalitarianism were often counterproductive. There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did. I'd be open to hearing evidence that the NSA was an exception, but you certainly haven't presented any.

Simply trotting out old tired Russophobia doesn't prove that pervasive surveillance has been good for the American people, it just shows your own bias. You're turning a blind eye to the wrongs done by the US government, some of them much worse than pervasive surveillance.


> There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did. I'd be open to hearing evidence that the NSA was an exception, but you certainly haven't presented any.

What harm do you claim the NSA did to Americans in that time? Their mandate is foreign surveillance, and while citizens do get caught in their net (especially with foreign contacts), it's not their focus.

I can think of a couple, but they seem relatively limited?

a) Surveillance revealing domestic crimes that were prosecuted through parallel construction.

b) American businesses benefiting from NSA intelligence gathering, through politicians passing along information.


> What harm do you claim the NSA did to Americans in that time?

The GP did not say "NSA", but "US government". See for example:

* https://en.wikipedia.org/wiki/COINTELPRO


Correct, this is what I meant.


The whole thread was about the NSA's budget and mission, so I misunderstood your point. It appears you have no specific qualms with the NSA other than the fact they exist under the same government as the FBI/CIA?


No, I'm just shooting down the idea that simply saying the NSA was involved in fighting the cold war doesn't mean they're positive for US Citizens.

I haven't mentioned my qualms about the NSA up to this point, but since you asked: I object to spending $10.8 billion in 2013[1]. I object to the fact that they have so little oversight, the public had to find out what their funding is from a leak[1]. I object to the fact that this spending resulted in only 4 arrests they will tell us about over a period of years[2] which are all fairly questionable[3]. I object to their continued violation of the constitutional right to privacy of almost every American.[4] I object to them undermining encryption standards[5] which weakens the security of people and companies everywhere.

[1] https://www.nytimes.com/2013/08/30/us/politics/leaked-docume...

[2] https://www.ibtimes.com/four-times-nsa-surveillance-programs...

[3] https://news.ycombinator.com/item?id=20944055

[4] https://www.eff.org/702-spying

[5] https://www.scientificamerican.com/article/nsa-nist-encrypti...


> No, I'm just shooting down the idea that simply saying the NSA was involved in fighting the cold war doesn't mean they're positive for US Citizens

is a big backtrack from

> There's a strong argument to be made that the US government did more harm to US citizens during the Cold War than the Soviets ever did


The second thing you quoted is part of my evidence for the first thing you quoted. It's not a backtrack at all.

Do you have an actual evidence-based opinion, or are you just trying to catch me in weird gotchas? I'm sure I've said something slightly incorrect you can track down, but that doesn't really negate the evidence I've linked.


While it happened after the end of the USSR, we know that the NSA contrived to get a crypto system they knew to be weak standardized. And that weakness was later leveraged by hackers in at least one case.


> contributed nothing to fighting Soviet totalitarianism

I wouldn't say nothing. At the very least, they made sure that Russia wasn't planning to fire any nukes at us.


I probably could have worded that better--it's ambiguous. What I meant is that a lot of the things which the US government did were harmful to US Citizens, and a lot of those same things that the government did, contributed nothing to the fight against Soviet totalitarianism.

Many of the mkultra experiments are a good example: the US government drove a bunch of US citizens insane for projects which ultimately resulted in no useable weaponry.

My point being: simply waving your hands and saying "the cold war!" isn't a valid defense of US government organizations.


Unfounded claims, calling someone incredibly uninformed and ignorant, with zero evidence to back up these admonitions, shouldn't be posted here. If you have a claim to post, back it up with some kind of evidence or data. No one should have to be called "kidding" when they call out a lack of any kind of data.


The person you’re responding to didn’t call anyone anything. Be sure to check usernames.


Ah, so the NSA was the reason the cold war ended as it did? Via what specific actions/events?


>Bill Binney[1] consistently drives his message home that the NSA's surveillance apparatus is very inefficient at foiling plots, and I agree with him.

Oh, were you also with the NSA? For how long, and what did you do there? Or is that (let's put it charitably) an "Internet agree"?


This made me realize I have heard ZERO news on Assange after his arrest, and the likelihood of him being tortured and rendered and railroaded of course means our nation (US) of laws and rights is a sham.

Don't tell me it's boring, this should be a sideshow for the media like OJ. Rape trial? Russian meddling? Little guy vs the government? International intrigue?

Crickets.

A truly independent media would be tracking his case to make sure due process is followed, but we all know what media is in the age of corporate conglomeration and oligarchy.


He is sitting his 50 week sentence in HM Prison Belmarsh in UK and has access to lawyers. Media is tracking his case. There is nothing to report.

There are people who spew up conspiracy theories on the spot when they have not heard anything, from pure ignorance, yet they speak ill of mainstream media.


Hes also sitting in the medical ward due to multiple issues, including mental issues. I dont think the news wants to report on his declining health.


How did you learn that?


> There are people who spew up conspiracy theories on the spot when they have not heard anything, from pure ignorance, yet they speak ill of mainstream media.

It's much easier than knowing what you're talking about.


If they are tracking where is the news about Jullian Assange.


You read about him on progressive media, some principled journalists. But nowhere in the mainstream news


Any links posted to amazon.com from HN should be to smile.amazon.com -> .5% of your purchase will be donated to a clarity of your choice.


I wouldn't see any reason not to.

Though please keep in mind that smile.amazon.com is a marketing stunt. Firstly, it makes people less reluctant to buy increasing Amazon's revenue and secondly, Amazon is donating the money, so they get to pay less tax.


Better yet, don’t buy the book, and donate the money you would have spent to charity.


Can't we do both?


Nope. Because then you could donate the price of two books, and not buy one!




Or from an indie bookstore, using this site that will show you indie bookstores near you that have it available for preorder: https://www.indiebound.org/book/9781250237231


Given that there are like... seven copies in U.S. libraries, I think that's probably terrible advice.


Since Amazon says it's not available until September 17th and you can only pre-order it now, I think probably even those 7 are records inaccurately registered before the book is actually there, and there are probably 0! Or did some libraries get the book earlier than Amazon can? Possible, but my guess is not.


Fair enough! I was thrown off the fact that it hasn't been released by the Worldcat page saying that there were three editions. I assumed that it was not possible to have data quality issues of that magnitude.


Oh, Worldcat data quality is definitely very problematic.

At it's best, it definitely doesn't represent _every_ library copy.

It requires libraries to register their copies with the central database. All of these libraries are different organizations with different software, at varying stages of 'legacy', trying to interoperate with each other, usually without very well-resourced IT teams. Then WorldCat has got to figure out when copies at different libraries are copies of the "same" thing, and what "same" means.

The worldcat database is very useful, but it certainly has data quality problems.

Amazon also says "4 formats and editions": hardcover, paperback, kindle, audiobook. Technically I'd say these are "formats" not "editions" -- the text is the same in each, although you might consider the audiobook a separate "edition" maybe, as it's not text at all, it's a whole different sort of thing. (And the Amazon UI hides it behind a 'more' link, although still just referring to the whole list as "4 formats and editions").

I'd guess Worldcat knows 3 of those 4 -- maybe all except kindle. Worldcat, like Amazon, is not really capable of distinguishing "editions" from "formats".

I'm not sure I'd consider the "3 editions" a "data quality" error exactly, in this case. It does point to some of the complexities of figuring out what's out there in the bibliographic universe, and how to model it in a consistent way that makes sense to users. (What _is_ an edition vs a format anyway?). Amazon gets data and corrections from people trying to sell books there providing some data entry/correction labor for free. And Amazon's website and data are _core_ to their business. As well as from other DBs like ISBN. Worldcat has to try to piece things together from a bunch of disorganized under-funded non-IT-expert nonprofits, who may consider "getting good data to WorldCat" not the highest among competing priorities, along with other DBs like ISBN.

Neither WorldCat nor Amazon are _great_ at determining "what separate editions/formats exist of this thing, and how do they relate to each other" in the general case. Cause it's a hard problem. Amazon does well enough to sell books apparently. They each have strengths and weaknesses. For things published decades before Amazon existed and/or no longer in print, WorldCat will do better in some ways.


Maybe the long term solution is to put together an open source library database package that serves the needs of 90% of libraries without modification, and make it convenient to make high quality data available.


Worldcat / OCLC is pretty close to this. It's not fully open source, but it's widely used and pretty open.

(The fact that the API isn't publicly accessible without registration and payment is a major annoyance.)


Yeah, at one point OCLC was actually being kind of litigious with trying to make sure their db was _not_ open. I think they got over that, at about when they realized nobody actually really wanted it so much anymore. But it's debatable whether it's "pretty open" at present.

LibraryThing was sort of another attempt, that sort of still exists.

It's just a really hard thing to do, that takes a lot of resources to do well, and nobody's managed to figure out a funding model.

I don't think "Just create an open access database anyone can edit, like wikipedia but data, and books" will work (and actually, [that's](https://www.wikidata.org/wiki/Wikidata:WikiProject_Books) been tried too), but you can try to start another project if you want.

There are a handful of projects with various business models and degrees of openness of data that have tried or are still trying to do this. For whatever reasons (and we can debate em), they haven't really taken off or been succesful. shrug.


I think you are right. I called 3 libraries in my immediate ~15m drive area (university library, County, and City), all 3 confirmed they will have it, but none were listed on the World Cat site.


Won't they order more on request? I thought that's how libraries work.

Also there are more than seven copies on order in the Brooklyn library system alone: https://borrow.bklynlibrary.org/r1s/iii/encore/record/C__Rb1...


As noted:

1. The book is announced, but not yet released (17 Sept).

2. Worldcat tends to lag acquisitions, and whilst extensive, is not fully comprehensive. There are nonlisted collections, and lagged reports.

3. Further acquisitions will be added.

And most importantly: Libraries are highly responsive to patron requests. Ask for the book to be added, and in all likelihood it will be, and you'll be notified when it's in and/or added to the waitlist.


Or how about we all choose how we wish to get content, and stop implying judgment. When did reading become an us vs. them thing?


The point, I believe, is to recommend a vendor other than Amazon, whose business model is datacenter management and datamining and being a front for cheap Chinese goods.

There is a bit of judgment, and that's okay.


Which added zero value about the book itself. But yet I’m downvoted for pointing out the stupidity. You win, Internet.


Considering Snowden sounded the alarm about privacy and surveillance by the U.S. government, as well as interactions with tech giants, I think the irony of buying the book on Amazon is relevant.


Is he implying anything at all or are the voices in your head?


We were called "paranoid lunatics" even when we started speaking about ECHELON in the '90ies.

Same with the clipper chip. Same with TPM/DRM/ME. Same with Internet centralization.

It's worth asking why the general public keeps trusting authorities and distrusts techies, even those among us with a career in security.


The answer seems straight forward. The term "authorities" comes with the assumption that they're the ones "leading". We've been taught for most of our lives the person up-front (parent, teacher, president) is always right and the vast majority of people won't question that.


Good question. There are probably similar psychological mechanisms at play when you try to explain to smokers why their habits are bad.


I'll trust techies the day they actually are in the job of protecting people and have to deal with real danger of bad actors continuously trying to blow up Western democracies.

It's funny the tech/security/sysadmin guys complain that their work is appreciated only when things go wrong, but fail to give the same benefit of the doubt for US law and order.


You mean this "US law and order"?:

Myron W. Orfield, Jr., Deterrence, Perjury, and the Heater Factor, supra note 13, at 83:

> Respondents, including prosecutors, estimate that police commit perjury between 20% and 50% of the time they testify on Fourth Amendment issues.

It should also be noted that many of these respondents did not consider lying at a suppression hearing perjury, infra text accompanying note 47, which would have the effect of deflating these percentages.


Maybe the "US law and order" shouldn't be acting like Stazi all the time and spying on citizens and tracking them without warrants.


The FBI sat on incriminating info about Epstein for years and even still has yet to raid his New Mexico ranch for evidence. Given that he had damaging info on many people with their hands directly on the levers of power in "Western democracies" you'll have to excuse my skepticism that these agencies are acting in the interest of their common people.


Does anyone know how much money he gets from every book / ebook? I think buying it is, at least for some people, very much a support Snowden thought.


The publisher Metropolitan Books looks like it's part of Macmillan so they're likely a traditional publisher, which suggests he got a pretty healthy advance on the book because of his fame.

I would also guess that even if he sold enough books to earn out the advance, his take on each incremental book is really small as the publisher took most of the financial risk with the advance itself.


(Macmillan employee)

Confirming, it is a Macmillan title. Metropolitan Books is a Macmillan imprint.

https://us.macmillan.com/books/9781250237231


I'm self published on Amazon and can speak to that, but I see that this is actually published by a publisher (Metropolitan Books)

In that case, from what I have learned from speaking to a few NYT Best selling authors, he's getting peanuts per sale, though it's very likely he got an advance in the range of $50k.

He won't actually get a cent from sales until his share goes above whatever his advance was.


> an advance in the range of $50k

That... would not be very much for a book that can be expected to generate hundreds of thousands of sales.


I agree.

One of the NYT best selling authors I spoke to over beers told me at most he can hope to get in the range of $200k in his lifetime for his book that was top of the charts for a significant amount of time, and continues to be very, very famous in it's niche.

i.e. Writing for a publisher sucks.


An "advance" is just that: payment advanced against projected sales, and hence, per-volume royalties.

The publisher generally calculates the advance based on projected sales, and that's often all the money an author will see, though if an advance is "earned out" (sales exceed the projection), the author can earn additional royalty payments based on a percentage of the per-volume sales price. The usually cited figure is 10%, though this may vary.

TL;DR: Snowden is guaranteed the advance, but may earn more.

https://www.thebalancecareers.com/book-advances-and-royaltie...


Is there any way to buy the ebook directly (or at a bare minimum without drm)?


(Macmillan employee)

To my knowledge, no and probably no. I'll inquire.

I'm aware that it's available at Kobo in EPUB format but that includes Adobe DRM.

https://www.kobo.com/us/en/ebook/permanent-record-7


Thank you for the response.

Sad to hear that it's only available with drm. It's going to show up on torrent sites within days no matter what, so as always honest consumers are the ones that lose.


I mean you could always buy the DRM’d ebook somewhere if you wish to support the book financially and then download a DRM free ePub from Libgen or via torrent. That’s what I did.


It is available on the Google Play store as an ePub as well with likely DRM added as well. I ordered from there.


I vaguely remember 10% as a ballpark for most authors


What happens to the other 90%? Is this typical for book authors?


It is very typical.

Assuming Print on Demand w/ amazon. He's not doing that but we'll just assume to keep it easy. And list price of $24

Amazon takes $5 to print Amazon takes $9.60 royalty

That leaves $9.40 or 40% available.

Of that Macmillan takes their cut to cover editing, covers, advertising, etc.

And what is left is probably $2.40 for each sale.

For Self published folks (going eBooks this time). Assuming you list for $10 and get a 70% royalty from amazon.

You'll earn $7 for each sale.

But, then once you factor in advertising (on amazon which goes to amazon), your earnings for each book drop to maybe a 5-30% royalty range. And that assumes you can sell your book for $10, which most self published cannot.

I have friends who sell $10k worth of eBooks/mo who make $2k/mo. So 80% goes to amazon and 20% goes to them.


He's using a traditional publisher which means he likely got a decent advance. Even if he didn't, he was likely able to negotiate a better deal than most authors because of his fame


That's insane. Thank you for the detailed insight.



Seems odd that every picture of Edward Snowden shows one of the nose pads on his glasses missing.


That does bug me now, having just looked at a lot of pictures, but it does appear you can find pictures where this is not the case, eg, https://www.hollywoodreporter.com/news/national-security-age...


I did a photo search too and decided to use "every" anyway. But hey, I got you to investigate it yourself and you'd have to agree on "most."


It also made me stumble across his interview from a couple years back talking about the "why" but I didn't dig enough to find out of the unbroken glasses are purely a time-series thing, or if he finally got tired of it and got his glasses fixed / got new glasses.


I think the administration badly, badly mishandled Snowden and Assange, and allowed Russia to coopt them by isolating and threatening them. If they had treated them as whistleblowers and journalists (even if they had nefarious motivations), they could have kept them in "the west" instead of driving them into the arms of Russia. I don't believe that Assange was a Russian agent at the beginning but he was surely one by the time of the 2016 election.

There's a reason we have laws around a free speech and a free press-- they make the country stronger, even if they make it harder to govern.


I think you do Snowden a disservice when you lump him in with Assange. Snowden you can easily argue is a whisleblower. You can't argue that with Assange since he doesn't have first hand knowledge of what he is leaking and instead actively recruits people to feed him information to leak. He also seemingly encourages people to commit crimes to get more information for him. Snowden did that all himself. In addition, Assange does not have the high bar that information must meet in order to warrant a leak. He instead leaks everything that he has that fits his political goals. A whistleblower needs to be more precise and targeted with what they disclose. Snowden gave his documents to journalists to sift through, judge, redact, and publish. Assange just throws everything up on his website. Lastly, like multiple people in these comments mentioned, there is the question of their relationship to Russia. Knowingly or not, Assange has clearly been used as a tool of Russian Intelligence. Snowden being compromised is more of a conspiracy theory at this point with little (but some) real world evidence.


> I think you do Snowden a disservice when you lump him in with Assange.

Correct. Snowden is a Whistle-blower. Assange is a journalist, though perhaps not the kind Snowden would have trusted his stolen data with.


Assange is an attention whore. I had such high hopes for wikileaks but it was, in the end, a vehicle for him to promote himself.


You think Assange put himself at as much risk as he did to promote himself?

He spent 7 years locked in an embassy (to great detriment to his health and was arguably worse then jail), is now in jail, and is facing at least life in prison, if not the death penalty. You really think he did all that just to promote himself and for some attention?


It's not like we think everything through when we set out on a journey. He probably went in with good intentions but was blinded by the lights of fame.


> He spent 7 years locked in an embassy ...

To avoid criminal charges for things unrelated to his political/journalistic exploits. Plenty of people run when faced with possible jail time, e.g., Roman Polanski.


As far as I know the case was closed then reopened after some embarrassing US document leaked, and without any new relevant element. As far as I know, the Sweden authorities had the possibility to interrogate Assange without extraditing him, yet for some reason did not use that possibility.

Finding reliable sources with all relevant details is a hassle, so take it with a grain of salt. Nevertheless, I believe at this point that this unrelated affair is more an attempt at character assassination than a real thing. (I do recall that he reportedly didn't used protection, which would qualify him as a major jerk. Legislations seem to disagree on whether this was a crime or not, though.)


This is a lie. He stated from the start he was hiding to avoid extradition to the United States for his journalism.


I do not understand this point:

He was in the UK, who has an extradition treaty with the US. He was facing charges in Sweden, who also have an extradition treaty with the US.

Why was he afraid of being extradited from Sweden but not the UK? If the US wanted him they could have gone after him while he was still live in the UK.

Why fear going to Sweden? I never understood this argument: am I missing some nuance in international law?


And it looks like now that he's been removed from the embassy, he's being extradited to the US based on his journalism, just like he feared.


> based on his journalism

He is being extradited to the US on the charge that he helped Manning break into classified computers. These alleged actions are no longer journalism.

Greenwald and Poitras never faced charges for publishing the documents Snowden leaked / provided. The NY Times did not face charges for leaking the Pentagon Papers that Ellsberg gave them. Assange would not have been charged with leaking documents that others provided—but he is alleged to have taken a step too far.


It was & is far, far more than that.


I think calling Assange a journalist is very debatable. He certainly doesn’t comply with the ethical norms of the profession.


How good a journalist he is is debatable. His ethics as a journalist may be debatable. His status as a (possibly bad, possibly unethical) journalist is much harder to debate: he set up a way to have information, which he then made public. Sounds like journalism to me.


People say this on this basis of hearsay, like he “selectively released documents” for which there is no evidence.


One huge ethical red flag for Assange and Wikileaks is their view on redacting documents. They published numerous details that a traditional journalistic outlet would never make public include the names of informants. This almost certainly resulted in people being killed.


> They published numerous details that a traditional journalistic outlet would never make public include the names of informants.

Valerie Plame would like to have a word with you.

If we keep going down this road we'd end up with No True Scotsman. The reality is "traditional" journalists have done this - Assange is not an outlier in this regard. If we tolerate the "worst" of the traditional (which US society clearly does), then we can't use this as an argument against Assange.


>Valerie Plame would like to have a word with you.

I probably shouldn't have used the word "never", but the fact that the Valieria Plame reveal was such a big deal is basically the exception that proves the rule that it is highly unusual for a journalist to reveal this information.

Assange is certainly an outlier in the number of people who he exposed and the reason for exposing them. He reportedly said on the issue that "they're informants. So, if they get killed, they've got it coming to them. They deserve it." [1] Maybe you think that is a No True Scotsman argument, but I really can't imagine a well respected journalist showing such a complete lack of concern for human life. A traditional journalist would generally required some reason of tremendous value to justify putting those people's lives at risk. Assange's reasoning instead appears to be "They deserve it."

[1] - https://en.wikipedia.org/wiki/Afghan_War_documents_leak#Info...


> but the fact that the Valieria Plame reveal was such a big deal is basically the exception that proves the rule that it is highly unusual for a journalist to reveal this information.

It was a big deal because people wanted to score political points, not because of a breach in standards. The more relevant point is the standing the journalist still had in society - he did not lose his job for it, let alone be prosecuted for it.

The quote you provide is taken out of context - at least from the Wiki page it is not clear if he is referring to the names that were leaked, as opposed to the ones that they ultimately decided to redact. I suspect the latter because it says "initially refused".

> but I really can't imagine a well respected journalist showing such a complete lack of concern for human life.

When you add the "well respected journalist", we really are in No True Scotsman territory. If all you mean to say is "He is a lousy journalist," then we have no disagreements. Without that qualifier, have you thought about extreme views held by existing, famous journalists? How much of an outlier is Assange compared to other "extreme" but established journalists?


To my knowledge nobody has ever died as a result of what they have reported. They do careful redaction.


You are right that Snowden deserves special recognition, but not at the expense of Assange.


Snowden also leaked everything he had. It certainly was not targeted.


Everything was 100% vetted through two respected journalist. They decided what to leak and when and what to protect. Very well done by any standard.


And those journalists even gave a heads up to the DoD in case there was a compelling reason on that end to redact that they didn't realize.


He leaked it all to journalists he trusted to make decisions about how, when, and what to publish. It's not quite the same.


I think the administration screwed up massively in more ways than one.

- They conducted illegal, and most likely ineffective surveillance. I mean, if they have as huge watchlists as it is claimed, they can't reasonably watch very closely.

- A subcontractor named Snowden, managed to leak a lot of secret stuff. And while it is the most memorable instance, it is not the first serious leak.

- They failed at damage control. The couldn't cover up, discredit, etc... While there is a debate on whether Snowden is a hero or a traitor, no one seem to question the truth of the leaks themselves.

- They couldn't catch Snowden, or found a way to get him to come back home. He is now with the Russians.

Being a believer in the Hanlon's razor, my hypothesis is that the NSA has become a bloated administration. Focused more on their budget and jobs than national security. Massive surveillance is just a way to keep them busy. Snowden's leaks and their aftermath actually tell two things: the extent of surveillance, and incompetence.


> And while it is the most memorable instance, it is not the first serious leak.

This is a key bit. Snowden was able to basically walk immensely sensitive data out the front door, and we may only know about that because he told us.

How much stuff makes the same journey into the hands of intelligence agencies instead of journalists?


They also completely failed to detect and stop russia’s election interference and if they can’t do that why do we even have an NSA?


To the contrary, I think the fact that you think both Snowden and Assange are Russian agents demonstrates that the administrations response was actually quite effective.


I was going to say exactly this. It's amazing how many Americans honestly think it's clear that Snowden is a "bad guy" because he's close to the Russians. Likewise Assange was pushed into a position that made him very unlikable to the US center-left (he could have probably played his hand a bit better). So mainstream American's are distrustful of both and pretty much everyone hates Assange.


There are lots of us who aren't though. The Russians gave him safe haven and I'm guessing it was the only big country at the time that would do so and challenge US hegemony. As much as I hate them for hacking and influencing our elections I recognize Snowden's decision made logical sense. Any smaller country would have rolled over and turned him over to the US.


In fairness to Snowden, he didn't intend to stay in Russia; his fate was sealed when the US revoked his passport.[1][2] I can't imagine Snowden being much of a fan of Russia given a) what he probably knew during his time working at the NSA and b) actually living there.

EDIT: formatting

[1] https://www.bbc.com/news/world-europe-23318475

[2] https://www.reuters.com/article/us-usa-security-passport/u-s...


If you examine what Ed Snowden leaked, it’s clear he was trying to do significant damage to the NSA. Much or most of what he stole and was leaked was unrelated to domestic surveillance. Much of it revealed our overseas activity. It’s difficult to see how any of it was to the benefit of Western interests.


He wasn't "just trying to damage the NSA", he was trying to get the truth out about surveillance, the fact that the NSA was damaged was tangential and they shouldn't have been spying on US citizens. The NSA and other gov police entities were basically breaking half the dictates and the entire spirit of the US Constitution.


What are the motives for leaking information regarding our actions on foreign soil against foreign citizens? I was a big fan of Snowden until he started doing that. That isn't whistleblowing against Constitutional violations and seemed to indicate a shift in his objectives. It now appears that he is just against US spying at large, which is a perfectly acceptable political opinion to have, but it doesn't justify whistleblowing in a lot of people's minds.


> What are the motives for leaking information regarding our actions on foreign soil against foreign citizens?

1. Removing plausible deniability. "Well we might be deeply involved in domestic surveillance but we certainly don't do it outside the US!". The laws that enabled the NSA to do the surveillance were attributed to accessing data that traveled outside the US.

2. Demonstrating the power and reach for legitimacy/plausibility.

I'm sure I can come up with more than the first 2 minutes it took to assemble this post.

https://youtu.be/XEVlyP4_11M?t=822


1. They don't need plausible deniability because they wouldn't deny they are spying on foreign nationals. Every world power spies on foreign nationals. The controversy that Snowden revealed is that they are spying on their own citizens, spying on foreign citizens is already known and accepted as a reality of modern politics.

2. No one was really questioning the plausibility or legitimacy of the documents Snowden released (there was some challenges on the interpretation of those documents) and revealing unconfirmed and unrelated intelligence operations does nothing to confirm the information about the domestic operations that he released.


SMH

Your assurances that you know what the NSA (or proxy) would reason is laughable, for example. You have a view that he's a bad actor and it doesn't matter to me, other than it's a trivial thought experiment to justify his actions. GL


> What are the motives for leaking information regarding our actions on foreign soil against foreign [human beings]?

Which side of an imaginary line you were born on should not determine your rights. If he leaked documents about operations against Americans, and then also about operations against foreigners, in my mind he did the same thing twice.

If there was another difference, like spilling the location or identity of a person likely to be at risk, please spell that out. I have yet to see an example.


>Which side of an imaginary line you were born on should not determine your rights.

That is what I am talking about as a "perfectly acceptable political opinion", but it is not an opinion that is based off any laws. Almost no mainstream political figure would share that opinion and therefore if that is the basis of Snowden's arguments, it isn't a wonder why he was treated harshly by the mainstream political system. Foreign spying is an accepted aspect of modern life. I totally understand if you think that spying in unethical. But Snowden would have been received much more favorable if he simply focused on the domestic spying operations which are largely unpopular rather than also revealing the foreign operations which are mostly accepted as necessary by the general population.


Just the fact that, at the time in 2013, a large amount of unknown data was stolen and shared with foreign powers by someone with such privileged access was certain to have catalyzed risk adjustments to global operations, including down to the level of specific human assets. Without a doubt, those in the military are informed that Snowden absolutely did real damage to operations. I’ve heard this in person from multiple military officers. Casualties aren’t going to be discussed.

Snowden’s leaks clearly benefitted adversaries of the NSA:

* domestic global powers such as goog and fb were able to lock down their customer data, which has the downside of shifting unchecked power to those entities

* foreign powers of the us now had confirmed intel on usa’s global intelligence gathering playbook and adjusted accordingly

Additionally, we can perhaps gain insight to any potential upsides or downsides of the proliferation of civil libertarianism that is directly attributable to the actions of Ed Snowden. I do believe personally that the first global superpower (whether the CIA and Google, China, etc) that obtains a way to break all current encryption (and has all of the pcaps) will have a huge upper hand in understanding social effects of this movement of the late 2010’s.


> Without a doubt, those in the military are informed that Snowden absolutely did real damage to operations. I’ve heard this in person from multiple military officers. Casualties aren’t going to be discussed.

They said the same thing about Chelsea Manning, then in her trial the prosecution finally admitted that they couldn't actually point to any casualties.


As a European citizen I’m very glad that Snowden reveled the depth of US surveillance over the world. It may have not benefited US citizens, but it had removed US surveillance from conspiracy theories to put it on a list of facts and I’m very glad for it.


> What are the motives for leaking information regarding our actions on foreign soil against foreign citizens?

Because many of the spying actions were against Americans. Did you not read the leaks?


Sure, I read them. Many of them were about operations against US citizens. However, not all of them were. Here[1] is one example that comes to mind. That story in this leak is interesting, newsworthy, had serious repercussions, and was potentially unethical for the US government to do. However it is also exactly the type of thing everyone expects the NSA to be doing and it doesn't involve the spying on any Americans. This is the type of leak that will ensure that Snowden isn't embraced by the US government.

[1] - https://www.theguardian.com/world/2014/aug/13/snowden-nsa-sy...


> However, not all of them were.

Ok, but many were. Therefore it is a problem.

And spying on Americans is something that many people have a problem with.


Your words do nothing to counter the argument of the comment you were replying to. The fact that the vast majority of the documents leaked were completely unrelated to domestic surveillance is as strong an indicator as we can get that he was specifically trying to damage the NSA, and any claims otherwise are PR.


drone strikes on people based on heuristics over metadata was the kind of logic that was operating at the highest levels of the intelligence apperatus, and not even congresspeople assigned to intel committees were aware of it.

people should know about the kind of insane stupidity that they get up to overseas that make the country less safe. or what, do you really think that that kind of stuff is what's keeping the terrorists from doing another 9/11?


This is a strawman, and isn't relevant to my argument at all. GP of my original comment never made the claim that the NSA/US weren't doing bad stuff (outside of domestic surveillance), only that Snowden was trying to damage them.


Clapper and Brennan (the ones who were in charge and bungled the Snowden and Assange cases) being hired on by major networks as pundits is apparently enough to shift the narrative.


I love that Trump's DoJ hounding Assange into British custody and unsealing a huge indictment against him has done nothing to shake many Democrats' faith that Assange is some kind of Trump/Putin stooge.


Calling him an "agent" is silly, but Snowden is living in Moscow at the pleasure of the Russian regime. It's hard to believe he's entirely free, or even substantially free, to do what he wants.

It's pretty clear he never wanted to end up there. The US definitely screwed up by leaving him few other options. He's not an agent of Moscow, but he's not a free man either.


He's probably as free as he could be. Certainly more free than in US. Russia is scoring against US by simply letting Snowden live free. Then even if it will be hard for you to believe, some countries grant asylum to asylum seekers, simply to comply with international treaties


This right here is what I believe. He isn't there out of choice, he is there out of a lack of options.


I think Russia has a lot to gain by letting him live freely


this. the public in US is so easily brainwashed it is actually very scary. Having lived in an oppressive state USSR and now in USA I find too many alarming similarities :(


>I think the administration badly, badly mishandled [whistleblowers]

Yes, but by design. Other than passing lip service towards transparency. The fact is Obama admin actively sought to silence them. I know this isn’t popular because HN won’t want to hear anything bad about Obama, but it’s a fact.

In the seven years of Obama's presidency, the administration launched a record number of cases against those who revealed what the government wanted kept secret. Under Obama, eight whistleblowers have been prosecuted under the World War I-era Espionage Act, more than under all other presidents combined.

Sources abound; pick your favorite.


Agreed. one of the most illuminating aspects of the Obama administration was the divergence between great tolerance for corporate whistleblowers on the one hand, and animosity toward government whistleblowers on the other.

Also, people cite the "more than any other administration" argument frequently, especially in media, but rarely think to mention the small sample size. nice work!


Yea, there is a special handling of that whole line. More than any other administration - doesn’t seem like much. And the qualifier that we’re talking about 8 makes it seem less important.

However, those 8 people also the qualifier of “combined” where the sum of people charged with espionage until Obama was less than 8 people total, and then he comes in and exceeds that. No one should believe that from 2008-2016 we had some resurgence of traitors to the country. Just people charged as such in most cases for doing the right thing overall.


To put my views into this perspective. Am I glad that Snowden and others leaked information on government programs? Yes.

That said, I think it's amusing when people need to call out "Under president <whomever>'s administration..." as if it makes a point by itself and implies something directly about the president that was named. Let's not pretend here, that's exactly what you were doing. Using this same logic, I hope you blame George W. Bush's administration entirely for the 2008 recession. I want to be clear, I'm not pretending that the sitting president's policy decisions and other influences don't have an effect. But inherited legacy, context, and the surrounding details play a huge role in how these things play out.

First, the people you are talking about (Thomas Drake, Shamai Leibowitz, Chelsea Manning, Donald Sachtleben, Stephen Kim, Jeffrey Sterling, John Kiriakou, Edward Snowden) all have different circumstances surrounding their cases.

Second, they all stepped forward roughly around 2009 and later. Most gathered the information they leaked between 2000 and 2008 working on programs for the CIA and NSA. They all leaked information that wasn't supposed to be leaked. The default in our government is to handle that with punitive measures. If they had stepped forward during any other presidency would the outcome have been the same? Yes.

Third, alluding to some sort of hypocrisy with regards to transparency when talking about intelligence programs initiated by the CIA, FBI, NSA, etc is ironic. Just because an administration wanted to embrace transparency doesn't mean it's fine to free-for-all leak information from those agencies.


> They all leaked information that wasn't supposed to be leaked.

What did Thomas Drake leak that wasn't supposed to be leaked?

> If they had stepped forward during any other presidency would the outcome have been the same? Yes.

Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.

Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.


> What did Thomas Drake leak that wasn't supposed to be leaked?

He leaked information classified as "secret". Additionally he leaked unclassified information of which some of it was classified as "Unclassified—For Official Use Only" which means it is not supposed to be given to the public and is intended for internal or law enforcement use only.

> Kiriakou in fact stepped forward in December 2007. The Justice Department under Bush did not pursue him, and it was explicitly the Justice Department under the Obama administration that did so.

I'm not going to disagree here. For whatever reason, the CIA brought this case back in 2012 and asked for it to be pursued.

>Similarly, Jeffrey Alexander Sterling was in contact with a journalist during the period 2002--2004 (for a book published in January 2006), but his prosecution was also led by the Obama administration.

The Bush administration sent (the journalist) James Risen a subpoena on January 24, 2008. The leak investigation surrounding Sterling didn't come to a culmination until 2010. The investigation started in 2003, under Bush.


>[all had difference scenarios and different times]

Yet all were charged by the Obama Admin, for something people largely agree with and in most scenarios exposed government breaking the laws they themselves set.

As to your argument it doesn’t count because Obama didn’t put the cuffs on them himself - no, it was only Holder and Lynch who did the actual work, who directly reported to and were appointed by Obama himself.

I wonder if you would apply the same “AG autonomy” to decisions Sessions or Barr have made where those don’t reflect or implicate direction from Trump?


I'll quote myself, "I'm not pretending that the sitting president's policy decisions and other influences don't have an effect. But inherited legacy, context, and the surrounding details play a huge role in how these things play out."

The point being, there are often things initiated by past presidents that come to a head within the time the sitting president is in office. How the situations that arise are handled absolutely reflects on the sitting administration. But people who ignore the history and legacy surrounding those situations because it feels good to take a shot at an administration that has a letter after it (be it R or D) that a person doesn't identify with is overly simplistic.

There were a lot of things the Obama administration did that I do not agree with. Specifically, the use of drone strikes, how the ACA was handled (albeit a lot of players were involved), continuing revolving door policies, and more.


[flagged]


To be clear, I downvoted both your and your parent's comments, not for saying disparaging things about Obama, his record, his hawkishness (many of which criticisms I quite eagree with), or anything otherwise negative about him, but rather for saying that HN is a place where that stuff is wrongthink.

Disagreement isn't persecution.


[flagged]


So the part where I actually agree with many of the concerns about the man and his administration is ... what? Noise? Doesn't matter, because I didn't use the "right" word?

Real talk: we haven't even begun unpacking the ironies here, dude.

EDIT: No, that's not an invitation. This conversation isn't going anywhere useful to anyone, and I have both a meeting, and deadlines. Have a good day.


There you go again. It was you who used the word disparaging, not me. Plenty of words to pick. You picked that one.

I point out that truth.

I point out how that further proves the point I and the parent were making.

You get all bias'ed and upset (read: subjective) and try to paint me and the facts as the bad guy.

Don't you recognize the downward spiral of your "logic"?

Thx for taking the time to vindicate the original theory (on NH "inconsistencies").


Okay, then. Why is "disparaging" such a terrible word to have picked?

Let's start there, and we'll our way 'round to logical "downward spirals"...


So you downvoted _my_ experience? -Time and again? On NH? Because my experience is "wrong"? Oh. I see.

I wish had a reply for that but I can't even get my head wrapped around the irony and the absurdity.


You might be having trouble wrapping your head around the thing, because the thing you're trying to wrap your head around is completely different from what I said.

To be clear, then: I did not downvote your experience. (I'm not even sure what that means. Can you explain?) I downvoted the counterfactual conclusion that you've drawn from your experience, and then crowed condemningly at the community.


An agent? No. But friendly towards those friendly to him? Who in the world doesn't do that?

After all, the enemy of my enemy is my friend.


I don't know about friendly. If you're wanted at home, and living in a foreign country at the pleasure of the local regime, there's going to be hard limits on what you're allowed to do without consequence.


> But friendly towards those friendly to him? Who in the world doesn't do that?

I feel you underestimate people's intelligence — assuming that everyone can be played with a simple overture of friendliness.


Seems like a difference without a distinction, and I'm not even sure it's correct. If he's acting in the interest of Russia, he's a Russian agent.


The distinction is responsibility. If he were operating under orders from Russia, Russia bears ultimate responsibility for his actions. If they have no control over him and his actions merely benefit them, he bears responsibility for his own actions.


Going by that standard, 95% of all Russian peasant farmers are "Russian Agents" and that's pure ridiculousness from any angle.


>Going by that standard, 95% of all Russian peasant farmers are "Russian Agents" and that's pure ridiculousness from any angle.

Oh please, you're the one being ridiculous. I think we all know there's a line between farming for the good of civilization and actively working to push an agenda. C'mon.


I suppose that all the South African farmers that moved to Russia to avoid getting killed over politics by savages are also Russian Agents.

https://www.thesouthafrican.com/news/land-expropriation-russ...


If the subsequently worked at the behest of the Russian goverment to push their agenda, yes. Honestly are you even reading what I'm typing?


Well, then I suppose it was indeed a PR stunt for the Russians to accept South African farmers, and they are according to your logic indeed Russian Agents! That is assuming a PR campaign pushes an agenda, and I would argue it does.


There is a difference between and unwitting pawn, especially in a circumstance like that, and someone who acts with full knowledge as to what they're doing. I don't understand why this is difficult.


It's never an either/or. you're presenting a false dilemma.


Hold up, where did you get the idea that Assange has at any time worked for “the Russians”? It seems like he’s stuck to his guns and his convictions on Wikileaks without any misstep. There was never any indication that he had a change in loyalties or that the quality of Wikileak’s content had changed, was there?


When those tasked with enforcing the rules take a punitive approach as the default, loss of a potential asset is the most likely outcome.


Yeah it would have been an opportunity for Obama to shine but alas he didn't. Just the mediocre, status quo President that we elected. In retrospect, I'll take him any time over our current Mango Mussolini.


People spend so much time patting themselves on the back for electing the First Black President - who was witty, looked leader-ly on TV, and wore a (D) behind his name - that they totally let him off the hook for so many abhorrent policies, like mass surveillance, drone assassinations, and the way he mistreated the biggest whistleblower of our time.

It's so disappointing how few people seem to have complex thoughts about our political system/politicians, and it shows in the ever-decreasing quality of those things as time advances. Bandwagons are dangerous, and it seems we only have bandwagons left.


Obama is the equivalent of a SWE candidate that only studies Leetcode and interviewing tactics.

People thought everything else (e.g. the substance of the job) would be on the level of his oratory skills, but it turned out he was just some guy that knew how to get votes.


I believe he is a hero and did the right thing, but I think there is no way the US could do anything but try to put in prison someone who illegally made state secrets public. That would have set the precedent that anyone with secret bad looking intelligence about the US would be safe to come out with it. Turns out I'm sure that there is a lot of intelligence that looks quite bad for the US.


There are in fact whistleblower laws. The big question at hand is how it was handled. Snowden claimed to go to his superiors first, which checks off an important box. So the question is if he did that or not. I believe he was also supposed to attempt to report to Congress before he can legally go to the media. It's definitely a gray area and if you believe it is right probably depends on how much you trust the government and moral factors.


I believe he did the right thing, I probably should have made that more clear. I also understand why the government still can't possibly treat him in anyways but as a traitor


I think he did the right thing too (though maybe not the best way, but that's a completely different argument). But I don't think you have to treat him as a traitor. We're a society that values democracy. A branch that is over reaching should be realed in. We've done this is the past. I think the framers very much understood that democracy is always a balancing act. One that must be continually fought for. I think anyone who really has looked into democracy clearly see this. I think we've just lost sight of that (I'm talking about a lot more than Snowden though)


This sounds awfully similar how Western governments singled out the so called communists. If you don't support war and actively protest against in the Middle East does not make you an agent for isis or Muslim brotherhood.

If he was an agent the Muller investigation would have revealed it. It doesn't say so in the paper that is public, I actually read the whole thing.

You're an agent if you get orders from Kremlin, people's interests align often with different people, hence the world and politics is complicated.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: