Hacker News new | past | comments | ask | show | jobs | submit login
The battle to save America’s undercover spies in the digital age (yahoo.com)
152 points by carrozo on Dec 31, 2019 | hide | past | favorite | 92 comments

> Singapore was one example, recall three former intelligence officials. By the early 2000s, the agency ceased running certain types of operations in the Southeast Asian city-state, because of the sweeping digital surveillance there. The Singaporeans had developed a database that incorporated real-time flight, customs, hotel and taxicab data. If it took too long for a traveler to get from the airport to a hotel in a taxi, the anomaly would trigger an alert in Singaporean security systems. “If there was a gap, they’d go to the hotel, they could flip on the TVs and phones and monitor what was going on” in the room of the suspicious traveler, says the same former senior intelligence official. “They had everything so wired.”

Tbf Singapore is a city state and integrating surveillance infrastructure on a smaller scale is easier, but that's still pretty impressive.

Anecdote: one time I was visiting a friend in Singapore, they were busy when I arrived so I loitered around their apartment building's elevators for a bit, waiting for them to finish so they could push the intercom button to send me up. I tried the fire entrances, but they were all locked. Anyway, later that evening, some people from the government came to my friend's apartment and demanded to be let in. They demanded ID of everyone in there, including myself, as well as my address, and also checked my friend's lease. They even barged in on my friend's roommate who was showering.

To this day I've got no idea why it happened. Singapore may be very modern, but deep down the government is still very authoritarian. Funnily enough, I lived in mainland China for a couple years but never experienced anything like that there.

> Singapore may be very modern, but deep down the government is still very authoritarian.

Those two really have no relation to each other, though.

Or more depressingly, maybe they do.

William Gibson (yes, that William Gibson) wrote an article about Singapore and the authoritarianism way back in 1993 [1]. He called it "Disneyland with the Death Penalty". WIRED mag ended up getting banned for a while after that article [2]. I guess things got a lot more dystopian since then.

[1] https://www.wired.com/1993/04/gibson-2/

[2] https://www.wired.com/2012/04/opinion-jeyaretnam-disneyland-...

>By the early 2000s, the agency ceased running certain types of operations [...] The Singaporeans had developed a database that incorporated real-time flight, customs, hotel and taxicab data. If it took too long for a traveler to get from the airport to a hotel in a taxi, the anomaly would trigger an alert in Singaporean security systems

I don't get it. Why don't the agents act normal until after they got to the hotel?

Later in the article it points out that an undercover person would arrive on a passport under a name but then check into a hotel under a different name. In that case it would trigger the alert that the passport name never arrived at a hotel. It also says that the practice had to change so that an undercover person used only a single persona for a country instead of having multiple personas and switching between them.

My thoughts exactly. Don’t agents try and blend in by keeping a unremarkable profile? Once you’ve arrived your schedule can be anything you want.

I'm sure they did, but that is just one example.

Yes, but this was also 15-20 years ago. Plus most people live and work in cities. I'm sure that every western or industrialized country has these capabilities in their major cities now.

> stole data on nearly 22 million former and current American civil servants

I see this time and again. All the data in a single database where one compromised access can get it all. Data should be compartmentalized, and rate limited.

Oh, but it gets even better. I worked in intelligence back in the 80s, so when the OPM hack happened I figured my records were safe - after all, we didn't have a lot of computer storage back then, so my records were all on microfiche and stored in a rusted out filing cabinet in some dank basement, nobody would be so stupid as to scan all of those old records into a computer and put it on the internet, right? Imagine my surprise when I got one of those letters stating that all my records had been compromised... sheer genius.

There’s a good chance your original records weren’t compromised, and a much smaller profile of you was created because you were listed as a reference for another employee.

If I recall, some of those references also got notifications in the mail.

Yes, family members were notified too

The whole article is weird for barely mentioning compartmentalization as a standard intelligence approach (they mention as a few things but as innovations). And for speaking as if the programs that they knew about were all that was happening.

That said, the compromised database was from a civilian, non-intelligence agency. Of course, logically, CIA agents shouldn't have been in that database but it seems they were.

And the other thing is that you have CIA, NSA etc working hard to spy on everyone but none of them were willing and able to keep the larger Federal Government from having terrible security practices. Which comes from the intelligence agencies being more about catching people and learning secrets than about protecting the US as such.

> That said, the compromised database was from a civilian, non-intelligence agency.

Yet they had fingerprints, meaning they must have gotten the data from the government.

But it does lead to a larger question. Articles by cybersecurity people always seem to focus on preventing unauthorized access. I've never read one that talked about given the inevitability of unauthorized access, how to avoid losing everything?

After all, we have ships with watertight compartments. Even spy networks are organized into "cells" to limit the damage from compromised agents.

Why is security not talking about compartmentalization?

Why is security not talking about compartmentalization?

Well, this is one article and it's always possible this is one of those "write down official X's talking points" articles, and official X doesn't talk about compartmentalization because the impression they are aiming for is "look us, we're helpless, helpless against these threats, please give us unlimited money and power and might be able to fix things, if we're lucky."

I am fairly certain that is why things like Cloudflare’s Red October exist.

They weren't. That's the problem, because the actual diplomats were.

This. The higher the degree of centralization, the higher the reward for stealing the data is compared to its protection.

Or in most cases expired or probably not collected at all.

I though the CIA wasn't using OPM - but your right for some use cases records should never be online.


>Even a switch of employer, or an unexplained gap in one’s résumé, can be a giveaway to a foreign intelligence service, say former officials. In response, the agency has also shifted to recruiting individuals within the companies they already work at, and, with the approval of corporate leadership, secretly transitioning those persons onto the CIA payroll, and training them intermittently and clandestinely, far from any known CIA facility.


>“There is a serious legal and policy process” in place at the CIA to manage these relationships, says a former official. Otherwise, “you could break industries.”

This is going to be the end of multinational companies. Once a company starts providing cover to CIA officers, those companies will be blacklisted from many countries around the world. This policy will also raise suspicion of pretty much every US company operating abroad.

At the same time, you'd be a fool if you don't think espionage doesn't incorporate "corporate espionage" and many offenses aren't encouraged by nation state.

Bosch and GE for example. Siemens and GE.

The exact same problem exists in China.

It is my belief that there is presently a joint public relations storytelling campaign underway between the US intelligence agencies and the large US internet companies to restore faith in these companies abroad following the Snowden revelations that the NSA is spying on everybody via these services.

Facebook and Instagram have guaranteed that spies can be identified before they even decide to become spies. There will be decades of facial recognition data and social media presence as adolescents and adults before the thought of becoming a spy crosses their minds. If you don’t think that governments have already mined this data or have agents in all of the major companies and extracting data that would be extremely naive.

Unless foregin governments continuously poll and save data from FB and IG apis (which is possible) all of that can be faked or deleted. The US intelligence community has deep pockets and relationships to tech companies. You scan a face, and up pops a legit looking FB account.

I think the article makes it clear that data from many sources is being used and that there's no one "source of truth". It also points out that there's an increasing sophistication to the creation of online presences.

>Unless foregin governments continuously poll and save data from FB and IG apis (which is possible) all of that can be faked or deleted.

Given how simple and relatively cheap that is I would be very suprised if they don't. This is a kind of operation that a few people with their private budgets could pull off (I mean just scraping the contents and storing a single copy , not the analysis part) so don't expect powerful and not-so-powerful organizations or goverments restraining themselves from doing so. This is neither expensive nor difficult while being extremely valuable

It would be interesting to see if the NSA/CIA whomever would hack into external DBs of data and insert fake people into them, so when they check against polled api data, everything checks out. Cyber is an offensive world, after all. I wonder if, thinking in a post truth manner, ambiguous or grey is enough for the intel world.

Assuming that the average adult citizen is nowadays using social networks for more than a decade you could cross-reference the persons photo with many snapshots of your scraped data expecting the person to show in most of them, not just one. With such approach, the fake profiles would have to be created with many years advance to succeed. Now given that using cryptography it is relatively easy to verify if our reference data was not tampered with this insertion of fake profiles would be kind of hard. Hacking such systems in one way or another could be a "solution" depending on how such systems operate (and if they actually exist or are just a theoretical possibility imagined by hn community)

> With such approach, the fake profiles would have to be created with many years advance to succeed.

That's called building a legend and YES, the intelligence agencies have been doing it for years. But more importantly, in professional networks (mostly LinkedIn) generally you wouldn't have to. Most people don't use it the same way as Facebook or Twitter with regular updates and it doesn't show others when you connected so if you create a profile and fill in details, the system takes care of most of the rest.

The most likely place that would leak the age of the profile is whatever internal profile id that might be embedded in the urls or the page itself. If it's too high, it would be more recent than claimed.

Here are some of the details you can explore: https://caseysoftware.com/blog/open-source-intelligence-link...

>and it doesn't show others when you connected

if I actually scraped all the profiles in 2009, then in 2014 and then in 2019 I could tell whether an account is a 10+-year old account by simply checking if it is available in my 2009 snapshot. Does not matter if the social network displays or leaks profile age in one way or another. If it's not in my 2009 and not in 2014 snapshots then that profile is 5- years old. With frequent enough snapshots I would get even better timing resolotion. Now given that it's neither that hard nor that expensive to scrape or store that amounts of data, such an approach would actually be feasible.

Valid points. With the (no longer available) index pages on LI, you could get to most of the profiles too.

The drawbacks are:

a) Not having a profile isn't definitive. You could have missed it, it could have been locked down, or the person joined late.

b) You can't go back to build your baseline. You had to have the foresight to scrape it then or count on one of the breaches to establish who had accounts when.

The primary mitigation here would be LinkedIn (or any social network) itself. Whatever controls they had to block spidering, limit further than immediate contacts, etc would have to kick in.

>Whatever controls they had to block spidering, limit further than immediate contacts, etc would have to kick in.

On the other hand their business requires the ability to discover candidates by HR people so I guess that completely disabling search/discovery is out of question. Of course a simple limit to a number of queries or their reach would still be a huge problem for the scraper while not being a problem for most of the users and therefore not hurting the business.

Then considering that such massive scraping is probably already illegal and additionally the operation is being done by some intelligence agency meaning that legality is not an issue we can do a lot more that simple scraping using some proxies. This could include use of botnets (free resources, mich wider and more realistic pool of IPs) and/or hacked accounts (to scrape as a verified reputable user).

This all of course makes such a scrape a lot harder and probably not something that a single person with just a personal budget could do,but I believe this is still within the reach of even a small organization. And I'm 100% certain that this does not require multi-billion black budgets or large datacenters hidden underground.

>a) Not having a profile isn't definitive. You could have missed it, it could have been locked down, or the person joined late.

of course you are right with that, but then I could have full-scrapes being done once a year or even more often. While missing a profile once is obviously quite realistic and actually expected I assume that it would be unlikely that the same profile is ommited 20 times in a row given that the scraping has generally been proven to be effective.

Additionally I was initially thinking about using such data as one of the metrics not as a definitive spy-detector. Your account missing in my 2009-2017 scrapes and appearing just recently does not make you a spy but does increase a likelihood of you being so.

>You can't go back to build your baseline. You had to have the foresight to scrape it then or count on one of the breaches to establish who had accounts when.

Thats true. And even with data available from breaches might not be accurate or even be intentionally altered. But then again not everyone runs an intelligence agency

But how can it be faked? You can upload a fake FB account but it's new. Country X can say 'that account wasn't there 2 years ago'. Nor can agencies set up fake accounts over time as they need to know the faces of future spies to create their fake front over time and that's not possible unless you choose spies from birth.

The scene from Minority Report comes to mind where he takes some kind of pill that painfully distorts his face so as to not be detected by FR cameras.

Is the technology currently good enough to detect the same person if they have different color eyes, different sized lips & eyebrows, abundance of lack of facial hair etc, downturned mouth vs smile etc?

If you take someone who hasn't slept for 3 days + hangover + flue their face will look substantially different than when fresh as a daisy.

its not just the digital age, its the growing technological incompetence of our spy agencies in general. China executed nearly 30 agents and informants in the country in 2010 as they easily sidestepped the CIA's mediocre communications system


> Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

Why would the Chinese do that? Here is this treasure trove of information why share it with anyone. But I do see the Chinese being hacked by the Russians scenario after they figured out the Chinese had that kind of info.

There are numerous reasons.

- The simplest but least likely is money. Reselling some portions of the data or even running it as a "Go Fish" service is immensely valuable.

- The more likely scenario is an enemy of my enemy situation where the value of screwing up US operations is useful to a) show you have the power or b) build a more amicable relationship with Russia.

But realistically, all of that was probably unnecessary. Google Robin Sage and check out how much sensitive information people share entirely by accident OR that is not sensitive by itself but when combined with other aspects can become weaponized.

That's why whenever anyone says "none of this data was classified!" it's an almost meaningless statement. None of us understand what missing puzzle piece will put it all together.

* Both my wife and I were included in the breach. When the new broke, I wrote it up here: https://caseysoftware.com/blog/why-this-security-breach-is-w...

On the "but none of the data was classified!" part, a colleague made this video to make it a little more concrete: https://www.youtube.com/watch?v=nbgQ1V2BLEs

> Robin Sage

Surprised that on the Wikipedia page there's no mention of anyone trying to do a reverse image search of the profile picture which is claimed to be of a porn star. Often quicker & easier than browsing almuni pages etc.

> Here this treasure trove of information why share it with anyone.

China could have viewed the potential damage to an adversary (the US) to be smaller than any disadvantage it incurred itself by sharing.

Or China could have seen a small cost to itself in sharing, and a large gain to Russia, offering the opportunity to bargain for other things.

Imagine your life rests in the balance with the correct S3 bucket permissions.

Also! I would also hate to be the person that copies iranian_secret_spy_ssns.json over to the wrong bucket.

This will happen for any manual process.

Yes! Ensure it will work correctly with thousands of lines of bash + jenkins + ec2 machines + all through a docker container + slack notifications.

Better yet, never collect the SSNs of secret spies. Or of anyone else, for that matter.

The "other guys" are all generating the same information though. And everyone is generating potentially actionable information even when they aren't on an operation, actively practicing tradecraft or in-country on assignment. Eventually intelligence is going to be akin to high frequency trading where small differences in timing, degree of automation and insider information/insights will be deciding factors.

I think there are significant differences between the level of capabilities of surveillance in the US and some of the countries mentioned in the article, and those differences are likely to persist or grow larger in the foreseeable future.

This is vastly amusing.

Privacy in meatspace is dead. 100% dead. Never coming back.

Until we have body transplants, anyway.

Netflix has a wonderful show with this concept, Altered Carbon. Season 2 coming soon!

Hey thanks :)

I gotta say, though, that I was disappointed by it.

I much preferred the books. They censored too much stuff, such as the torture sequence, where he was a little Arab girl being tortured, and then back as himself went on an impressive rampage, killing most all of the medical staff.

And then they changed too many characters.

Changing 'charatars' was part of the brilliance and how that confuses your brain. I was a fan so glad to hear there is a season 2.

This reminds me of the instance where data from a sports app used by US soldiers revealed army bases world wide, including secret ones. The main reason why this was found out is because it was available to everyone. But how many apps used by soldiers today have similar abilities to determine their location?

In general, it's getting harder to smuggle humans into different countries, but the vast deployment of hardware with questionable security properties world wide has led to major opportunities for intelligence agencies. The Internet of Things is the newest opportunity to collect data in large quantities.

For those wondering, the app was Strava. Through the heat map they publish, it revealed, among other things, patrol routes of military members wearing Fitbits.


Such a massive fail, I'm baffled as to how nobody thought of this.


A fitness app that posts a map of its users’ activity has unwittingly revealed the locations and habits of military bases and personnel, including those of American forces in Iraq and Syria, security analysts say.

The app, Strava, which calls itself “the social network for athletes,” allows millions of users to time and map their workouts and to post them online for friends to see, and it can track their movements at other times. The app is especially popular with young people who are serious about fitness, which describes many service members.

Since November, the company has published a global “heat map” showing the movements of people who have made their posts public. In the last few days, after the app’s oversharing was identified on Twitter by a 20-year-old Australian university student, security analysts have started to take note of that data, and some have argued that the map represents a security breach.

Strava “is sitting on a ton of data that most intelligence entities would literally kill to acquire,” Jeffrey Lewis of the Middlebury Institute of International Studies at Monterey, Calif., warned on Twitter.

Some analysts have taken to social media to warn that, although the map does not name the people who traced its squiggles and lines, individual users can easily be tracked, by cross-referencing their Strava data with other social media use. That could put individual members of the military at risk, even when they are not in war zones.

The perfect gift for everyone on your list. Gift subscriptions to The Times. Starting at $25. The outlines of known military bases around the world are clearly visible on the map, especially in countries like Afghanistan, Iraq and Syria, where few locals own exercise tracking devices. In those places, the heat signatures on American bases are set against vast dark spaces. Tobias Schneider, a security analyst, wrote on Twitter that “known Coalition (i.e. US) bases light up the night.”

In Afghanistan, for instance, two of the largest coalition bases in the country — Bagram Airfield, north of Kabul; and Kandahar Airfield, in southern Afghanistan — can easily be picked out. The same is true for smaller bases around the country whose existence has long been public.

But there also appear to be other airstrips and base-like shapes in places where neither the American-led military forces nor the Central Intelligence Agency are known to have personnel stations.

Perhaps more problematic for the military are the thin lines that appear to connect bases. Those lines seem likely to trace the roads or other routes most commonly used by American forces when traveling between locations, and their exposure could leave troops open to attack when they are most vulnerable.

The Pentagon did not directly address whether the heat map had revealed any sensitive location data. But Maj. Audricia Harris, a Pentagon spokeswoman, said that the Defense Department recommends that all its personnel limit their public social media profiles and that it was reviewing the situation.

“Recent data releases emphasize the need for situational awareness when members of the military share personal information,” Major Harris said. The Pentagon “takes matters like these very seriously and is reviewing the situation to determine if any additional training or guidance is required,” the major added.

The Central Intelligence Agency declined to comment.

The threat also extends to countries where the app is more popular. Dr. Lewis of the Middlebury Institute wrote in The Daily Beast that the pattern of movements clearly showed the location of Taiwan’s supposedly secret missile command center.

Strava is not the first program to collect far more information, including location data, than users realize, nor is it the first to make some of that information available to prying eyes, intentionally or not.

Researchers at Kyoto University revealed in 2016 that they could find the precise locations of people who used popular dating sites, even when the users took steps to disguise that information. Last year, data was found online that would allow anyone to track more than half a million cars with GPS devices.

But the Strava app, which works with wearable technology, goes even further in tracing people’s locations with precision and sharing that information with the world. The map’s settings show the extent to which routes are traveled, and whether on foot, by bicycle or in a vehicle.

Strava, which is based in San Francisco, claims tens of millions of users, in almost every country. The app can be used on Apple and Android phones, and wearable activity trackers like Fitbit devices, the Apple watch, and Garmin and Suunto sports watches.

The company released a statement on Sunday noting that the app has privacy settings that can exclude users from the map and hide their activities from the general public. It urged people to read a blog post from last year about how to use those settings.

The map “excludes activities that have been marked as private and user-defined privacy zones,” the company said. “We are committed to helping people better understand our settings to give them control over what they share.”


Switch off Javascript for nytimes.com and you can read articles. Not all of the picture will load though.

It just sounds like the undercover spying in its old classical form falls victim to the paradigm shift and has to adapt and evolve ("digital transformation") like many other professions.

The US Govt. cannot keep information about their own SPIES sent to FOREIGN SOIL safe.

We’re supposed to trust them with encryption skeleton-keys that can open any phone or web traffic in the world and trust them to keep it safe.

Do they know that we live in a world where Nations burglarise from individuals?

North Korea for example funded their missile program from criminal activity on the internet. Can you imagine what will happen when they steal the skeleton key to intercept credit card traffic worldwide??


This ignores a bit of history, at least in the Cold War for Russia and China. Assets were basically use once and burn. Agents could realistically last maybe 12 months in either place and could never return. The youngest would get deployed because they had the cleanest records. Russia mostly knew who the experienced spooks in the consulate were, even using cover.

How infuriating. The intelligence agencies have done almost nothing to defend the privacy and security of US citizens and systems, and now the constant leaks and incredible frailty is hurting them just like they hurt everyone else who wants privacy and anonymity. What a lack of foresight.

I am still convinced that creating social networks aka gigantic databases of our own population was a mistake on an unheard level of idiocy. Foreign intelligence must be shaking their heads in disbelief what we handed to them voluntarily. What took months if not years to generate for foreign intelligence can now be gathered, tested on confirmed in a plethora of public, leaked or infiltrated systems.

I don't see any solution to this type of problem ever, aside from creating a paradigm where countries can trust each other and their citizens. At the rate we are currently going we might actually be more likely to have some kind of human extinction event before that happens.

It's strange that no one even mentions the possibility of a paradigm like that though.

Just add the NYT location data set and why leave the office as a spy? It’s all about analysts now?

This is a very good article but it misses a few things.

-One of the techniques these days is to borrow an already existing identity for a period of time. If person A has lived a normal life, their story exists but if they haven't gone through biometrics in country B before then it's easier to get person C in (but obviously it's still harder than before). The identify is then returned

-People with potential for dual nationality have gone up in importance. Especially if they are legally allowed also to change their name.

-Equipment and database owners are key. Watch how popular 3M systems are in the world for example

> borrow an already existing identity

Undone by biometrics. It's not just about biometrics in other countries, it's also about biometrics leaks.

> People with potential for dual nationality have gone up in importance

...and are also highly suspicious.

> legally allowed also to change their name.

That's public record. Not helping.

Doesn't facial recognition counteract all of these techniques though? (Plus DNA sampling, if foreign intel gets close enough to grab a sample). There's only one 'true' face or DNA for each person, no matter how complex a background their handlers spun online. I feel like facial recognition was one of the main points of the article

It is probably a good thing if it is getting harder to send your spies in foreign country. Should not this be considered a win win scenario for everyone ?

Covert spying can be beneficial in some ways. Knowing that other actors may be spying on your plans tends to keep you honest. To the point that it may even make sense to encourage others to possibly spy on you, as a signal of trustworthiness. Of course, this works well when these capabilities are balanced and widespread (as in so-called sousveillance) and not-so-well otherwise.

Absolutely not. Spying, even on America’s friends, is important for our foreign policy and for staying on top.

I think you are confusing the world of geopolitics with concepts like “fair” and “good” and forgetting Lord Palmerston’s quote: “ Nations have no permanent friends or allies, they only have permanent interests.”

Ok, but since I’m not American and don’t care if US is Number 1 and I really don’t like it when yankee spooks kidnap people in my country a supposedly close US ally...

... I don’t care if US spooks lives are more difficult or in peril?

Did you just make a new account to reply to me...?

Even if you are not from the US you care because because other world powers (China and in a much smaller way Russia) will be much worse for you.

The interests of our masters, are not our interests. Our interest is that they cease to exist.

Why would an American government database ever need access from outside the US? Under what circumstances couldn't a simple IP rule prevent such a silly transfer of data?

I could never wrap my head around government databases (that need to be secured) using using AWS or other cloud with default security.

In the case of the OPM database, it was outsourced to an outsourcer to an outsourcer who was administering the data from China. What's not discussed in this article is that as administrators, they had full read/write access to the system so we must assume that it is tainted.

While this article cites 2014, I believe investigators concluded the attackers/admins had access starting sometime in 2009.

I covered the implications of it when the news broke in 2015: https://caseysoftware.com/blog/why-this-security-breach-is-w...

Not strongly disagreeing, but some ideas: Embassies, CIA, etc...

I'm not a US citizen but have lots of US based servers. In-fact it is cheaper to get US based IPs than anywhere else.

It's completely trivial for non-US people and companies to rent US servers and make the request from there. Or just compromise something.

"Government AWS" exists, and may well be better than letting non-experts build their own.

> Why would an American government database ever need access from outside the US?

The US collaborates with allies and they share resources and intelligence data.


Governmental contracting is a lowest-bidder game, and budgets are variously limited.

Yes but security requirements are usually inckuded

I'm not a spook myself, but ISTM this should always have been disqualifying:

Now you show up at the border of Russia, they’ve got your high school yearbook out there where you wrote about your lifelong ambitions to work for the CIA.

In practice, you show up at the border of Russia and are detained (in my case, because virtually no Americans cross this particular border). A nice, younger FSB agent with some English skills asks you a battery of questions but doesn't really care about their job, asking if they can just fill in your address again when given your parents' address, because it's more work than it's worth to transcribe another address that no one will ever read. Later, an older, saltier, more senior FSB agent harangues you over some missing documents before getting bored and letting you go.

We have some amusing preconceptions of Russia that rarely survive the reality of Russia.

Realistically, if you've been stopped by Russian border police and complied with their requests you've done everything right. Russia then has three options:

A: detain you and spur an international incident with complaints to the U.N. re human rights abuses and everything else.

B: refuse entry.

C: delay you long enough to get a follow team deployed so they can see what you do without inciting a lot of bad press, or delaying your travels more.

I think it’s a rhetorical exaggeration - hyperbole.

Writing that in your facebook/yearbook would probably be a disqualifier.

There are enough doppelgängers but you need to have a cover story.

I mean, shouldn't we assume that our phones, TVs, laptops, bedrooms, and bathrooms are bugged and monitored by every major government? Isn't this what governments have always wanted? It's for our safety, I thought.

Why bother with bugging a bathroom when most people will carry a wiretap device with geolocation there willingly? And continue to do so despite the evidence that device is actually listening? Then, why bother bugging a bedroom if people would put another listening-all-the-time device there too? But then why bother even with that when most people will handle the most private conversations through one app or another that stores all the conversation history in a datacenter you have access to? And then, to make analysis of those conversations easier you get a generation that prefers texting over voice. I can't really imagine making it even easier to wiretap everyone and everything.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact