This is somewhere inbetween "duh" and "aha!". Obviously, you can foresee how this data would be available. That they request so much of it is a bit surprising, and that "anti-war" has the same meaning as "terrorist" is certainly upsetting to hear.
I wonder how correlatable (totally a word) it is to identify something like a persons HN identity is, given SSL. All that data should be entirely encrypted, right? Only the URL's would be visible, so they could know you have an account.
For every one of these cases that come to light, there are certainly countless that never have/never will. This is infused in their culture and mindset; nobody that was around then is around now, but the behavior and attitude of the organization clearly lives on. They have a strong "us vs. them" ethos, like many organizations in government. They're in the trenches, fighting the good fight, the righteous fight. An extreme example, but Nazi's thought the same thing; it's an easy trap to fall into.
no amount of secrecy is enough for them, because the things they do/have done would likely cause riots. When they say "for national security" that's really what they mean - people would be SO upset if they heard everything, that the blowback could be disastrous both as a country as well as for the individuals responsible.
But, people do mean well. At least most. People are easily lead astray, and can do things at the beheast of sociopaths, criminals who have wiggled their way into power, or simply from organizational inertia (see: police brutality).
It's easy to be angry about this stuff, and maybe you should be. But most don't need punishment, just to be shown a better way.
> When they say "for national security" that's really what they mean - people would be SO upset if they heard everything, that the blowback could be disastrous both as a country as well as for the individuals responsible.
Bingo. I also think they showed their hands when they uttered this gem in Jewel VS NSA, wherein the government argues in a way protecting the interests of Verizon, et al.
> AND WE SET THIS FORTH, AGAIN, FOR THIS COURT IN OUR MOST RECENT FILING IN WHICH THE DNI ASSERTED THE STATES SECRET PRIVILEGE AND EXPLAINED TO THE COURT THAT NOTWITHSTANDING ALL THESE TERRIBLE DISCLOSURES THAT OCCURRED OVER THE PAST YEAR -- IN FACT, THIS IS THE ONE YEAR ANNIVERSARY -- DISCLOSURES THAT WE ARE CONVINCED THAT HAVE SERIOUSLY HARMED THE NATIONAL SECURITY OF THIS COMPANY
"National security of this company", eh? That sentence doesn't make the slightest bit of sense unless it's taken for granted that "National Security" means "the financial health of Verizon".
> "National Security" means "the financial health of Verizon"
I think there's a chain of reasoning by which that can make sense, and which doesn't include cronyism:
1. National Security is dependent upon the "health" of the economy of the country;
2. therefore, any corporation providing a large-enough part of a nation's GDP is effectively part of its war engine just as surely as if it were producing bullets or tanks or MREs;
3. therefore, an attack on any company of that scale is an attack on the country's economy, and thus an attack on that country.
It's scary how easily this chain of reasoning comes to mind, and how few objections I can think of to it.
Random thought (not my field), length is still correlated right? Since these are public pages, could you infer with good probability url visited based on the transferred data size? (yeah gzip and stuff but you can compare gzipped)
If yes then especially for an active (participating) user I suppose you can take some good guesses.
This has been shown by security researchers to be quite possible, and a serious vulnerability in many popular web applications. Not only could pages be guessed, they can build an entire state machine of the web application and use side channel attacks to guess what a user is sending in their HTTP requests.
Yes, you could. It'd be a gamble but it's possible. This is why you should consider implementing length hiding[1], either via a header or HTML comment.
Anti War has always meant Terrorist to the FBI. This is a precedent going back at least to World War I. (I don't know if any anti-war activists were imprisoned before then.)
The precedent goes back a lot further than that, It's almost an American tradition it's been going on so long. There was a law passed in 1798, the Alien & Sedition Acts, that was used to jail people who were against the so called Quasi-war on the grounds they were dangerous to national security. Howard Zinn discusses it in the book "A People's History of the United States".
No, it used to mean "subversive" to the FBI (and other law enforcement, even before there was an FBI) -- but then, "terrorist" wasn't even a category law enforcement used or was concerned about when they were first concerned about anti-war activists. (Heck, when law enforcement first started being concerned about it, "terrorist" still mainly referred to governments using of terror against their own population.)
Note to Google mail; some of us share our devises with friends, and family. Some of us do not have enough disposable income to buy separate devises. Please don't assume every email address tied to a specific devise--IP, is a single user who has multiple email accounts. On a larger note, don't assume anything about your customers. In my world, we became customers--the day you started collecting my ip data, and forcing us to view ads. Thanks!
I wonder how correlatable (totally a word) it is to identify something like a persons HN identity is, given SSL. All that data should be entirely encrypted, right? Only the URL's would be visible, so they could know you have an account.
Let's not forget their suicide letter for martin luther king. https://www.eff.org/deeplinks/2014/11/fbis-suicide-letter-dr...
For every one of these cases that come to light, there are certainly countless that never have/never will. This is infused in their culture and mindset; nobody that was around then is around now, but the behavior and attitude of the organization clearly lives on. They have a strong "us vs. them" ethos, like many organizations in government. They're in the trenches, fighting the good fight, the righteous fight. An extreme example, but Nazi's thought the same thing; it's an easy trap to fall into.
no amount of secrecy is enough for them, because the things they do/have done would likely cause riots. When they say "for national security" that's really what they mean - people would be SO upset if they heard everything, that the blowback could be disastrous both as a country as well as for the individuals responsible.
But, people do mean well. At least most. People are easily lead astray, and can do things at the beheast of sociopaths, criminals who have wiggled their way into power, or simply from organizational inertia (see: police brutality).
It's easy to be angry about this stuff, and maybe you should be. But most don't need punishment, just to be shown a better way.
Bonus: airplanes! http://www.startribune.com/nighttime-flight-circles-low-over...