Seems like it's trendy to hate the NSA. It gets conflated with an anti-authoritarian mindset. I wish smart people would gain some perspective - I got some by reading Bamford's books and a new one by Fred Kaplan - Dark Territories, about NSAs painful move to cyber. Some key points:
* All the great powers have NSA equivalents. Meaning they play offence and defense in crypto, RF, and cyber. We (USA) can impose restrictions on our NSA but not on anyone else's. Our exploit-riddled networks are a playground for American, Russian and Chinese cyber warriors - and probably many others.
* In cyber, offense and defense become the same. Kaplan's book covers this. So a smart country seeks cyber-superiority. The more we hamper NSA, the more we empower foreign cyber-warriors.
* The focus has moved from RF to cyber. Giant antennas are far less important and giant datacenters are the new stars. Vacuuming up packets is less alarming when you understand we've been vacuuming up radio and telephone signals for decades. When comsats were important, NSA was vacuuming up their downlinks. When international telegrams were punched on paper tape, NSA's predecessors picked up the tape each day.
* The US has tried going "NSA-less". It happened in 1929 under the slogan "Gentlemen do not read each other's mail". That noble slogan led to the US operating at a disadvantage in the lead up to WWII. It doesn't pay to fly blind.
This isn't meant as an attack on the OP, but I have a hard time taking anybody seriously who's using the word "cyber" in such an inflated way. Always reminds me of this:
I also think it's quite troublesome how this very real issue, IT security, is being misused to stage yet another "War on something" even if there isn't anything concrete to wage a war on. If there's such a thing as the MIC, it seems to have found a new business field with "cyber".
IT security works on cooperation, even more so on international cooperation. It does not work when international players are constantly trying to shaft each other over by collecting 0-days, like this is some kind of war which has to be won by pummeling the opposition into submission with "cyber weapons".
In that regard agencies like the NSA, and their foreign equivalents, are doing everybody a giant disservice by making the problem worse, not better.
We are already at a point where these government agencies tools are being sold to the highest private bidders: https://krypt3ia.wordpress.com/2017/06/22/shadow-brokers-scy...
As a fan of dystopian cyberpunk fiction, I'm not sure if I should geek out over this or just be depressed.
People don't just make fun of "cyber" because it sounds stupid, they also make fun of it because it is stupid.
The media literally portrays the threat as Tron, when it's actually that critical systems have remotely exploitable vulnerabilities. The only real solution is to find the vulnerabilities before the bad guys do so we can close them before they're exploited.
Hoarding vulnerabilities in secret is the exact opposite of the solution.
I used to think like that. But consider two things. The capabilities of the state actors are high. They cooperate with chipmakers and OS makers (or subvert or hack them). They compromise routers and hard drive firmware. Second, Kaplan's book documents multiple waves of cyber-fear in the US government; multiple US presidents starting with Reagan have tried and failed to secure our vulnerable systems. Simply put, corporations are not going to let NSA dictate security practices to them, because they need to make money and can't spend all day on security. Similar problems occur in military/government.
Remember how cannons made castles obsolete? We're in a similar era, where offense is outstripping defense.
Consider stuxnet. You have to assume Iran, which is smart enough to make nuclear weapons, took its best shot at securing that air-gapped network.
I think you have to accept that hoarding vulns is the international reality and difficult to change. Maybe a cyber-SALT treaty could change it.
It doesn't matter whether offense is stronger than defense because this is not a mutually assured destruction scenario. Having offensive capabilities doesn't prevent an attack because we already have offensive capabilities -- sanctions and missiles. The problem isn't an inability to strike back, it's attribution. A hoard of vulnerabilities does nothing to solve that.
What governments actually use vulnerabilities for isn't deterrence, it's espionage and sabotage. But those goals can't justify knowingly leaving critical infrastructure vulnerable to criminals and terrorists.
> I think you have to accept that hoarding vulns is the international reality and difficult to change.
It doesn't really matter whether other people are doing it. The solution is to keep the espionage agencies on the hunt for vulnerabilities but require them to be disclosed within e.g. four weeks.
If it really is so easy for entities with state-level resources to find vulnerabilities then they'll be able to find a new one every month and continue to use it for their espionage, and at least the low-hanging fruit will be eliminated which makes it harder for criminals without state-level resources.
If there is not an endless supply of vulnerabilities then soon enough they'll have reported every existing vulnerability in commonly used software, they'll all be patched and there will be nothing for other states to hoard regardless of whether they have the same policy or not.
Not just of state actors, we are not talking about aircraft carriers or nuclear missiles here, things that need a massive infrastructure behind them, we are talking about tools pretty much anybody with the right knowledge can apply once they get access.
That's the thing barely anybody wants to acknowledge with this situation because it's way more convenient to attribute everything to state actors, it's become the new get-out-of-jail card for shoddy security practices. "Nothing we could do to prevent that, adversary was a mighty state actor ¯\_(ツ)_/¯"
It's also convenient for pointing fingers at the usual suspects and start the war drums (Russia, China, NK) without admitting that attribution pretty much boils down to a guessing game with no guarantees.
In that regard the "who" is pretty much meaningless to the problem, it's all about the "how" and as Wannacry has shown the "how" quite often boils down to "Abused a vuln. that has been known, but hoarded in secret".
> They cooperate with chipmakers and OS makers (or subvert or hack them). They compromise routers and hard drive firmware. Second, Kaplan's book documents multiple waves of cyber-fear in the US government; multiple US presidents starting with Reagan have tried and failed to secure our vulnerable systems.
That's a bit contradictory, why would manufacturers be willing to let themselves get subverted to make less-secure products, but not to make more secure products? Especially considering how security is a big part of the business for quite a few of these companies, like CISCO's firewalls.
For that very same reason, MS did act rather quickly and pushed out a fix when NSA informed them about EternalBlue.
> Remember how cannons made castles obsolete? We're in a similar era, where offense is outstripping defense.
That comparison doesn't really hold up. Cannons didn't work because of some obscure vulnerability in castle walls that only cannon makers knew about and which could have been fixed by wall-makers once they knew about it. Cannons simply overpowered walls.
One could argue that offense is outstripping defense due to the simple fact that "state actors" mostly focus on offense, while barely ever bothering with defense because that would also hamper their own offensive capabilities.
IT security always boils down to how much effort an attacker is willing to invest. If government agencies focus most of their efforts (backed by massive resources) on offense then the natural outcome will be that defense (mostly driven by private entities) always lacks behind, because we end up spending more time poking new holes than actually plugging them.
> Consider stuxnet. You have to assume Iran, which is smart enough to make nuclear weapons, took its best shot at securing that air-gapped network.
> I think you have to accept that hoarding vulns is the international reality and difficult to change.
Sure I have to accept that, can't force anybody to do anything. That reasoning still reminds me way too much of the reasoning for selling weapons to questionable nation states, "If we don't do it somebody else is gonna do it", the kind of reasoning that doesn't get us anywhere and only makes the problem worse.
> That's a bit contradictory, why would manufacturers be willing to let themselves get subverted to make less-secure products, but not to make more secure products?
I know that's not exactly what you meant, but allegedly China requires some Western products sold there to have backdoors. I heard reasonably reliable rumors about one specific case, here's some general article to prove I'm not completely talking out of my ass:
> Especially considering how security is a big part of the business for quite a few of these companies, like CISCO's firewalls.
Funny that you mention firewalls, a year ago it was discovered that some Juniper firewalls and VPN gateways had a covert master password and an advanced crypto backdoor allowing decryption of the VPN traffic IIRC.
Juniper denied knowledge of this backdoor and it's possible that this wasn't NSA's job at all because it involved the Dual_EC_DRBG algorithm to which they are believed to have a backdoor baked in the standard. But this means that somebody managed to hack them (and specifically their precious security products).
Not at all, actually. Usage of words like "hacker" or "cyber", in the meaning ascribed by mass-media et.al., can be very useful to identify someone as "not an actual hacker". Jargon has been used this way for about as long as humanity exists.
I recall a story in which, a few years ago, a few emissaries from police agencies roamed the Chaos Communication Congress to recruit IT personnel. But they came in suits and thus immediately stood out of the crowd which was wearing nerdy T-shirts and hoodies, so no one liked to be seen with them.
Used mostly by politicians, lobbyists and media, it's become just another meaningless buzzword people throw around to give the impression they know what they are talking about, quite similar to the "cloud".
Even the CCDCOE (NATO Cyber Defense Centre of Excellence) admits that it's a rather undefined term with vastly different interpretations: https://ccdcoe.org/cyber-definitions.html
Yes, Kaplan's book touches on the silliness of the term (it was consciously borrowed from William Gibson) but policy makers and advocates seem to use it in discussion. Of course there are more impressive terms when needed, like "Information Warfare".
More details pls. Because it sounds like bs.
It is a difference to secure a network and maybe find out who a attacker is - and then attack back - than to just hack everyone you can and build as much hidden botnets as possible. Which would be "offense"
"Gentlemen do not read each other's mail".
It is indeed a noble statemt. And I'd like to see claims, how that led to US disadvantage in WW2.
Because when you have Nazis e.g. they are clearly not gentlemans anymore and can (and were afaik) be spied on. The statement means, that you only spy on enemys.
"We (USA) can impose restrictions on our NSA but not on anyone else's"
You are the still the superpower number one. And for once you lead by example. And you do indeed(or try to) impose restrictions on everyone else all the time.
If you would really stop to spy on everybody in the world and really only on your enemys ... this alone would make a huge impact. But you as a empire does not really want to. The more you know about the worlds secrets, the more you can controll it. And no, I am not saying that the smaller empires like china or russia are any better (not at all). But you are the power number on. You have the choice of leading by fear, violence and intimidating - or by sticking to your old values of respecting your peoples and others freedom(as long as it is mutual) and providing a base for a voluntary coorporation of any kind. If you do this, you stay in leadership. If you just become one more lame empire, using any means necessary to stay in power, you will just fall like any of those empires, as history and current trend shows.
It's an obvious consequence of the action. They're not getting others' secrets. Their enemies are still getting theirs. So, their enemies will know their plans but not vice versa. Definitely not a smart way to wage war.
They look inside the US (in theory) to find the enemies inside the US. As for the whole world, they're competition when not enemies. Many allies even use spies to get our IP, outbid us on contracts, and so on. Need a spy agency to deal with that or do similar things. They help us stay on top.
Sure, with the biggest spy agencys and the biggest military(including ready to strike killer squads) stationed around the world, US are the biggest empire and they need all that to stay the biggest empire. Logic of the powerstruggle of empires. No doubt about it.
But I was talking about the other america, the former "leader of the free world" defender of human rights etc.
Which is a different thing from an empire.
And people all around the world actually did and some still love the former, but an increasing number hates the latter.
So continue to think and act like an empire - and see where that leads to.
Here in germany there are allready many people thinking siding with russia and china could be a better choice, as in their opinion the US is doing more evil stuff. Even though I do not think so, the fact alone should worry you.
Because at some point there will be no more US-Dominance, when the whole world turns away.
"Sure, with the biggest spy agencys and the biggest military(including ready to strike killer squads) stationed around the world, US are the biggest empire and they need all that to stay the biggest empire."
It seems you agree with my comment that the U.S. has need of such spy agencies but disagree with their goals or probable results of their actions. We're in the same boat on the latter.
"Here in germany there are allready many people thinking siding with russia and china could be a better choice, as in their opinion the US is doing more evil stuff. "
That shouldn't worry me. What people think is often a consequence of the media they view. I know people believed what you wrote and sometimes killed/died for it in the 1930's-1940's in Germany. We're educated about that extreme example but I don't know your current trends. I do know you also have different sides of politics with media groups focusing on each. I also know you're a huge player in exported goods. So, I can't predict anything except that Germany's choice will be significant. I do know the government wanted to be part of Five Eyes giving a lot of concessions for that. And BND is as devious externally and internally as the CIA. So, more similarities on this topic than differences except for the large scale nature of foreign involvement that American government has done. Those pricks meddle with everyone.
"It seems you agree with my comment that the U.S. has need of such spy agencies but disagree with their goals or probable results of their actions."
Not quite. I said that the EMPIRE USA needs all that. But empires rule with fear under the threat of violence and the aura of knowing everything about everyone.
So I was trying a bit subtle to ask, whether you and other US-People want the USA to be an Empire - or simply the most powerful state, which uses is power to actually defend human rights and respect the sovereignty of other states and people. Such a USA other states and people would follow willingly.
I'd rather us be top or nearly so in innovation, military strength, and humane use of both. The people in power along with their voters disagreed with that to a degree. Many didnt even know what they were doing because media here is corrupt: they don't want the lucrative for them establishment to change. They get more revenue also by telling their demographic what they want to hear. So, these two keep Americans indoctrinated, mislead, and distracted enough to not be able to fix the situation.
It's not the role of a democratic and free government to use mass surveillance against its own citizens. It's something you do in a tyranny to weed out dissidents and quill rebellions before they happen.
I'm sure you can put up a lot of good points as to why he NSAs of the world help, but the simple truth is, that we are not free when we live under a surveillance state.
I don't think he is nitpicking at all. The US has too many conflicts, incl wars. 26,000 bombs dropped last year. Extremist fighters funded by the US Gov't (Syria, Iran Contra, and who knows what else has yet to be proven). We have 7 cities with higher murder rates than any country in Africa or the Middle East, including Afghanistan. Largest prison population, a publicly known torture camp... I could go on. But I think a lot on HN are obviously absorbed in their comfortable occupations--they're challenging, interesting and demanding, and also rewarding. It's easy to get lost in this and forget what less fortunate are dealing with.
> It's like saying peace is trendy and we should not try to go weaponless
In physical warfare, the only way to increase your defensive (i.e. deterring) military advantage, relative to an adversary, is to add better materiel. (The other option is to reduce the adversary's material, i.e go to war, which itself requires a military advantage to make sense.)
In "cyber," that's not the case. A hoarded vulnerability may end up being used against your own country. Adding vulnerabilities to your stockpile increases your offensive capability while simultaneously forcing you to leave an opening in your defenses unrepaired. We don't have a good analogy for this in meatspace, which is why it's hard to debate at the political level.
I don't think all vulnerabilities should be automatically extinguished. At the other end of the spectrum, the NSA hoarding bugs in the software that runs disproportionately American infrastructure systems is patently silly.
> * All the great powers have NSA equivalents. Meaning they play offence and defense in crypto, RF, and cyber. We (USA) can impose restrictions on our NSA but not on anyone else's. Our exploit-riddled networks are a playground for American, Russian and Chinese cyber warriors - and probably many others.
So?
> * In cyber, offense and defense become the same. Kaplan's book covers this. So a smart country seeks cyber-superiority. The more we hamper NSA, the more we empower foreign cyber-warriors.
Does this hold even when your "offense" involves hoarding vulnerabilities (instead of responsibly disclosing them) and then leaking them?
> * The focus has moved from RF to cyber. Giant antennas are far less important and giant datacenters are the new stars. Vacuuming up packets is less alarming when you understand we've been vacuuming up radio and telephone signals for decades. When comsats were important, NSA was vacuuming up their downlinks. When international telegrams were punched on paper tape, NSA's predecessors picked up the tape each day.
I don't see how "we have been doing this for a long time" makes it less bad.
> * The US has tried going "NSA-less". It happened in 1929 under the slogan "Gentlemen do not read each other's mail". That noble slogan led to the US operating at a disadvantage in the lead up to WWII. It doesn't pay to fly blind.
urm no there was stupid inter service rivalry that lead to bizarre things like the army and navy working on decrypting intercepts on alternate days instead of having one organisation like BP and GCHQ
It really made me laugh, and think about the pointlessness of the whole organisation of British Intelligence.
Are we really clear that MI5/6, NSA, GCHQ etc have any benefit at all. Isn't it just a matter of of an arms race, where each country keeps raising the stakes? It is already clear that the NSA have produced dangerous cyber weapons which have escaped into the wild.
The secrecy is the perfect excuse for empire building. You can imagine they are filled with paranoid idiots who want every bit of information going, but never analyse it into anything useful.
RE WW2 it is not clear at all that the USA was at a disadvantage due to lack of intelligence. In the UK we love to celebrate our great code breaking efforts, whilst simultaneously the Germans were breaking ours...
> Seems like it's trendy to hate the NSA. It gets conflated with an anti-authoritarian mindset. I wish smart people would gain some perspective - I got some by reading Bamford's books and a new one by Fred Kaplan - Dark Territories, about NSAs painful move to cyber. Some key points:
> * All the great powers have NSA equivalents. Meaning they play offence and defense in crypto, RF, and cyber. We (USA) can impose restrictions on our NSA but not on anyone else's. Our exploit-riddled networks are a playground for American, Russian and Chinese cyber warriors - and probably many others.
> * In cyber, offense and defense become the same. Kaplan's book covers this. So a smart country seeks cyber-superiority. The more we hamper NSA, the more we empower foreign cyber-warriors.
Reducing domestic surveillance doesn't substantially impact that mission.
Your argument is in the same vein as why us has the largest military force. I don't think it's irrational, but I would say it does not address the new security threats.
I was trying to put a word on it too. It's irrational if minimization of harm is the goal. And it's totally blind to the externalities of pouring massive amounts of money into the surveillance industry and really the war industry more generally, as these two are highly interconnected.
The arguments are almost insidiously constructed.
> Vacuuming up packets is less alarming when you understand we've been vacuuming up radio and telephone signals for decades.
No.
> Seems like it's trendy to hate the NSA
Leading with an ad hominem.
> The US has tried going "NSA-less". It happened in 1929
Didn't something else happen in 1929 that impacted the overall stability and thereby war readiness of the US?
> I wish smart people would gain some perspective - I got some by reading Bamford's books and a new one by Fred Kaplan - Dark Territories, about NSAs painful move to cyber.
All smart people, or those that disagree with your findings from reading two books?
The NSA might have more credibility if there were some basic policy discussions about its purpose after the Cold War ended and indefinite wars on terror/drugs began.
Yes, that tends to happen when the NSA abuses its power to illegally spy on its own citizens for its own gain and profit, and also when it tends to compromise security of networks in 99% of the cases for its own surveillance benefits.
You seem to accept "the ends justify the means" on such a deep level. Have you considered that human history on earth is quite brief - and that our level of experience and confidence in our methods are mismatched? Another question would be: why do you have confidence in authorities while their objectives, desires, names, and alliances are opaque?
I have a hard time choosing what's the best thing to come out of the internet: WikiPedia or the Khan Academy.
If you're so intent on smearing WikiPedia it would probably help you if you studied it for a bit before spouting off a bunch of nonsense in this thread. I get it: you don't like WikiPedia because they ask you for a donation. Note that you're under no obligation whatsoever to donate and that the content is yours for the taking.
As compared to say owning the Encyclopedia Britannica, which took on average a tree (or two) to print and was outdated the day you received it. On top of that it took up a huge shelf and cost as much as a car.
I agree on their impact but disagree on best ons: it's Google. They let people reliably get the content they needed. Later made great email system, cheap alternatives to Microsoft, a browser, and so on. If I need Wikipedia article, Google will put the right one on top plus other sources right below it.
But without Google Wikipedia would still be around, without content sites Google wouldn't exist.
And as for email: I'd much rather have the federated system we used to have rather than the few big players that are dominating the market (I'll never give up running my own email server), cheap alternatives to Microsoft already existed (OpenOffice), and an advertising company producing a browser is just plain wrong.
Google is terrible, but we'll just have to live with it.
Your response surprises me because you're old enough to have tried to find information before major search engines for WWW existed. The process involved mostly word-of-mouth, finding obscure sources, books, consultants, academic journals, associations, and so on. As Internet grew, we got that over dial-up lines with shitty search engines. Eventually, with early Web, I had to painfully grab all this content you talk about with a handful of search engines whose strengths and weaknesses varied. Most lay people thought they sucked with many using the older methods as often as search.
Then, there was Google. Initially, it was just another tool in my meta-search toolbox. It grew to index massive number of content sites, its engine filtered bullshit a bit better, its presentation was efficient/clean, and its front-page results were better than the competition. Got to the point that lay people adopted it massively with most of them talking about how it improved their productivity, learning, and entertainment. They supplanted that on video side with YouTube. I continued to use Google to find info I needed before and during build of Wikipedia. It found the Wikipedia articles along with others that may or may not be better. Many people told me they also do what I do: just Google the topic if you're interested in a Wikipedia article since it will be on or near the top anyway.
The productivity and discovery benefits of Google were huge. They just went up with its massive market share and investments. So many people benefit from it for finding content now that they literally tell people to "Google" something instead of search for it. Wikipedia could disappear and I could find all that information through Google. Actually, Google plus Wayback Machine if I'm being totally honest. Content pages can disappear but the archive can keep them. So, Google plus Wayback Machine were most amazing things to me with one giving me everything I need to know plus other preserving everything I need or might want to know.
You think that's terrible but I say it's awesome. The problems you mention come from the market's and voters' preference rather than Google's excellence at search. Market chose to go to surveillance model. They punish most who try to free us from it. The voters chose to put corrupt people in office who would pass or strengthen IP laws benefiting the bribing few over the many. They chose temporary safety over liberty later. Different choices could've led to a very different Google (or replacement). I blame the demand side since they seem to always pull that shit.
Google search is fantastic, but it can only do what it does because other people provide the content.
Google the company is horrible.
> Market chose to go to surveillance model.
No, companies offer the surveillance model and leave consumers very little in terms of choice unless those consumers are extremely conscious of what is happening behind the scenes. I highly doubt even 10% of the HN audience (which is more knowledgeable than your average consumer in this respect) could accurately tell you what is going on behind all those walled gardens and corporate faces.
From what I've seen it isn't much good.
And that's before we get into Google by assigning a value to a link and not thinking things through destroyed the value of those links.
"No, companies offer the surveillance model and leave consumers very little in terms of choice "
You must have forgot all the paid, non-surveillance options that existed in most categories that people ignored for surveillance-driven services. Ecosystem effects also drive it: so many people on Facebook Messenger even though things like Signal are free and better UI like Threema is a buck or two. The users had a lot of choices but kept saying free and spyware until most paid options were bankrupt or acquired.
Even today, there's a lot of firms selling security or privacy on top of a widely-accepted piece of software (esp email or browsers) to maximize uptake. They barely scrape by in revenue vs most firms. Some are small ones selling that stuff at a loss since developers themselves wanted it to exist even if market didn't pay.
So, situation is much bleaker on demand side than you say. If it wasn't, those of us developing secure or private tech would be rolling in more money than ad-driven, free tech in average case. We're not but they're regularly IPOing and gettimg tens of millions during acquisition.
I don't disagree with any of this, but it seems worth noting that Wikipedia wasn't significant when Google was first becoming huge. Google solved the problem of "where is this information?" by finding all the information, but Wikipedia gives an alternate solution by having all the information.
My internet use would be vastly worse without Google, it's true. But these days, perhaps 90% of my Googling is optional - I already have a strong guess at which site will give me what I want, the search bar is just a faster route to get there. If I want Stack Overflow, or Wikipedia, or Genius, or Nationmaster, I already know that's where I want to go. When Google's top result answers my question via a site I've never been to, that's a huge win for Google. When they answer it via a Wikipedia link, well...
I'd still give Google slot 1, but it's not as obvious as it was pre-Wikipedia.
(To fact-check this comment, I Googled "Google" and "Wikipedia", to get to the Wikipedia page for each. Kind of telling.)
That's a good analysis. One extra thing to consider with your model is Wikipedia may or may not be accurate on a topic. I find it's often correct on IT stuff but even that slips on occasion. When using it, I have to check the references and/or corroborate them seeing what turns up in Google.
So, even then it's more like Wikipedia AND Google instead OR.
This is a good point. I'm generally bullish on Wikipedia, for a lot of topics I don't even worry about cross-referencing. But the safest stuff is a mix of popular and objective (e.g. "who was in that movie again?").
For political, technical, or obscure topics that becomes a much tougher question. The political issue is obvious, but I'm surprised at how often I go into the weeds on something mathematical or simply unpopular and find that Wikipedia is off the mark. I wouldn't trust it for those topics without further Googling.
Speaking as a Wikipedia "volunteer" (or rather "editor"), I think it is in fact a very good idea that the Foundation takes no editorial responsibilities (except reacting to legal challenges via so-called "office actions"). It means that editors don't have to worry about legal, sysadmin, PR, etc.; and conversely WMF is not directly responsible for Wikipedia content. Believe me, it would be silly for WMF to be involved in all editorial disputes about what should or shouldn't be on Wikipedia, how things should be formatted, etc., in all languages.
Basically, the foundation is managing the playground where the editors can build an encyclopedia (along with other projects, e.g., Wikidata, Wikimedia Commons, etc.), and then mostly leaves the community alone (with some exceptions, not all of which were well-perceived). Given the scale of Wikimedia projects, I don't think 300 employees is excessive (it's very little when looking at other sites in the Alexa rankings except Reddit), and it's great that the expenses can be supported by donations so WMF doesn't have to depend on other people than readers.
I don't see why I would mind that WMF staff gets a salary and editors don't -- editing Wikipedia is not my full-time job, but running it is theirs. (In fact, to the extent that editing Wikipedia is part of my job as a public researcher, I already get a salary from my institution...) It's easier to manage Wikipedia content with volunteers (where most processes don't depend on one single person and where there are little firm deadlines) but to have paid staff to manage operations (if the website goes down you want someone to have a look immediately). OK, it would be conceivable that the foundation could offer grants to pay some full-time editors, or redistribute money as small gifts, or as a lottery, or something, but it raises a lot of complicated questions (I don't know whether the topic has been discussed before) and I'm not sure it would be worth the effort.
Another important point is that the WMF is not a company but a nonprofit, so it is reasonably transparent, and many people in the staff are chosen through elections. It's not like individuals are getting large dividends from donations to the WMF.
I my opinion, the most important point to keep in mind is that WMF asks for volunteer work, but the outcome of that work is shared on fair terms with the public. If I want, I can just grab their entire database https://dumps.wikimedia.org/ and software https://www.mediawiki.org/ and start hosting a mirror with the data, and I have both the technical possibility and the legal right to do it. So WMF is not like companies who ask for volunteer work and then keep it behind closed doors (e.g., the volunteer Google Maps editors, or the historical CDDB example https://en.wikipedia.org/wiki/CDDB#History).
You forgot to mention that a lot of editing work on wikipedia is done by bots (there is no clear way to decide how to pay for that). What is your opinion on Wikia and the deletionist culture that is rampant on wikipedia?
By the way, I don't know if you're aware that Wikipedia with its parallel corpus in hundreds of languages covering almost any subject is very important in NLP (natural language processing) and the development of AI with common sense. Wikipedia is also routinely used to build word embeddings for many languages. The Wikidata project is essentially a huge ontology - a database of entities and relations - very important for advanced NLP tasks.
So it's a valuable resource both for humans and AI. We'll benefit from Wikipedia indirectly by using AI trained on its database.
> It means that editors don't have to worry about legal, sysadmin, PR, etc.; and conversely WMF is not directly responsible for Wikipedia content.
What's so unimaginable about having separate editorial and legal deparments within the WMF?
> Believe me, it would be silly for WMF to be involved in all editorial disputes about what should or shouldn't be on Wikipedia, how things should be formatted, etc., in all languages.
Having months-long discussions over how to spell the title of a Star Trek film is what I would call silly. Having long-winded, vague and haphazardly enforced policies regarding accuracy, scope and style is what I would call not just silly, but outright tragic.
At the end of the day these decisions have to be made somehow, and I'd rather have them made by some entity which can do so with some consistency and vision, and is willing to enforce those decisions, instead of having them made by the ever-changing whims of an amorphous mob throwing around thought-terminating clichés like 'consensus can change' and 'ignore all rules'. (Though I'm not confident that the WMF, as it is, is actually capable of being one.)
With FB you're the product, your data is milked and sold. Have fun with your "free" social network. What a poor example of what you consider the viable alternative.
yeah, I thought Reddit is echo chamber, but judging by comments here I am reconsidering my opinion and find people on Reddit more reasonable and open minded
Given the current climate, with a foreign actor attempting to subvert our democracy, I'm more inclined to support other more obvious victims of NSA spying than Wikimedia.
This seems loosely held together - that said I do trust that our justice system will investigate it properly.
Given the climate, my feeling is anyone attempting to say our justice system is awful, or that the NSA doesn't provide any security, are witting or unwitting supporters of a foreign adversary. Unless, of course, Russia succeeds; then it's all kosher and the history books will be written as such.
If you think our justice system is terrible then please point to a country that does it better. Note I'm not talking about laws- rather, the judiciary itself.
Yes, a picture is taken of every piece of mail sent, tracking the "metadata." Additionally, the Church committee found around 10,000 pieces of mail a year were opened and photographed by the FBI without postal service knowledge.
I'm interested; do you have a link to an article or something describing this? I'm curious about how the FBI could get access to the mail without the post office knowing.
Some of the details are in the "Family Jewels," finally made public in 2007. The CIA not the FBI, my mistake there, would either arrange the post to be moved to a separate room or sneak mail out in briefcases or pockets.
Wow, I'm also very amazed at the description of the document:
> [T]his document consists of almost 700 pages of responses from CIA employees to a 1973 directive from Director of Central Intelligence James Schlesinger asking them to report activities they thought might be inconsistent with the Agency's charter.
I love the concept of just asking your employees to tell you everything they did that they're not supposed to, and they just write up a bunch of reports and send them back.
Also, fun is the warning about the PDF size, which feels a bit quaint:
> this file is 28MB, so please be patient while it downloads
The Stasi was able to read all mail of targets (and they had many) fifty years ago. Practically all mail crossing the border was read, which again was a lot. I'd assume addresses are scraped anyway, since they are digitized for routing already, and targeted mail being opened without leaving marks (an art existing for hundreds of years).
I wouldn't be surprised if it's possible to read mail while still sealed in an envelope. Wouldn't a sufficiently bright light and OCR be sufficient to read the average single page folded in thirds?
In 'Spycatcher' IIRC MI5 actually steamed letters open with a kettle, or rolled them out of the gap at the top of the flap with a split cane! They had no way (at that time) to deal with cellotape, however. I suspect the metadata is a pretty valuable resource in itself. Suggests that people wishing to protect their privacy would do well to shield the inside of their envelopes with junk text, tape them shut, post them from random locations and use mail forwarding services and a mailbox service
I imagine a terahertz imager would make short work of text on paper in a sealed envelope. Or a high-resolution IR camera, taking advantage of the emissivity difference between the ink and paper.
You could probably detect the message being opened if you wanted to. I think I have read somewhere about RFID to see if someone has opened a marketing mail, and I have also read about using eggs to seal the message to make it harder to open without destroying it entirely, as well as reusing the envelopes from junk mail to send your own messages. There is other stuff too possible such as trap messages I suppose. Also, the message may be hand written and is not necessarily typed, so hand written message would probably make OCR more difficult I should think.
Thinking about it, it was in about 1971 that US left the gold standard, and that was partly due to government spending. Watergate came not long afterwards. This design of the economic system where the government prints money still exists today.
What do people have to hide with any 'public' metadata?
This argument you're using with Wikipedia is basically the same one US government is making that this metadata information is public so they should be free to vacuum all of it up, including Americans. Even though we would never allow the police, or basically anyone else, to tap this at will and this information only exists in private pipes that must be tapped.
The leaked documents have shown a lot of this metadata included data that was included in unsecured HTTP POST headers, such as the multitude of mobile apps that broadcast user information over clear text, such as the various examples in PowerPoint screens shots of real 'metadata' that showed GPS coordinates being pinged back to servers via HTTP along with email addresses.
We can pretend all we want that this is public data because these sites are access publicly but any basic level of analysis into what 'metadata' contains it's quite obvious this doesn't hold up. Especially considering it includes individual interactions with web servers with private data.
You may not care about your private interactions with Wikipedia being scanned and stored in databases forever, but it's hardly just Wikipedia and I'm happy that Wikimedia is standing up against this stuff for all people.
It's not too much to ask to hold security services to the same privacy standards we've held all government agencies for two centuries.
As a regular donor, I'd like to address your concerns.
I gave them the donations. They are gifts. They can spend them on hookers and blow, I don't care. I donate because I appreciate their service. I appreciate it enough to where I'd kinda like them to be making mad loot.
I will continue to donate. I don't give gifts with strings. Gifts with strings are payments. My donation was a gift. Hell, I don't even write it off.
You can be sure that you will have to give them more if they start spending it on hookers because they would lose donors faster than they can come up with threatening banners.
You keep repeating the "by volunteer" line over and over again. They pay people to head the development of the wiki software, including paying developers and managing the project.
The same goes for them managing the huge portfolio of Wikipedia sites.
They run one of the most visited and iconic websites online today in a way that is totally unique at that level. If you want to run a smear campaign against them, in here of all places, you need to do better than "it's a community driven OSS site, and they accept donations!"
the issue is, the site itself they could run with 10% of current employees and they would have funds to run it for years without threatening donation banners each year
You've postured a lot in this thread about the number if employees Wikimedia has. So, put your money where your mouth is and defend your position. Which 90% would you cut, and why?
Perhaps they could tighten their belt a little bit, but to think that you can run a foundation with the size and scope of Wikimedia with ~30 employees is naive at best.
SE/QA/Prod/Mobile - No piece of software can see such broad use by millions without constantly evolving to meet the ever-changing needs of users, the ever-changing blend of user agent / browser software, and the ever-changing and hostile environment of the internet itself. If you think you've ever seen a complex internet-based software project simply become perfect and then need no further changes for a decade or more, you clearly don't understand software engineering.
Discovery - This is about discover-ability of the content itself, e.g. search engines both internal and external, and other related matters.
Security - Actually, a lot of people care about hacking an encyclopedia. Just on the server side they care about hacking the ~1000 servers that are servicing or operating on the private data of millions of users.
Traffic - It's a sub-set of Operations that deals specifically with the edge of the foundation's network (e.g. CDN-like things, for which they don't outsource a commercial CDN mostly for privacy reasons: spreading edge caches around the world, low-level performance optimization, SSL encryption, etc).
Cloud Services - This is where the foundation hosts virtual server resources for community volunteers to experiment with and run projects and products of their own that are relevant, e.g. "bot" software that patrols articles for likely vandalism attempts and such.
This case is not specific to Wikipedia, it questions the legality of all NSA Upstream surveillance.
It's time to get rid of these wire taps. The past year has repeatedly shown US intelligence agencies are not as secure as they imagined - some of these taps are no doubt being leveraged by the Kremlin, China, and other sophisticated enemies of freedom.
The mere threat of being surveilled already does a ton of damage to readers and editors. (although Wikipedia was in one of the NSA's leaked slides as a target [0]) It has a chilling effect [1] on users. A study even found that traffic to terrorism-related articles plunged after the Snowden leaks. [2] You might ask why this is a problem. The populace needs to be adequately informed about the facts about terrorism in order to deal with them rationally rather than stay perpetually afraid and let the government pass things like the Patriot Act that erodes their civil liberties. [3] (you hear the joke a lot that "this probably put me on a list", which is a pretty shocking demonstration of how normalized we've become to surveillance and being treated as bad guys for merely mentioning or looking at sensitive topics) Additionally, while non-registered editor locations are public (attached to a geolocatable IP address), those of registered users are not and I don't think any reader wants what they look at shared with other parties. While the specific case is against upstream surveillance by the NSA, I think the general idea is for Wikimedia to put their foot down against the encroachment of three-letter agencies on our domestic freedoms.
* All the great powers have NSA equivalents. Meaning they play offence and defense in crypto, RF, and cyber. We (USA) can impose restrictions on our NSA but not on anyone else's. Our exploit-riddled networks are a playground for American, Russian and Chinese cyber warriors - and probably many others.
* In cyber, offense and defense become the same. Kaplan's book covers this. So a smart country seeks cyber-superiority. The more we hamper NSA, the more we empower foreign cyber-warriors.
* The focus has moved from RF to cyber. Giant antennas are far less important and giant datacenters are the new stars. Vacuuming up packets is less alarming when you understand we've been vacuuming up radio and telephone signals for decades. When comsats were important, NSA was vacuuming up their downlinks. When international telegrams were punched on paper tape, NSA's predecessors picked up the tape each day.
* The US has tried going "NSA-less". It happened in 1929 under the slogan "Gentlemen do not read each other's mail". That noble slogan led to the US operating at a disadvantage in the lead up to WWII. It doesn't pay to fly blind.
* Fear of an overreaching state is always justified; however we should focus that fear more on how NSA shares data than how it acquires it. For instance fusion centers: https://www.eff.org/deeplinks/2014/04/why-fusion-centers-mat...