The headline unfortunately downplays the scope of the data, since it covers a lot more than social media - it can include legally priviliged and "otherwise confidential" information, as well as information on "religion, racial or ethnic origin, political views, medical condition, sexual orientation."
What is remarkable is the absolute lack of oversight over the sharing of this sensitive data with foreign governments and law enforcement, but especially with so-called "industry partners". And that there don't appear to be any legal penalties for its misuse.
And this is why I don't understand how anyone in the U.S. could be flippant or irreverent about any of the rights afforded to them under the constitution. In America, it is still legally feasible to challenge the existing surveillance programs, which are inherently limited in terms of invasiveness.
A quick but important note on the Constitution and rights.
The Constitution was created in order to protect natural rights that exist outside of any government, and does not grant or establish any rights themselves, but merely imparts negative rights and limitations on the government.
You may think that an obvious statement, but I've been increasingly concerned at the education of the populace about the subject.
Also, the difference between positive and negative rights is an important one not enough are aware of.
This is what makes America, despite its flaws, what Christopher Hitchens called "the last revolution to stand a chance", and to this day is the basis for what I consider true American exceptionalism that distinguishes us from other countries such as the UK.
> Also, the difference between positive and negative rights is an important one not enough are aware of.
I'd go further than that; I'd say that the difference is strongly downplayed in political and educational contexts because so much Government overreach is predicated upon people not knowing, or not caring, about the difference.
Also, even people who /do/ understand, often don't care. Because if they did, they'd have to concede that many Federal programmes in the US are unconstitutional, that is, they involve powers not explicitly delegated to the Federal Government by the Constitution.
And folks want their FCC, FDA and Obamacare, so they let it slide ...
Well said. Honestly I am a bit ashamed I didn't know about the difference sooner. A few years ago though I realized that I should probably better understand this document I swore an oath to protect. That journey has not been easy though because it has forced me to challenge popular opinion in both the public and the legal field.
Don't be ashamed - you're one of the few people who have put in the effort, and _then_ taken the bold step of challenging popular opinions as a result.
Instead, be proud about keeping American ideals alive :)
How would you challenge other five eyes nations spying on you and sharing the conclusions with your government? I'm not trying to point out you're wrong, it's a serious question.
The point was that the US was NOT allowed to spy on its own citizens, (UK too) and they got around that by spying on each other and sharing information. That was revealed in the months after the the initial Snowden leaks.
The UK changed the law (Investigatory Powers Act) to allow itself to spy on and hack its own citizens.
I know that's what you think, but you got it backwards.
Countries are completely allowed to spy on their own citizens (in accordance with their own laws). They are also allowed to spy on foreigners (in accordance with their own laws, which typical have few protections for foreigners).
5-EYES is an agreement between certain countries to NOT spy on people from those other countries, and instead agree to freely exchange intelligence, and respond to each others requests etc.
For example, if a suspected terrorist on a GCHQ operation turns out to be American (or Australian etc), GCHQ are NOT allowed to intercept their phone. It must be done by the NSA who have to get a warrant in accordance with the US Constitution and US laws etc.
Without going into detail, I know this from experience.
So why was there such a furore in the wake of those leaks about the NSA and GCHQ spying on their own people?
Clapper was questioned by congress about whether data on a
Americans was swept up in the dragnet, and Clapper (lying) said no, not wittingly.
Likewise, GCHQ were found to be acting illegally, hence the IPA that enshrined what they were already doing into law.
> 5-EYES is an agreement between certain countries to NOT spy on people from those other countries
If this is the case, then based on those leaks, it looks like both the US and UK broke this agreement.
None of this makes any sense based on what you just told me.
The legal challenges and confusion relate mainly to the distinction between "targeting" a person's communications (i.e. the actual content of their emails and phone calls), and the bulk collection of "metadata".
5-EYES countries agree to not "target" each others citizens, i.e. to actually hack their devices or
listen to their phones.
---
GCHQ's bulk collection of metadata was ruled legal but they had failed to provide some information to the surveillance watchdog, which is why the watchdog retrospectively ruled a period of it's operation (7 years) unlawful.
It did not become lawful after IPA, it was always allowed (rightly or wrongly), they just failed to provide sufficient information about the programme to the watchdog. IPA didn't pass until 2016, well after the programme had been ruled lawful under existing laws.
Where was that quid-pro-quo spying actually revealed? Greenwald alleged this in his articles, but it was never actually substantiated even with circumstantial evidence.
The declassified portion of the UK USA agreement [1] doesn't actually mention spying on other members' citizens, as the purpose of the agreement was to establish the scope of shared information during the Cold War.
The prohibitions on collection were made during subsequent agreements and aren't declassified. Some countries have additional restrictions, such as prohibiting other members from collecting metadata; all prohibit collection of actual message content.
Of course, a country could defy the agreement and existing treaties, and collect. I haven't seen any evidence of this in the Snowden leaks though.
Hmm, a person using personal knowledge in the hopes of debunking a moderately widespread viewpoint is equivalent to holocaust denial in your world view.
I want to hear more about your interesting take on reality.
Can you explain to someone not from the US the impact an constitution has which only imposes limitations on the government, versus one that only imparts positive rights onto humans? Or versus one that is a hybrid between the two - the German constitution would be an example of this.
Positive rights would have to be expressly described to have power. Therefore any rights not expressly implied would not exist. The US structure in theory limits the federal governments power to those expressly defined in the Constitution, while the humans all rights not expressly given to the federal government
...impact an constitution has which only imposes limitations on the government, versus one that only imparts positive rights onto humans?"
I think first you might be misunderstanding positive and negative rights. Positive rights are rights that are asserted onto others. Negative rights are rights an individual has that others may not violate. The principles of the enlightenment and individualist freedom and liberty require negative rights as part of natural law, such as what John Locke called the first right, the right to self defense.
So, the importance of a system of government that primarily Madison, but others as well, took a great deal of time to research by combing through the history of government so as to "form a more perfect union." is that they realized that assertion of positive rights is often in opposition to negative rights, and that for a truly free and open society it would need to be based on negative rights. Of course implementation was not and is not perfect, but they were trying to design a system that would get better over time by encouraging freedom and liberty.
In essence, America is the only country truly founded on the principles of the enlightenment and individual liberty and natural rights. This is why the British fought so hard to continually undermine us even after the revolution. Liberty is a threat to monarchy, tyranny, despotism and oligarchism around the world because it inspires people and solves problems.
I'm guessing the German constitution was designed by the Allies post-WW2 primarily as a way to control the country via complex bureaucratic layers that ignore these principles. Once someone asserts positives rights over anothers negative rights it becomes so completely subjective that it is an easily corrupted process, at least in theory thats how I would see it play out, but I don't know much about German law (even though I have visited). So, you tell me, how corrupted is the German constitution and/or law?
The trick in America is lawyers figured out ways to whittle things down via bad precedent, and due to corruption of all three branches, the media and education system has been training the populace to forget the fact that the government can not and does not grant any rights. Rights must exist outside of government, and the government is formed to protect those rights and for very little purpose other than that. That is why America is floundering currently. By sacrificing it's principles for a super-hardcore realpolitik it has undermined it's own bedrock foundation.
The last president that tried to stand up to this though never left Dallas.
> I think first you might be misunderstanding positive and negative rights. Positive rights are rights that are asserted onto others. Negative rights are rights an individual has that others may not violate. The principles of the enlightenment and individualist freedom and liberty require negative rights as part of natural law, such as what John Locke called the first right, the right to self defense.
Indeed, my first interpretation was that negative rights meant the same as limitations, but after doing some reading later on (after having already replied), I noticed that they weren't the same thing at all.
The German constitution starts with a set of basic human rights - most if not all are negative rights.
And only afterwards does it regulate the structure of the state and other aspects which sometimes overlap with these basic rights (like the death penalty would probably be in conflict with article 1 of the constitution anyway - but I guess better be explicit about it).
Also included is a law that prohibits changing these basic rights - even if you had complete control of the legaslative branch you wouldn't be able to for example abolish freedom of opinion (or any of the other basic rights).
Resistence against anyone that seeks to destroy the democratic order is also codified (although seemingly it is unclear at what point in time one can start to intervene; armed resistence is believed to be covered when appropriate though).
> In essence, America is the only country truly founded on the principles of the enlightenment and individual liberty and natural rights.
Not to be too negative here, but that sounds like pure propaganda to me.
> I'm guessing the German constitution was designed by the Allies post-WW2 primarily as a way to control the country via complex bureaucratic layers that ignore these principles.
It wasn't designed by the allies (although they did have a huge influence on it and had to agree to it), but by a German comittee that was tasked with designing a new constitution that should prevent a rise of another authoritarian regime.
While it might have been possible to do so without involving the principles of enlightenment, individual liberty and natural rights, they are the corner stones of constitution I would say.
And if one looks closely one can see that parts are heavily inspired by the US system (like strong federalism).
In my opinion (as a German, so certainly to be taken with a large grain of salt) the German constitution as we have it now, is better suited to protect liberties than the US one (since it is essentially one with training wheels after the previous one didn't work out so well because the population wasn't quite on board with this democracy thing yet).
> Once someone asserts positives rights over anothers negative rights it becomes so completely subjective that it is an easily corrupted process, at least in theory thats how I would see it play out, but I don't know much about German law (even though I have visited). So, you tell me, how corrupted is the German constitution and/or law?
The basic rights of the constitution are deemed more important than any other law and in fact form the foundation for the whole legal system.
And to ensure laws cannot conflict with the constitution (for long anyway) we have the constitutional court (like the supreme court in the US), which can kill any law it deems unconsitutional (lower courts can dismiss cases too if it is obvious, but those descisions are non-binding for other courts).
As for normal law - our constitutional court is doing a pretty good job of killing laws that violate the constitution (including the law regulating how federal elections are performed which benefited the currently governing party slightly - nowhere near as bad as in the US though).
Compared to what I hear about the US I would say we are still doing quite well over here.
However we also have a different legal system in general to the one in the US - legal precedent is not binding in our system for example.
> Rights must exist outside of government, and the government is formed to protect those rights and for very little purpose other than that.
I fully agree with the first part and would like to point out that mentioning those natural rights before the state in the constitution does send a pretty strong signal what's of larger importance.
Mentioning the state first and then only later having the natural rights (like the constitution of the Weimar republic does) makes them, at least to me, seem like an afterthought..
Well, I'm sure you wouldn't really believe for a second that this kind of surveillance is not also happening in the US, if GCHQ are also doing it, so go on then, challenge it and see how feasible it really is.
What’s more remarkable to me is that people happily offer up this data on themselves, and what worries me is what intelligence agencies do to spy on people who care enough not to broadcast their every movement, meal, and stray thought.
It's kind of rational to do so. I mean, individuals cannot realistically compete with governments who want to oppress them unless they're monumentally stubborn and self-sacrificing, but the various benefits of sharing information on social media has measurable upsides for thema s consumers - they get to meet friends, receive advertising on topics of genuine interest, and so on, which may outweigh the relatively low probability of direct repression.
There's a parallel phenomenon in political behavior that's ably explained in Brian Caplan's The Myth of the Rational Voter.
You could practice really rigorous security culture and avoid creating any digital footprint worth talking about in the first place, but then you'd be socially isolated to a degree that was economically disadvantageous (economically meaning in multiple contexts besides purely fiscal). And to the degree that you can be socially connected, inferences could still be made about you through the behavior of your friends.
As a crude example, recall that Osama bin Laden's hiding place was determined to be interesting because there was physical traffic of people and goods to the residence, but an uncharacteristic lack of electronic communication for the neighborhood it was situated in. What kind of house has a bunch of people living there and regular visitors, but not internet or phone service?
Finally, people have different kinds of risk calculus. Many people know that they're subject to such surveillance and the ramifications that follow from it, but choose to be who they are anyway despite the risks, on the theory that they'd rather live on their feet than die on their knees.
Exactly. When I received my university degree I told someone not to post the picture she was taking of me with my diploma on Facebook. "Why not?" she asked offendedly. Why on earth that was offensive is beyond me, but apparently the urge to 'share' is very strong with some people.
If you're not offering up that data, you obviously have something to hide, so that's surely sufficient grounds for a warrant to tap your communications. :)
I once had a pair of police officers try to tell me that my refusal to let them search the vehicle was grounds for probable cause and would enable them to legally search my vehicle.
I laughed and pointed out that I'm not a teen and am quite familiar with my rights. They were visibly disappointed and told me that I was kicked out of Kansas and that I'd be arrested if I ever went back to Kansas. I giggled again but left and they followed me to the interstate slipway.
Sheriffs tried the same with me, also in Kansas. Threatened to impound my vehicle to search it, threatened me with arrest, ultimately let me go about my business because I had not violated the law or given a viable appearance of doing so. It was a very clear bully technique that fell apart when I calmly asserted my rights.
This certainly isn’t a localized tactic. I recall discussion of videographers printing statutes and employing them when threatened about recording police activity in public spaces. The frightening aspect (to me) is that some law enforcement officers genuinely appear to believe that they have authority that they don’t have.
The funny part was it was during one of my extended wanderlust adventures and I'd just finished spending a couple of weeks volunteering in Greenville, KS.
They'd just been almost totally destroyed by a tornado and I happened to be just a little ways away. So, lacking anything better to do, I bought some work clothes and went to help move rubble.
I was leaving the State and decided I'd nap for a few hours. I didn't feel like getting a hotel so I slept in the car. It turns out, I was sleeping in a factory parking lot and the people who came in to open it called the police - or so the cops said. It probably didn't help that I was in manual labor clothing, I'm not white, and I was in a new BMW. I probably looked like a drug dealer. That's still not an excuse.
Not to worry, I didn't let it reflect on the nice people of Kansas. But, after I'd spent a couple of weeks just giving my time to those in need, their cops harassed me and told me that I was banned from their State. I haven't been back but that's just coincidental.
You're being playful about this, but I'm legitimately worried about a future where job candidates are rejected purely because they didn't offer their social media identities or passwords.
I know this does happen sometimes now. What happens when saying "I don't have a facebook account" becomes a significant enough indicator that your're hiding your past?
I've heard stories of people at airport customs attempting to enter a country and having to try explain to the customs officers their lack of web presence or social media posts that they would otherwise use to corroborate and back up their intent for travel.
> You're being playful about this, but I'm legitimately worried about a future where job candidates are rejected purely because they didn't offer their social media identities or passwords.
Demanding a social media identity or password is a great idea if you want to paint a huge target on your back for a discrimination lawsuit.
Said social media account will contain a lot of information about whether or not you are a member of a protected class. Good luck proving that you didn't use it in your hiring decision.
I assume that many already do this. There's certainly a number of business opportunities in this, and it's only a matter of time before it turns into an arms race: people building fake social-media identities, other parties (governments, big internet players) deploy AI to distinguish these from real,... rinse and repeat ad infinitum.
If I still cared enough about writing software I'd probably do a startup around some of this. Instead I'm writing SF about it.
Do you have any sources that describe the asking for social media access in job applications? As a software engineer I am very lucky with the amount of jobs that is available to me, so if I were asked this I would walk out of the interview immediately. My only fear is for all those people who don't have a choice because they are part of a pool of hundreds of applications (psychology graduates for example, at least here in the Netherlands). Some employers just want to squeeze every last drop of dignity out of their employees, it is disgusting.
I've only read headlines and heard from friends working in larger cities for larger companies experiencing this, so obviously it's not something which is happening all the time everywhere, and based on my quick research it seems like a lot of news came out around 2012 about this issue: https://www.aclu.org/blog/privacy-technology/your-facebook-p...
I would act the in the same manner you would as well, it's not worth working for a company if they don't have some very basic principles and it's a huge red flag. If they don't respect your privacy in the interview, they probably wont respect it in day to day business. But just like you explained we have to be careful because there's a lot of people who don't really have a choice, especially in today's job market here in Australia; a lot of people would have to decide between privacy and their ability to pay the power, rent, food, etc.
This reminds me of Ben Eltons book "Blind Faith". The protagonist is confronted because he is not streaming his every moment of sexual intimacy onto the community website. Clearly he must be hiding something.
What’s more remarkable to me is how people don’t see how easy it is to set up a clean surface identity and discrete secondary identities, and hide in plain sight.
Dan Geer, CISO at In-Q-Tel, on[1] why this is patently incorrect:
> Your digital exhaust is unique hence it identifies. Pooling everyone's digital exhaust also characterizes how you differ from normal. Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? [...] Privacy will be [...] the effective capacity to misrepresent yourself.
> Misrepresentation is using disinformation to frustrate data fusion on the part of whomever it is that is watching you. Some of it can
be low-tech, such as misrepresentation by paying your therapist in cash under an assumed name. Misrepresentation means arming yourself not at Walmart but in living rooms. Misrepresentation means swapping affinity cards at random with like-minded folks. Misrepresentation means keeping an inventory of misconfigured webservers to proxy through. Misrepresentation means putting a motor-generator between you and the Smart Grid. Misrepresentation means using Tor for no reason at all. Misrepresentation means hiding in plain sight when there is nowhere else to hide. Misrepresentation means having not one digital identity that you cherish, burnish, and protect, but having as many as you can. Your fused identity is not a question unless you work to make it be. Lest you think that this is a problem statement for the random paranoid individual alone, let me tell you
that in the big-I Intelligence trade, crafting good cover is getting harder and harder and for the exact same reasons: misrepresentation is getting harder and harder. If I was running field operations I would not try to fabricate a complete digital identity, I'd "borrow" the identity of someone who had the characteristics that I needed for the case at hand.
OPSEC is hard. You leak incredible amounts of data, and modern analysis techniques reveal a lot more than most people realize.
Re: your secondary identity - how do you plan on obfuscating the changeover events so the usage times (and/or network entry/exit times) of your secondary identity are not the inverse of when you use your primary identity? I recommend ZOZ's talk "Don't fuck it up!"[2] for a better sense of just how hard is to do proper OPSEC in the modern age of surveillance.
We reveal so much more about ourselves than we could ever imagine. If you use, or used Reddit, Snoopsnoo [1] is a site that uses incredibly primitive language parsing to build a profile on users based on what they've voluntarily submitted. And again I have to emphasize that is using very primitive parsing. It's disconcerting how much we reveal when an algorithm is able to rapidly and effectively piece it together.
Now when enter the government that data can be cross matched against other meta-data to nail down your identity to a very small segment, if not outright match it. And then we get into things like language analysis. I make some token effort to anonymity, but my wife has mentioned she often knows its me posting before seeing the username. And I can do the same for other people I know well. No idea what we're picking up on, but it's a task that machine learning would be phenomenally well suited to do - and do better than we do. And then there are things like more explicit dialect issues. This [2] is a quiz based on American dialects. Again it is phenomenal how much your vocabulary, which undoubtedly you view as 'proper', actually reveals your location. Our very language is not only a finger print but also a geo-tracker.
That snoopsnoo is fascinating. I don't use reddit, so I couldn't look up myself, but viewing the random profiles was so interesting. You could get a real sense of the people -- a college student with an eating disorder who likes a lot of makeup products, an athletic married woman who works lifting heavy things in a warehouse and makes quilts, a sweet loner guy with a deep attachment to France. It would be a treasure trove for a fiction writer in need of characters.
Took the survey despite being British, found it had me down as being most similar to New Yorkers.
As someone who doesn't know much about American dialogue, do people over there really use similar wording? Or is the quiz just coming up with random answers because it has no clue what to suggest?
I'm British and took that survey for shits and giggles, I like a survey.
Anyway I'm not that impressed it had me down as either coming from Providence (because I pronounce mary, marry and merry different), or Santa Rosa or San Jose (because I'd never heard of a drive through liquor store which actually seems a mental idea, from a UK perspective). I know it's not supposed to work on me but there's a massive distance between the first and last two places based solely on one data point.
Makes me wonder how this would fare in a smaller country like the England or Scotland, etc.
A VM with a separate OS, talking to the world through a VPN would probably hide you from Facebook, Google, etc, in the sense that it would be hard for them to correlate the two identities.
It of course won't work well against police, who can look up the VPN provider, ask who's paying for it, and it's mostly enough to find you.
Forums: often the need for a separate identity arises from the need to join a particular forum frowned upon by your peers or superiors. Same for audience. That is, if you want a different persona and not a sock puppet to support your "main" persona.
At some point, following that logic, your multiple online personalities are truly distinct.
For example, "okay, so you have one account exclusively post hard core right-wing arguments in the early morning, and then your second account posts left-wing arguments in the mid-afternoon."
For many people, the point is posting family photos and cat pics under their real name, for childhood friends and relatives, discussing technical details of some computer game in a slang-rich game forum, and maybe discussing hardcore [insert your favorite bogeyman here] on some forum of like-minded people.
All these three personalities need not be connected in any way, nor need they contradict each other in what they say. They are just for different and unrelated facets of one's life.
You never use multiple personas on a given forum. And you never have multiple public personas using the same language. Routine stuff, such as account management, is OK. Just use the provider's native language.
Right. You just need an actor to stand in pictures for consistant facial recognition. Occasionally send overlapping data (typing a message at one place, while writing a status in another) - all in consistent and different styles.
Why do you need to have a face? You certainly don't use smartphones (or any device with a camera or microphone) with your alternate personas. I occasionally want a photo, but I just find something fun online.
And about style. Mirimir only writes in English. I draw on my experience working with Americans, including many from the South. My meatspace identity never uses English online.
I just tagged myself in a bunch of stock photos (with the same few models) to foil the algorithms. Haven't tested the effects since I've long disabled facial-recognition tagging in my profile, though.
I suppose someday they might implement features to try to detect and filter out that kind of thing, but then it will time to abandon the platform totally.
There's no need for a data hoarder to rely on platform specific facial recognition - they'll presumably ingest all photos and tag/group them themselves. This of course includes images where you've been photographed in a group/public place. I imagine it's pretty trivial to "walk" from a single known-good photo (eg: booking / surveillance photo taken in connection to a "suspicious" public gathering, atm cctv, or where a person is figuring in the same photo as a known "person of interest") - to ~99.9% of all photos in the dataset...
How the hell do you intend to hide your secondary identities from the NSA and GCHQ? Even Tor is probably compromised.
(Also, creating secondary identities is easy on paper, but IME segregating myself like that and presenting a fake persona takes a psychological toll. Perhaps others are more adept at it.)
I use nested VPN chains, minimum three deep. Plus Tor for anything serious. Maybe a VPN or two through that even. Latency starts to suck, but that's a good thing, really.
I’ve read your article and it makes sense, but I’m wondering if what you are doing with multiple personas is really any better.
Mirimir is a rather unique name, Google turns up a lot of results which seem to be you, so it’s not hard to see what mirimir is interested in. I’d assume ad networks also have a pretty good profile on mirimir too.
I’m sure there’s more to you than just mirimir, but it’s probably a big part of who you are so what does this really gain? Your real name isn’t revealed, but that’s just another persona. Potential employers won’t find you are interested in opsec through Google, but I’d assume you work in that field anyway. I’d guess having the choice of what to reveal is an advantage, but it’s very easy then to reveal too much so that personas could be put together (e.g. Steve who is the friend of another persona on Facebook, comments on mirimirs article).
Maybe people aren’t going to come across your non-work interests in (e.g.) steampunk or painting dragon pictures, but so what? For most people that is part of who they are, and they don’t care to hide it. Maybe if you have something to hide this is a good idea, but I’d say most people don’t (given how many post private details of their life online).
Personally I use my real name online. I’ve considered switching to pseudonyms to make it harder for casual people to stalk me, but at the end of the day I’ve already revealed so much that it’s not going to help much, and there isn’t anything I feel the need to hide.
I ended up writing a long reply to mercer, so let's incorporate that by reference.
Yes, Mirimir is rather unique. There's that South American woman, and a travel agency in Iran. But still, yes. I picked it because "мир и мир". And name recognition is intentional.
Indeed, Mirimir is a big part of my online presence. I've worked hard on that persona, for some years. And it occasionally gets me into interesting stuff, even some consulting work.
My meatspace identity is distinguished from Mirimir in three important ways. First, I rarely use English. Second, I don't work on OPSEC, or display any interest in anything related to that. Third, I don't have much of a public online presence. All of my professional work is private, as required by clients. And my social life stays just about totally in meatspace.
That's true. But Mirimir is a special case for me, because his role is sharing about OPSEC. And for what it's worth, Mirimir plays things quite safely. An adversary would need to work out Tor connections through other VPN chains to find anything I really care about. And even then, I'm totally white-hat, so hey.
Regarding VPNs, that depends where you are. In many countries, VPN usage is over 20%. So it's not such a huge flag. And I do torrent lots of HD video. So my ISP just sees one VPN connection, with torrent-like throughput patterns.
The rest of my online activity goes through nested VPN chains, routed through the main VPN. So it's only the final VPNs in those chains that see anything except throughput patterns.
I routinely have several workstation VMs running, each connecting through its own VPN chain. So, while I'm drafting posts for HN or whatever, I'm typically doing stuff in other VMs. It's pretty much like most people do with apps in multiple windows, or SSH logins, or whatever.
And Tor. I've never connected directly to Tor. I only connect through nested VPN chains, at least three deep. So yes, I consider Tor use to be a serious risk.
You have put your finger on it. Lack of imagination is why intelligence agencies did not see Russia running influence campaigns on the same social media platforms security agencies use to target incompetent would-be terrorists for dumb stings. Hiding in plain sight is easy for a motivated and diligent adversary.
The police in Australia have been sharing private information about members of community groups with private companies to "manage" future activities and potential "security threats".
One might assume that the information about members of these groups was gleaned from social media sites. I feel like this is an example of "guilty until proven innocent".
How is the government storing legally privileged information at all lawful? And Amber Rudd wonders why respectable technologists sneer at her - maybe it's because they've read 1984 and want to do what they can to stop the madness!
One thing we're learning is that the UK government can do whatever it wants. Who is going to stop it breaking it's own laws? The UK people have been educated in an obedience system (where they actually all wear a uniform) and are taught to do what they're told without challenge. The result is a large population of people who can not think for themselves and believe that the government is like a big parent who can keep them nice and safe.
For years the UK at least had the EU who has some laws protecting people, but they've even convinced these obedient lemmings to leave the only union protecting their rights.
One of the biggest problems with government and law is that the people will only fight for what they want, not what they already have. Meaning history will always repeat itself, laws will be passed when people become repressed, then repealed as soon as people forget.
> One thing we're learning is that the UK government can do whatever it wants
This shouldn't be news for anyone who's lived here a few years, with a basic understanding of UK politics. The acrid stench of arrogance and righteousness that emanates from Westminster travels to the far corners of these isles.
Vindictiveness, enabled by the newspapers, is a big part of this as well. A large chunk of the public don't want rights for everyone; they would actually prefer a system where the police beat confessions out of suspects and people are fitted up for crimes because they're a minority who happened to be near it.
I wouldn't say they "campaigned" against it. Wasn't one of the biggest issues people had with Brexit was the complete lack of information and opinions from the government on how they should vote. If anything the government was too silent and didn't take a side either way.
However, a few officials did offer their opinions, but it was mostly to leave, with Boris Johnson and Nigel Farage getting considerable media coverage. There was also Michael Gove, Ian Dunken Smith, Chris Grayling, Zac Goldsmith, and all those Grassroots Out guys. They were very vocal and on radio and TV nearly every day.
Just because Cameron quit office and a few other politicians said once or twice that we shouldn't leave doesn't make it a "campaign". Trust me, when the UK government campaigns they are very good at it (smoking ban, traffic safety, more surveillance less rights for people).
So no, I really disagree with your claim the government "campaigned" against leaving EU. Maybe you're right and they didn't outright support the plan, but definitely didn't put a lot of effort trying to stop it.
> David Cameron criss-crossed the country on Wednesday in a final effort to warn Britain’s voters against rejecting the EU in the historic poll, that will also be read as a referendum on his premiership.
> Appearing in his shirt sleeves, and with his voice breaking at times, the prime minister issued an impassioned personal plea to the public to reject the “untruths” of the leave campaign. He pleaded for voters to “put jobs first, put the economy first”.
well I would say (as semi pro rules lawyer) that David Cameron was grossly incompetent in framing the referendum Q.
And arguably some one should have demanded judicial review as the referendum did not follow custom and practice by using a simple majority instead of the normal 2/3 or 75% to make major changes
I don't think the remain campaign was particularly effective (though the leave campaign also seemed pretty disorganized and amateurish at times), and I think Cameron was a little overconfident, but it's ridiculous to suggest that the remain side didn't really care about the result. It was obvious that Cameron's political career depended on getting a remain victory, so of course he worked hard for it.
The referendum was purely advisory, so it's up to the government to decide how they want to interpret the result. There is no "custom and practice" of requiring 2/3 or 75% supermajorities in the UK, and judicial review is pretty limited here anyway. The goal of the referendum was to deliver a blow to Ukip and the eurosceptic wing of the Conservative party - anything that made the referendum seem biased against them would have just made them more angry and self-righteous.
Err no Citrine's ABC of chairman ship mentions this and its custom and practice for major changes to require a super majority every company has some types of motion that require 2/3 or 75% to pass.
There's a sweeping exemption from the DPA for the purposes of "national security". Any minister can issue a certificate stating that a given activity is for the purposes of national security and therefore exempt & these certificates can be issued retrospectively.
Social media is public. It's intentionally public. That's really the whole point. It's your choice to post things to Facebook or Twitter or Snapstergram.
Of all the privacy issues that we should be worried about it feels like this should not be one of them. If you don't want your social media info used... don't post it to social media!
Despite the headline, social media isn't the privacy issue or the main story. It's just that we have evidence that social media makes up one of the Bulk Personal Datasets (BPDs) [1].
The actual story is that the oversight body wasn't informed that BPDs were being shared with foreign governments, law enforcement and industry partners. There is no oversight of the process. Partners don't have to meet any standards on use of the data. There are no penalties for misuse of the data. This makes it possible to circumvent UK regulations. These are the privacy issues.
Its not that simple. Facebook creates "shadow profiles" of people that don't use Facebook, and can be be populated by friends/family posting pictures of you or mentioning you/tagging you in a location. So - not their choice at all to have their information mined.
Thing is, if they make a profile about you that includes race, religion, and sexuality, what is stopping them from denying a certain group of people a job in the public sector? Or to use it as basis to spy on you because "this type of profile tends to be violent/terrorist/communist/not patriotic enough".
Or to not give you social aid since you aren't the right type of profile.
Hmm.. looking through what data the German resident register stores[1] there's not too much information I would deem too personal, apart from the religious affiliation maybe. They certainly don't track race as you wrote in your previous post.
I gather you're from a country without a resident register?
EDIT: Also you shouldn't mix up the content of a resident register with the information you find on a public ID card. The information printed on those is a lot more limited.
You will never understand what is happening around you if you don't find the courage to escape your own self-censorship, self-reinforced prison-of-a-worldview. You are all able to think critically, but for reasons I won't go into, fail to use the same critical thinking for a huge part of the information you come across.
Disclaimer: I do not know nor trust those people. I personally found them more-or-less by accident and do think that noone in this day-and-age would be able to make any tours if a) there was no "guarding angel" protecting them b) were not part of the game
That's a silly objection. The 'good' they're attempting to do is preventing terrorism by sifting through the sea of available information on social media. When terrorism occurs in developed countries, the public's anger and fear leads to questions like 'why didn't you see this coming?' And so politicians naturally enough say they'll watch more closely for the signs of such activity.
Again, I am not endorsing this, but espionage and counter-espionage has the same arms-race characteristics as other spheres of military and indeed much commercial activity. What's your alternative proposal? I don't have a good one myself. Also, what do you think will happen to a politician that says 'this sort of thing can't be prevented,' given the fact that many pundits and media outlets are happy to promote the notion of a security state to the general public, and the general public is poorly equipped to evaluate their claims?
I'm absolutely not trying to dismiss your argument, but I wish you'd put more effort into fleshing it out. We have centuries of experience for the proposition that the public is easily stampeded into fortress-building and suspicion, and overcoming that requires more than a generalized wish people to just Do The Right Thing, as if that were easily identifiable.
> That's a silly objection. The 'good' they're attempting to do is preventing terrorism by sifting through the sea of available information on social media.
They are trying to prevent terrorism. And they are sifting through lots of data.
They are also doing a lot of other things. I certainly hope terrorism isn't their main concern. Maybe some of that data is helpful preventing the odd hate crime. But it might just also be used for union busting or something like it in the name of stability and law and order.
Total surveillance is useful to control a population - but I don't think it's particularly useful as a counter terrorism tool.
To be honest I don't think they have that many other ideas. Infiltration and in-person spying is really quite hard to do against affinity groups and is also ethically problematic (eg sting operations and so on). There's a great deal of political pressure, compounded by the 24 hour news cycle and nowadays by social media. A politician that says 'look people, we made some bad foreign-policy choices and we're just going to have to put up with a bit more of this terrorism until they feel better about us' might as well start writing their memoirs because their career in politics will be over the minute they say that in public.
In a way, I think the traditional mode of representative government is part of the problem. It simply doesn't reward anyone to level with the public like that. I'd like to be shown wrong, can anyone provide a counterexample of a politician serving in office who persuaded the public to just accept it? The only sort-of example I can think of is US politicians who throw up their hands over teh gun control issue after a massacre and say they can't really do anything and then wait for the issue to fall off the front page. But that's also why so many people are disgusted by politics.
If you want politicians to stop engaging in security theater and the like, it looks like you're going to have to buy them off. With enough money a politician will apparently say anything. Doesn't sound too sustainable to me though.
Does the public's anger and fear lead to questions like "why didn't you see this coming?"? Or is the public's anger and fear stoked by the very people who want to be asked "why didn't you see this coming?", precisely so they can say "ah, you're right, let's increase our surveillance powers"?
Well, both. Surely you've had arguments with friends, colleagues, or family members where something bad happened and someone asks why something obvious to everyone in hindsight wasn't noticed at an earlier stage by a nominally responsible party.
We can imagine a society where Stoicism is the norm (most famously the Vulcans on Star Trek) but it seems rather counterfactual to suggest it's the default condition of humanity.
> The 'good' they're attempting to do is preventing terrorism by sifting through the sea of available information on social media.
No it isn't. That's the distraction.
Their purpose is the sift through all available information to stifle dissent, spread misinformation, sow discord and divisiveness among the people, destroy unions and maintaining the status quo in the interests of the elite, the wealthy and the landed that have captured supposedly democratic governments throughout the world.
We know they poison online discussion forums (not just terrorism-related ones) and have armies of paid pro-government and pro-surveillance shills much like China abnd Russia that deflect and obfuscate discussion in order to direct it in their own interests.
We know they target charities and civil rights groups like Oxfam, Amnesty, the Red Cross and Open Rights Group and label them domestic extremists' simply for wanting to help and offer people representation and due process. Apparently these things are 'extremism' now.
We know they have knowingly and intentionally targeted innocent people and compromised their personal devices and surveilled them through their webcams and microphones and location services.
We know they have targeted companies both foreign and domestic not for national security, but for economic espionage.
We know that total shit-heels that work for these organisations have used their access to target and manipulate love interests, politicians and rivals.
Those who speak up will be discovered to be all manner of criminals, or will find themselves victims of a car bomb, or a mysterious illness or timely suicide.
They do this because of the brewing shitstorm, born of a century or more of regulatory capture, widening inequality and transfer and consolidation of wealth from the many to the few.
Intelligence agencies are not your friend. They are a private army. Just look at the City of London Police. They may as well be the copyright industry's hired goons.
The next stage in this will be the increase in the use of private military contractors globally, not just by governments by by private entities.
Mass surveillance has ALWAYS been a to control populations, without exception.
I thought it was clear that I was referring to their nominal mission as an intelligence organization, rather than the political ends to which they are put. I'm not suggesting they're my friends or that they are desirable, and my repeated reminders that I don't endorse this should have made that clear. Without going into details, I have first hand experience of being on the wrong end of state scrutiny, I hope more than you ever will.
I'm trying to analyse this problem by looking at it in purely rationalist terms and assuming that people I disagree with are going to pursue their collective interest whether or not I approve. I rely heavily on the selectorate theory model outlined in The Dictator's Handbook and in more depth in The Logic of Political Survival. I try to discuss this in analytical rather than agitating language on HN because the mods complain when I get too political. I hope that makes my commentary easier to understand.
Please stop trying to tell me about stuff I already know and tell me how you would work on the problem of the general public easily being stampeded into backing repressive policies. That's what I need actual help with, and I need something a lot more actionable than 'let's educate everyone and teach them to think critically' because that's a generational problem and one that is not going to just work automatically. You can contact me via gmail if you'd prefer, or other channels including personally.
One of the reasons that agencies have had trouble preventing these events is that they have the data, but they haven't connected enough of the data. That's hard to do when you are collecting completely irrelevant data in addition to useful data.
If you are having trouble finding a needle in the haystack, adding more hay isn't going to help, it's just going to make your problem worse.
Sure, but it doesn't seem realistic to suggest that they stop collecting it.
The best idea I've come up with (and it's got serious flaws of its own) is a social network where deletion is impossible, but you have a choice between anonymity and authority for any given submission you make thereto. Anonymous utterances might be true, but they'd have to have a very high truth-value indeed to overcome the skepticism that would attach to them. Authoritative statements would thus be backed by a person's reputation, which in turn could be good or bad to different people depending on the historical quality of their contributions. Trolls and spammers would thus be marginalized by the low quality of their output, which might be regarded as even worse than anonymous whispers.
I don't have a theoretical foundation for this, and while I've thought it out in rather more depth than I am offering here it;s the product of intuition rather than analysis and iteration. Web annotations seem the best path to explore for experimentation but I'm not equipped or inclined to develop this into an actual product.
So what if they collect it and share it with foreign governments? Social media is public to begin with, so big deal if they are basically indexing the information. Doesn't stop them moaning it's not enough or preventing bomb attacks.
What do you mean that "social media is public to begin with"?
As I'm sure you're aware, while most social media sites have options to post publicly, many (at least ostensibly) also offer a wide variety of options for sharing data in narrower circles (i.e. private groups, direct messages, etc).
If you're talking about only the content that the users intended to share publicly, that seems like a reasonable enough position to take, but if it goes beyond that I hope you wouldn't still say "big deal".
One of the "Key Points" on the Privacy International release linked from the TechCrunch story and available at https://privacyinternational.org/node/1532 is that "GCHQ collected and accesses this information by gaining access to private companies’ databases."
That sounds an awful lot like they're going beyond simply indexing the public web.
You're more likely to die by falling down the stairs than by being killed by a terrorist[0]. Bomb attacks are not something you should be concerned by.
However much bomb attacks scare you, you should be ~100x more scared of living in a house that has more than one floor.
Risks of day-to-day activities are known, their distribution effectively fixed and the magnitude of the risk also understood. The probability of ladder falls tripling year-to-year is of order 10^-14. I understand that driving my car could potential result in my death. There is some variability in the risk depending on how careful I am, time of day, whether I am sober etc, and of course risk out of my hands from other road users. I can have a good understanding of the risk and factor that in whether to carry out a daily activity.
War and Terrorism is completely different. When they occur is unknown, whether the event is small or cataclysmic unknown, the secondary effects they have in a wide complex system unknown.
You can take the original argument even further to understand why it is silly. Atomic bombs have only been used against people twice, therefore the chance of you dying in a car crash are multi-million times higher than dying from an atomic bomb. Should there not be an intense focus on de-proliferation, de-escalation of conflicts because of this? The consequences of an nuclear attack are so great, we spend huge amount of resources to reduce the likelihood.
Terrorism is similar. It is not only the poor victims of the attack who suffer. Our societies function on a fairly fine balance, much of which is predicated on the ability of our governance to keep us safe. Rapidly increasing frequency of attacks and their effectiveness drive us closer to instability and can severely damage our economies.
You dying in a car crash is going to hurt your friends and loved ones. You being blown up along with 50 passengers on the underground, the fifth explosion that week can have dramatic and scary results for us all.
But the parent argument is that loss of privacy hasn't decreased the probability of terrorism attacks. "It's not working but lets keep doing it just because" isn't a sound argument. There might be number thrown about x many threats were stopped which may or may not be true(would still like to see numbers if someone has some reliable ones). But the loss of privacy is unquestionably true (unless I am missing something here).
How much of my personal information do you need before you can guarantee 0 terrorism attacks. If the answer is "never 0 with any mount of loss of privacy", I am not sure if it's a worthwhile goal (or a price to pay).
Terrorism, like gun violence, is the act of another person interfering with my life. Falling down stairs is an accident. It's pretty easy to see how one elicits fear and outrage and demands to take action and the other doesn't.
FYI, there’s nothing in the parent argument that suggests we shouldn’t do anything to stop terrorism. It’s only saying that sacrificing our privacy rights isn’t worth the false assurance of safety mass surveillance provides.
> Should there not be an intense focus on de-proliferation, de-escalation of conflicts because of this?
Sure, nuclear disarmament wouldn't hurt, but like you said: atomic bombs have only been used against people twice. There's no evidence that their use against people is likely to substantially increase over the next few years, so it's not something that is worth worrying about. Just like terrorism.
EDIT: And certainly it is not worth using the risk of atomic bombs as an excuse to invade the privacy and erode the freedoms of millions of people.
> There's no evidence that their use against people is likely to substantially increase over the next few years, so it's not something that is worth worrying about
It does not even matter whether there is evidence that the risk is likely to increase or not. Plus, it is arguable unknowable what the current risk may be now or in a few years time (plus, do you really trust NK's safety in chain of command and equipment?). Regardless, no matter how unlikely the event is to occur the magnitude or the event is so unbelievably massive that is something to be worthy of worrying about.
It all comes downs to understanding that despite a extremely low probability of occurring, some events are so earth shattering, you cannot discount it by its probability of happening.
On September 10th there was no evidence an attack on New York City was particularly likely (apart from in the minds of the terrorists). But September 11th came along and changed the West and Middle East for decades.
No, it didn't. Or, at least, it needn't have. 3,000 people died. Yes, it's tragic, but it's much less tragic than the hundreds of millions of others who have died since.
That is literally the point I am making. You are misunderstanding me completely.
No matter how unlikely an extreme event might be, if/when it does occur it has earth shattering effects due to the complexity of the world. This is why we need to be so vigilant in protecting ourselves against these threats.
I finished with "But September 11th came along and changed the West and Middle East for decades." That is the point. 9/11 was tragic enough, but it triggered an avalanche of death and trillions of dollars spent. These sort of attacks have non-linear effects that cannot be predicted.
You originally stated you are more likely to die falling down the stairs therefore "Bomb attacks are not something you should be concerned by." My response is that terror attacks are like what we see in 9/11. Considering that event resulted in hundreds of millions of death due to the complexities of the world AND the risk distribution and magnitude is completely incomparable to known risks and their distributions, it is nonsense to dismiss the risks as you are more likely to die falling down the stairs.
The hundreds of millions that have died since 9/11 are in no way connected to 9/11. You're misunderstanding me. Hundreds of millions is the total deaths across the entire human population since then. And those people are each just as worthy as the 3,000 that died in 9/11.
I don't know how to say this without seeming rude, but you just don't get people. I fully agree with your logic. But you are emotionally illiterate, and people are emotional animals. If you don't make the effort to connect with people on an emotional level most of them will not listen to your rational arguments.
I absolutely feel your frustration. I share your basic outlook. But most people don't. You're not smarter, you're just not as easy to activate emotionally as they are. That's why advertising and propaganda in general doesn't consist of long earnest rational arguments of the sort found in academic journals. It consists of atavistic emotional manipulation because that is what works most reliably.
Has anyone ever handed you a political flyer that consisted of a wall of text that you glanced at but didn't bother to read because you just couldn't be bothered to navigate >1000 words of half-baked political theory that didn't really speak to you as an individual? Well that's how your arguments come across to most regular folk.
Being right is not important if you can't get people to pay attention. Citing comparative statistics is a wonderful way to get people to ignore you.
I'm sooooooooo sick of this argument. It's not that it's incorrect from a probabilistic point of view, but it shows such an indifference to the facts of how humans actually are rather than how they should be as ideal rational actors.
Look, what are the odds of being killed by a spider? tiny. And most spiders aren't even poisonous. But lots of people have an irrational phobia of creepy crawly animals, perhaps due to some unpleasant childhood experience. If someone is afflicted with such a phobia, maybe therapy can help them, maybe they'll grow out of it, whatever, but standing around saying 'it's very irrational of you to be scared of this probably harmless spider' is no help whatsoever. Either get rid of the spider for them or leave them alone, because when someone is freaking out they're not able to process information rationally.
We know that people don't react rationally to real risk probabilities, some are irrationally risk averse and others are irrationally risk tolerant. We know that such irrational cognitive behaviors are often exploited by unscrupulous actors to manipulate people for financial, political, or strategic gain. We know that the externalities of such exploitation impinge upon our economy, liberty and so so on.
Endlessly repeating an argument that people are already demonstrably indifferent to isn't getting us anywhere. Education is one long-term approach to alleviating that problem but it's very slow and expensive and outcomes are hard to predict and to measure. It has consistently proven easier for politicians to spend money on security services (both pragmatic and theatrical) than it has to raise the intelligence/wisdom of the public at large.
I think it is a silly argument in the first place. See, they are additional preventable deaths, and not accidental. Comparing them is pretty silly.
That said, I still don't like reductions in liberties due to fear of terrorism. Freedom is inherently risky. I am not a coward. Giving up liberties out of fear is not necessarily a good idea.
I'm not sure there is one, unless one wants something that resembles authoritarianism in the name of preserving liberties. That there creates a mental knot I've not yet unraveled.
It's hardly democratic to prevent people from responding like people and fear is a powerful motivator. So, buggered if I have the answers...
What if the answer is something other than a Republican system of government? That was great for the days when news traveled more slowly and human lives changed relatively little from one generation to the next. But the accelerating aspects of technology in general and communications in particular - both physical and informational - have revealed its limitations. Nowadays the population of Facebook is nominally larger than that of any individual country. We could, if we were so minded, build systems of governance that were completely participatory and leveraged the near-instantaneous communication we have come to think of as normal. Do we really benefit any more from delegating our most important tasks to small, opaque, and corruptible groups of politicians who are forced to spend ever more absurd sums on election campaigns in order to be taken seriously?
- It is more than just posts on social media. The databases cover "sensitive medical data" and "financial details" and much more.
- The oversight body was not informed that this data was being shared with foreign governments, law enforcement and industry partners.
- There is no oversight on the sharing of this data with these partners, and no legal penalties for misuse of the data.
- There is no requirement that partner agencies have similar safeguards with respect to processing the data that the UK agencies already have in place.
It doesn’t work for the same reason American gun control hasn’t worked - you cannot stop bad actors and the ones getting unduly impacted by onerous intrusion are law abiding American citizens.
I’m neither an American nor a gun owner but I can see the parallel between private citizens being legally forced to give up privacy for dubious reasons and gun owners potentially being asked to give up guns for dubious reasons (dubious because of how few people get killed in rampages in the United States.)
What is remarkable is the absolute lack of oversight over the sharing of this sensitive data with foreign governments and law enforcement, but especially with so-called "industry partners". And that there don't appear to be any legal penalties for its misuse.