Tinfoil hats aside, it wouldn’t surprise me one bit if the NSA and other intelligence agencies around the world operated VPN service providers as a way to spy on users.
If the Snowden affair showed anything, it's that the tinfoil hat wearers were right all along - you'd have been ridiculed if you'd suggested just about anything from the Snowden files.
the difference is speculation to outright imagination which does no favor to real threats. there are plenty of crackpots and conspiracy nut-jobs out there.
It's one thing to say without evidence, "I know for a fact that intruders are logging in to my system on SSH." It's another thing entirely to say, "it's reasonable to expect intrusion on SSH, so I'm not going to leave that port open on my firewall unnecessarily."
I still think the NSA employs Linux devs so they can deliberately insert flaws. Why would they not? It would be very easy. But every time I mention it people reply "But but many eyes! They'd get caught!"
I want to point out that they could similarly hire someone working at microsoft, or get someone up for a position there, to do this and it would be at least as hard to detect...
Large companies like Microsoft assume that there are advanced persistent threats that are willing to place HUMINT inside of their companies. The companies have dedicated internal teamd focused on detecting them.
For example, Twitter recently fired someone that was leaking information on dissidents to a foreign government.
You could, but it would be more difficult (though easily within the ability of the NSA).
To contribute to the Windows kernel you'd have to get someone hired by Microsoft, who presumably check their employment history (maybe), they have to actually go and work for Microsoft, etc. Obviously none of that is impossible but it's also obviously much harder than sending a patch to a mailing list.
Or you find someone who already works there who's having an affair and blackmail them into working for you. It's no different to how spies have operated for centuries.
The Wests' military-industrial-pharmaceutical complex has weaponised groupthink to such an extent that the ease by which incitement of mass hysteria at scale can be manifested is a non-issue for these players.
Too many times, the western collective is convinced of its own righteousness in regards to issues which factually were counter to its own survival.
The point is, even if the NSA did have key Linux devs on its roster, we don't have the tools - as the unwashed masses - to counter it. Besides which, the Linux kernel is hardly the right target - compilers, however, are...
Now you just need to figure out which one owns which and then chain them cross vendor, and hope that "he's connecting to a chinese spy vpn" doesn't put you on any list ;)
If I mention "The Anarchist Cookbook" then I imagine every username on this page will be added to a GCHQ list, I'll probably have my internet traffic mined to establish if I downloaded it (which they arrest people for in the UK -- https://www.bbc.co.uk/news/uk-england-bristol-41802493). Presumably they have my online purchase history that relates to reagents, etc..
I also expect to be on lists for being critical of the establishment, doing online web security courses, buying remote connectable electronics, etc..
The difficulty I expect is profiling to reduce those lists to meaningful actions that have indicative value.
I don't believe they'll bother putting you on a list for anarchist cb. So many of the recipes have been modified so that you'll blow yourself up that they'll just let nature run its course... /s
the AC probably doesn't do much. but...as the subject of a joint FBI/NCIS investigation some years ago I can definitely say that at least in the USA they have a long memory...
> The Tor Project, a private non-profit that underpins the dark web and enjoys cult status among privacy activists, is almost 100% funded by the US government.
The hyperbole is strong in this article. It's no secret nor mystery that the US Government is interested in Tor, but the thesis that it's untrustworthy because it is funded "100%" by them is just ridiculous.
