Before CALEA, surveillance was not "built in" to the phone system. Back when Guliani was a prosecutor, taking down the New York mafia, he wrote in his book that the FBI had to pay New York Telephone for a wired connection into any phone they wanted to tap. It really was a wired connection, manually wired onto the main distributing frame, and billed as a private line to a third location. On one occasion the FBI didn't pay their bill, and New York Telephone billed the party being wiretapped. That was part of the motivation behind CALEA.
Electromechanical end exchanges did not log call data for local calls. Some of them counted it, with racks of little counters, read once a month. Toll switches had a logging system involving a wide paper tape. No cheap storage devices existed in the electromechanical era.
What's now referred to as a "pen register" is today an extract from switch logs. But at one time, it was a real physical device. A device that put dashes on a paper tape to log dial pulses. I own one, and it's the one shown in Wikipedia.[1] Mine is hooked up to a dial and some circuitry for demos. You wind it up with a big brass key. The first dial pulse starts the clockwork moving, and it continues to run until there have been no dial pulses for a few seconds. Someone had to hook one of these up to a specific line to track what was being dialed.
That's what the Supreme Court was talking about when, in Smith vs. Maryland, Justice Blackmun wrote "Given a pen register's limited capabilities, therefore, petitioner's argument that its installation and use constituted a "search" necessarily rests upon a claim that he had a "legitimate expectation of privacy" regarding the numbers he dialed on his phone."
The "limited capabilities" are a lot less limited today than they were in the wind-up era.
I remember a conspiracy theory that you could find out if your phone was tapped by not paying the bill. If the line still worked after you were delinquent, someone else was listening on it.
Kim Dotcom found out that his internet was being tapped by noticing the lag introduced in Call of Duty. He was #1 in the world at Call of Duty at one point.
I would be inclined to agree, but admittedly if you had to route all the traffic to from NZ to a datacenter in the USA, then back to the game server, that could introduce notable latency.
If you want to actively MITM it, sure. If you just want to send a copy of everything to the USA, then it needn't slow down the original connection at all.
> The data showed the internet signal had previously taken two steps before going offshore - but was now taking five.
> Information held by the Herald shows Gen-I studied data showing the amount of time it took information on the internet connection to reach the Xbox server. It went from 30 milliseconds to 180 milliseconds - a huge increase for online gamers.
There’s just no realistic way that bouncing the connection around New Zealand would introduce a ~100ms delay. It sounds like he just started getting bad routes to the gameserver, which is par for the course for Oceania, but unlikely to result from LI.
Could the bad routes to the gameserver be a possible accidental side effect of the intercept?
Maybe the people doing the intercept made a mistake. It sounds like they made a legal mistake, so maybe a technical mistake isn't that far fetched either.
I've never researched it, it's too good to prove wrong. It does seem pretty plausible though, the cops and/or judge that ordered monitoring it would be pretty annoyed if it got cut off.
"Passive aggressive" is exactly how you expect people to behave when you force them to do things they don't particularly want to do -- and follow this up by not paying them for it.
In the 1980s (or maybe the 70s), the UK Parliament debated a bill covering wiretapping. There was a line of questions as to what a lineman should do if he discovered a wiretap, because he couldn't assume it was a 'legitimate' one by the security services, but if he assumed it wasn't he might run afoul of provisions of the law.
This shows a couple of things:
- Back then extensive surveillance would have been hard to conceal because it would have been noticed by the large workforce needed to physically maintain the system.
- At that point members of parliament could reason correctly about the internal details of the telephone network, because it was simpler, and because many MPs had become MPs via the unions and so had experience of a trade.
Surveillance may be "too cheap to meter", but it isn't cheap.
Millions of hard drives run 24/7 in thousands of data-centres around
the world. Millions are discarded and replaced annually. System
security is inversely proportional to the demands and power of
surveillance actors (NSO for example), so we all lose money when we
tolerate surveillance. By 2025 cyber-security will cost the world
about $10.5 trillion per annum, and a significant amount of that will
directly result from the existence of a concomitant surveillance
industry.
The cost to society and business in damaged trust and lost opportunity
must run to dozens of trillions over the past decade.
No! Surveillance is cheap to tiny minority who inflict a colossal
economic externality onto the rest of society.
> IT nerds tend to find technological solutions for all sorts of
> problems—economic, political, sociological, and so on. Most of the
> time, these solutions don't make the problems that much worse, but
> when a problem is of a purely economic nature, only solutions that
> affect the economics of the situation can possibly work.
This is insightful. Let's start changing the economics around
surveillance. Let's make it very, very expensive again.
> By 2025 cyber-security will cost the world about $10.5 trillion per annum, and a significant amount of that will directly result from the existence of a concomitant surveillance industry.
For context, the world needs $4T/yr[0] to transition to a zero carbon economy. It is kinda crazy to think about when you compare these two, considering how massive of a problem one is and how we often don't think about the other.
I'd be tempted to add that if you just dismantled military institutions across the planet, you'd have plenty more funds available to do important stuff with. AFAIK the US alone has military / three-letter-agency spending of at least a trillion dollars per year, and all this for what?!
To be fair the US is pretty much the entire military for all of the West, Japan, Korea, and Australia. We just consolidated militaries after WW2 to prevent Europeans from fighting one another.
But I definitely agree we could get rid of war. We've been in long peace. It seems very possible.
> To be fair the US is pretty much the entire military for all of the West, Japan, Korea, and Australia.
That's not true. France for example still has strong military. So does UK, Israel... Not saying it's a good thing that these military institutions exist, but except maybe in Ukraine nobody in Europe would feel (more) unsafe if the USA military would disappear overnight.
> But I definitely agree we could get rid of war. We've been in long peace. It seems very possible.
I agree it's very possible given the right mindset/circumstances. But we're far off from it. War feeds from countries with mafia-like governments who take all the people's money under securitarian pretexts, and these governments have never stopped waging war. In some countries like France, the government has even pushed for military patrols in the streets (since the 80s), training for kids in schools to anticipate attacks (since 2015) and the return of mandatory military service (or so-called universal national service, since 2019 i believe).
The US is still at war in several countries, and so is France. We don't feel it on the mainland because the propaganda is really strong here (whenever we're talking about it it's along the lines of "don't ask questions, we're just killing terrorists") and the consequences are very remote. But war is still really real for many people on this planet, and is still (mostly, though not only) caused by western imperialist powers imposing their will on the rest of the planet (see for example what France is doing in Mali to exploit all the riches in the north) or by the governments they arm (see what Saudi Arabia is doing in Yemen).
To be fair, i'm not saying Russian or Chinese military are any better. I just don't understand how we could stop wars when the military establishment is stronger than ever in our own countries, and still causing wars and suffering abroad. Such criticism can still be interpreted to be illegal, as France has banned insulting national symbols (since Sarkozy), and anti-imperialists militants such as Jean-Marc Rouillan can still be condemned (after spending decades in prison) for denouncing the lies of the propaganda of the french empire.
While I do agree to an extent that our military spending is quite high, it is probably the one thing keeping what little manufacturing capabilities we have alive inside the country, and I feel that is important.
Don't you think we could be manufacturing more useful (and maybe less polluting) items? If commercial goods had the durability of military equipment and the same kind of public financing, i believe locally-produced durable products could be competitive with cheap imported quasi-slave-produced products.
> the existence of a concomitant surveillance industry
The industry is fundamentally broken. NSO is the smallest part here, they are even consistent with their approach. Surveillance was legitimized by governments and every small fry that complains about NSO specifically is not worth your vote. They are hypocritical liars and probably ordered their software or were about to do that.
In the EU for example there is no opposition to track connection information of everybody, nor is there one on national levels. It is a sad and settled reality, only solution is to escape to other countries which mostly do not fare much better. Even with NSA activity the US is probably a good alternative.
Telcos at first didn't want to store this information, although they probably would have as the economic benefits became clearer. You cannot explain mass surveillance to the fearful bloke politician. There are a few that are smarter, but they don't have the numbers. While it has to become expensive, we also need to see out people that champion this destructive surveillance. It is against the spirit of many constitutions and restricting any compliance is a step for civil disobedience.
There is a strategic component. If everyone does collect info but me, I am at a disadvantage. There is a political component to it. But it does not justify the crimes politicians have comitted in the last two decades. And they are nothing else but crimes.
that's impossible with the government actively thwarting any such efforts. The self promoting and vastly overfunded security apparatus' of various countries will justify their actions and budgets with "counter-terrorism". Before that it was "communism". The uk government spent vast sums on CCTV. Obviously, they turned out to be useless without adequate funding for actual police.
Most notably there is a government shaped hole in the GDPR. Governments are largely exemt from it. And companies are allowed to collect data they are legally required to collect, so delegating the work still works if it's done by law.
Still a massive improvement over the previous status quo, data collection is now much more transparent which makes it easier to oppose.
Fair points on total costs but in this case, "too cheap to meter" largely means:
- The incremental costs of surveilling an additional individual are low. This is the classic economic distinction between fixed and marginal costs.
- The cost of breaking out of the surveillance-capitalism-state industrial complex is high. Devices, networks, applications, servers, services, institutions, business models, protocols, hardware, communications methods, directories ... ALL are fundamentally grounded in surveillance.
If you want to break out, you've got to break out on all fronts simultaneously.
> The cost to society and business in damaged trust and lost opportunity must run to dozens of trillions over the past decade.
I would love to know how much potential energy that could manifest in negative physical behaviors in the future is currently sitting idle in the minds of people, waiting to be triggered by some event. I would say that the trucker convoys in Canada are one example of this, as was the election of Donald Trump.
Vernor Vinge's A Deepness in the Sky depicts a human interstellar civilization thousands of years in the future, in which superluminal travel is impossible (for the humans), so travelers use hibernation to pass the decades while their ships travel between systems. Merchants, including the ones the book portrays, often revisit systems after a century or two, so see great changes in each visit.
The merchants repeatedly find that once smart dust (tiny swarms of nanomachines) are developed, governments inevitably use them for ubiquitous surveillance, which inevitably causes societal collapse. <https://blog.regehr.org/archives/255>
In the old alphanumeric pager networks you could receive a notification without having to transmit anything.
This meant that your location remained private -- even from triangulation attacks! Not even satellite pagers have this feature; they all require that you transmit first (often with a GPS coordinate included).
With the collapse of the POCSAG networks (at least in the US -- the vast majority are now off the air), we have lost something valuable.
Wide area broadcasting might not be as bandwidth-efficient as cellular schemes, but if you just want to receive a kilobit-sized notification (which might be of the form "you have a message from XYZ", prompting you to go online) that isn't a big deal.
We could go from always-on surveillance to letting people decide on a per-notification basis if declaring their location is worth receiving the rest of the message. Or if they should move to a different location before doing so.
I kept a pager for as long as was possible. It is really the service I want. I had this tiny object that ran off a single AAA cell for something like a month that would tell me if there was something I had to deal with. The available technology has degraded significantly since then.
You would think that pager service would be significantly cheaper to provide than something like 4/5G...
> We could go from always-on surveillance to letting people decide on a per-notification basis if declaring their location is worth receiving the rest of the message. Or if they should move to a different location before doing so.
Could a similar capability be built on a local LoRA mesh?
LoRA will always have spotty coverage. There might be a lot of spots all over the place, but they're still just little spots. For short messages, you need much lower frequency. Then you can cover entire cities from one or two sites.
You really want something VHF or below. Like a chunk of the former analog TV bands. A really really tiny sliver is enough.
LoRA is a horrifically bandwidth-inefficient protocol. It craps on a gigantic swath of frequencies in order to send a few bits of data. They call it a "chirp", not a "crap". The only reason anybody gets away with such a wasteful modulation scheme is that it happens in the garbage band.
"If you write an app for either platform, you have to publish it through the respective walled garden, and you can do so for free—but then it must contain built-in advertisements that provide Apple and Google with surveillance data of your users. If you want to protect your users from that, you must sell the app for money and hand over a cut to compensate Apple and Google for the missing advertisement and surveillance revenue."
I remember back in the early days uploading a free app with no ad frameworks to the play store, and I believe there are plenty of third party ad networks (that I'd assume don't share data with Apple/Google)
Anything you get from Google play store is wrapped with Google's trackers. This ensures that Google knows what you are using at a minimum. Then the promiscuous Google Play Services provides even greater visibility as it processes all your notifications. You can check the trackers here. https://reports.exodus-privacy.eu.org/en/
Apple's store and OS is more opaque. Others may be better able to explain their mechanisms.
A small minority of us don't have Google Play Services on our phones and get all apps from F-droid. So he is not referring to us.
As a developer and system administrator I would have added to this piece how costly it is to actually delete data. It is usually far cheaper to store everything even well after it has legitimate use because developing archiving routines and strategies that don't break other things is work that few IT organizations bother with among all their other priorities.
Just last week I went over user accounts for one of my apps and deleted those that had expired for longer than 6 months on the live server.
So, their data is off the live server but still on weekly backups that are rotated out and deleted after 4 weeks. But I also have snapshots of that server that go back years and it would be some work to delete a user's data on those. And other users might need to recover data, so I can't just delete the snapshots.
Wait till you get a deletion request for a specific user... we've had to mount snapshots as DBs just to have an automated query purge their record from the snapshot, delete the snapshot and retake the snapshot.
It's not a pain. Regulations are there to be followed and I don't think GDPR is wrong. I honestly would rather set up these systems so that it can be done easily and being compliant with the law and user expectations.
"Google Play will start requiring new apps to be published with the Android App Bundle starting August 2021. This will replace the APK as the standard publishing format."
No, it is not true. You must pay to release any app on either store. Google charges a one-time $25 fee, Apple charges $100 per year.
You may release a free app with no advertisements. In fact, that is the easiest configuration, since charging for the app means setting up payment information. And including ads means payment information and integrating ad serving code into your app. It is not "built in" on either platform.
But now you successfully filtered most of the people that don't. And there is tons of quality software without a business incentive aside from the fun to create said software. Happens, since part of software development is a creative (non commercial) enterprise. I would write more free software too if I didn't need to pay rent. Of course free software cannot be the only model, but as I said, you won't find much of that in app stores.
It's perhaps worth steelmanning the argument here - though technically one can release an app for free, it is generally the case that any app with significant investment (warranting monetization) will take one of the two paths he described, and this describes the majority of popular apps.
I've lost battles with an editor (of a popular publication) that ultimately led to inaccuracies like this creeping in. They just cared about readability far more than truth.
I think the larger context is that you need to pay a fee to upload an app and have it reviewed. If you don't want to shoulder the cost you need to reimburse yourself through advertising income if you want to have it available for free for yourself and your customers.
"There is objectively no reason why Apple or Google should know every single time you make a phone call or send a message, but since their profits are built on them knowing, you will not find it easy to configure your mobile phone to not tell them"
I could see it being true about Google, but Apple?
I would also like to see some citations on this. He mentions experiences with Android, but nothing for iOS. It makes me wonder if the author is speaking from a place of knowledge, or just speculation.
Any process with enough friction to prevent spammers/scammers also has enough friction to allow government censorship.
Even if governments do end up allowing alternative app stores, I imagine the laws will include some sort of liability clause that means the store owner is responsible for censoring any apps that the government blacklists.
This may not be relevant now, but when Western nations start banning E2EE chat apps and VPNs, I think people will become more aware of what a choke-point the app store model is.
They’ve already bannned truly effective E2EE. Lavabit, TrueCrypt, Skype all RIP. I suspect the new E2EE protocols like signal may secure past communications to some degree but further forward communications can be wiretapped via federal order.
Can you explain how a Signal conversation with a verified correspondent can be wiretapped? My understanding was that their safety code would change and you would have to revalidate if anything untoward happened, but perhaps I’m wrong…
I figured an NSL could require Google Play to issue an “update” for that user which was just a backdoored client. Or similarly, require Signal to do something like that. As lavabit was pressured to do.
Individuals have far more freedom then ever, but at the same time their actions are increasingly becoming more recorded. The reality where every facet of a persons life becomes known to government is almost completely upon us. It will soon become impossible to commit the smallest of crimes without law enforcement being notified. The data is almost complete, all that's standing in the way is existing privacy laws and the inherent difficulty of compiling the data. Flimsy barriers to dystopia.
This is a pessimistic view of the future that I worry about too, but overall, I still see little sign of it in practice. Surveillance may be ever closer to being ubiquitous but overall, (and it's almost heartening to see it be the case) crime, from the petty to the major, remains rampant worldwide with the vast majority of perpetrators never being caught at all.
This applies to organized crime, street crime of the petty or violent kind and of course to purely digital crime. In some cases, the absence of being caught is because of simple corruption (especially with organized crime) but in many if not most, it's still down to old fashioned police ineptitude, indifference and ironically, more crimes than ever being reported specifically because of wider surveillance and easier means of calling public social media attention to criminal activities.
If anything, these factors in many places just saturate police into inactivity, instead of causing greater punitive measures, and all this, despite widespread surveillance. A simple first world example: San Francisco. No shortage of social, technological and police surveillance resources, but good luck getting an iota of investigative attention even if someone openly steals something from you, unless you're well connected or lucky.
> It will soon become impossible to commit the smallest of crimes without law enforcement being notified.
If it was that simple, I would applaud the new era of surveillance. Unfortunately, some people will be above the law, while others will be subjected to it.
If privacy laws were actually repealed, and everyone saw what everyone else was doing, it might not be so bad. It’s the unfairness of it that really stinks.
> Unfortunately, some people will be above the law, while others will be subjected to it.
This is a big problem, but hardly the only one.
There’s plenty of things illegal in various places right now which I don’t believe should be illegal. And some other things which were illegal and socially unacceptable when I was young and which are now not only perfectly legal but also socially normalised such that having a problem with it marks one as a bigot.
But even for the things which I do wish to remain illegal, almost all of them will need significantly reduced penalties in a world of omniscient surveillance.
To give a specific example of how the status quo would break if we had perfect surveillance but didn’t change anything else: In the UK, the minimum penalty is a £100 fine and 3 points on your license, and if you get 12 points within a 3 year period you can be disqualified from driving. Enforce that perfectly, how fast would everyone in the UK lose their licenses?
Currently, there is tech to see what's inside person's brain. One can think of a word and it will be pronounced by computer. Useful for paralyzed people. Also useful to the government and to people like you. Just think of a politically incorrect word, here $50 fine is automatically subtracted from your bank account.
Depends on how you define it. We all certainly leave much more of a paper trail.
My dad and I spoke about this a few years ago. When we lived in NYC I used to go to work with him for a week or two in the summer. The only evidence recorded of that was my name on the visitor log taken by the receptionist.
That visit today is almost certainly auditable. The subway trip is via payment card, and our entry in and out of stations are almost certainly captured by MTA and NYPD cameras. Street surveillance is pervasive in Manhattan from any number of entities. The NYPD network has facial recognition capability.
Entry into the building is logged by swipe card, every time you go pee in the bathroom in the public area, there’s often a badge swipe.
So are we less free? I don’t know. We’re more watched. But then again talking to my cousins on the phone in California was a major family event. And my dad would have to dodge out of work to take out cash for the weekend. A few weeks ago we took a long weekend in Florida with 4 hours notice and travelled without luggage.
They have more things to keep them entertained, more tv channels, millions if not billions of websites to choose from, so much content on streaming platforms like Youtube, you would need millions of lifetimes to watch everything.
You see, if you know enough about humans or any other animal you can manipulate them, like throwing a dog a stick to fetch, this means they dont have freedom not even freedom of thought.
Newspaper headline writers are wordsmiths, but now science can predict what words and phrases will hook different types of people to get them to read their output. Just look at the Trump relection & Bidens election, using adverts to identify floating voters ie those who have not made up their mind and then targeting them to manipulate them to vote a certain way.
I can usually pick out the next US president from a year before the elections, done this Bush.
Its like right now, people give out data which when datamined can be used to track and identify people across multiple websites, work out your working patterns, holiday preferences and then from there you can be targeted remotely or in the flesh.
Another example although this is more access to property, but its a tool you can find in Locksmiths toolkits and first responders tool kits. In other words this is a deliberate bug in a security system. Link is already cued.
https://www.youtube.com/watch?v=U5-qy2tbDG8&t=119s
When you look at the legislation that exists and does not exist, you can identify the area's where state criminality can occur, but the official secrets which released by countries annually will always hold back some stuff as national security. This can include things like techniques still valid for use today, ie stuff thats been used for hundreds of years and stuff that is fairly recent but still in use today.
When you look at the legislation that exists, like people haved said we are a product of google, we are also a product of the state.
I think this is wrong. It's not free for Google or Apple to log data from their app stores/call logs. It costs massive amounts of storage, it costs training for employees on dealing with personal information, it costs engineering time and money to run the systems. It's absurd to say that it's cheaper for these companies to do this than not do it. They're making a decision to do it because it helps them make money (directly through monetizing the data or indirectly through running another service). I get where the author is coming from, I agree that privacy is important, but the thesis is wrong(for these examples, idk about the telcos one)
I suppose though once you have invested the money in doing all that (setting up storage, making training materials, code to do various things) it might be cheaper to keep doing it (in any particular financial year) then to do the work needed to dismantle all that.
I was surprised that the post didn't mention anything about the main reason we were told that mobile phones needed GPS - for emergency location services. Sure this has also enabled unwanted and illicit surveillance, but it's also added countless mapping and location based services that weren't even considered when mobile phones first got GPS chips.
Phones had navigation before they had GPS chips based on cell location. Standalone GPS navigation devices with similar form factors to phones existed as well. And GPS dongles for laptops allowed turn-by-turn navigation back when an iPhone was a bulky thing that sat on a desk and dialed into a landline ISP.
Yes, those existed at some level, but once GPS was built in, it became “free” and easy to get location. Assisted GPS (using cell position and downloaded ephemeris) also meant you didn’t need a couple minutes for a dedicated GPS to go from a cold start.
There wouldn’t have been Uber, Yelp or Pokémon Go before location was just an API call.
> My phone spends four to five seconds trying to tell Google about incoming calls, then raises a notification about its failure, resulting from my failure to configure it correctly, and only then does it activate the ringtone.
If you are required by law to store the data, then the lawsuits can cost you more than what you save by not buying hard drives. And yes, that is absurd.
If its required by law, then telcos need to comply, that isn't in question. If that is not what the majority wants, they need to elec governments committed to change these laws.
I am merely pointing out that, once the law permits doing so, actually not storing something is quite easy.
"Elect government" doesn't necessarily mean "vote for the another party". Candiate c1 may support issue X, while candidate c2 does not, so I vote c1, if X is an important enough issue for me, and if I trust c1 to actually make good on the promise of B.
> Third, it is truly interesting data. AT&T used to send out press releases about how many holiday calls they had handled each year; similarly, modern telcos often boast how many handsets have been at sports events and stadium concerts.
OT: That's not really interesting data, it's flashy data at most. In those situation, we have a very specific image what data we expect to see - it would be more puzzling if someone big sports event didn't cause a spike in mobile connections from the stadium.
But I don't see how any new knowledge is generated from this stuff despite press releases telling everyone what they already know.
I have been using a $5 vps for setting a simple vpn for family. it is super easy to ru your own vpn now. Some sites dont work because they have dumb ip blocklists but most do or give hcaptcha.
Imo,
1. The more we use vpn, the higher the cost of surveillance.
2. Sites using dumb techniques like hcaptcha and ip blocking will see a drop in traffic and have to wise up or lose out
"Never mind that today, nearly all contracts are fixed price and people complain only when they get hit with predatory charges from third parties, cruise-ship networks, in-game purchases, etc."
Are the records not useful in this case, for the client to defend themselves against the third party?
Warantless surveillance may be a problem, but the data has legitimate uses. I wish people would spend more time trying to change how it is used rather than trying to stop the collection.
"On the other side of the wireless connection, there are only two games in town: Either you are Apple, or you put Google's Android smartphone software on your product. Both platforms are architected on an economy of surveillance."
It always seems like many an HN or other commenter from around the web/internet are keen to argue that Apple's platform is different and is not architected on an economy of surveillance. If anyone reading doubts this, I can dredge up some examples. In any event, these folks like to focus on differences rather than similarities. There are similarities. Lots of them.
Here, PHK says Apple's platform is architected on an economy of surveillance, just like Google's. I must agree with PHK on this one.
"There is objectively no reason why Apple or Google should know every single time you make a phone call or send a message, but since their profits are built on them knowing, you will not find it easy to configure your mobile phone to not tell them-and you will be constantly pestered by ominous warnings and notifications if you manage to do so."
With NetGuard on non-rooted Android, one can block all Wifi and Mobile connections on a per app basis and per domain+protocol if desired. One can block everything and whitelist selected apps.
How does Google track calls and messages in spite of NetGuard.
"If you write an app for either platform, you have to publish it through the respective walled garden, and you can do so for free-but then it must contain built-in advertisements that provide Apple and Google with surveillance data of your users."
Is this true. What about repositories or applications like F-Droid.
"This takes an incredible amount of RTTs (round-trip times), which is why work on HTTP in the past 10 years has had a laser-like focus on avoiding TCP's three-way handshake by any means imaginable, while at the same time trying to obscure-as much as possible-precisely how much and which surveillance data the big platforms are collecting."
Is he referring to HTTP/2 and HTTP/3. Observing outgoing traffic does appear to be more difficult under these revised HTTP protocols. Intentional or merely a side effect. You make the call.
"Whenever you see one of those "Share this on Facebook" icons on a web page, your browser makes a DNS request and an HTTP request directly to Facebook's servers to get that little image."
To solve this problem, some web pages just use a locally-hosted image for the icon, not one hosted by Facebook. No lookups required. It really is quite sneaky the way that Facebook places those icons on millions of web pages. What looks like a harmless buttton is truly a surveillance gimmick. It is sad that so many websites play along with the game. Perhaps they are not even aware of what they are supporting.
> If anyone reading doubts this, I can dredge up some examples. In any event, these folks like to focus on differences rather than similarities. There are similarities. Lots of them.
Here, PHK says Apple's platform is architected on an economy of surveillance, just like Google's. I must agree with PHK on this one.
Could you expand on this? Making such a statement, then not providing a modicum of evidence isn’t the best way to make a point.
Here is a humourous example from today's front page. This person believes iOS offers something that Android does not with respect to turning off permissions. Total nonsense.
The same sort of phony differentiation could be applied call and messaging surveillance. Apple and Google both collect similarly gargantuan amounts of user call and messaging data and store it in enormous datacenters.
> Apple and Google both collect similarly gargantuan amounts of user call and messaging data and store it in enormous datacenters.
Again you’re making assertions with zero evidence.
Please provide actual citations for Apple collecting “gargantuan amounts of user call and messaging data”, not just links to people misunderstanding what features Android provides.
"The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime."
Ok apple does call history syncing via iCloud. That doesn’t hold up your claim at all. For your claim to be valid Apple would need to upload the data even if your had iCloud disabled, and would then need to process the data for some purpose unrelated to a product feature you’re using.
Electromechanical end exchanges did not log call data for local calls. Some of them counted it, with racks of little counters, read once a month. Toll switches had a logging system involving a wide paper tape. No cheap storage devices existed in the electromechanical era.
What's now referred to as a "pen register" is today an extract from switch logs. But at one time, it was a real physical device. A device that put dashes on a paper tape to log dial pulses. I own one, and it's the one shown in Wikipedia.[1] Mine is hooked up to a dial and some circuitry for demos. You wind it up with a big brass key. The first dial pulse starts the clockwork moving, and it continues to run until there have been no dial pulses for a few seconds. Someone had to hook one of these up to a specific line to track what was being dialed.
That's what the Supreme Court was talking about when, in Smith vs. Maryland, Justice Blackmun wrote "Given a pen register's limited capabilities, therefore, petitioner's argument that its installation and use constituted a "search" necessarily rests upon a claim that he had a "legitimate expectation of privacy" regarding the numbers he dialed on his phone."
The "limited capabilities" are a lot less limited today than they were in the wind-up era.
[1] https://en.wikipedia.org/wiki/Pen_register