Ladies and gentlemen. This is how you do blackmail, corporate espionage, and sway politicians on a truly industrial scale.
Want to push a bill through the House of Commons to curb GCHQ's powers? Think again Mr. Politician. Someone might just leak your sexual deviances to the newspaper.
The pr0n gets you blackmail material, but the social networks give you relationship maps.
Leaning on a politician is an obvious tactic, but it's somewhat heavy-handed. If the politician were to fight back, there could be expensive blowback. Worse, it's a single (or nearly single) point of failure. The bill could pass regardless of the actions of that one politician. A talented blackmailer should only want to directly lean on someone as a last resort.
There is much better tactic: find the people who may organize other people against your interests. If you take out the potential future leaders, journalists, and educators - aka, the people that will organize the writing of that bill - then you prevent the problem before it starts. When the FBI was busting up the hippies, this was known as COINTELPRO. It's laughable to think the program ended with the Church Committee - like "total information awareness", the program was simply split up into various existing programs.
A politician could be idealistic and fight back against blackmail. With social network information, a counter intelligence program can avoid this risk by leaning on the target's friends or family instead.
I think we're due for a second sexual revolution, one where we once and for all settle our relationship between individual, society, and sex, where the only reason you should be concerned with someone else's consensual behavior is if:
It is done because of data that it brings. Not because of deviances of House of Commons members.
Moreover, in western countries like UK it is quite difficult to be classified as deviant.
And the justification textbox has a default width that accommodates about 7 words.
At one point in the article it says the domain of a logged website is considered metadata but the path (full URL) is considered content. However, this screenshot shows a logged HTTP GET including its full path: https://firstlook.org/wp-uploads/sites/1/2015/09/cryptome.pn...
"When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has 'a light oversight regime.'" ... and UK is one of the US's Five Eyes partners, so the US has a light oversight regime, in effect.
At least the GCHQ shows some honest self-awareness in naming their surveillance apps. Karma Police. For a minute here, it seems like the intelligence agencies have lost themselves. http://genius.com/Radiohead-karma-police-lyrics ... I particularly like the last comment on the page analyzing the song, which begins, "This song is about the projection of guilt onto the Other", and concludes: "Prisoners, soldiers, soldiers' victims; these are all sacrifices, onto which we project our guilt, so that we can be saved."
These last few years have really started to wear me down. The indiscriminate mass-surveillance, the savaging of our public services by an obviously corrupt government, the blatent hyprocrisy of our foreign policy, the repeated and unfettered fraud of the City of London financial sector that has yet to see anyone prosecuted or any institution meaningfully punished.
Given how much British politicians seem determined to make life shitty for anyone making less than six figures, you'd think they'd at least let people spend what idle time they have high on drugs instead of questioning a system that seems intent on shredding the middle class.
Plus we ( the UK ) have now jumped onboard with remote drone assassination of UK citizens abroad. Even though there hasn't been a death penalty on the statute books since 1998.
You should read more history. We have been awful for 100s of years. Just in the 20thC we destabilised the Middle East, exploded bombs in pubs in Eire to drum up discontent, jailed the innocent, protected the powerful, destroyed our own manufacturing in favour of financial services, exported asset stripping to the US.....
The list could go on.
Your shame is proportional to your knowledge, the level of reprehensible action is a constant.
Britain has a history of far worse things. I find the lack of awareness of Britains brutal past in the UK to be terribly disturbing. Morally it has one of the most repulsive histories of countries on earth yet all we hear from politicians is about British values as if they are some kind of goal to look up to. The superiority complex prevalent in British political discourse has no foundation yet is rolled out time and time again.
Perhaps I'm older than you but it's been the same in my mind since the 1980s at least. My father informs me earlier.
At least we have the joys of privatized services now (I'm serious). They are an order of magnitude better than the public railway, gas and electricity infrastructure we had. Controversially perhaps, I've had much better service from the NHS since they moved to a service model.
Yep. Why do you think they're tracking porn habits, if not for blackmail material?
There's no legitimate reason why a government needs to know anything about citizens sexual preferences or habits, but such information is perfect for shaming or threatening. I will note that the collection and analysis of this sort of information far surpasses anything envisioned in dystopian fiction or actually practiced by the likes of Stasi/KGB during the worst of times.
EDIT: there were actually a bunch of documents published with this article. I'll check those out then re-comment.
I love the way this article cites loop-holes. These guys do whatever they like. They have no mandate and they do it anyway with the blessing of politicians who then pretend to be concerned.
For me as a Brit the UK establishment is the biggest threat to people in the West. I really hope the UK has a big financial crash and the resulting chaos leads to a full regime change.
With all honesty, if you're a programmer or a hacker working for GCHQ (I'm certain there are some of you around here) you should really bury your head in shame. No excuses, you are simply disgusting.
I completely disagree. GCHQ, NSA, CIA, et al do serve a legitimate purpose. The world is not all roses and sunshine, there are rogue nation-states and rogue actors, and they do want to harm the public. It is the duty of the government to protect its citizens from attackers. These agencies exist to protect the public by identifying threats, and preventing attacks.
I know you are upset about the spying on private citizens for deceptive purposes, but lets not throw out the good with the bad. Yes, the agencies are overzealous and have overstepped their mandate, but that does not mean every single person working for them is an evil person out to get you. Real people work there, and nearly all of them probably have nothing to do with this. Reform, not harassing innocent bystanders, should be the aim here.
And yet here in the US where there is similar, the NSA is viewed as a refuge for the "best and brightest" and "most patriotic". People nod approvingly when they learn someone works at the NSA, even in light of the disclosures.
Who has the courage to shame these people to their face for collaborating in our oppression? It's easy to wax poetic and spit fire on the internet, but it's much harder to actually shun someone standing in front of you.
I concur. I once knew someone who worked for GCHQ, making hardware devices. Once it was revealed to me the extent to which he was involved in producing these heinous devices, I lost all respect for him - especially when his authoritarian side came out and he justified his continued involvement by implying that the lives of my children were at stake because "secret reasons I can't tell you about".
NO! THIS IS NOT HOW A FREE SOCIETY WORKS!
The corruption of government begins with its secrets. A truly free people keep no secrets.
If you continue to justify this corruption, you are encouraging the downfall of Western society. We did not attain the heights we have through secrecy and class warfare disguised as security theatre.
We must discourage involvement in these organizations to the same degree that we discourage teenagers from going on jihad. It is truly the same degree of bigotry and intolerance which allows such machinations to persist in our society - on the one hand, violent extremism. On the other hand: covert extremism.
My former GCHQ-supporting associate recently left, to start his own hardware company in an unrelated (non-surveillance-state) field. As much as I appreciate his design and skill at producing appealing devices (synthesizers), I strongly boycott his business. We must punish this "secret clearance class" of society with utter disdain, disrespect, shame and discouragement. We must not let future generations rise to assume that this totalitarian/authoritarian control system is the norm - it may be too late, but nevertheless, civil discouragement must be perpetuated in light of the total failure of our supposed democratic institutions to protect us from this covert violence.
Wouldn't it be fantastic if there were a coup in the CIA/NSA/GCHQ, etc. of all tech people who just started deleting data on a massive scale surreptitiously. When the dept. heads were like, "WTF happened to the numbers on all the porn viewers...they just kinda shrugged their shoulders and said...'dunno..guess people got bored with porn'"...
Replace porn with '*' and now we're really cooking...
Meh, it's fairly inevitable. Systems are only getting bigger and more competent. This kind of stuff requires resources and some solid thinking about algorithms and data structures. No doubt they could publish some amazing papers. But I don't suspect they have revolutionary breakthroughs ala the NSA with crypto.
I've written a small-scale system for VoIP calls, to archive and index all network traffic - it's amazingly useful for debugging. Several years back, on a single quad-core machine with 1 disk, I was able to handle 5TB (several billion messages) of signalling data per day - indexing, archiving, searching. I'm nothing amazing. (I went to SF thinking I could somehow turn this indexing system into amazing profit. First guy I showed says "oh yeah I recognize this, go get <some intro db textbook>". Oops, so much for breakthrough ideas.)
A team of me-equivalents (with some that _have_ gone to school) and a nice budget could end up designing something like these spy systems. They aren't the Manhattan Project requiring new knowledge no one in the world has. I'm no 3-sigma intellect. There are dozens of millions of people more intelligent than me. Complaining about it and shaming engineers will not work against such critical projects.
It sucks that it has come to this. I am afraid to do certain types of searches. The other day, I wanted to learn more about "Azan" -- the Muslim morning call to prayer that is often broadcast over loudspeakers from a mosque. I find the topic interesting and started poking around, but it landed me on several websites that made me start to feel uncomfortable that I was going to incite some trigger. I'm betting most people in my neighborhood aren't searching for this information, and I don't really want to be flagged. Pre-Snowden, I wouldn't have given it a second thought and thought it ridiculously paranoid. Now, I am very careful how I use the computer when it is connected to the wider network...and I think this is really sad and Orwellian.
Except where they have a warrant and reach their dirty little fingers into certificate authorities. Unless you're doing key exchange yourself I would assume nothing is truly private.
Heh, not trying to be pendantic because I actually thought that first sentence didn't make much sense.. there is a graphic T on the left, so it actually read "There was a simple aim"
Slightly off topic, but recently watched Citizenfour - great documentary about Snowden and why he chose to reveal all of this information. It has real footage of Snowden himself right before the leaks, communicating via PGP with journalists, etc.
Even though I already knew most of the stuff, rehashing it all over again makes it so much more impactful. Overall, highly recommended for anyone who cares about our world now and in the future.
P.S.
The government's idea that by somehow ingesting all of this data and effectively spying on everyone collectively will somehow protect us the helpless citizens sounds pretty bonkers (to use an UK phrase) to me. It's all just wasteful money spending as usual.
This is just the beginning - the problem we are facing are the digital personal assistants. They are like servants - but their loyalty is first to the corporation that runs the server not to the user. This is where the really rich data will come from. And the data will be useful in all kinds of criminal investigations - there will be more and more legitimate cases and there will be no will to limit it.
The solution is for everyone to mess with their signal-to-noise ratio. Make alts. Tell lies. Use VPNs. Encrypt trivial conversations. Use steganography for real secrets. If they like the job security, give them their damn job security by giving them nothing else.
Alternately, you can take the attitude that you will practice radical transparency in your online and offline preferences and habits, so there's nothing to potentially blackmail you with because you live your life unashamed.
I mean, personally my initial reaction when I first heard about the early Snowden leaks two years ago was "welp, hope the NSA enjoyed reading all that Tony Stark/Bruce Banner fanfic as much as I did."
"Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day.
"
I wonder if this "black hole" is backed by a huge HDFS cluster? When I was working in government consulting a few years back I used to alway see job posting at Fort Meade for Hadoop experts, and I know the government is (or was) a customer of Cloudera as of 2009. Incidentally, Amazon created a separate cloud service like EC2 for government data a few years back also I believe.
I assume the NSA must be utilizing Hadoop, HDFS, Impala and/or Facebook Presto - or have a system they built internally but never released that can processing and store data at the same order of magnitude.
If these documents are all true and we assume they are currently collecting more, not less data, then they were in 2012, then they are probably storing more data than Facebook/google on a daily basis
EDIT - i guess the might not be storing as much data as Facebook or google because this sounds like mostly text, no images or video. It still must be a shitload of data though! I also realize that GCHQ is not the same thing as the NSA, but I assume they are doing similar things with similar size data sets
This is also how you decloak users from VPN, first you profile their online behaviour without vpn, track cookies and graph site visits. Then when people use vpn you still see and track their identity.
Let's make a list of the UK[0] press and see who reports. Correct as of 6pm GMT Sept. 26th. The story is just breaking but only the Daily Mail and Daily Mirror have reported it so far. I'll probably be on a nice list now having made all those searches : ) Advice on how to search The Sun's website welcome.
- The Sun[1], can't find a search box
- Daily Mail[2], yes!
- Daily Mirror[3], yes!
- Evening Standard[4], no
- Daily Telegraph[5], no
- Daily Express[6], no
- Daily Star[7], no
- The Times[8], no
- i / The Independent[9], no
- Financial Times[10], no
- Daily Record[11], no
- The Guardian[12], no
Well sites like YouPorn, RedTube and PornTube etc, despite being ridiculously popular, haven't deployed any kind of TLS. They don't care about your privacy. It's low hanging fruit... far too tempting for the likes of GCHQ, with their capabilities, to just ignore.
If you don't want people spying on your porn habits then boycott sites like this. And if you're running a porn site, consider going HTTPS only, turning off access_logs (or purging them regularly), and providing a Tor hidden service.
[+] [-] junto|10 years ago|reply
Want to push a bill through the House of Commons to curb GCHQ's powers? Think again Mr. Politician. Someone might just leak your sexual deviances to the newspaper.
[+] [-] pdkl95|10 years ago|reply
Leaning on a politician is an obvious tactic, but it's somewhat heavy-handed. If the politician were to fight back, there could be expensive blowback. Worse, it's a single (or nearly single) point of failure. The bill could pass regardless of the actions of that one politician. A talented blackmailer should only want to directly lean on someone as a last resort.
There is much better tactic: find the people who may organize other people against your interests. If you take out the potential future leaders, journalists, and educators - aka, the people that will organize the writing of that bill - then you prevent the problem before it starts. When the FBI was busting up the hippies, this was known as COINTELPRO. It's laughable to think the program ended with the Church Committee - like "total information awareness", the program was simply split up into various existing programs.
A politician could be idealistic and fight back against blackmail. With social network information, a counter intelligence program can avoid this risk by leaning on the target's friends or family instead.
[+] [-] rm_-rf_slash|10 years ago|reply
1: You're banging them
2: You want to bang them
3: It's your kid and they're underage.
[+] [-] rorykoehler|10 years ago|reply
[+] [-] j-l-|10 years ago|reply
[+] [-] bootload|10 years ago|reply
Within the services, this is colloquially called the 'sluts & nuts' file.
[+] [-] blazespin|10 years ago|reply
[+] [-] logn|10 years ago|reply
I wonder what this query returns: _@_
or: _._._._
And the justification textbox has a default width that accommodates about 7 words.
At one point in the article it says the domain of a logged website is considered metadata but the path (full URL) is considered content. However, this screenshot shows a logged HTTP GET including its full path: https://firstlook.org/wp-uploads/sites/1/2015/09/cryptome.pn...
"When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has 'a light oversight regime.'" ... and UK is one of the US's Five Eyes partners, so the US has a light oversight regime, in effect.
At least the GCHQ shows some honest self-awareness in naming their surveillance apps. Karma Police. For a minute here, it seems like the intelligence agencies have lost themselves. http://genius.com/Radiohead-karma-police-lyrics ... I particularly like the last comment on the page analyzing the song, which begins, "This song is about the projection of guilt onto the Other", and concludes: "Prisoners, soldiers, soldiers' victims; these are all sacrifices, onto which we project our guilt, so that we can be saved."
[+] [-] ionised|10 years ago|reply
These last few years have really started to wear me down. The indiscriminate mass-surveillance, the savaging of our public services by an obviously corrupt government, the blatent hyprocrisy of our foreign policy, the repeated and unfettered fraud of the City of London financial sector that has yet to see anyone prosecuted or any institution meaningfully punished.
I really hate this place.
[+] [-] rm_-rf_slash|10 years ago|reply
[+] [-] dingaling|10 years ago|reply
[+] [-] Zigurd|10 years ago|reply
Move to Greece. They can't afford surveillance.
[+] [-] SixSigma|10 years ago|reply
The list could go on.
Your shame is proportional to your knowledge, the level of reprehensible action is a constant.
[+] [-] branchless|10 years ago|reply
The UK establishment are nuts.
[+] [-] rorykoehler|10 years ago|reply
[+] [-] buffoon|10 years ago|reply
At least we have the joys of privatized services now (I'm serious). They are an order of magnitude better than the public railway, gas and electricity infrastructure we had. Controversially perhaps, I've had much better service from the NHS since they moved to a service model.
I'm not ashamed of my identity at all.
[+] [-] notNow|10 years ago|reply
[+] [-] godgod|10 years ago|reply
[deleted]
[+] [-] cryoshon|10 years ago|reply
There's no legitimate reason why a government needs to know anything about citizens sexual preferences or habits, but such information is perfect for shaming or threatening. I will note that the collection and analysis of this sort of information far surpasses anything envisioned in dystopian fiction or actually practiced by the likes of Stasi/KGB during the worst of times.
EDIT: there were actually a bunch of documents published with this article. I'll check those out then re-comment.
[+] [-] branchless|10 years ago|reply
For me as a Brit the UK establishment is the biggest threat to people in the West. I really hope the UK has a big financial crash and the resulting chaos leads to a full regime change.
The UK really scares me a lot more than Isis.
[+] [-] mavdi|10 years ago|reply
[+] [-] Afforess|10 years ago|reply
I know you are upset about the spying on private citizens for deceptive purposes, but lets not throw out the good with the bad. Yes, the agencies are overzealous and have overstepped their mandate, but that does not mean every single person working for them is an evil person out to get you. Real people work there, and nearly all of them probably have nothing to do with this. Reform, not harassing innocent bystanders, should be the aim here.
[+] [-] rdtsc|10 years ago|reply
[+] [-] cryoshon|10 years ago|reply
Who has the courage to shame these people to their face for collaborating in our oppression? It's easy to wax poetic and spit fire on the internet, but it's much harder to actually shun someone standing in front of you.
[+] [-] fit2rule|10 years ago|reply
NO! THIS IS NOT HOW A FREE SOCIETY WORKS!
The corruption of government begins with its secrets. A truly free people keep no secrets.
If you continue to justify this corruption, you are encouraging the downfall of Western society. We did not attain the heights we have through secrecy and class warfare disguised as security theatre.
We must discourage involvement in these organizations to the same degree that we discourage teenagers from going on jihad. It is truly the same degree of bigotry and intolerance which allows such machinations to persist in our society - on the one hand, violent extremism. On the other hand: covert extremism.
My former GCHQ-supporting associate recently left, to start his own hardware company in an unrelated (non-surveillance-state) field. As much as I appreciate his design and skill at producing appealing devices (synthesizers), I strongly boycott his business. We must punish this "secret clearance class" of society with utter disdain, disrespect, shame and discouragement. We must not let future generations rise to assume that this totalitarian/authoritarian control system is the norm - it may be too late, but nevertheless, civil discouragement must be perpetuated in light of the total failure of our supposed democratic institutions to protect us from this covert violence.
[+] [-] zenocon|10 years ago|reply
Replace porn with '*' and now we're really cooking...
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] MichaelGG|10 years ago|reply
I've written a small-scale system for VoIP calls, to archive and index all network traffic - it's amazingly useful for debugging. Several years back, on a single quad-core machine with 1 disk, I was able to handle 5TB (several billion messages) of signalling data per day - indexing, archiving, searching. I'm nothing amazing. (I went to SF thinking I could somehow turn this indexing system into amazing profit. First guy I showed says "oh yeah I recognize this, go get <some intro db textbook>". Oops, so much for breakthrough ideas.)
A team of me-equivalents (with some that _have_ gone to school) and a nice budget could end up designing something like these spy systems. They aren't the Manhattan Project requiring new knowledge no one in the world has. I'm no 3-sigma intellect. There are dozens of millions of people more intelligent than me. Complaining about it and shaming engineers will not work against such critical projects.
[+] [-] zenocon|10 years ago|reply
[+] [-] rm_-rf_slash|10 years ago|reply
1: We should never assume any online activity isn't being tracked by someone.
2: The above doesn't give the government a pass on due process when citizens choose to avoid tracking by encryption or otherwise.
[+] [-] LouisSayers|10 years ago|reply
[+] [-] cynoclast|10 years ago|reply
Jesus fucking christ.
[+] [-] clort|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] raspasov|10 years ago|reply
Even though I already knew most of the stuff, rehashing it all over again makes it so much more impactful. Overall, highly recommended for anyone who cares about our world now and in the future.
P.S. The government's idea that by somehow ingesting all of this data and effectively spying on everyone collectively will somehow protect us the helpless citizens sounds pretty bonkers (to use an UK phrase) to me. It's all just wasteful money spending as usual.
Stop the scaremongering.
[+] [-] zby|10 years ago|reply
https://medium.com/the-wtf-economy/we-ve-got-this-whole-unic... - see how useful the assistants can be - people will use them
[+] [-] multinglets|10 years ago|reply
[+] [-] Asparagirl|10 years ago|reply
I mean, personally my initial reaction when I first heard about the early Snowden leaks two years ago was "welp, hope the NSA enjoyed reading all that Tony Stark/Bruce Banner fanfic as much as I did."
[+] [-] AdmiralAsshat|10 years ago|reply
[+] [-] madaxe_again|10 years ago|reply
[+] [-] misiti3780|10 years ago|reply
I wonder if this "black hole" is backed by a huge HDFS cluster? When I was working in government consulting a few years back I used to alway see job posting at Fort Meade for Hadoop experts, and I know the government is (or was) a customer of Cloudera as of 2009. Incidentally, Amazon created a separate cloud service like EC2 for government data a few years back also I believe.
I assume the NSA must be utilizing Hadoop, HDFS, Impala and/or Facebook Presto - or have a system they built internally but never released that can processing and store data at the same order of magnitude.
If these documents are all true and we assume they are currently collecting more, not less data, then they were in 2012, then they are probably storing more data than Facebook/google on a daily basis
EDIT - i guess the might not be storing as much data as Facebook or google because this sounds like mostly text, no images or video. It still must be a shitload of data though! I also realize that GCHQ is not the same thing as the NSA, but I assume they are doing similar things with similar size data sets
Thoughts?
[+] [-] nhf|10 years ago|reply
[+] [-] qiqing|10 years ago|reply
[+] [-] facetube|10 years ago|reply
[+] [-] venomsnake|10 years ago|reply
So do the brits have all my porn records or only the porn I watched in the last 60 days? The article didn't make it clear.
[+] [-] acd|10 years ago|reply
[+] [-] te_chris|10 years ago|reply
[+] [-] igravious|10 years ago|reply
[1] uh [2] http://www.dailymail.co.uk/home/search.html?sel=site&searchP... [3] http://www.mirror.co.uk/search/simple.do?destinationSectionI... [4] http://www.standard.co.uk/search/site/gchq [5] http://www.telegraph.co.uk/search/?queryText=gchq&sort=recen... [6] http://www.express.co.uk/search/gchq [7] http://www.dailystar.co.uk/search/gchq [8] http://www.thetimes.co.uk/tto/public/sitesearch.do?querystri... [9] http://www.independent.co.uk/search/site/gchq [10] http://search.ft.com/search?queryText=gchq [11] http://www.dailyrecord.co.uk/search/simple.do?destinationSec... [12] http://www.theguardian.com/uk/gchq
[+] [-] nly|10 years ago|reply
If you don't want people spying on your porn habits then boycott sites like this. And if you're running a porn site, consider going HTTPS only, turning off access_logs (or purging them regularly), and providing a Tor hidden service.
[+] [-] rl3|10 years ago|reply
I always figured virtual geo-fencing of online maps usage was probably a thing.