> The most dialogs which are being monitored are typical teenager conversations.
In the picture "你还用说我大", "那是衣服紧" (Translate: "You don't need to tell me that mines was big", "That's because the cloth is tight").
I don't know about the "typical" thing due to lack of context. But my sense tells me, that "teenager" is doing some sex talk.
Another one: "说:!收【【【46--48道士号】】】卖的微信XXXXXXXXXXX" ("Buying 46~48 level Taoist account, contact me using WeChat XXXXXXXXXXX"). I guess this person is trying to buy a in-game character. Taoist is a type of character similar to magician.
I think the message is captured by some type of Internet Cafe managing software, which can be installed on the machine so the admin could remotely control and "auditing" it. Typical feature includes shutdown, force logout, timer etc. I don't know it can also record chat messages, but the fact it can does not surprise me that much to be honest.
Just leaving aside for a second what a crime against humanity this surveillance is...
It never ceases to amaze me how many of these massive data leaks are simply "mongodb in default configuration".
I just don't understand how it was thought, at any point in time, to be a good idea that mongodb in its default configuration, would be open to the world with no authentication.
From the screencaps it looks like surveillance systems used to monitor internet cafes and public access points where people must use their real ID to login, so it's a bit easier to link accounts to actual identities. A number of these IM suits are actually encrypted in transit that it's very unlikely that this level of interception is possible without a root certificate installed on the client machine.
It's my understanding that if you want to play ball in China, you have to give govt the keys to the kingdom.
Here's one article of apple doing this. I'm not meaning to pick on Apple here, but imo they're the most security/privacy conscious of the really big players, and they've caved.
The opening statement of the author is really overblown and sensationalist. Only at the end of the thread did he admit that all data there apparently come from net cafes, but 1. there is no evidence that messages from private devices are being included in this database 2. one has to understand that China is vast, and each local authority differs a lot from the next one in deciding what it does. It totally wouldn't surprise me that the local authorities of several cities/provinces decided to sign a contract with this net cafe management software provider, who essentially installs a spyware on each net cafe computer and routes the traffic to the police. Doesn't suggest it's any sort of coordinated, deliberate action from the central government though. Comparing it to PRISM and NSA is highly misleading and irresponsible, and just putting a blanket word "China's" in the title is inaccurate. Sadly it's how most news stories are done these days.
It sounds like the leak is just the mongodb instances being open to incoming traffic from the internet without authentication. This a common problem with MongoDB, because its default configuration is insecure.
As a non-latin language user, I can say that we do use English headers most of the time because nobody wants to deal with potential locale/coding problems.
Is there any research that proves the causal relationship between surveillance and crime rate ? I've been constantly shut up with this statement "Don't you want your country to be safe" when I talk about privacy intrusion by Govt .
There are hidden assumptions in the question "Don't you want your country to be safe?"
What the question is really asking is this: "Don't you want your country to be safe no matter what?"
No, I do not. I want my country to be a place where I am proud of living. It doesn't have to be perfect, it just has to have traditions that are important to me that stay the same over time and try to get better over time.
I want my country to stay a place I am happy living in. I can live with some danger much easier than I can a surveillance state. Danger is a situation that is stable over time. Operating a panopticon is not.
The second premise is that it is possible to make some universal rules that will make everybody safe. Throughout history we have lots of examples of places where large groups of people were "completely" controlled. Modern prisons in the U.S. are a good contemporary example.
These places are not safe. In fact, the tighter we grip a population in order to make them safe, the more we create criminals who are part of the surveillance system itself. These criminals are in many cases impossible to discover. So now you have a lot of control and surveillance with criminals you can't identify or catch. The Chinese deal with this by every now and then sacrificing some of the party apparatchiks to the mob. The jury is still out on whether that actually works over several decades or not. I doubt it. But even if it did, it's still an unstable system.
Nations don't exist to extol one virtue over all others. "Safety" is a great thing, but it's not the end of the conversation when it comes to decision-making. It's a complex balance that should dynamically change over time as conditions force. When you systematize things like massive surveillance, you actually hurt the cause of public safety. It gets better for a short while -- then the rebound happens. And it's not pretty.
I guess you could look at major European cities like London where CCTV is pervasive and other cities with considerably less.
It seems to me that most of the justification for surveillance systems is focused on edge cases, terrorism and paedophilia which are statistically unlikely of affect the vast majority of people.
If you watch some of the reality TV you see in UK about CCTV surveillance you’d think the county is suffering from a crime epidemic when in fact a lot of the situations are minor and often escalated by overly aggressive police officers interacting with uneducated angry drunk people.
Better social policy regarding education and alcohol would be the better solution.
There's no convincing research that establishes causality on such complex sociological matters, since you can't create clean experiments, and observations are not useful since there are too many confounding factors.
However, you don't really need research on this, it's obvious that surveillance offers meaningful safety benefits. I think the problem some people have with surveillance is that its costs may outweigh its benefits.
For example surveillance can be used to shift political system in the authoritarian direction, by suppressing political opposition. It can be used to sustain inequality since it provides those with money or power a powerful leverage to entrench their positions. It can be used by corrupt officials and hackers to commit serious crimes (partly offsetting its crime reduction benefits). Finally, even if surveillance isn't abused, it can be uncomfortable to some people who just don't like being watched.
An argument can be made that any prevented crimes are not published, with the intent of lulling would-be criminals or terrorists into a safe sense of security - that is, that communicating via a certain platform is safe enough, not knowing the NSA is listening in.
And on the other hand, what makes you feel safer: no news at all, or "1000 potential terrorist threats thwarted through surveillance". The former is dull, but dull is good right? The latter is stressful on both sides, on the one hand that apparently there are at least 1000 terrorists active - and what about the ones they didn't catch - and on the other that the government is listening.
So that's my theory; if government surveillance is effective, it's kept under wraps so it remains effective.
I do believe higher levels of surveillance will have higher levels of inhibition for petty crime.
But it will not inhibit white collar crime (such as corruption or fraud etc). It won't inhibit crimes of passion. And it won't inhibit premeditated crimes that require lots of planning and hardcore execution (like drug/human trafficking etc).
I don't condone surveillance. It is a reality of life. However, I would expect that it is done responsibly and securely. I don't consider surveillance a big violation BUT doing a poor job at protecting the collected data is an egregious violation of privacy.
The only reason to collect data is to use it and those collecting and storing the data are fully responsible for how it is used. The reasons for collecting and retaining it should be explicitly stated and it should only be used for those purposes. It doesn't matter who is doing it - Facebook, Google, a random web site or a government.
I wonder if India's neighbor also engages in "our ability to arrest you proves our network is secure" tactic. Aadhar, the BS cattle-tagging project is premised on this principle, while they ship Indian citizens' information to Inqtel backed corporations ... because "it's nationalist" to do so.
[+] [-] Scoundreller|7 years ago|reply
Lol, again.
I recall in a previous list of open MongoDBs, the Chinese equivalent of the US Food and Drug Administration had an open MongoDB.
[+] [-] rqs|7 years ago|reply
In the picture "你还用说我大", "那是衣服紧" (Translate: "You don't need to tell me that mines was big", "That's because the cloth is tight").
I don't know about the "typical" thing due to lack of context. But my sense tells me, that "teenager" is doing some sex talk.
Another one: "说:!收【【【46--48道士号】】】卖的微信XXXXXXXXXXX" ("Buying 46~48 level Taoist account, contact me using WeChat XXXXXXXXXXX"). I guess this person is trying to buy a in-game character. Taoist is a type of character similar to magician.
I think the message is captured by some type of Internet Cafe managing software, which can be installed on the machine so the admin could remotely control and "auditing" it. Typical feature includes shutdown, force logout, timer etc. I don't know it can also record chat messages, but the fact it can does not surprise me that much to be honest.
[+] [-] ep103|7 years ago|reply
[+] [-] uses|7 years ago|reply
It never ceases to amaze me how many of these massive data leaks are simply "mongodb in default configuration".
I just don't understand how it was thought, at any point in time, to be a good idea that mongodb in its default configuration, would be open to the world with no authentication.
[+] [-] andrenth|7 years ago|reply
[+] [-] Laforet|7 years ago|reply
[+] [-] Consultant32452|7 years ago|reply
Here's one article of apple doing this. I'm not meaning to pick on Apple here, but imo they're the most security/privacy conscious of the really big players, and they've caved.
https://www.theverge.com/2018/2/26/17052802/apple-icloud-enc...
[+] [-] ubercow13|7 years ago|reply
[+] [-] iflp|7 years ago|reply
[+] [-] SZJX|7 years ago|reply
[+] [-] arthurcolle|7 years ago|reply
[+] [-] deckar01|7 years ago|reply
[+] [-] ressetera|7 years ago|reply
[+] [-] arthurcolle|7 years ago|reply
[+] [-] chj|7 years ago|reply
[+] [-] Scoundreller|7 years ago|reply
Could this “solution” be off the shelf, or developed by non-Chinese?
The front-end users wouldn’t see the backend structure.
Along with some native English speaker names like “CertificateNo” for certificate number.
[+] [-] qlk1123|7 years ago|reply
[+] [-] est|7 years ago|reply
very typical. because unicode table names or key names are rare.
[+] [-] amrrs|7 years ago|reply
[+] [-] DanielBMarkham|7 years ago|reply
What the question is really asking is this: "Don't you want your country to be safe no matter what?"
No, I do not. I want my country to be a place where I am proud of living. It doesn't have to be perfect, it just has to have traditions that are important to me that stay the same over time and try to get better over time.
I want my country to stay a place I am happy living in. I can live with some danger much easier than I can a surveillance state. Danger is a situation that is stable over time. Operating a panopticon is not.
The second premise is that it is possible to make some universal rules that will make everybody safe. Throughout history we have lots of examples of places where large groups of people were "completely" controlled. Modern prisons in the U.S. are a good contemporary example.
These places are not safe. In fact, the tighter we grip a population in order to make them safe, the more we create criminals who are part of the surveillance system itself. These criminals are in many cases impossible to discover. So now you have a lot of control and surveillance with criminals you can't identify or catch. The Chinese deal with this by every now and then sacrificing some of the party apparatchiks to the mob. The jury is still out on whether that actually works over several decades or not. I doubt it. But even if it did, it's still an unstable system.
Nations don't exist to extol one virtue over all others. "Safety" is a great thing, but it's not the end of the conversation when it comes to decision-making. It's a complex balance that should dynamically change over time as conditions force. When you systematize things like massive surveillance, you actually hurt the cause of public safety. It gets better for a short while -- then the rebound happens. And it's not pretty.
[+] [-] knolan|7 years ago|reply
It seems to me that most of the justification for surveillance systems is focused on edge cases, terrorism and paedophilia which are statistically unlikely of affect the vast majority of people.
If you watch some of the reality TV you see in UK about CCTV surveillance you’d think the county is suffering from a crime epidemic when in fact a lot of the situations are minor and often escalated by overly aggressive police officers interacting with uneducated angry drunk people.
Better social policy regarding education and alcohol would be the better solution.
[+] [-] _cs2017_|7 years ago|reply
However, you don't really need research on this, it's obvious that surveillance offers meaningful safety benefits. I think the problem some people have with surveillance is that its costs may outweigh its benefits.
For example surveillance can be used to shift political system in the authoritarian direction, by suppressing political opposition. It can be used to sustain inequality since it provides those with money or power a powerful leverage to entrench their positions. It can be used by corrupt officials and hackers to commit serious crimes (partly offsetting its crime reduction benefits). Finally, even if surveillance isn't abused, it can be uncomfortable to some people who just don't like being watched.
[+] [-] raxxorrax|7 years ago|reply
[+] [-] Cthulhu_|7 years ago|reply
And on the other hand, what makes you feel safer: no news at all, or "1000 potential terrorist threats thwarted through surveillance". The former is dull, but dull is good right? The latter is stressful on both sides, on the one hand that apparently there are at least 1000 terrorists active - and what about the ones they didn't catch - and on the other that the government is listening.
So that's my theory; if government surveillance is effective, it's kept under wraps so it remains effective.
[+] [-] chii|7 years ago|reply
But it will not inhibit white collar crime (such as corruption or fraud etc). It won't inhibit crimes of passion. And it won't inhibit premeditated crimes that require lots of planning and hardcore execution (like drug/human trafficking etc).
[+] [-] notanum|7 years ago|reply
[+] [-] Maxxmax|7 years ago|reply
[deleted]
[+] [-] entity345|7 years ago|reply
Based on that surveillance does work.
The question is rather at what level surveillance does not meaningfully reduce crime anymore but becomes a (political) control tool.
[+] [-] Sniffnoy|7 years ago|reply
[+] [-] dang|7 years ago|reply
[+] [-] rawmodz|7 years ago|reply
[deleted]
[+] [-] ubercow13|7 years ago|reply
[+] [-] virgakwolfw|7 years ago|reply
[+] [-] dang|7 years ago|reply
[+] [-] mnemotechny|7 years ago|reply
[+] [-] techie128|7 years ago|reply
I don't condone surveillance. It is a reality of life. However, I would expect that it is done responsibly and securely. I don't consider surveillance a big violation BUT doing a poor job at protecting the collected data is an egregious violation of privacy.
[+] [-] simonh|7 years ago|reply
[+] [-] stunt|7 years ago|reply
[+] [-] mirimir|7 years ago|reply
Who will hurt you more than authorities can?
[+] [-] throwawau3243|7 years ago|reply
[+] [-] xv11921|7 years ago|reply
[deleted]