All of that money spent, and yet it's mostly defeated by people that use platforms based on e2e encryption, right? Or hmm, I guess you could still get a bit of metadata in some cases?
All of that money spent, and yet it's mostly defeated by people that use platforms based on e2e encryption, right? Or hmm, I guess you could still get a bit of metadata in some cases?
You'd be able to know the source IP, and destination IP. If you have most of the traffic on the AT&T network, the communications graph you can build would allow you to derive quite a lot of...
You'd be able to know the source IP, and destination IP. If you have most of the traffic on the AT&T network, the communications graph you can build would allow you to derive quite a lot of information.
I'm not sure what could you achieve with the communication IPs alone. Not many people use P2P apart from torrents. And those who do usually use VPN. What's practical usage of the information they...
I'm not sure what could you achieve with the communication IPs alone. Not many people use P2P apart from torrents. And those who do usually use VPN.
What's practical usage of the information they are able to gather?
Metadata can easily derive context for example: Person A receives 20 minute call from STD clinic. Person A calls Person B for 75 minutes. Person B calls hospital for 10 minutes. Person B calls...
Metadata can easily derive context for example:
Person A receives 20 minute call from STD clinic.
Person A calls Person B for 75 minutes.
Person B calls hospital for 10 minutes.
Person B calls lawyer for 30 minutes.
Person B calls bank for 20 minutes.
Person A calls hospital for 10 minutes.
Person A calls Person B from store location for 50 minutes.
What can you derive from this information without knowing what the conversations were?
What kind information do they actually posses? Even phone calls from number to number? I thought they only have IP addresses. And btw, isn't it illegal to gather and keep this kind of private...
What kind information do they actually posses? Even phone calls from number to number? I thought they only have IP addresses.
And btw, isn't it illegal to gather and keep this kind of private information without court order?
https://www.google.com/amp/amp.timeinc.net/fortune/2015/12/01/nsa-phone-bulk-collection-end Yep! They have phone number to phone number, and presumably at least IP to IP... Kind of scary what they...
They don't consider metadata to be protected for some reason. Even though it absolutely should be, which is the point the comment you're replying to is making.
They don't consider metadata to be protected for some reason. Even though it absolutely should be, which is the point the comment you're replying to is making.
Practically? Any form of communications they can get a hold of. Passive scanning is not illegal in the US, if I sit in a starbucks and open up wireshark to just grab the information that's being...
What kind information do they actually posses? Even phone calls from number to number? I thought they only have IP addresses.
Practically? Any form of communications they can get a hold of.
And btw, isn't it illegal to gather and keep this kind of private information without court order?
Passive scanning is not illegal in the US, if I sit in a starbucks and open up wireshark to just grab the information that's being passed through the airwaves then it's legal, but if I actively target and scan a device, then it is illegal.
Not to mention federal agencies can just go to the secret FISA court to get whatever warrants they need or just use the Patriot Act (and all related amendment acts such as Freedom and CLOUD acts) to justify their reasons.
Social network analysis is a potent tool, and can be used to identify an individual based on their connections with other IP addresses. Below is a benign example, but one can imagine nefarious...
Social network analysis is a potent tool, and can be used to identify an individual based on their connections with other IP addresses. Below is a benign example, but one can imagine nefarious applications.
I wouldn't feel so secure. Well, controlling such a large portion of the network, it is possible for them to do traffic correlation attacks which can even defeat anonymity networks like tor -- it...
I wouldn't feel so secure. Well, controlling such a large portion of the network, it is possible for them to do traffic correlation attacks which can even defeat anonymity networks like tor -- it is actually one of the few attack that tor's architecture can't protect against.
And 2FA only protects you from hackers and alike. Your government can easily put a gag order (NSL for examle) and request the data. Or they could be filtering the data from within the company's servers, thus bypassing any encryption or 2FA.
So NO, it is not the 2FA that will save you from mass surveillance, although things like that can help you be safe from weaker adversaries.
All of that money spent, and yet it's mostly defeated by people that use platforms based on e2e encryption, right? Or hmm, I guess you could still get a bit of metadata in some cases?
You'd be able to know the source IP, and destination IP. If you have most of the traffic on the AT&T network, the communications graph you can build would allow you to derive quite a lot of information.
I'm not sure what could you achieve with the communication IPs alone. Not many people use P2P apart from torrents. And those who do usually use VPN.
What's practical usage of the information they are able to gather?
Metadata can easily derive context for example:
What can you derive from this information without knowing what the conversations were?
What kind information do they actually posses? Even phone calls from number to number? I thought they only have IP addresses.
And btw, isn't it illegal to gather and keep this kind of private information without court order?
https://www.google.com/amp/amp.timeinc.net/fortune/2015/12/01/nsa-phone-bulk-collection-end
Yep! They have phone number to phone number, and presumably at least IP to IP... Kind of scary what they can do with that info when it's at scale
They don't consider metadata to be protected for some reason. Even though it absolutely should be, which is the point the comment you're replying to is making.
Practically? Any form of communications they can get a hold of.
Passive scanning is not illegal in the US, if I sit in a starbucks and open up wireshark to just grab the information that's being passed through the airwaves then it's legal, but if I actively target and scan a device, then it is illegal.
Not to mention federal agencies can just go to the secret FISA court to get whatever warrants they need or just use the Patriot Act (and all related amendment acts such as Freedom and CLOUD acts) to justify their reasons.
Social network analysis is a potent tool, and can be used to identify an individual based on their connections with other IP addresses. Below is a benign example, but one can imagine nefarious applications.
http://datadrivenjournalism.net/news_and_analysis/how_network_analysis_helps_journalists_identify_social_media_influencers
I wouldn't feel so secure. Well, controlling such a large portion of the network, it is possible for them to do traffic correlation attacks which can even defeat anonymity networks like tor -- it is actually one of the few attack that tor's architecture can't protect against.
And 2FA only protects you from hackers and alike. Your government can easily put a gag order (NSL for examle) and request the data. Or they could be filtering the data from within the company's servers, thus bypassing any encryption or 2FA.
So NO, it is not the 2FA that will save you from mass surveillance, although things like that can help you be safe from weaker adversaries.
@Adams mentioned end-to-end encryption, Tor is not true e2e and 2FA is a separate thing completely.