Slashdot Mirror

Such a shame that not even metadata was collected back then. The filthy traitors could have been rounded up.

Obviously terrorists are going to use other accounts. What they're after obviously has nothing to do with the foreign national entering the country, it's about using their social media accounts to spy on people already in the US, potentially US citizens in ways that the courts and the social media themselves have blocked so far. It's draconian, but good news in a way: it demonstrates that the changes in the way that social media companies do business in a post-Snowden world are in fact keeping the US government out of their/our data.

The short article Using Metadata to Find Paul Revere, which was popular a year or so ago but seems to have been forgotten, should be required reading on the subject.

Yep, that was what I was hinting at -- of course one can not securely interoperate with other services using plain old STMP, but I hoped they would add secure link between any two of their internal customers, with plausible deniability that they ever communicated.

As to "innocence" of metadata, a required (and educational!) read that I am sure you have seen, but others might have not: https://kieranhealy.org/blog/a...

Paul B.

the details of your phone calls and text messages -- including when they took place and whom they involved -- are no less revealing than the actual contents of those communications

is plainly not true.

I tended to agree until I pondered this more and read about Paul Revere and meta-data. Consider many/most conversations if recorded may be "harmless" (uninteresting or not containing anything relevant to an "investigation") but the connections made themselves could reveal quite a bit of interesting things. It is possible even more in fact than what was captured and realized in a recording/transcript if codes were used (as they were even in American revolutionary days), for one quick example. But it is quite clear to me that the potential for abuse is far bigger than *I*, much less then general public could have thought. And one thing I've learned about potential, active people (read: in power) hate to let it go to waste... and it's to easy to take something that is easily over the majority of people's heads (even if it's merely because they're unfamiliar) and rush to capitalize on it's "merits" without considering the consequences.

The King of England would have traced phone call networks. And so the founding fathers would have banned it sans warrant.

Using Metadata to find Paul Revere

This illustrates why the Free Software movement is so incredibly important. But it isn't just Free "Software" that we need; it's Free Protocols, standards and systems. It is intolerable to allow the Internet to be carved into centralized, single-company-controlled silos like Facebook, Twitter, and Google's various services because they abuse that control for their own ends, and will only expand the degree of that abuse in the future. It is inevitable that they will eventually use their privileged position to unduly control world events, if they aren't doing so already.

It is not enough to simply avoid using those things; they are already actively working to rape us of our privacy (through third parties) whether we participate or not. We have a moral imperative to both actively resist having anyone use them and to build decentralized, privacy-respecting replacements.

Of course, that's easy to say. With all the money and power vested in asserting totalitarian control over the world's information against us, how do we win?

The Founders appear to have addressed this issue explicitly.

http://www.thefederalistpapers...

http://kieranhealy.org/blog/ar...

"Using Metadata to find Paul Revere"
http://kieranhealy.org/blog/ar...

Paul B.

The BBC news is reporting that apparently it's not as bad as it could be because it's not storing the content of phone-calls made, just who was called and when.

Anyone who wants to know just how powerful mere "metadata" actually is should go read http://kieranhealy.org/blog/ar... .

Here's a simple walkthrough of how easy social graph analysis is which demonstrates how invasive metadata is.

http://kieranhealy.org/blog/ar...

Here's what might have been in an intelligence briefing for King George:

http://kieranhealy.org/blog/ar...

Snowden has mainly revealed metadata -- what info collection programs exist, rather than actual data -- what was collected.

The NSA has emphasised what it does is benign as in mainly collects metadata.

Metadata -- no harm. no foul on either side.

Why do you purposefully remain ignorant? Metadata collection is far more powerful than is warranted.

We don't need wiretap spying. No serious threat can make a move against us without us knowing instantly. Seriously. Cars and Cheesburgers kill 400 times more than a 9/11 attack every year. We need no expensive War on Terror, DHS, or massive spying apparatus: The Flu kills 6 times more every year than a 9/11 scale attack -- Yet we still accept the risk in driving kids to get a happy-meal and let them play with other kids. If they want to spy they can get out of the damn basement and stand next to me or point a laser microphone at my windows. An encrypted chat/voip program on a burner phone illustrates why the massive spying is incapable of preventing any danger. Further, as a Scientist, I need evidence to believe a claim. Aggregate data of this size is harmless? Prove it.

A government without secrets is immune to spies. Snowden showed the NSA to be leaking worse than a sieve -- All of our taxes spent on data collection the enemy can easily leverage against us too. Tracking everywhere I go and what ideals I hold by what places and sites I visit is a perfect tool for terrorists and enemies to silence those who advocate greater freedom.

"No harm. no foul on either side" -- Grow up kid, you have some history to study.

Say, someone has a phone number and it regularly calls another phone number or set of numbers. You have metadata that validates this connectivity their social media connections, and email addresses where their real names are used. The meta data is not considered in isolation. The MPAA/RIAA hasn't been collecting meta data since the 70's like the NSA has. They don't have the huge data-centers the NSA does. And, you don't have to prove 100% absolutely that the phone number belongs to someone without a shadow of a doubt. It's known that phones will sometimes be lent to other folks to make phone calls. Outliers are easy to trim from graphs, eh? The *AA folks have an instances of an IP address doing something, it's not in the same league as what the NSA is doing.

You see, when we sample the data in aggregate we find it overwhelming more frequent the guesses are correct. The names match the numbers we guessed most of the time, and that's good enough to delve deeper. Triangulate your location -- Oh, look there's that one time you were alone and used the phone, and together with all that other data, yeah we got you red-handed with more nines than the Higgs' Boson. Suspicion of the NSA can lead to deployment of exploits on your hardware -- Access your email and bank or social media from the phone regularly? Ah, yep looks like it's him. You're not really going to say that's not a sample of your voice we got there are you? Oh, you've heard of parallel construction, right?

Meta data alone is very powerful. Would you like to know more?

Yes, but even the meta-data is far too invasive; This is provable by simple application of matrix multiplication and a couple of graphs.

Depends on how you define metadata. Nowadays the line between privacy, metadata and your last name, habits, shopping, etc seems to be a single "SELECT" line involving one or two tables.

The information is obviously a valuable law enforcement tool. Just like phone records, like wiretapping (under a judge auth.).
At least my perception, way before snowden and all the latest leaks, was that this was actually happening. This is just a confirmation.

Would be great if, as in wiretapping, this would be supervised by justice, and used only in criminal investigations. Sound naive ...i know

Even in your WEAKEST definition of metadata, it's still FAR to invasive. The preceding link walks thorough an easy to follow demonstration how a few simple rows in "one or two tables" and some matrix multiplication can be used. In short: You are ignorant, please educate yourself. The "law enforcement tools" are only ever used against people, never for them; Innocent or not, it's the job of prosecutors to prosecute. Parallel construction is a technique in active wide-spread use by Law Enforcement Agenices that utilizes such "harmelss" metadata to build a separate case against you if they "like you" for a different crime but don't have the evidence.

In short, either you agree warantless wiretapping must end, otherwise I dub thee Stasi.

or in gaol or hanging separately:

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

4) No. I've done nothing wrong, but fear that my political stance and cryptographic, OS development, and online research for fictional writing and game development will wrongfully place me in the cross-hairs of the surveillance state. Though metadata collection is too invasive, I continue to exercise my freedom of speech against my better judgment although I'm aware of the very real threat to myself and my loved ones. I remember the brave men who died for my freedom and the friends, family and neighbors who served for our country under the goal of upholding our constitution in the fight against enemies both foreign and domestic who would create dystopia through leveraging such Stasi-esque spying practices. If I do not uphold my end of the bargain and exercise my freedoms, then those brave soldiers sacrificed for nothing.

We need proportional protection from proportional risk. Heart disease and accidents kill 400 times more people every year than a 9/11 scale terrorist attack. Freedom means being free to take such risks as eating cheeseburgers, driving cars, showering while standing up, and traveling our great country unmolested by useless and expensive government agents.

I agree. However, I could agree to dismantling of POTS if they FIRST also lessen regulations on a swath of HAM for use by the public, and also legalize packet radio over CB, Family band, and other public use frequencies. We have the technology to radio for help in times of emergency -- Indeed HAM operators are sometimes on the scene in disasters before paramedics arrive. They already play a role in Earthquakes and other times when infrastructure is threatened. Lower the barrier for the common man to have greater ability to communicate first then I'll reconsider my stance on our keeping wired POTS going.

We have the technology for radios to negotiate to noise free channels automatically -- hell, my cheap wifi router does this. The cellular system exists, but we need a similar mesh network for the common people. The EM spectrum belongs to We the People, give us back some damn air waves instead of charging us for all of them. It's the information age, yet outdated packet radio laws remain repressive to progress. Problem is that the government can't just throw a kill switch on public powered wireless devices -- Like they can on the Internet (and probably telephone too).

It would be foolish to ignore that the government has an Internet Kill Switch, vast spying infrastructures, and a pro-censorship anti-discourse agenda whereby government agents actually plan to expose porn habits to silence dissent, while considering migrating any communication medium to IP based services. Furthermore -- The price of bits does not reflect the cost to distribute them. Cellular plans make a mockery of POTS long distance fees, and though it's never been cheeper to move bits the prices aren't going down nearly as fast as in foreign markets with actual competition. We need less regulation of the public sector and more regulation of the private sector's price fixed oligopoly before I'd ever advocate for tossing POTS out. Additionally: Unwarranted metadata collection is too powerful a tool already -- If Snoden can infiltrate PRISM, so can spies from enemy states.

Beware: When those in power advocate change, the changes suggested never give those they have power over more freedom.

You are strongly over estimating how well finding noise free channels when it comes to 802.11 works. If you look in any large dense city you will notice it very much sucks and so does the available bandwidth.

Your idea with HAM falls into the same problem as it relies on so little number of channels. What is really needed to make it work is a new and notably wider chunk of spectrum dedicated to a digital protocol that

BTW you don't wan't packet radio specifically as well. You want some sort of digital mode as that allows both voice and data.

I agree. However, I could agree to dismantling of POTS if they FIRST also lessen regulations on a swath of HAM for use by the public, and also legalize packet radio over CB, Family band, and other public use frequencies. We have the technology to radio for help in times of emergency -- Indeed HAM operators are sometimes on the scene in disasters before paramedics arrive. They already play a role in Earthquakes and other times when infrastructure is threatened. Lower the barrier for the common man to have greater ability to communicate first then I'll reconsider my stance on our keeping wired POTS going.

We have the technology for radios to negotiate to noise free channels automatically -- hell, my cheap wifi router does this. The cellular system exists, but we need a similar mesh network for the common people. The EM spectrum belongs to We the People, give us back some damn air waves instead of charging us for all of them. It's the information age, yet outdated packet radio laws remain repressive to progress. Problem is that the government can't just throw a kill switch on public powered wireless devices -- Like they can on the Internet (and probably telephone too).

It would be foolish to ignore that the government has an Internet Kill Switch, vast spying infrastructures, and a pro-censorship anti-discourse agenda whereby government agents actually plan to expose porn habits to silence dissent, while considering migrating any communication medium to IP based services. Furthermore -- The price of bits does not reflect the cost to distribute them. Cellular plans make a mockery of POTS long distance fees, and though it's never been cheeper to move bits the prices aren't going down nearly as fast as in foreign markets with actual competition. We need less regulation of the public sector and more regulation of the private sector's price fixed oligopoly before I'd ever advocate for tossing POTS out. Additionally: Unwarranted metadata collection is too powerful a tool already -- If Snoden can infiltrate PRISM, so can spies from enemy states.

Beware: When those in power advocate change, the changes suggested never give those they have power over more freedom.

i wonder how we manage to have a revolution back in the 1700's since we didn't have telephones or the internet.

There was also no system where horses and wagons had to display numbers, and those numbers could be read by automatic systems on every major trail and on most Sheriff's horses, and which were stored forever by the British administrators for later data-mining. There was no system where long-distance commercial carriages required travellers to show photo-ID, and which were stored in a database, which could also be reported to the British administrators based on a secret warrant. There was also no system which images and stored the address details of every single piece of territorial mail.

The lack of technology in the 1700's cut both ways.

There was, however, the unlimited legal power of British Regulars to stop and search anyone, for any reason. Which was why the US founders included a clearly worded right of privacy/security as part of the US Constitution to prevent that situation from ever recurring. So at least you have that advantage. Right? Right?

This post titled Using Metadata to Find Paul Revere is very insightful (and very basic in terms of collected data compared to phone metadata):

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

There's a previous and more mathematically detailed analysis of the same data here (the author above didn't know about this analysis until after publishing, but the link above is a much easier read):
http://www.sscnet.ucla.edu/polisci/faculty/chwe/ps269/han.pdf

E-mail has never been secure or private? Which court decided that? Oh wait, it was never decided.

...rambling about privacy of communication...

This is why many technologists have libertarian leanings. The law doesn't matter. It's the technology.

Email has never been secure or private because it was never designed to be secure or private. It's just not a part of the technology. Everybody who has worked with email servers knows this. A little bit of privacy was bolted on using SSL, but that is far from bulletproof. The fundamental problem is that the server that you use to receive the email has to have access to important parts of the message, and it usually reads all of the message. Possession is nine tenths of the law, so it's a small step from receiving the email to handing the email to the NSA.

Email is easier to copy than other communications. Pre-digital phone lines, you had to find the specific line and add a physical device to tap it. Snail mail, you need lots of labor to steam open letters and close them again without damage. Paper hospital records needed already overworked people to bring them to a copy machine.

Only postcards came close, because passersby can read postcards accidentally just by being near them. These days, the post office digitally scans the post card as part of the sorting process. That's why the PGP community has used post cards to describe conventional email, and enveloped letters to describe email with PGP. The first problem is that PGP and S/MIME are not mandatory parts of email, so they are very little used, and they are extremely inconvenient in mobile devices. The other problem is that PGP and S/MIME cannot encrypt the headers, so they cannot prevent important information from being read.

The only solution is to abandon the SMTP model of email. Phil Zimmermann of PGP recommends his Silent Circle secure texting and video/phone service, but it costs $120/year with a 1-year subscription. It will be challenging for a secure message service to gain the critical mass to be widely adopted. Email was successful because it was widely used (and free of charge) before the Internet was even invented. Skype used to be secure-ish, but Microsoft bought it and wiped out that part of it. If you want secure communications now, you have to work at it and put up with fragmented communities. It's not fun.

The hard part of finding people to prosecute is *finding* candidates. Once you know who one person is, you can do traffic analysis and find all their friends. See, for example http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

If someone is reading all our (insecure) emails to and from a known "person of interest", such as, for example, a well-known web site, then they can build the kind of interconnection matrix that will lead them to the supporters and fellow-travellers of that website.

Were I a copyright maximalist, I would regard groklaw as a criminal conspiracy, and the centre of a matrix of criminals and fellow-travellers. Based on that, I'd then petition the communications security establishment for a (secret) order allowing me to identify the conspirators and their fellow-travellers for (equally secret) investigation, leading to either prosecution or private revenge...

--dave

More interesting that your content, is who you share it with.
They map out who sends what to whom, to find interest networks and classify people:

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

... you are, when, who your friends are, where they are, who their friends are and so on. In fact, it's everything about you except what you said to Aunt Martha in the letter.

To be fair, it is wonderful for tracking spies. If you start with one known spy, it helps find others. See Using Metadata to Find Paul Revere", written from the point of view of the British.

It's less useful for identifying spies (or bombers) from a cloud of data, because if you start with Aaron Swartz, you do get a list of supposedly suspicious people to investigate. Unfortunately, for the spy-trackers, they're actually innocent bystanders.

--dave
[You can always charge them and see if they suicide. Just like the old trick of throwing a witch in a pond and seeing if they float. If they do, they're evil and you kill them. If they don't, they drown. Either way, you get rid of them.]

The NSA has a massive amount of processing power at their fingertips and storage is cheap enough to make holding billion or more dossiers inconsequential.

You are right that the NSA isn't dumb so I would bet the data collected will be used in every way at their disposal.

http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

Use The Onion Router Project (TOR), and persuade everyone you know to do so as well. TOR works better the more people use it.

On your phone, use the Guardian Project.

Note: there is no suggestion that the US government has some super-decryption powers. Https is fine, things encrypted with modern techniques and large-enough keys are fine.

The reason the NSA needs supercomputers, rather than a big Hadoop installation, is that it is doing traffic analysis - a massive linear algebra problem. See this for a simplified analogy of what it's doing.

TL;DR: Use TOR Project and the Guardian Project. Don't forget to donate!

What the NSA needs those supercomputers for is traffic analysis. See this for a simplified analogy which hints at some of the techniques used, and, I think, explains why the NSA needs supercomputers rather than Hadoop. The Government may well be telling the truth when they say they don't read your mail. But with enough traffic data, that doesn't really matter.

As I posted above, the problems with this are three. False positives; the potential for abuse; and the inability of government agencies (or any other large organization) to prevent penetration and consequent third-party abuse.

Quite. Aside from the confounding factors of even 'honest' polling, so-called 'push' polls are also carried out, that are designed to (ahem) encourage a particular viewpoint. My favourite fictional example is from the British television series, Yes, Prime Minister. (National Service is a fictional program requiring a couple of years of military service from all young people.)

Sir Humphrey: You know what happens: a nice young lady comes up to you. Obviously you want to create a good impression, you don't want to look a fool, do you? So she starts asking you some questions: Mr. Woolley, are you worried about the number of young people without jobs?
Bernard Woolley: Yes.
Sir Humphrey: Are you worried about the rise in crime among teenagers?
Bernard Woolley: Yes.
Sir Humphrey: Do you think there is a lack of discipline in our Comprehensive schools?
Bernard Woolley: Yes.
Sir Humphrey: Do you think young people welcome some authority and leadership in their lives?
Bernard Woolley: Yes.
Sir Humphrey: Do you think they respond to a challenge?
Bernard Woolley: Yes.
Sir Humphrey: Would you be in favour of reintroducing National Service?
Bernard Woolley: Oh, well, I suppose I might be.
Sir Humphrey: Yes or no?
Bernard Woolley: Yes.
Sir Humphrey: Of course you would, Bernard. After all you said you can't say no to that. So they don't mention the first five questions and they publish the last one.
Bernard Woolley: Is that really what they do?
Sir Humphrey: Well, not the reputable ones no, but there aren't many of those. So alternatively the young lady can get the opposite result.
Bernard Woolley: How?
Sir Humphrey: Mr. Woolley, are you worried about the danger of war?
Bernard Woolley: Yes.
Sir Humphrey: Are you worried about the growth of armaments?
Bernard Woolley: Yes.
Sir Humphrey: Do you think there is a danger in giving young people guns and teaching them how to kill?
Bernard Woolley: Yes.
Sir Humphrey: Do you think it is wrong to force people to take up arms against their will?
Bernard Woolley: Yes.
Sir Humphrey: Would you oppose the reintroduction of National Service?
Bernard Woolley: Yes!
Sir Humphrey: There you are, you see Bernard. The perfect balanced sample.

Special thanks to Kieran Healy for the Yes, Prime Minister quote.

I would have no desire to run a bot if Blizzard wasn't letting the dupers/hackers ruin 100% legitimate play.

1. You presume that preventing dupers would be a trivial matter. Being a fellow who's worked on a few moderately sized programming projects, I can see how it might be impossible to stop such behavior, depending on the game's organization, behavior of multiple servers, versioning, and CPU limitations.
2. You speak of competing. But competing with whom? I am under the impression that online play for Diablo 2 is entirely voluntary. Unless you are actively invovled in pkill, you are basically in a cooperative adventure. All competition at that point is of a "How much can you bench?" sort. Seems that you have decided to treat a part of the social atmosphere of the game as if it were a necessary facet of the game itself.

Moving on...

Your attitude is a lot like the attitude of people who say "a lie is a lie,"

Quoting Inside Blizzard: General FAQ (http://www.blizzard.com/inblizz/genfaq.shtml)

How does Blizzard feel about Hacking and Cheating?
...Our top priority is to continue to evolve Battle.net and our products to minimize the use of cheats...We encourage players not to use cheats and hacks on Battle.net...We believe that through our ongoing efforts to eliminate cheating combined with the Battle.net community taking a zero-tolerance stance, we can minimize the effects of cheating on Battle.net now and in the future.

Emphasis added. Not my evaluation. As I said before, you cheated as defined by the game's creators. They are the ones who long ago established that this is a black and white issue.

if they didn't squash the free battle.net server that was being worked on.

A move intended to prevent piracy of their games, notably expiring closed betas which are always far more open than intended. I knew at least 6 people who were not beta testers who...were beta testers. Any anti-beta tests or CD checks would be trivially removed given bnetd's open source status. Again, you assume the reasoning here was to reduce server load and not a best effort at removing cheaters.

Not that I'm implying it's easier for you to blame Blizzard, trying to minimize your responsibility for your account's banning.

Clippy in its research version might have popped up once a month when a user really needed help.

Like in this situation?