Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MIT Project Reveals What PRISM Knows About You

samzenpus posted about a year ago | from the follow-the-data dept.

United States 221

judgecorp writes "MIT's Immersion project sifts your Gmail, and constructs a map of your associations. Without opening a single message, it gives a clear view of who you connect with. It's a glimpse of some of what the NSA PRISM can do. From the article: 'You can assume that if the NSA is looking at your email, the information in Immersion is similar to what they will see. Consider that they probably see all of your email addresses (and not just Gmail) and that the metadata is examined along with the metadata from everyone you’ve corresponded with, and you can see just how much can be inferred from this data alone.'"

cancel ×

221 comments

Sorry! There are no comments related to the filter you selected.

Just askin... (-1, Troll)

Frosty Piss (770223) | about a year ago | (#44216363)

So...

Is it not OK that the NSA is doing, but OK that MIT is doing it?

Re:Just askin... (2)

Xest (935314) | about a year ago | (#44216375)

I'm guessing MIT haven't tapped Google's fibre like the NSA so are doing it on a consent based basis, but no, I haven't read TFA.

Re:Just askin... (2)

swillden (191260) | about a year ago | (#44217077)

I'm guessing MIT haven't tapped Google's fibre like the NSA so are doing it on a consent based basis, but no, I haven't read TFA.

I don't think tapping Google's fiber would do the NSA that much good. All traffic between gmail servers and gmail users is encrypted. They could get traffic between Google's SMTP servers and other mail providers, because although Google uses SMTP over TLS when talking to any other provider that supports it, few do, but messages between gmail accounts are never transmitted in cleartext.

If you argue that the NSA can lean on certificate authorities to let them spoof Google certs, I think that approach is unlikely to succeed. First, even if CAs cooperated the NSA would need to use it sparingly, because it's likely that eventually someone would notice that they're getting different -- though apparently valid -- certs, especially since all valid certs from Google should be issued by Google's CA. Second, the fact that Chrome pins all Google certs by default makes the odds of discovery even higher. In fact, that's how the DigiNotar compromise was surfaced; someone tried to use the compromised signing key to spoof a Google cert and Chrome threw up big red error pages.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44217393)

I'd never be able to prove this to your satisfaction I'm sure. Firefox browser has the search bar that automatically sends searches to google when you type them in. I had an addon to make pages use ssl if possible and an addon to check if anyone is tinkering with certs. Apparently entering searches in the search bar sent them in the clear and certain keywords could trigger a new certificate. Put in the same keyword and nothing happens you need to find a new keyword to trigger a new certificate. I used one of those lists with supposedly sensitive keywords.

Re:Just askin... (1)

swillden (191260) | about a year ago | (#44217463)

Apparently entering searches in the search bar sent them in the clear

That's certainly possible. It depends on how Firefox's default search engine is configured. If you want to be sure your searches are encrypted, go change the setting to use https://google.com./ [google.com.]

Apparently entering searches in the search bar sent them in the clear and certain keywords could trigger a new certificate. Put in the same keyword and nothing happens you need to find a new keyword to trigger a new certificate. I used one of those lists with supposedly sensitive keywords.

That's impossible. The session encryption negotiation is done prior to any data being sent, so the certificate provided by the server, and used to encrypt the session key, is delivered to the browser before Google receives any keywords.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44217557)

Put the key word in the i goes in the clear. google takes the request gives you an encrypted page with a new cert.

Re:Just askin... (1)

swillden (191260) | about a year ago | (#44217749)

Do you have any example keywords? Also, are you located in China?

Re:Just askin... (-1)

Anonymous Coward | about a year ago | (#44217097)

I'm guessing...

So you are.

The parent is not a "troll", it's a very good question.

Re:Just askin... (5, Insightful)

Anonymous Coward | about a year ago | (#44216391)

One has your consent, the other doesn't?

Re:Just askin... (5, Funny)

Jeremy Erwin (2054) | about a year ago | (#44216553)

The government, by definition, has the consent of the governed. Otherwise, it would be long gone.

Re:Just askin... (5, Insightful)

Dunbal (464142) | about a year ago | (#44216665)

The murderer an the rapist have the consent of the victim, otherwise these crimes simply would not happen.

Re:Just askin... (5, Funny)

Jeremy Erwin (2054) | about a year ago | (#44217559)

perhaps it's not "rape rape" but "spousal rape."

Re:Just askin... (4, Interesting)

Anonymous Coward | about a year ago | (#44216667)

This. In the West, I am less scared of the government (in its public capacity) than any other entity. They have the most openness and democratic oversight of any organisation. The thing I fear most about the government is the extent to which it partners with private organisations which are more interested in furthering special interests of small groups - usually the bank accounts of the wealthy.

The information GCHQ/NSA has on me CAN be used to exploit me - if insufficient regulation allows corruption to set in. The information private entities have about me WILL be used to exploit me - by design.

Re:Just askin... (5, Insightful)

Antipater (2053064) | about a year ago | (#44216843)

Interesting points about openness and democratic oversight in government as opposed to the corporate world.

So shouldn't you be up in arms about the lack of both openness and democratic oversight shown in the NSA affair? You can't defend the virtues of one system over another, then turn a blind eye when it reneges on those virtues.

Re:Just askin... (5, Interesting)

Cenan (1892902) | about a year ago | (#44217167)

Your premise is wrong if it's "government is an entity that follows laws", because this completely ignores the fact that government is made up of individuals, with personal agendas. The data they collect may not be used against you right now, but that's only because you're not in someone's way yet. Once you step into the crosshairs of someone in power, do you still think all that data is innocent and inert? Do you think regulation is going to save you? Are you willing to accept a society where you cannot poke your head up too high, unless you're of a chosen breed and have greased the right palms?

Re:Just askin... (4, Funny)

RenderSeven (938535) | about a year ago | (#44217509)

the government has] the most openness and democratic oversight of any organisation

Ha ha ha ha ha!!!! That was a good one!

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44217611)

Must be really nice for you to live in that country.
For the rest of us, we fear the Chinese, the Indians and Pakistani, with their fucked up ideas and nukes, and let's not forget the mega corporations backed by the various first world countries led by the USA that are basically free to establish their dominance anywhere they want to.
So, let's see, you fear one single government, your own, the rest of the world has that one threat plus another very large number of threats. We win, or lose, depending on how you look at it.

You can complain about your government and not go to jail with your entire family. You know what? Most of the countries don't have that luxury, that privilege.

Re:Just askin... (1)

Anonymous Coward | about a year ago | (#44217733)

This. In the West, I am less scared of the government (in its public capacity) than any other entity. They have the most openness and democratic oversight of any organisation. The thing I fear most about the government is the extent to which it partners with private organisations which are more interested in furthering special interests of small groups - usually the bank accounts of the wealthy.

The information GCHQ/NSA has on me CAN be used to exploit me - if insufficient regulation allows corruption to set in. The information private entities have about me WILL be used to exploit me - by design.

You are a fool. While corporations do exploit people, they're less likely to do so with extreme prejudice. Most of the Hollywood-style abuses that corporations commit are Hollywood fiction.

Governments, on the other hand, do this kind of stuff all day long.

When a government can pass a few "hints" along and divert a Head of State on an international mission, THAT's something to be very, very worried about. Granted, the particular head of state isn't in charge of a well-regarded government, but it is still a legitimate government. Today Bolivia, tomorrow France.

If they can do that the the President of a nation, it's not hard to imagine what they can do to you. Who needs to imagine when there's Guantanamo? If you're lucky.

Re:Just askin... (5, Insightful)

Anonymous Coward | about a year ago | (#44216701)

They have the consent of the governed only if they follow the constitution which gives them the power to do what they do.
Since they are wiping their rear ends with the constitution on this matter however, they do not have any consent at all.

Re:Just askin... (4, Insightful)

Feyshtey (1523799) | about a year ago | (#44216741)

In today's America, the government has less the consent, and more the apathy of the governed. The fact that the populace is so disengaged and ill-informed is the only reason there aren't many more protests in the streets.

Re:Just askin... (1)

Jawnn (445279) | about a year ago | (#44217791)

In today's America, the government has less the consent, and more the apathy of the governed. The fact that the populace is so disengaged and ill-informed is the only reason there aren't many more protests in the streets.

Yeah? So? As long as we can not be scared of teh terrorists and as long as new episodes of Survivor, American Idol, and Tia and Tamera keep coming out, we're happy.

Re:Just askin... (5, Insightful)

Anonymous Coward | about a year ago | (#44216811)

Consent requires information. If the government does not provide any information what they are doing, there can be no consent. Additionally, any implied consent is bounded by the constitution, and it does not appear that the government of the US has any intent whatsoever to abide by those restrictions.

Re:Just askin... (2)

Jeremy Erwin (2054) | about a year ago | (#44217075)

Additionally, any implied consent is bounded by the constitution, and it does not appear that the government of the US has any intent whatsoever to abide by those restrictions.

Au contraire. Secret court rulings have confirmed that the US is abiding by the constitution. Please do not attempt to disprove this, as slashdot is not cleared to receive classified information.

Trust the Computer. The Computer is Your Friend.

Re:Just askin... (2)

PraiseBob (1923958) | about a year ago | (#44217103)

Democratic leaders have the one-time approval of 51% of the governed. They certainly don't have the consent of ALL of the governed at any point. Generally speaking governments don't always have consent, they do however, have the most soldiers and weapons.

Re:Just askin... (1)

Guru80 (1579277) | about a year ago | (#44217123)

Oh god....that is exactly the definition government workers want the good sheeple to go by. "You elected me so I have your consent to do whatever I want without your approval, for your security and protection of course...so bah like a good boy".

Re:Just askin... (2, Insightful)

Anonymous Coward | about a year ago | (#44217241)

The equivalent of saying that there is no such thing as rape as anyone that does not successfully get away has consented.

Re:Just askin... (1)

Anonymous Coward | about a year ago | (#44216727)

The NSA has the consent of the American people. It's written in the PATRIOT Act.

Re:Just askin... (1, Interesting)

ArcadeMan (2766669) | about a year ago | (#44216401)

They're both wasting government funds, I don't see the difference.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44216885)

Its the scale of wastage though. MIT is wasting 3 graduate students salaries on it who they probably also get to TA for undergrad classes, whereas I would imagine that the NSA has many times that in full phDs devoted solely to theirs.

Re:Just askin... (1)

GargamelSpaceman (992546) | about a year ago | (#44217571)

Yeah, I mean anyone with anything to hide will be using Tor. Are people too stupid to use Tor really a threat that the NSA needs to be brought to bear to worry about? The only ones who lose are private citizens. Unless you go to extraordinary lengths you won't be able to keep the NSA from connecting an old slashdot post with your real name. Who cares right? Not me, but the Internet isn't just about about now, what you say is for all time. If an evil dictator comes to power you can't quit saying stuff that might piss them off and go about your business. Anything you've already said when it was still OK to do so can be used against you.

Re: Just askin... (1)

Anonymous Coward | about a year ago | (#44216409)

They use a tool that you have to knowingly run, which is fairly different than what the nsa does

Re:Just askin... (5, Insightful)

0100010001010011 (652467) | about a year ago | (#44216421)

One of them is opt-in. One of them is not.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44216587)

One is surveillance, one is a tool that demonstrates how the surveillance might associate data and is for your personal consumption only.

So Immersion is not about one thing. It’s about four. It’s about self-reflection, art, privacy and strategy. It’s about providing users with a number of different perspectives by leveraging on the fact that the web, and emails, are now an important part of our past.

I got that from reading the fucking article. However, it was easy to deduce from the summary here that it's only an end user initiated thing, that MIT doesn't have unrestricted access to gmail data.

The grand parent is a dumb ass.

Re:Just askin... (1)

Score Whore (32328) | about a year ago | (#44216815)

Now that they've gotten linked from here, they have a lot more access to gmail data than they did before. People giving MIT access to their email is no different than people giving Google access to their email. This is the problem: users extend too much trust in exchange for something sweet.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44217327)

One is sifting through your data looking for ways to market to you, the other is warehousing your data until you are deemed a threat (or maybe just an undesired ethnicity).

Re:Just askin... (1)

Elbereth (58257) | about a year ago | (#44216433)

There's a difference between opt-in and covert actions taken without permission.

However, I don't see why anyone would let MIT have access to their e-mail account, just so that they can simulate having the civil liberties violated. But, then again, I don't see the point to a lot of things that get posted to Slashdot.

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44216539)

There's a difference between opt-in and covert actions taken without permission.

However, I don't see why anyone would let MIT have access to their e-mail account, just so that they can simulate having the civil liberties violated. But, then again, I don't see the point to a lot of things that get posted to Slashdot.

That's not how the 4th amendment works though.

Otherwise you could say only the city garbage men have permission to take custody of your trash to prevent a PI from snooping through it at the curb.
Now you're going to ask, why can't we do that??

Once they take custody of it, it's theirs, not yours for one thing, and THEY can be searched with a warrant that doesn't have to mention you or other individual customers at all.

Re:Just askin... (4, Insightful)

Jeremy Erwin (2054) | about a year ago | (#44216731)

The simulator helps you understand how your civil liberties are being violated. It helps make vague understandings more concrete.

Re:Just askin... (1)

fustakrakich (1673220) | about a year ago | (#44216549)

Of course it's okay that the NSA does it, and next year's election results will reflect that. It's no use arguing whether it's 'right' or 'wrong'. We just need to figure a way neutralize it. All this philosophizing is a big waste of time and energy.

Re:Just askin... (5, Interesting)

mcgrew (92797) | about a year ago | (#44216735)

How, when both of the only two parties the corporate media dare mention are both all for a surveillance state? Remember, a vote for a candidate who doesn't want your loved ones in jail for pot and doesn't want a police state (e.g., Green and Libertarian, both on enough ballots to win) is a wasted vote? All the newspapers and TV stations agree, we need to have a surveillance state and we need to jail your loved ones!

And nobody seems to realize how stupid their vote is, corporate media keep us in the dark.

Re:Just askin... (1)

fustakrakich (1673220) | about a year ago | (#44216939)

...corporate media keep us in the dark.

We can always light a candle...

Re:Just askin... (0)

Anonymous Coward | about a year ago | (#44217271)

I think one has been lit.

https://twitter.com/YourAnonNews [twitter.com]

Re:Just askin... (2)

mcgrew (92797) | about a year ago | (#44217549)

We have the internet now, but thanks to the NRA our candle is a searchlight pointing at us. Vote Libbie or Green!

Re:Just askin... (0)

Guru80 (1579277) | about a year ago | (#44217071)

You are a true /.'er my friend...commenting without bothering to know what the hell you are talking about. I know, I know...first post and all, can't be bothered to read links.

Re:Just askin... (2)

AdamThor (995520) | about a year ago | (#44217661)

What would be OK is if they posted some code to run and then let you save and browse the result all on your own machine.

Meta (1)

Anonymous Coward | about a year ago | (#44216411)

Uh... Your email is plain te t. Th NSA has a fuckton more than just metadata... They have your entire contents.

Immersion Project? (5, Funny)

PPH (736903) | about a year ago | (#44216417)

What now? Are they water-boarding people for information?

Re:Immersion Project? (5, Funny)

brian0918 (638904) | about a year ago | (#44216481)

That would be submersion...

Re:Immersion Project? (2)

mcgrew (92797) | about a year ago | (#44216651)

Both words are synonyms. Waterboarding is neither immersion nor submersion. With waterboarding the victim is made to think he's immersed/submerged but he's getting water poured on him. It's the difference between Catholic baptism and Protestant baptism.

Not a bad joke, though.

Re:Immersion Project? (0)

Anonymous Coward | about a year ago | (#44217441)

Shut up and go back to the non-existent party you're pooping all over on.

Re:Immersion Project? (2)

cold fjord (826450) | about a year ago | (#44216825)

That would be submersion...

I've heard intelligence agencies were concerned about their sources. I guess this would be a clearcase.

Jon Corzine Off The Hook (-1, Offtopic)

Anonymous Coward | about a year ago | (#44216431)

Jon Corzine Off The Hook

After 18 months of investigation, the criminal probe against Jon Corzine has been dropped. He will not be facing criminal charges for the misuse of investors' funds at MF Global. Civil charges have been filed against Corzine.

Yet, somehow, the Republicans are "the Party of Wall Street."

This decision makes sense. After all, if the government were to uphold the law and prosecute people for wantonly (and probably illegally) pissing away other people's millions of dollars and lying about what they did/knew/allowed, they'd have to start by filing charges against Choom Boy and all of Congress.
Corzine is an absolute friggin' piker compared to President Historic First©.

MOD PARENT UP (0, Offtopic)

ObsessiveMathsFreak (773371) | about a year ago | (#44216805)

The contraposition of this story with the fate of John Corzine deserves to be highlighted.

Here we have the a US intelligence agency, saying it needs to snoop on millions in a supposed effort to protect them from threats. And yet John Corzine, who openly stole customers money, is not being prosecuted, despite the reams and reams of records and evidence against him and MFGlobal.

What we see here is that information does not correllate with prosecutions, or effectiveness at protecting people from harm.

Reverse honeypot (3, Interesting)

Anonymous Coward | about a year ago | (#44216467)

I always thought it would be interesting way to figure out a way to seed surveillance and information gathering networks with unique information you could then watch for to see where it "leaks out". For all the worry about NSA surveillance, my real fear is that is that it's actually a front for commercial operations. (My theory is that the NSA is mostly a headless monster of a "Security Industrial Complex" that lives off of milking the public for money in exchange for useless services and general industrial espionage. It's really the perfect scam because you can avoid any investigation of conflict of interest with 'state secrets' privilege) It would be a real coup to find your honeypot information leaking in to commercial databases.

More than a decade ago I registered a few domains with bogus names. To this day I still get offers in the mail for "Longdong McPorksword", even though mining whois data for commercial purposes has always been supposedly illegial (well, a terms of service violation at least)

Re:Reverse honeypot (0)

Anonymous Coward | about a year ago | (#44216595)

More than a decade ago I registered a few domains with bogus names. To this day I still get offers in the mail for "Longdong McPorksword"

What do you mean bogus names? "Longdong McPorksword" is my middle name!

Re:Reverse honeypot (1)

phantomfive (622387) | about a year ago | (#44216995)

For all the worry about NSA surveillance, my real fear is that is that it's actually a front for commercial operations.

That's deep theory.

Re:Reverse honeypot (1)

Bob the Super Hamste (1152367) | about a year ago | (#44217333)

Hell companies figured that out long ago and don't need the NSA to do it for them. Every company out there seems to offer a store brand credit card, savings card, or some other program that is free to join and offers some token benefit. People snap them up to save $0.06 on a case of soda every 3 months. Now toss in that there are cross promotions between multiple companies and you can gather all sorts of info. For example in my area there is a grocery chain that has a rewards card that provided you with a fuel discount at one chain of gas stations that also happens to accept the store credit card (with additional fuel discount) of the regional home improvement store. This is one of the more open cases where the connections between the various vendors is basically out in the open but how many share data in a much more opaque manner.

Absolutely Nothing (1, Interesting)

Jane Q. Public (1010737) | about a year ago | (#44216525)

Their analysis comes up completely blank.

Why?

Because I use POP3 rather than the bullshit IMAP for my mail access. There is nothing on the server, so there is nothing to analyze.

Re:Absolutely Nothing (1, Informative)

mjr167 (2477430) | about a year ago | (#44216639)

Um... so your emails don't go through the internets? How does that work? Even though you tell the server to delete it, it still passes through the server...

Re:Absolutely Nothing (2)

Jane Q. Public (1010737) | about a year ago | (#44216795)

"Um... so your emails don't go through the internets? How does that work? Even though you tell the server to delete it, it still passes through the server..."

I knew somebody would bring this up. :)

No, of course the email goes through the 'net. But consider: trying to separately store and analyze each separate event takes vastly more resources than doing periodic static analysis of the contents of your email folder.

Conclusion: they probably don't. Almost certainly, they simple take periodic snapshots. While they may analyze traffic too, that's still not the same thing.

Re:Absolutely Nothing (1)

mjr167 (2477430) | about a year ago | (#44216893)

You don't store the email unless it is 'interesting'. You store the metadata about the email in order to establish relationships. Facebook does this kind of processing and even provides an API to access their graphs. I think you vastly over estimate how hard this is.

Re:Absolutely Nothing (1)

Jane Q. Public (1010737) | about a year ago | (#44216943)

"You don't store the email unless it is 'interesting'. You store the metadata about the email in order to establish relationships. Facebook does this kind of processing and even provides an API to access their graphs. I think you vastly over estimate how hard this is."

I didn't say it was difficult. My statement was that it was costly. Two different things.

If it is worth their while, maybe they do it.

But as for Facebook: again, I doubt they make shadow copies of everything. Instead they analyze what is in place. Metadata? I suppose. But the bodies of the emails (in the case of Gmail) probably aren't stored. Analyzed for content when they go through? Perhaps.

Re:Absolutely Nothing (2)

xaxa (988988) | about a year ago | (#44217063)

Well, the earlier /. story mentioned that GCHQ (UK) stores *three days* worth of data flowing through Britain (where almost all the high-speed cross-Atlantic cables terminate), and the metadata from that for 30 days.

A shadow copy of all the text in email or Facebook is easy. Adding the media is more costly, but not that much.

Re:Absolutely Nothing (1)

Charliemopps (1157495) | about a year ago | (#44217099)

I didn't say it was difficult. My statement was that it was costly. Two different things.

It's too costly now. The real problem isn't what they are doing with this system at the moment. It may very well be that they are doing things we'd consider evil, but it's not like we're getting thrown into camps for complaining about it yet. The real problem is what they will eventually use this for. The un-checked power this gives the government is terrifying. It's like they're holding a gun to everyones head, just in case they turn out to be a terrorist and you're arguing that bullets are too expensive for them to shoot everyone. Well, prices are going to come down on these particular bullets, and future administrations may decided that terrorists aren't the only ones that deserve a bullet to the head.

Whenever there's a question of weather the government should have the ability to do something, the test is simple. Think of the worst, most despicable dictator/king/whatever in human history (this will be different for everyone based on their political ideology) then think "Would I be ok with that person being president and having the ability to do this...." Because, given enough time, we will elect a president that's that bad. Currently we seem to be stuck in a trend of electing barely competent idiots into office over and over again, but that wont last forever. It's only a matter of time before we get our own Stalin, Pol-pot or Hitler.

Re:Absolutely Nothing (1)

hairyfeet (841228) | about a year ago | (#44217387)

At the end of the day nothing anybody can do or say will change the fact that the threats we are looking at now is not something the guys who originally built the Internet even imagined so no shit its easy, the thought of having to worry about big brother, billion dollar malware orgs, rogue governments and cyber attacks? never even crossed their minds!

Its the same arguments I've been making for HTML, you have this thing that was NEVER designed to do anything close to what its doing now and instead just kinda grew like a fungus, with shit being bolted on here and there so of course its gonna be vulnerable and of course its gonna be risky and leaky, its doing a job it wasn't meant to do! The Internet as originally designed was for these colleges and think tanks to share data and research, and that was pretty much it. I mean why do you think they went with 32bit addressing? Because the thought that 4 billion would ever want to use the thing wasn't even a possibility, in their wildest dreams they figured at most a couple of hundred thousand colleges and think tanks planet wide AT MOST. And because you were dealing with think tanks and colleges the idea of actually protecting or hardening anything? Never crossed their minds, they were more concerned with making it so it wouldn't fall down if Paul the janitor knocked out a power cord in the lab, security wasn't even on the agenda.

So what we really need is a new design focused on protecting the end user but sadly it'll never come to be,like HTML the monster has grown to large and is in too many places to ever be changed, the best we can do is try to bolt more shit on top in the hope we can band aid our way out of the mess. But the fact that so much private info is just floating around out there in plain text really shouldn't be surprising, it just wasn't built with security as a priority or even a concern,again no different than HTML.

Re:Absolutely Nothing (1)

spire3661 (1038968) | about a year ago | (#44217695)

This argument is a bit like saying 'writing was never designed for privacy, we should build a language that obfuscates by default.' There is nothing wrong with sending in plain-text by default, as long as you have methods to go private when necessary. Its a trust issue, not a technological one.

Re:Absolutely Nothing (2)

DigiShaman (671371) | about a year ago | (#44216655)

I thought places like Google and Yahoo retain e-mail for several years in order to facilitate all future subpoenas. Who's to say the NSA doesn't have access to a shadowcopy of these e-mails directly on the server/s?

Re:Absolutely Nothing (0)

Jane Q. Public (1010737) | about a year ago | (#44216817)

"I thought places like Google and Yahoo retain e-mail for several years in order to facilitate all future subpoenas."

No. They do not.

First, it would cost a huge amount of money, and second, there is no law saying they have to, so they won't spend that money.

Re:Absolutely Nothing (0)

Anonymous Coward | about a year ago | (#44217301)

Both of your statements are obviously wrong.

Re:Absolutely Nothing (1)

Jane Q. Public (1010737) | about a year ago | (#44217581)

"Both of your statements are obviously wrong."

Hahahahahahahaha.

Re:Absolutely Nothing (2)

chill (34294) | about a year ago | (#44217795)

Actually...Google provides 15 Gb of storage for standard, free Gmail accounts. Unless you're attaching movies or large numbers of music files, that is enough to retain years worth of e-mail.

I know, I have years worth of e-mail in my Gmail box. 8 years, to be exact, and I'm using less than 10% of that 15 Gb.

The money is spent.

And as a side note. I once went thru and started deleting large quantities of older e-mail, that I had no reason to keep. After about 15 minutes the little "advertising" strip on the top of Gmail switched to "We have a sale going on tin-foil hats" and stayed there until I logged out..

Re:Absolutely Nothing (0)

Anonymous Coward | about a year ago | (#44217811)

Their analysis comes up completely blank.

Why?

Because I use POP3 rather than the bullshit IMAP for my mail access. There is nothing on the server, so there is nothing to analyze.

That is just so wrong.

When I ran POP3, where you you think my mail came from? Internet email is a store and forward process. Even if your client deleted the data when it retrieved it, it was sitting there for who knows how long on the POP server. Not to mention having possibly been parked on various other intermediate servers.

And, unless you are running your own server, chances these days are that there may even be a legal requirement for your mail service provider to retain mail for a certain amount of time.

That big data center out in Utah doesn't even care though. All they have to do is tap the main cables of the Internet and siphon off everything. Because it was BUILT to have that kind of capacity.

is MIT doing PR work for the NSA? (2)

0111 1110 (518466) | about a year ago | (#44216571)

So the purpose of this is what? To reassure us that the NSA is telling the truth and that they really do only view metadata? I think at this point it is quite safe to assume that any official announcement from the NSA is a lie. If MIT really wants to simulate seeing what the NSA can see then they should give you a view of every form of online communication plus any voice communication. The content. Not just the fucking metadata.

MIT not the only one (1)

swimboy (30943) | about a year ago | (#44216597)

Wolfram Alpha does similar analysis with your Facebook data. Those bubble charts reveal some amazing insights on seemingly insufficient amounts of data.

In other words (1)

fustakrakich (1673220) | about a year ago | (#44216619)

The Immersion Project is PRISM... nice

Trust Us. (1)

Impy the Impiuos Imp (442658) | about a year ago | (#44216659)

Again, I am not very concerned if Google thinks I may want to buy Pampers, Depends, or both.

Iam concerned with government wondering who I talk with who may be political. As it turns out, no one. But many people do do this, and some of them would be of interest to corrupted officials.

Therefore this mechanism, if it is to exist, needs good logging and forbearance mechanisms without warrant or, if in an "emergency", logging with mandatory followup with FISA or other court, and regular review by Congress.

"It's such an emergency we can't even do that after 12 years" that is the fraudulent, anti-freedom activity.

Re:Trust Us. (4, Insightful)

Feyshtey (1523799) | about a year ago | (#44216897)

So... The government secretly developed, deployed, and has been illegally managing this mechanism enabling them to spy on every citizen and foreign national that has passed data or made phone calls through the US. And you recognize how it could easily be used to intimidate, coerce or blackmail.

Your solution then is to allow the program to continue and feel safe from it's potential abuse by asking the same people who illegally developed, deployed and are managing it, to follow the rules? Pretty please?

What could possibly go wrong?

NSA knows i reloaded my starbucks card (1)

alen (225700) | about a year ago | (#44216663)

last week
they also know i follow the NYC sports teams and the email alerts i receive from fatwallet and slickdeals
along with my ereaderIQ author alerts for kindle books price drops

that's why i didn't buy that Orson Scott Card book over the weekend. the NSA would have found out

Re:NSA knows i reloaded my starbucks card (2)

timeOday (582209) | about a year ago | (#44216859)

Do they also know whether you're paying taxes on your mail order purchases and side-job income? (I mean, not that they would have gone to all the trouble of collecting the data just for that, but now that it's sitting right there...)

Re:NSA knows i reloaded my starbucks card (0)

Anonymous Coward | about a year ago | (#44217147)

Is this what the privacy nuts are up in arms about?
That the feds will catch them evading taxes?
Has there been a report of NSA-collected evidence being used in any sort of prosecution or civil proceeding whatsoever?
If not, then why are people bringing up the 4th Amendment?

Re:NSA knows i reloaded my starbucks card (1)

spleendamage (971412) | about a year ago | (#44217589)

Says the Anonymous Coward.
No, the privacy "nuts" are up in arms about someone having every email conversation you have had being tracked and read for zero reason.
If you would like the NSA to read all of your email, bind a BCC rule for admin@nsa.gov to all your outgoing.

Re:NSA knows i reloaded my starbucks card (1)

alen (225700) | about a year ago | (#44217543)

NSA collected evidence cannot be used in court. judges have thrown out evidence collected with a lot more legality behind it

...gone (1)

jkflying (2190798) | about a year ago | (#44216723)

Aaannnd it's Slashdotted.

Re:...gone (0)

Anonymous Coward | about a year ago | (#44216823)

waiting for analysis...
bet they did NOT expect slashdotting,

      naive!

Re:...gone (0)

Anonymous Coward | about a year ago | (#44216835)

the NSA has been /.ed?

who knew it would be that easy?

Far from it (3, Insightful)

timeOday (582209) | about a year ago | (#44216813)

The power of an integrating capability isn't what it can glean from ONE source (gmail), but rather the cross product of combining MULTIPLE sources. (gmail, facebook, phone records, credit report, amazon purchases? banking transactions?...) This cross-cutting capability is really the only portion that is unique/specific to government. (Except there is also a vast and shadowy industry of buying and selling the same personal information on private markets which we also know very little about).

Re:Far from it (0)

Anonymous Coward | about a year ago | (#44217141)

Except the vast shadowy industry of buying and selling the same personal information on private markets is inherently limited (due to the (generally) limited scope of a business.)

Why would McDonalds want to spend millions of dollars on people's personal phone records from the phone company? Vice versa, why would the phone company want to spend money to find out how many cheeseburgers a customer ordered with no pickles? Apple doesn't care how many rolls of toilet paper you buy from Wal-Mart at year and Target doesn't care if you prefer to fly JetBlue instead of Delta.

The shadow industry of information is certainly not nice, but its insignificant compared to the extent of monitoring PRISM went to.

i find this irrelevant at least for me (0)

Anonymous Coward | about a year ago | (#44216849)

the people i am closest to i do not talk with online

Misleading title (1)

swillden (191260) | about a year ago | (#44216913)

The tool shows what the NSA could know about you if they had access to your gmail. However, Google rather staunchly maintains that the NSA does not have any access to Google user data, with the exception of specific information about specific individuals when proper legal documentation has been provided and reviewed by Google's legal team, and even then the NSA does not have access to Google's servers; Google retrieves the specific data requested by the order and delivers it to the requestor.

In addition to the previous public statements, David Drummond just published the following op-ed in faz.net (in German): http://www.faz.net/aktuell/wirtschaft/unternehmen/gastbeitrag-von-david-drummond-gleichgewicht-zwischen-sicherheit-und-buergerrechten-12272710.html [faz.net] . Here's a Google+ post that contains an English translation: https://plus.google.com/u/0/105603626919803672092/posts/bT7ndyhJmUk [google.com]

Unless Google is flat-out lying of course. I don't believe that is true; I don't think Google could be legally compelled to lie, and I don't think the CEO and legal counsel legally can lie to the public, but you have to make your own evaluation on that point.

Re:Misleading title (5, Interesting)

MozeeToby (1163751) | about a year ago | (#44217059)

The problem is that now, thanks to the PRISM leaks, no one believes Google. Not even a little bit. And yes, they can be legally compelled to lie and if they are so compelled they will be shielded from any consequences of those lies, just like the phone companies were the first time a massive warrantless wiretapping program leaked 5 years ago.

Re:Misleading title (3, Insightful)

swillden (191260) | about a year ago | (#44217213)

The problem is that now, thanks to the PRISM leaks, no one believes Google. Not even a little bit.

That is a problem, indeed. It's why Google has filed suit against the DoJ, because Google can't provide the details needed to defend itself.

And yes, they can be legally compelled to lie and if they are so compelled they will be shielded from any consequences of those lies

Cite? As far as I know, the telecoms never lied. They refused to answer, and then eventually admitted to it. I could be wrong, however, since my memories of the details are fuzzy. But a few web searches seem to support my recollections. Yes, they definitely were shielded from any legal consequences.

But even if Google were shielded from legal consequences, Google could not be shielded from the extremely severe and irreparable PR consequences. Google might be able to recover from proof of the allegations by coming clean and promising to do better, but proof that the allegations were true and that Google lied would be disastrous for a company with Google's current business model. Remember that unlike the telecoms which have local monopolies, a national oligopoly and fairly high switching costs, Google's competition is just a click away.

I see three options:

1. Google is telling the truth.
2. Google is lying and is absolutely certain that it can never, ever be proven.
3. Google's executives are idiots.

I know 3 is false, and arguably it would have to be true for Google's execs to believe that their lies could never be proven, per 2. I think they're telling the truth.

(Disclaimer: I should mention that I work for Google. However, if the PRISM allegations were supported, I probably wouldn't be working for Google much longer, and neither would an awful lot of other people, including many who are far more talented and valuable than I am.)

Re:Misleading title (2)

xaxa (988988) | about a year ago | (#44217149)

I don't think Google could be legally compelled to lie

I'm not so optimistic, but in any case there's plenty of scope for carefully hiding the truth.

"we do not provide any government, including the US government, with access to our systems. Nor do we allow goverments to install equipment on our networks or property that gives them access to user data."

What about equipment "just outside" their networks, or accessing whatever Google considers non-user data?

I'd be surprised if (unknown to Google) they aren't employing some people who also work for the NSA.

"Third, we provide user data to governments only in accordance with the law."

Through a secret court?

Hopefully we can get more transparency, and it's good that Google are pushing for that.

Re:Misleading title (2)

swillden (191260) | about a year ago | (#44217273)

What about equipment "just outside" their networks, or accessing whatever Google considers non-user data?

Well, since nearly all Google traffic is encrypted, equipment just outside their networks wouldn't do much good. And Google considers all data in any way related to users to be user data

I'd be surprised if (unknown to Google) they aren't employing some people who also work for the NSA.

That could certainly be. However, Google security is pretty deep, and focuses at least as much on securing against insider threats as outsider threats. Those NSA employees would have to be extremely well-placed. (I work for Google, on security infrastructure, which means I know whereof I speak, but also that I can't provide much detail.)

Through a secret court?

Where that's what the law says, then yes. I think it's very clear that we have some deep public policy problems. However, Google's claim is that the number of requests they receive is small and affects only a tiny number of users. Unfortunately, the law doesn't allow them to be more specific, which is why they're suing.

Hopefully we can get more transparency, and it's good that Google are pushing for that.

Agreed. We absolutely need more transparency, and it's great that a company with the clout and resources of Google is pushing for it. It doesn't even matter whether they're pushing for it because they think it's a good thing in general or because the allegations are damaging to their business model.

No it does not! (0)

Anonymous Coward | about a year ago | (#44217051)

You can trust MIT exactly as far as you can throw any one of their buildings. MIT employs the most despicable state propagandist in US history, Noam Chomsky. Chomsky is the US equivalent of the UK's Tony Benn- a vile extremist ultra-high level operative of the government who passes himself off as the 'man of the people' and 'independent' critic of government policy. Chomsky actually sits on Israel's so-called 'star chamber', a shadowy organisation that pretends to find 'moral' authority for Israel's acts of terrorism across the globe.

The spying on the US population is far more extensive than even the most informed of you realise. For instance, betas are told that vehicles are tracked by license plate identifying camera systems, but this is a purposeful smokescreen. 99.99% of all tracking is done using under-surface RFID readers that monitor the chips present in every vehicle tire. The cameras exist merely to associate a 'name' with the current 'fingerprint' of your tire RFID chips. Under-surface readers are thousands of times cheaper, and thousands of times more reliable than camera systems, allowing a nation-wide network of deployment to a degree none of you can even comprehend.

The RFID tracking of vehicles is combined with the perfect ral-time tracking of EVERY cell phone currently receiving power (does your phone have a charged battery?- then it is being tracked).

A would-be car bomber in the USA was captured combining these two spy methods. The bomber bought a pay as you go phone in one town (with cash) and used it once in another town. This alone allowed him to be caught. How? By using RFID vehicle records to match a vehicle present in both locations at the time of purchase, and at the time the phone was used once. The very method the bomber thought made him anonymous allowed him to be identified.

US TV shows are no longer allowed to point out to viewers that ALL cell phones are tracked by the phone company and government constantly in real-time. It is LAW that every phone have this 'GPS' like functionality, but no show is allowed to have a plot that revolves around this fact.

The NSA slurps up EVERY piece of electronic data. Crap about 'meta' data is just that. The US post-office actually photographs (where possible) the CONTENTS of all ordinary mail (the piece of mail is exposed to extremely bright light of a frequency most likely to capture the interior writing on the pages within- a method that works more often than you may expect). Of course, persons of interest actually have their post opened and inspected. In the UK, this was once done by inserting a high-speed spinning needle into the base of the envelope to remove the contents with minimal external damage.

Your phone calls (contrary to MIT lies) are all recorded. Same with your Emails, etc. MIT is engaged in a usual propaganda operation based on standard FUD methods. The Meta-data crap is just nonsense for VERY dim-witted sheep (the lie goes like this - "the meta data looked suspicious, so then, and only then, we started capturing the actual data").

Do you know what the worst aspect of all this is? Well, yes, it is really the 1984 implications, but what I meant to say is that the very methods of spying allow the real criminals to circumvent the surveillance. Understand how vehicle and phones are tracked, and a smart operative will NOT make the same mistake as that bomber I mentioned earlier. The very effectiveness of NSA spying produces whole new classes of methods to avoid discovery or lay down trails of false and misleading information.

Of course, NSA spying has NOTHING to do with finding the 'bad guys'. It is a project to discover information that can be used to 'coerce' people of influence, and it is a project to read the mind of the populace in real-time, so control propaganda methods (of the sort Noam Chomsky helps create- using language to manipulate Humans is his field of study) used by the mainstream media can be better perfected.

Re:No it does not! (1)

sribe (304414) | about a year ago | (#44217267)

You can trust MIT exactly as far as you can throw any one of their buildings. MIT employs the most despicable state propagandist in US history, Noam Chomsky...

Rant, rant, rant. Dude, seriously, almost nobody pays any attention to Chomsky. He just spews for his own egomaniacal self-pleasure, and a to impress a small number of awed groupies.

Re:No it does not! (0)

Anonymous Coward | about a year ago | (#44217397)

Oooh fun. I'll play!

-Who installs the "under-surface RFID readers?"

-How do these readers send their data?

-Where do these readers send their data?

-How are these RFID readers powered?

-Tell me how to find the RFID tag in my tire.

-Tell me how to find one of these under-surface readers (or show me a picture of one).

Six degrees of separation (0)

Anonymous Coward | about a year ago | (#44217079)

Ran the demo, big whoop...

And yet they suggest Chrome (1)

YurB (2583187) | about a year ago | (#44217317)

If you visit the page using Firefox with JavaScript disabled, they suggest you to download Google's Chrome, i.e. to give even more of your data to NSA. We should at least recommend Chromium (the open-source part of Chrome) in such cases instead of the binary distribution from Google.

Wrong (0)

Anonymous Coward | about a year ago | (#44217319)

0 collaborators
87 emails

I think PRISM know a LOT more about me than that.

Favourite line - naivity (2)

csubi (950112) | about a year ago | (#44217339)

At least the NSA says it doesn’t read the contents of your email. Google does, and it admits that it does.

Like I believe NSA does not look at the contents... If it weren't for Snowden, we would still not know about PRISM.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?