"Web browsing records can reveal sensitive, private information about a person based on where they go on the internet," said Sen. Ron Wyden.
NSA is buying Americans' internet browsing records without a warrant::"Web browsing records can reveal sensitive, private information about a person based on where they go on the internet," said Sen. Ron Wyden.
Sounds like the problem is more that they're for sale in the first place, not that they don't have a warrant. They don't need it because our privacy laws are so outdated and ineffectual(/nonexistent).
Yeah like I feel that the headlines are missing the forest through the streets. If there is enough important information available about individuals that the NSA would find it useful and worth buying, we need to ensure that it’s stopped at the source and not available to anyone.
Do I like this? No. But I also don’t like that any other entity can do this either. But if we’re going to ban the government from doing this, we should also be banning the sale of this data to anybody.
This right here. All the people bitching about wanting to use Opera and wanting to use Chrome and wanting to use Edge and Brave, this is what we're trying to fight. This is what we're trying to minimize.
Even though the NSA is probably trying to use this for 'good' at the moment, It's not a hard stretch that a couple of changes in power later that information's still going to be there.
When the Snowden releases came out the promise was the NSA was only using their massive surveillance machine to hunt down Islamist terrorists.
But since then they've passed tips to local precincts regarding loose cash in transit so that it can be seized and used by police departments for margarita ice crushers and other luxuries. The NSA itself gets a cut of the take.
This is to say NSA efforts are being used to rob Americans using asset forfeiture, which is about as far from for good or in support of a good cause as you can get.
The NSA does not need money from asset forfeiture. This is one of the stupidest accusations I've heard of NSA. They have to be careful about how they use their intelligence to keep potential targets unaware of what they can or are snooping on. This would be the stupidest and most pointless use of their intelligence. Anyone they would share intelligence with must do so with the most absolute secrecy, and municipal and state law enforcement generally does not qualify. This doesn't mean they're not acting unlawfully, but knowing if they are is going to next to impossible.
This has been commonplace for decades. The government agencies went big into it after 9/11. Funny thing was that I found out about it from a competing company telling me about how the company I worked for at the time was doing it.
I should note that I'm firmly against it, just that it's not new.
It's illegal to spy on your own citizens in the US, but completely okay if someone else does the spying and you buy the data.
Also, he’s privy to classified information he can’t disclose. I’m thinking going forward he could say “I wish I could hold confirmation of the NSA Director again until they declassify XYZ“ and we would know he’s been plugged in to something unethical re: XYZ. Maybe it’s already possible to read in between the lines of his public statements.
I'm thinking going forward he could say “I wish I could hold confirmation of the NSA Director again until they declassify XYZ“
I'm thinking he absolutely can't do that because
he’s privy to classified information he can’t disclose.
Oftentimes you can't even reveal what classified stuff you may have access to, as that info by itself could be classified. Giving little hints and letting people "read between the lines" would almost certainly count as mishandling classified information, especially if you're a high-profile politician doing that in public statements.
I would just assume your data could be there unless your computer has never been connected to the Internet. It's simply too easy to hide surveillance in the processor (in the form of remote administration capabilities), the operating system (with remote updates), or the browser, or in the numerous security holes or likely zero-day exploits out there. The state of computer security is an absolute joke, and your 4096-bit RSA key is not keeping your data safe.
Here's the summary for the wikipedia article you mentioned in your comment:
The Utah Data Center (UDC), also known as the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is designed to store data estimated to be on the order of exabytes or larger. Its purpose is to support the Comprehensive National Cybersecurity Initiative (CNCI), though its precise mission is classified. The National Security Agency (NSA) leads operations at the facility as the executive agent for the Director of National Intelligence. It is located at Camp Williams near Bluffdale, Utah, between Utah Lake and Great Salt Lake and was completed in May 2014 at a cost of $1. 5 billion.
NSA director Gen. Paul Nakasone disclosed the practice in a letter to Sen. Ron Wyden, a privacy hawk and senior Democrat on the Senate Intelligence Committee.
“Web browsing records can reveal sensitive, private information about a person based on where they go on the internet, including visiting websites related to mental health resources, resources for survivors of sexual assault or domestic abuse, or visiting a telehealth provider who focuses on birth control or abortion medication,” said Wyden in a statement.
By its own admission, the ODNI said at the time that commercially purchased data “clearly provides intelligence value,” but “raises significant issues related to privacy and civil liberties.”
Previous reporting shows the Defense Intelligence Agency bought access to a commercial database containing Americans’ location data in 2021 without a warrant.
Government agencies typically have to secure a court-approved warrant before obtaining private data on Americans from a phone or a tech company.
But U.S. agencies have skirted this requirement by arguing they do not need a warrant if the information, like precise location records or netflow data, is openly for sale to anyone who wants to buy it — though this legal theory remains untested in U.S. courts.
The original article contains 1,045 words, the summary contains 198 words. Saved 81%. I'm a bot and I'm open source!
I still wonder what they are buying and from who. If it's the ISP I kind of wonder what they still get from me since I don't use their DNS servers and the ones I point to are setup for DoH for all traffic at home. I also use other stuff for added privacy. It doesn't take a lot of effort, I hope more people start taking their networks seriously and setup some easy bare minimum precautions to help make it at least slightly harder to track you.
With the NSA's whatever the fuck they want budget, nothing's off the table. Dark web, Google, Microsoft, probably whoever will sell it and then they probably slapped them with a gag order If they're an entity likely to publicize it.
My pi holes are set up to pull dot and doh, but they still have to get there traffic from a provider. I should probably funnel that through my VPN but making my DNS unpredictably slow doesn't sound like much fun.
I'm sure ISPs will sell whatever they can see. Smart TV manufacturers use some crazy database to be able to detect what you're watching You know that's going off to everybody that would give them a $20 bill. Then anywhere where you've used the same email to sign up for multiple services all those services will be more than happy to sell their data.
Your bank, LexusNexis with credit data, your school, All the places that your parents and your kids use.
It's not that hard to use a password manager and a catch-all email and start diversifying your user accounts.
Tour and VPN start to degrade your service quality.
Using open source browsers and anonymizing as much as you can is good and yes even DNS over HTTPS plays a role in reduction.
In the end though, I wonder how much it really matters. If they just get one or two chunks out of that list, how much are the rest of it do they get for free or cheap. If you had the eye of sauron on you and they were really trying they would know everything you do.
In the end though, I wonder how much it really matters. … If you had the eye of sauron on you and they were really trying they would know everything you do.
If the Fed specifically targets you, I imagine eventually they’ll dig up what they need one way or another. (Widespread E2EE should be a barrier of course.)
Given the average person will never be targeted, I think taking the lowest hanging fruit privacy protections is good for a little bit of peace of mind and a little bit of security against data leaks. NSA gets hacked? Maybe when the dump hits blackhat forums or The Pirate Bay it won’t be as obvious how much time you spend on UnixSocks.
Ironically, what bothered me at first is the use of internet instead of Internet. An internet is a network of networks. The Internet is the global network of networks. I know that internet is becoming the standard but having been a network administrator, it does annoy me.