Yes, we scan
-
Data retention: Don't believe anything you hear. I am sure that everything is being kept forever to the extent that it is possible no matter what a lying government rep tells us. I figure they do whatever they can deny.
On TOR: TOR uses entry and exit nodes and the traffic is split amongst the nodes and is usually hopped across 3 nodes. The nodes are biased based on speed. The faster connections usually end up assigned as exit nodes and entry nodes. The main nodes. To defeat TOR you would need to own these exit nodes and all the nodes in between. I can see where this might be possible if you payed a bunch of money to own a bunch of high speed nodes. I have mapped these nodes in the past. The highest concentrations with highest speeds seem to be located around Washington DC area and the Beijing area some years ago.
I suppose you could set up a a set of MIX servers and spread them across Venezuela, Cuba, Iran and Moscow? $$$
-
I'm not sure you would need to own entry or exit nodes for traffic analysis if you owned or had access via FISA warrant to the routers that the nodes are connected to.
No reason to keep most stuff, suck it in, scan it and store the bits you are interested in an a "research" database and dump the original data. You have what you need on file and can skip the expense and hassle of storing the nonproductive stuff.
-
Well, I'd suggest that FISA is a rubber stamp and that any agency that has every asked for a warrant got one.
So, the "warrant" is neither here nor there.Now, if every connection of every major provider is auto-logged, auto stored and can be auto sorted and later queried as described by the notorious leaksters, sure, you could put together all the hops and TOR becomes not so solid, unless a few of those TOR nodes are located somewhere that doesn't log and/or doesn't share that info. Bad thing is that TOR has bandwidth and latency biases that would usually choose faster nodes that are closer. One would think then that these biases are easily exploitable since for someone like me, in the USA, nodes in Havana, Tehran, and Iceland are unlikely to end up being my nodes.
Really, I think to be ideal, the nodes that you use would be best spread across in counties that hate each other and don't cooperate at all.
To my knowledge onion routing doesn't include any biases based on politics, but it probably should. -
For traffic analysis mid-points in the links are nice to have but only end-point access is necessary for many of the techniques to be effective. Going through nodes that do not have monitoring on their input/output routers adds to the difficulty but does not provide absolute security.
Look at it as being similar to cryptography, there is a secure way to do it (one-time pad) or less secure but possibly good enough methods (anything other than a one-time pad) that may meet your needs. Any connection where you have a knowable end-point on either end is subject to traffic analysis, you can make it harder but never reach the ideal without unknown end-points.
-
Traffic analysis? Cryptography? Those are real things? (-;
Who would do such a thing?
-
Traffic analysis? Cryptography? Those are real things? (-;
Who would do such a thing?
I wish I could dream like this again back in 1995 when I started into Internet as a commercial way.
-
The determining factor for government intrusiveness seems not to be the constitution or any of its amendments or laws, but rather technology.
-
A good read: http://www.spiegel.de/international/world/whistleblower-snowden-claims-german-intelligence-in-bed-with-nsa-a-909904.html
-
Another good read and reason to happily enjoy your pfsense.
http://www.dailykos.com/story/2013/06/20/1217520/-NSA-Shenanigans-is-the-CISCO-Kid-ding
-
Port mirroring? Really? Oh please! Is that all they have? That article is nonsense propaganda aimed at techno-phobes.
-
Its not really that port mirroring is "bad".
Its bad if it can be remotely switched on via a back door and pointed towards destination of choice.
No technology is bad unless used in a bad way.Well… I guess its also bad if its use to seamlessly funnel every single bit and byte of data running across a major trunk in two directions simultaneously. One towards destination that serves the consumer and the other for real-time ingestion at line speed and later analysis elsewhere and calling it a feature of the unit. I don't think privacy is a privilege, but rather a right. No one has to be licensed for privacy. Its not something that you should have or not have at the digression of the government or anyone else.
