https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...
https://www.reuters.com/article/opinion/commentary-evidence-...
https://www.theguardian.com/us-news/2014/oct/11/second-leake...
It is possible that the "second source" and the shadow brokers are one and the same.
https://www.electrospaces.net/2017/09/are-shadow-brokers-ide...
https://www.emptywheel.net/2017/09/15/shadow-brokers-and-the...
And here's an interesting tidbit about a possible link between TSB and Guccifer 2.0
https://www.emptywheel.net/2020/11/01/show-me-the-metadata-a...
Yes, the idea that the "second source" and TSB are the one and the same is necessarily based on conjecture. Nobody is presenting it as a fact, but as a rather likely option based on analysis of data released by TSB and NSA leaks which cannot be attributed to Snowden.
Both TSB leaks and "second source" leaks originate from the same time period, and the same locations within the NSA. That does not mean that they were leaked by the same person(s), but it is a fairly likely option.
For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.
As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.
Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.
The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).
I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.
If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".
That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.
The article begins with:
> XKeyscore (XKEYSCORE or XKS) is a secret computer system used by...
This should be edited to:
> XKeyscore (XKEYSCORE or XKS) is a classified computer system used by...
The program is allegedly a Top Secret program.
[0] https://en.wikipedia.org/wiki/User_talk:Discospinster#WTF_ed...?
Information is classified not anything else. All of that to say, this is one of the many secret computer systems the nsa allegedly has. As the Wikipedia article clearly indicates
apt-get•9h ago
We hear a lot about local agencies perusing the services of private companies to collect citizens' data in the US, whether that's traffic information, IoT recordings, buying information from FAANG, etc. What's the NSA's position in the current administration? (e.g. we've heard a lot of noise in the past about the FBI and CIA getting the cold shoulder internally. I wonder how this applies to the NSA.)
monerozcash•8h ago
NSA does not have magic tools to break modern encryption.
themafia•8h ago
The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
monerozcash•8h ago
Even if true, significantly degraded. Probably not true though, NSA has been very leaky and such a story would be kind of devastating for Google. NSA lacks the legal capability to force Google to do so, the money to bribe Google to do so and also almost certainly lacks the political backing to put one of the biggest US companies in such a position.
I don't doubt for a second that NSA could hack Google (or just bribe employees with appropriate access) and break into specific Gmail accounts if they wanted to. Bulk collection would be far more difficult to implement.
>The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
They do try, they just haven't been very successful at it.
themafia•8h ago
monerozcash•8h ago
Neither of these approaches would enable bulk collection.
I'm sure the NSA can read essentially any specific emails they're interested in, they just can't do so at anywhere near the scale they used to pre-Snowden.
Not only that, these days almost all chats have moved to E2EE platforms. Reading that traffic in a stealthy manner requires compromising endpoints, bulk collection simply isn't possible.
ls612•8h ago
matheusmoreira•7h ago
https://www.ethanheilman.com/x/12/index.html
hollow-moe•8h ago
monerozcash•7h ago
It's also worth considering that CT makes it extremely noisy to use such certificates to attack web browsers.
hollow-moe•7h ago
monerozcash•7h ago
>Browsers checks CRLs but are they checking CT logs to be ensure the cert they're checking was logged ?
Yes, all modern browsers require certificates to be in the CT logs in order for them to be accepted.
For example, we can easily pull up logs for gmail.com and see which certificates browsers would accept. https://api.certspotter.com/v1/issuances?domain=gmail.com&ex...
notepad0x90•8h ago
2) They didn't build a Yottabyte-scale datacenter for no reason
3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.
4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.
5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.
6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.
7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.
monerozcash•7h ago
Yeah, they can still collect lots of useful metadata.
notepad0x90•6h ago
Metadata is extremely valuable!! lots of things can be inferred from it. In other comments I've decried companies like slack including your password reset or login codes in the email subject for example. They can take any packet and trace it back to a specific individual, even if you're on Tor, chaining VPNs,etc.. without decrypting it. They can see what destinations you're visiting. they can build a pattern of life profile you and mine that. The ad industry does much of this without access to global internet traffic captures already lol.
monerozcash•6h ago
> In other comments I've decried companies like slack including your password reset or login codes in the email subject for example
That's still just as encrypted as the email body itself.
notepad0x90•5h ago
monerozcash•5h ago
My whole point is that they're no longer able to do passive listening of unencrypted content and massive scale, but instead are forced to rely on much smaller scale active attacks.
notepad0x90•4h ago
You're assuming that despite their budget not having changed meaningfully, no repercussions against anyone from the historical leaks, the continued renewal of the patriot act and unchanged mission of the intelligence community orgs that somehow they've wound down. That they've stopped R&D and tailored access ops.
You're also assuming that tailored access is not used to facilitate, correlate and enrich traffic decryption.
You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that? If you hoard 0 days and sophisticated implants what's the advantage? I mean half the time comms alone aren't enough, you want access to internal networks, documents that will never get transmitted over the network,etc.. smartphone telemetry data from a large group of targets. They're not interested in decrypting traffic to grandma visiting facebook, they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp. Once targets are identified they can be implanted, or have their traffic selected for decryption.
But I think i get what you're saying, that most of the traffic they capture is encrypted. That much I agree, that has changed. But whether they can decrypt it on-demand, that is tough to speculate, whether they need to? That's what I'm disagreeing with. If their goal was that one-time traffic decryption, perhaps that has been curtailed with the prevalence of TLS and CT logging. But metadata alone is sufficient to select a target, and all the evidence suggests that even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
monerozcash•3h ago
That's not at all what I'm assuming. I'm stating that the environment has become much more hostile to them, reducing their capabilities because all the super low hanging fruit is gone. The part where they're able to hack almost anyone they want hasn't changed.
>You look at things from your perspective where decrypting traffic alone is all too important. If you can see all the metadata, why would you do that?
Metadata lets you select a target sure. Having full content takes as they used to allows you to easily find new targets by simply matching keywords, that particularly cool capability has practically disappeared post-Snowden.
>they want to know who's downloading tails, who's using signal, who's committing to interesting git repos, who the source of some journalist is, what people a politician has been messaging on whatsapp
I don't think this really reflects what the previously leaked files suggest their main interests to be.
>what people a politician has been messaging on whatsapp
Whereas before they'd have been able to get that information off the wire together with the message content (for all messages, in real time!). Now? They actually have to actively compromise Facebook to get that for a single user.
It's also worth noting that the previously leaked NSA documents seem to suggest that the NSA was not particularly busy breaking the law by hacking American companies.
> even if they can't readily implant targets, they can successfully perform targeted MITM attacks, even with typical non-mTLS/non-pinned TLS setups.
Because of CT, such MITM attacks will not work without creating noise that's visible to the whole world.
matheusmoreira•8h ago
monerozcash•8h ago
They can easily go after specific targets, but bulk collection is no longer viable in the same way it was pre-Snowden.
matheusmoreira•8h ago
Degraded would be "it is impossible for them to know anything about people unless they send dozens of human agents to stalk them".
monerozcash•7h ago
The first approach enabled them to find targets that were not on their radar based on message contents, they can no longer do that.
matheusmoreira•7h ago
No doubt they still read texts. I think the US is still among the countries that use SMS a lot.
They no doubt have access to the data big tech's mined out of the entire world's population. That capability alone puts them into "bring everything about this guy up on the screen" territory.
monerozcash•7h ago
I don't doubt for a second that they can read specific emails, but to suggest that they have bulk collection capabilities within Google or Microsoft is a stretch. NSA lacks the legal authority to compel that, NSA lacks the money to bribe Google or Microsoft and NSA likely lacks the political backing to put the biggest US companies in such a compromised position.
>I think the US is still among the countries that use SMS a lot.
Sure, but that's increasingly iMessage.
cool_dude85•6h ago
monerozcash•6h ago
It was certainly easy in a world where everything wasn't encrypted, that's not the case anymore.
cperciva•7h ago
To quote a former Chief Scientist of the NSA, Rule #1 of cryptanalysis is "look for plaintext". Implementation flaws are very common.
yupyupyups•8h ago
They don't. But they have other options.
For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.
monerozcash•7h ago
This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything.
morkalork•7h ago
monerozcash•6h ago
Hence the famous "SSL added and removed here ;-)" slide
doobiedowner•6h ago
monerozcash•6h ago
AT&T does not have much to lose by doing that, Google does.
doobiedowner•6h ago
monerozcash•6h ago
morkalork•5h ago
monerozcash•5h ago
Well, no. But Google does significant business in foreign countries and doesn't really want to give an excuse for foreign governments to start aggressively pursuing their own alternatives.
> And speaking of, whatever happened to those?
Cloudflare still has a warrant canary on their transparency report page, Reddit deleted theirs in 2016.
They were never very common.
tehjoker•7h ago
https://www.newsweek.com/exclusive-inside-militarys-secret-u...
monerozcash•7h ago
And even then, stealing keys does not give you passive decryption and active decryption would be incredibly noisy.
NSA does not have enough money to spend to be able to incentivize Google to give them full take intercepts either.
tehjoker•6h ago
There's lots of fun tricks you can think of when you have national resources at your disposal.
However, you are forgetting that NSA works for Google. It works to support the promotion of American companies worldwide. They're on the same team, and Google knows that. They even have the same mission: To usefully organize the world's information!
Now that Google is openly a military contractor, it's even easier to make this click. Back in the day, you had to read things like this Julian Assuage piece to understand this: https://wikileaks.org/google-is-not-what-it-seems/
monerozcash•6h ago
Google has a lot to lose by doing so, and not all that much to gain. Google has also been a leading force in pushing for broader use of encryption on the internet, making the NSAs work significantly more difficult even in a hypothetical scenario where Google is happy to give them anything they want.
xboxnolifes•4h ago
snorbleck•8h ago
monerozcash•7h ago
ch2026•7h ago
tehjoker•7h ago
monerozcash•7h ago
That's a very boring capability compared to what they were able to do pre-Snowden. That's also not a new capability, they were able to do that pre-Snowden too.
globalnode•6h ago
cannabis_sam•6h ago
Aside from a tiny minority of people applying their own encryption (with offline confirmed public keys) at end points with securely stored air gapped private keys, this information is available to the US government, it’s the god damn job of the NSA.
monerozcash•5h ago
The crucial difference is that it is no longer nearly as easy for the NSA to identify new targets as it used to be, because they don't have full take access to the vast amounts of content they used to.
themafia•8h ago
monerozcash•8h ago
themafia•8h ago
https://www.reddit.com/r/LateStageCapitalism/comments/1hlmq3...
The FBI apparently attempted to use this in the Bryan Kohberger case:
https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-ko...
It's hard to find solid coverage of this because obviously the methods are often hidden and rarely leak out to the press at large. The press also gets confused and thinks that defending our constitutional rights will lead to criminals being acquitted.
If you spend a lot of time watching and studying these cases and how they evolve throughout the courts it becomes obvious that this is likely occurring more than most people realize.
monerozcash•8h ago
The caller is easy to identify, how could the government ever trust this person to not reveal their parallel construction? If they were planted by the government, that'd be extremely difficult to hide. The government also likely wouldn't be able to compensate them in any meaningful way for telling such a lie.
The Kohlberger case also does not suggest parallel construction, the DOJ policy isn't binding and the DOJ can in fact legally violate that whenever they want.
dialup_sounds•5h ago