i'm not saying "believe the NSA" or the Five Eyes, but you already know how you think about that
Vogon detected
"There's no point in acting surprised about it. All the planning charts and demolition orders have been on display at your local planning department in Alpha Centauri for 50 of your Earth years, so you've had plenty of time to lodge any formal complaint and it's far too late to start making a fuss about it now."
But sure, I do believe them that they don’t bother to look at it unless they want to. Like… yes, that’s how looking works.
The most charitable interpretation of the claims would be that what NSA calls "collection", every other English-speaking human would call "analysis" (or -maybe- "post-collection preprocessing"). This horseshit was reported in many places at the time, but here's the first vaguely-reputable place I could find talking about this sort of thing today [0]:
> Take, for example, the definition of the term “collection.” What qualifies as intelligence collection is critical to the scope of intelligence activity because it determines when intelligence gathering begins. Although it never provides its own definition, EO 12333 repeatedly refers to collection as the beginning of the intelligence gathering cycle. The agencies themselves elaborate on EO 12333’s general guidance by defining collection in their internal procedures. As we chart in greater detail in our article, the Defense Department’s and the NSA’s definitions of collection vary significantly, even though the NSA is a subordinate agency of the Pentagon.
> The Defense Department defines collection as intelligence gathering at a much earlier point than the NSA’s. Under DoD 5240.01, the department’s current manual, “information is collected when it is received by a Defense Intelligence Component,” regardless of how that information is “obtained or acquired.” By contrast, the NSA’s current version of USSID 18 states that collection “means [the] intentional tasking or SELECTION of identified nonpublic communications for subsequent processing aimed at reporting or retention as a file record.” As a result, collection for the Defense Department’s purposes appears to involve no processing or action; information is collected as soon as it is received. For the NSA, however, collection begins only once the information has been “selected” and put to further use.
> ...Under the NSA’s attorney general guidelines, for example, vast amounts of intelligence could be gathered without technically being collected. This means that, on paper, none of the guidelines’ subsequent protections for or limitations on the use of that intelligence apply when the information is first received. In theory, the NSA’s guidelines might permit the agency to gather significant amounts of unprocessed intelligence and then store it indefinitely.
[0] <https://www.lawfaremedia.org/article/what-does-collection-me...>
Banning TikTok would do nothing to hinder Americans' ability to say (almost) whatever they want without fear of government retribution. Anything you would have said on TikTok can still be said on Facebook for example, or your own website.
No it isn't. China has already admitted they hacked us all the major US telecoms to spy on American citizens, and shown no indication that they intend to stop doing that sort of thing. We simply can't trust them to install applications on devices that store the most sensitive secrets of our politicians, military leaders, and citizens.
See Volt Typhoon and Salt Typhoon for more information. China admitted that Salt Typhoon was them, and Volt Typhoon is relatively obvious. It's worth also noting that they used the backdoors that were put in place for CISA requests, which is a perfect example of why government mandated backdoors are a bad idea.
It’s about ownership, not speech. If Bytedance refuses to change TikTok’s ownership, it gets banned for that reason. (Same way a foreign radio station would get banned for violating our ownership rules.)
The law (not bill) requires an interagency process for identifying further targets. It starts with TikTok. It does so because of TikTok’s ownership. Not speech. I say this as someone who worked on and whipped for the bill.
So that's one quite mainstream opinion that would be suppressed if the government banned TikTok. No, you wouldn't be arrested for posting pro-Palestine stuff to Facebook (at least not under Biden...) but that's not the only way for the government to curtail speech.
Another thing we know is that the White House under Biden was pressuring FB and others to downrank anti-covid-vaccine content until a judge ordered them to stop.
Kind of quaint in 2025.
Not necessarily. It depends why they were primarily successful on TikTok, which we don't know. If it's because American platforms tend not to highly rank content that goes against the US's geopolitical ideology, then no, I wouldn't expect that.
Leaked data reveals Israeli govt campaign to remove pro-Palestine posts on Meta - https://news.ycombinator.com/item?id=43655603
Meta: Systemic Censorship of Palestine Content - https://text.hrw.org/news/2023/12/20/meta-systemic-censorshi...
Facebook has severely restricted the ability of Palestinian news outlets to reach an audience during the Israel-Gaza war, according to BBC research - https://www.bbc.com/news/articles/c786wlxz4jgo
Imagine if they shut down CNN and MSNBC for being the most anti-Trump major TV stations. Wouldn’t you think that was an infringement, even if it wouldn’t stop individuals from speaking their mind on the topic?
Do you also think it's impossible to convict anyone for murder because it was the bullet killing the victim, not the person holding the gun?
> You're allowed whatever speech you want, so long as we have influence over the speakers and microphones that you use to do so.
That's going to have a chilling effect on what actually gets said.
I was using "using USD" as a stand-in for "using platforms run by people we can reliably bully into tampering with your speech if it becomes problematic," and also to suggest a bit of corruption on the side, which seems likely given that Zuckerberg and Trump are now buddies.
The whole point is that a citizen can say whatever they want without the government stopping them, it has nothing to do with how many people can hear it or where it can be said.
Half of America's exports is media to foreign countries, you're opening a can of worms.
Sounds like those apps weren't using SSL, and NSA could eavesdrop on whatever API calls or telemetry it was sending? There's no real evidence that those apps are complicit, even though the article tries to imply that.
“And why we need to stop you from supporting terrorists” but not because we are against your freedom to speak.
The Snowden leaks serve as yet another wake-up call: the everyday apps we casually use — maps, social media, even mobile games — may have long become treasure troves for intelligence agencies. From a simple “tap to play” to revealing your exact location, political leanings, and even sexual orientation, this isn’t sci-fi — it’s reality unfolding in our hands.
Under the banner of national security, the boundaries of digital life are being redrawn. The real question is: do we still have the right to opt out? Are app developers unknowingly becoming data proxies? And further — is today's AI training quietly built on this same invisible stream of harvested personal data?
Are we playing with our phones — or are our phones playing us?
EMDASH SPOTTED ON LINE 3
INITIALIZING GPTZERO.EXE
DETECTED STRING: “just a game — or a gateway ”
AI CONFIRMED
TOO COHERENT
DETECTION OFF THE CHARTS
From my research most all apps use some SDK which tracks users. Many apps use 3 or 4 for various marketing / product / business use cases. I've been tracking this on https://appgoblin.info/companies if anyone wants to check. Try looking at the "no analytics" found groups, which are just apps I haven't found evidence of 3rd party trackers, almost certainly they do use them.
I would like to see world where Angry Birds data at least stays on Angry Birds servers and have been working on building a part of that with OpenAttribution (https://openattribution.dev) to let app/game companies build their marketing pipeline with at least one less tracker in the app.
I think as compute is getting cheaper a lot of this should/can be self-hosted by at least larger companies so they have full control of their BI tools and the data underlying it.
simonvc•11h ago
fiatpandas•11h ago
danielheath•11h ago
hx8•9h ago
greenavocado•9h ago
If you tried to brute-force AES-256 with conventional computers, you'd need to check 2^256 possible keys. Even with a billion billion (10^18) attempts per second: 2^256 operations / 10^18 operations/second is approximately 10^59 seconds. You'd need about 2.7 x 10^41 universe lifetimes to crack AES-256
At about 10 watts per computer, this would require approximately 10^60 joules, or roughly 2 x 10^34 times the energy needed to boil the oceans. You could boil the oceans, refill them, and repeat this process 200 trillion trillion trillion times.
For RSA-2048, the best classical algorithms would need about 2^112 operations. This would still require around 10^27 joules, or about 20 times what's needed to boil the oceans.
ECC with a 256-bit key would need roughly 2^128 operations to crack, requiring approximately 10^31 joules It's enough to boil the oceans about 2,000 times over.
Quantum computers could theoretically use Shor's algorithm to break RSA and ECC much faster. But to break RSA-2048, we'd need a fault-tolerant quantum computer with millions of qubits. Current quantum computers have fewer than 1,000 stable qubits. Even with quantum computing, the energy requirements would still be astronomical. Perhaps enough to boil all the oceans once or twice, rather than thousands of times.
gosub100•9h ago
it's very unlikely you'd have to check the entire keyspace before you found it. On average it would be about half.
greenavocado•9h ago
bb88•8h ago
There still seems to be a time factor, if not energy factor to computation.
Shor's algorithm for factoring prime numbers is at best O(log(n)^2 * log(log(n)))
timschmidt•8h ago
aaronbrethorst•7h ago
https://therecord.media/nsa-to-cut-up-to-2000-roles-downsizi...
timschmidt•7h ago
Is downsizing the NSA something we're upset about?
akimbostrawman•1h ago
gosub100•15m ago
kragen•7h ago
MichaelDickens•8h ago
dankwizard•8h ago
bonzini•6h ago
OutOfHere•7h ago
kragen•7h ago
That's only about a hundred thousandth of the mass of the Moon, and there are dozens of asteroids larger than this. Since it's clearly physically possible to disassemble an asteroid, or even the entire Moon, and build computers out of it, AES-128 should not be considered secure against currently known attacks. However, currently, it is not publicly known that the NSA has converted any asteroids into computers, and it seems unlikely to have happened secretly.
kuratkull•5h ago
2^10 / 2 = 512
512 is 2^9
So when dividing powers like this you decrement the exponent.
So no it's not 2^64 but more like 2^127
Dividing a loooong number with a small number has virtually no impact on the number.
OutOfHere•5m ago
swyx•8h ago
j_bum•8h ago
kbelder•6h ago
buran77•4h ago
The picture they paint is very useful to help people grasp the scale of "worst case" brute forcing while being completely misleading on the effort needed to break encryption "somehow". Cracking the encryption isn't usually about brute forcing every possible combination, it's all about finding or building a flaw in the algorithm.
Bike thieves don't go through the 10000 combinations on your lock, scammers don't try every possible email password, etc.
Brute forcing a key finds you one answer at a time, hacking the algorithm finds you all answers at once. Without boiling the ocean.
[0] https://asecuritysite.com/blog/2018-08-05_Boiling-Every-Ocea...
greenavocado•32m ago
The IME's DMA capabilities enable memory inspection without host awareness. Cryptographic keys residing in RAM become visible to this subsystem, essentially placing the combination to the digital vault in plain view of an entity designed never to be seen. One might say the keys to the kingdom are being displayed on a billboard visible only to those standing in another dimension. This extraction could happen before legitimate AES-NI operations even process the key material.
Random number generation becomes particularly vulnerable. By introducing subtle biases to hardware entropy sources like CPU thermal or timing sensors, an adversary could ensure generated keys fall within a predictable pattern while presenting all appearances of randomness.
Statistical tests would show nothing amiss, like a perfectly balanced coin that somehow lands heads 51% of the time over millions of flips, a mathematical miracle that passes unnoticed until the casino's bankruptcy. These manipulations would bias the PRNG to produce predictable entropy patterns that drastically reduce effective key space.
Microcode updates deployed through IME channels could modify AES-NI instruction behavior at its core, ensuring the cryptographic equivalent of building a vault door with steel exterior panels but papier-mache hinges. Everything looks secure until someone approaches from the correct angle. These updates could specifically target the AES-NI implementation to use reduced key space or introduce mathematical weaknesses into the diffusion properties of the algorithm.
Side-channel attack facilitation presents another avenue for compromise. The IME could enable precise timing measurements of AES operations, deliberately increase susceptibility to cache-timing attacks, and manipulate power states to enhance the effectiveness of power analysis techniques while appearing to function normally.
The most effective entropy reduction strategy would likely combine several approaches: replacing the AES-NI implementation with one that only explores a fraction of the key space, creating deterministic but seemingly random patterns for key generation, leaking key material via covert channels to the IME's persistent storage, and maintaining the outward appearance of full entropy while drastically reducing actual security margins.
Detection of such tampering remains virtually impossible given the IME's isolated execution environment.
Security researchers can only examine the results of cryptographic operations, unable to observe the process directly similar to trying to determine if someone has tampered with your food while blindfolded. The mathematics of AES remain sound, of course. But mathematics requires faithful execution to maintain security guarantees, and therein lies the fundamental issue.
danieldk•5h ago
https://web.archive.org/web/20170802160910/https://blogs.ora...
r721•5h ago
>highlights Particularly good comments from over the years
https://news.ycombinator.com/highlights
(via https://news.ycombinator.com/lists)
0xbadcafebee•7h ago
Anyway, I'm not worried because governments don't need to crack encryption to do dastardly shit. They have far easier methods to get what they want.
cenamus•5h ago
DJB had a good talk about how many degrees of freedom you can still get picking such numbers and how much you can weaken crypto algorithms (even though not outright breaking them), but I can't find it at the moment
kragen•7h ago
The most important one is that we're assuming that nobody finds a weakness in AES-256, so we have to brute-force it instead of taking some kind of shortcut. Historically speaking, that doesn't seem like a sure bet. (Some slight progress has been made on AES, but nothing practically useful yet: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard#K...) Similar comments apply to factoring large semiprimes and ECDLP; algorithmic improvements could remove many orders of magnitude from these estimates.
Sometimes, even when weaknesses aren't known in the algorithms themselves, there are weaknesses in how they are applied. The Debian OpenSSL fiasco, which seems to have been accidental, may be the best-known example: all secret keys were generated with only 16 bits of entropy. Reusing IVs for OFB or CTR mode is also catastrophic.
A somewhat pedantic note is that you seem to be using two conflicting definitions of "boil the oceans" in different parts of your comment: to raise them to the boiling temperature while leaving them liquid, at first, and to convert them to vapor, later, since you talk about "refilling them". Converting them to vapor requires several times more energy than that. Also, you dropped an order of magnitude somewhere; raising the oceans to boiling requires 5.46 × 10²⁶ J, not 5... × 10²⁵ as you say. ("545 million exajoules" is correct.)
I used `cal_mean` from units(1) to do the calculation, which is based on the mean specific heat of water from 1° to 100°. I'm not sure that's correct for salt water, though, and in any case that's a minor error.
"about 10,000 times humanity's annual energy consumption" is wrong. 545 million exajoules is about a million years of humanity's energy consumption, which is only about 18 terawatts, excluding agriculture.
As gosub100 pointed out, on average you only have to try 2²⁵⁵ possible keys before finding the right one, not all 2²⁵⁶, but that's only a factor of 2.
10¹⁸ AES attempts per second does seem like a reasonable upper bound, but it's much faster than currently existing encryption hardware. 10¹⁸ Hz is the frequency of 0.3-nanometer X-rays with an energy of about 4000 electron volts. I feel like any computer hardware that is performing operations that fast probably cannot be made out of molecules or atoms. You might be able to build it on the surface of a neutron star or a black hole. Seth Lloyd's Nature paper from 02000 on the "ultimate laptop", "Ultimate physical limits to computation", explores some of the physical phenomena involved, and how fast they could possibly compute: https://faculty.pku.edu.cn/_resources/group1/M00/00/0D/cxv0B...
If we take 10¹⁸ Hz and 2²⁵⁶ cycles as given, it is true that one computer would need 10⁵⁹ seconds to finish the job (4×10⁵¹ years), which is indeed about 2.7 × 10⁴¹ times longer than the universe has existed so far (13.79 billion years). But it's worth pointing out that the universe's lifetime is not yet over; it is expected to continue existing much longer than that: https://en.wikipedia.org/wiki/Timeline_of_the_far_future lists various stages of its future evolution, including the end of star formation in 10¹²–10¹⁴ years, the last star burning out in 1.2 × 10¹⁴ years, 10³⁰ years until all the galaxies fall apart, 2×10³⁶–3×10⁴³ years until all protons and neutrons are gone (if protons decay), 10⁹¹ years until the Milky Way's black hole evaporates, and 10¹⁰⁶–2.1×10¹⁰⁹ years until the last black holes evaporate. If protons are stable, you could definitely build a computer that kept computing for the necessary 10⁵² years.
And (as you point out next!) you could use more than one computer. If you could somehow use 10⁵⁹ computers, you could finish the job in a second, rather than in untold eons. It depends on how many computers you can get!
"10 watts" is a somewhat handwavy estimate. Most of the computers around me, in things like my multimeter and my MicroSD card, use a lot less power than that, often a few milliwatts. (The fact that the MicroSD card doesn't have a monitor and keyboard is irrelevant to using it for AES cracking.) I'm currently working on a project called the Zorzpad, to build a self-sufficient portable personal computing environment on under a milliwatt, something that has become possible recently due to advancements in subthreshold digital logic.
But even a milliwatt may be an overestimate for AES cracking on classical hardware, because reversible logic may be able to drop power consumption by one or more additional orders of magnitude, and as far as we know, there's no lower limit (not even the ones Lloyd's article talks about apply). AES cracking is especially suited for reversible computing, which is why I used it as an example in this comment a week ago: https://news.ycombinator.com/item?id=43850835
It may be worth pointing out that 10⁶⁰ joules (which, despite the possible weaknesses above in its derivation, is certainly a plausible ballpark) is a large number not just measured against Earth, but measured against the Sun and indeed the energy output of the entire Milky Way galaxy.
It's even large compared to the available energy in the Milky Way. If you divide it by c² you get 1.2 × 10⁴³ kg. The Milky Way weighs 1.15 × 10¹² solar masses (https://en.wikipedia.org/wiki/Milky_Way) which turns out to be 2.29 × 10⁴² kg, which is 2.06 × 10⁵⁹ J. So even if you converted the entire galaxy into energy to power your AES crackers, you wouldn't get 10⁶⁰ J.
It's probably worth including AES performance numbers on currently available hardware. You'll still get galactic numbers demonstrating that AES-256 is not currently brute-forceable.
greenavocado•57m ago
The Debian vulnerability was particularly bad. An AES key with 16 bits of entropy can be broken with the energy used by a single LED for a fraction of a nanosecond.
Reducing entropy covertly is probably the sole purpose of the so-called Intel Management Engine
rightbyte•5h ago
chokma•4h ago
"... brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
nullc•8h ago
Better to pay every party you need to to have boring vulnerabilities and security shortcomings, so that any information leak doesn't need a capabilities revealing explanation.
So I think this gives you no information on their capabilities beyond bribing commercial players, which isn't exactly new. In the past (and presumably now) our intelligence apparatus has outright owned crypto/security companies in order to distribute backdoored technology.
And of course they have, they're not prohibited, it's highly effective, they'd be incompetent not to.
bb88•8h ago
LEO and Prosecutors will use "parallel construction" to construct a narrative about how information was obtained in a legal way even though it was clearly obtained illegally.
Or you could choose to only act on 5% (e.g.) of the information gleaned -- and that which could clearly be shown to be leaked by a third party.
Or say if you were tapping the information of a mob boss, you could leak the information to a competitor and let justice work it's way through the streets instead of the courts.
nullc•5h ago
Now perhaps a somewhat safer tool is to just use the cracking to determine the best targets to bribe or backdoor, but only allow the group with the cracking power to give the names of services to monitor at any cost.
emmelaich•9h ago
deafpolygon•7h ago
[1]: https://xkcd.com/538/
starspangled•7h ago
xori•10h ago
frollogaston•10h ago
bb88•10h ago
arealaccount•10h ago
radicaldreamer•10h ago
dylan604•9h ago
bb88•9h ago
CrossVR•9h ago
rdtsc•7h ago
adeon•6h ago
Or alternatively, do you feel the Rovio employee's blabbering was talking about an actual, real NSA deal with Rovio, or was it more like a bar joke and direct NSA co-operation was not really implied? (e.g. "we know our security is bad, but these ad companies pay us $XX million to not use encryption so it's sorta like NSA pays us to keep it that way sips beer").
I'm interested, because if that is an actual thing that happened, then that's an example of NSA paying a Finnish company $$$ to weaken their security, and the Finnish company willingly agreeing to that. Is it in NSA's Modus Operandi to approach and then pay foreign companies to do this sort of thing?
Your comment is describing it in few words, but to me it sounds like it maybe wasn't implying an actual NSA direct co-operation, more like someone doing bar banter and being entirely serious. But that's just me trying to guess tone.
(I'm Finnish. I want to know if Rovio has skeletons in their closet. So I can roast them.)
leftcenterright•5h ago
- Rovio sold data to ad companies (ad companies primarily based in the US)
- They used AWS (to which of course NSA has legal access)
- Data is not end to end encrypted, all metadata sits on servers in plain text and within AWS even moves from server to server in plain text
How much insight metadata can grant to someone like NSA is still wildly underrated.
- https://www.propublica.org/article/spy-agencies-probe-angry-...
adeon•5h ago
The specific question I am interested in is: Did Rovio knowingly and willingly accept $$$ from NSA (directly or indirectly) to weaken their security? I.e. were they acting as a willing accomplice.
Because that part would be unusual for Finland (well, at least as far as I know). For US companies I wouldn't bat an eye at news like this.
leftcenterright•5h ago
Mostly in such cases, direct involvement and paying dollars is a clear no-go for the intelligence agencies. They could instead be paying the ad agencies.
Also note that we are talking pre-Let's encrypt and TLS everywhere world, a lot of this traffic was also just plain text making it much easier to harvest.
Some interesting insights from this piece: https://web.archive.org/web/20180719081149/https://theinterc...
leftcenterright•4h ago
- https://www.interface-eu.org/events/background-talk-with-byr...