https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...
https://www.reuters.com/article/opinion/commentary-evidence-...
https://www.theguardian.com/us-news/2014/oct/11/second-leake...
It is possible that the "second source" and the shadow brokers are one and the same.
https://www.electrospaces.net/2017/09/are-shadow-brokers-ide...
https://www.emptywheel.net/2017/09/15/shadow-brokers-and-the...
And here's an interesting tidbit about a possible link between TSB and Guccifer 2.0
https://www.emptywheel.net/2020/11/01/show-me-the-metadata-a...
Why is this a problem?
There's also rather little reason for Snowden to bother commenting on the very widely known abuses by Russian government, what could he possibly have to offer on that topic that hasn't already been said?
For example, Telegram does this, using a homemade encryption protocol that has no clear-text SNI like HTTPS. As I remember, WeChat also uses some home-grown form of obfuscation.
As a bonus, this makes it more difficult for telecoms to discriminate against certain sites or apps and helps enforce net neutrality no matter if they like it or not.
Consider that TAO (or SSF) can probably get through your firewall and router, and maybe into the management engine on the servers with your critical data.
The only thing you've got going for you is that they will (probably) keep your data secure (for themselves).
I don’t like these general observation comments. This kind of makes it unappealing to learn about encryption, but it’s worth it and makes you choose either a proper encrypted software or use a key for secret messages.
If everyone including the priority traffic did this, then I guess it would have an effect on net neutrality, then I could see that it would make a difference, but I don't see how that could be construed as "whether they like it or not" given that they could just as easily not implement this if they didn't "like it".
That's not to say this isn't worth doing for the privacy and security benefits, but I'm struggling to see how this would have any real-world influence on net neutrality.
The article begins with:
> XKeyscore (XKEYSCORE or XKS) is a secret computer system used by...
This should be edited to:
> XKeyscore (XKEYSCORE or XKS) is a classified computer system used by...
The program is allegedly a Top Secret program.
[0] https://en.wikipedia.org/wiki/User_talk:Discospinster#WTF_ed...?
apt-get•1h ago
We hear a lot about local agencies perusing the services of private companies to collect citizens' data in the US, whether that's traffic information, IoT recordings, buying information from FAANG, etc. What's the NSA's position in the current administration? (e.g. we've heard a lot of noise in the past about the FBI and CIA getting the cold shoulder internally. I wonder how this applies to the NSA.)
monerozcash•46m ago
NSA does not have magic tools to break modern encryption.
themafia•43m ago
The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
monerozcash•42m ago
Even if true, significantly degraded. Probably not true though, NSA has been very leaky and such a story would be kind of devastating for Google. NSA lacks the legal capability to force Google to do so, the money to bribe Google to do so and also almost certainly lacks the political backing to put one of the biggest US companies in such a position.
I don't doubt for a second that NSA could hack Google (or just bribe employees with appropriate access) and break into specific Gmail accounts if they wanted to. Bulk collection would be far more difficult to implement.
>The NSA has spent no small amount of time in the last decade obviously interfering with NIST and public encryption standards. The obvious reason is they _want_ to have the magic tools to break some modern encryption.
They do try, they just haven't been very successful at it.
themafia•35m ago
monerozcash•26m ago
Neither of these approaches would enable bulk collection.
I'm sure the NSA can read essentially any emails they're interested in, they just can't do so at anywhere near the scale they used to pre-Snowden.
Not only that, these days almost all chats have moved to E2EE platforms. Reading that traffic in a stealthy manner requires compromising endpoints, bulk collection simply isn't possible.
ls612•33m ago
matheusmoreira•9m ago
https://www.ethanheilman.com/x/12/index.html
hollow-moe•34m ago
monerozcash•12m ago
It's also worth considering that CT makes it extremely noisy to use such certificates to attack web browsers.
notepad0x90•34m ago
2) They didn't build a Yottabyte-scale datacenter for no reason
3) They have the capability to compromise certificate authorities. Pinned certs aren't universal.
4) Speculation, but, Snowden's revelations probably set off an "arms race" of sorts for developing this capability. Lots more people started using Tor, VPNs, and more, so it would almost be dereliction of duty on their part if they didn't dramatically increase their capability, because the threats they are there to stop didn't disappear.
5) ML/LLM/AI has been around for a while, machine learning analysis has been mainstream for over a decade now. All that immense data a human can never wade through can be processed by ML. I would be surprised if they aren't using an LLM to answer questions and query real-time and historical internet data.
6) You know all the concerns regarding Huawei and Tiktok being backdoored by the Chinese government? That's because we're doing it ourselves already.
7) I hope you don't think TAO is less capable than well known notorious spyware companies like the NSO group? dragnet collection is used to find patterns for follow-up tailored access.
monerozcash•15m ago
Yeah, they can still collect lots of useful metadata.
matheusmoreira•29m ago
monerozcash•27m ago
They can easily go after specific targets, but bulk collection is no longer viable in the same way it was pre-Snowden.
matheusmoreira•24m ago
Degraded would be "it is impossible for them to know anything about people unless they send dozens of human agents to stalk them".
monerozcash•22m ago
The first approach enabled them to find targets that were not on their radar based on message contents, they can no longer do that.
matheusmoreira•13m ago
No doubt they still read texts. I think the US is still among the countries that use SMS a lot.
They no doubt have access to the data big tech's mined out of the entire world's population. That capability alone puts them into "bring everything about this guy up on the screen" territory.
monerozcash•9m ago
I don't doubt for a second that they can read specific emails, but to suggest that they have bulk collection capabilities within Google or Microsoft is a stretch. NSA lacks the legal authority to compel that, NSA lacks the money to bribe Google or Microsoft and NSA likely lacks the political backing to put the biggest US companies in such a compromised position.
>I think the US is still among the countries that use SMS a lot.
Sure, but that's increasingly iMessage.
cperciva•6m ago
To quote a former Chief Scientist of the NSA, Rule #1 of cryptanalysis is "look for plaintext". Implementation flaws are very common.
yupyupyups•25m ago
They don't. But they have other options.
For example, Cloudflare is an American company that has plaintext access to the traffic of many sites. Cloudflare can be compelled to secretly share anything the NSA want.
monerozcash•20m ago
This is true given some possible interpretations, false given other possible interpretations. Cloudflare can be secretly compelled to share specific things, there's no legal mechanism to compel Cloudflare to share everything.
snorbleck•25m ago
monerozcash•8m ago
ch2026•21m ago
tehjoker•20m ago
monerozcash•12m ago
That's a very boring capability compared to what they were able to do pre-Snowden. That's also not a new capability, they were able to do that pre-Snowden too.
themafia•45m ago
monerozcash•43m ago
themafia•36m ago
https://www.reddit.com/r/LateStageCapitalism/comments/1hlmq3...
The FBI apparently attempted to use this in the Bryan Kohberger case:
https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-ko...
It's hard to find solid coverage of this because obviously the methods are often hidden and rarely leak out to the press at large. The press also gets confused and thinks that defending our constitutional rights will lead to criminals being acquitted.
If you spend a lot of time watching and studying these cases and how they evolve throughout the courts it becomes obvious that this is likely occurring more than most people realize.
monerozcash•30m ago
The caller is easy to identify, how could the government ever trust this person to not reveal their parallel construction? If they were planted by the government, that'd be extremely difficult to hide. The government also likely wouldn't be able to compensate them in any meaningful way for telling such a lie.
The Kohlberger case also does not suggest parallel construction, the DOJ policy isn't binding and the DOJ can in fact legally violate that whenever they want.