undefined | Better HN

0 pointsbitreality7y ago0 comments

Oh come on now. The US Government forces tech companies to share information all the time.

http://www.msnbc.com/msnbc/us-government-threatened-yahoo-bi...

They certainly can, and will, go after any company they want to, without referencing any specific US legislation.

0 comments

ISPs and VPNs have different laws then, for example, email providers. Further, Yahoo Mail, would be storing data (thus "voluntary" logging, or in their case, there's few ways around it to deliver their services in any kind of usable way).

I repeat, after having evaluated this quite deeply, that there are no mandatory data retention laws in the US, period, for ISPs and VPNs. This is contrast to quite a few jurisdictions, and the poor actions taken by ISPs and VPNs in said areas seem to speak louder than words.

That being said, I can relate to the author. Trusting a random service without any reason to trust is definitely blind. However, trust can be earned, over time, and validated, but should never be absolute. Trust is earned, daily, forever.

That being said, at the end of the day, the best bet is to remove trust from the equation - to get closer to a zero knowledge state, thus creating zero trust.

We're working toward that, every single day, and I would love to hear from anyone that's interested in helping or has thoughts.

bitrealityOP7y ago

You're saying that organizations can avoid being subject to providing data if their service does not store the data. But I am not convinced. If the NSA or whatever 3 letter agency demanded the data be made available in a secret court, the company would have no choice but to comply.

They could require this in several ways. They could store the data directly on government servers, or set up a third party server and store the data on there, where both parties could access it. Either way, there is no technical reason the data can NOT be collected, so if the big boys want it, they will get it.

comex7y ago

The demands mentioned in your link did reference specific US legislation: FISA section 702.

bitrealityOP7y ago

Before all this information got leaked, nobody knew about FISA section 702, nor had any idea how it was being interpreted and acted on by government agencies. I think it's quite clear that the secret courts in the US put huge demands on organizations to share and collect data on government behalf. Even worse, the organizations can not even publicly disclose information from the proceedings.

Until I see something to convince me otherwise, I assume any sizable organization that is operating within the United States shares any/all data requested. No loophole will protect them. If they don't collect the data, guess what, time to start collecting.

1 more reply

okmokmz7y ago

US companies perhaps. That's why so many recommend non-US VPN services

j / k navigate · click thread line to collapse

0 comments

rasengan7y ago

That being said, at the end of the day, the best bet is to remove trust from the equation - to get closer to a zero knowledge state, thus creating zero trust.

We're working toward that, every single day, and I would love to hear from anyone that's interested in helping or has thoughts.

bitrealityOP7y ago

comex7y ago

The demands mentioned in your link did reference specific US legislation: FISA section 702.

bitrealityOP7y ago

1 more reply

okmokmz7y ago

US companies perhaps. That's why so many recommend non-US VPN services

j / k navigate · click thread line to collapse