You can encrypt DNS with DoH if you want, but the DoH provider still sees its you. You can take it a step further with Oblivious DNS over HTTPS if you really want to conceal DNS activity[1]. Note: this technology is rather new and experimental.
[0] https://en.wikipedia.org/wiki/Server_Name_Indication
[1] https://research.cloudflare.com/projects/network-privacy/odn...
Even without looking into the encrypted payload there is so much you can learn from graphs connecting and the metadata.
I am decently sure that some state agencies help design routers.... if you know what I mean :)
Websites in the range 54.239.0.0/8 often host problematic content. My opponent visited several addresses in this range overnight and hid his traffic with military-grade message scrambling functionality.
Of course that's just AWS and you can't even do HTTP/2 or HTTP/3 without encryption. But do the voters know that? Will they be educated on it? Probably not. And you're not saying anything untrue, you have facts and logs to back up your assertions!
Of course this is only relevant for targeted surveillance, not mass surveillance.
Happy to be corrected though, I've been wondering about this.
Some web browsers have pinned certificates for certain services, Google Chrome/Chromium being one of those. Subsequently, the browser refuses to perform any more actions towards the server that serves an invalid (according to the browser) certificate. That browser is also one of the reasons the DigiNotar case in 2011 emerged to the surface.
In my opinion, it's less about the amount of cleartext traffic, but also about what parties terminate your so preciously encrypted connections/requests, the percentage of internet traffic they handle, and what they exactly store about those requests.
Encryption on the internet doesn't mean it's suddenly safe.
Metadata analysis on netflow, source and destination traffic, etc.
Most people still don't use VPNs for everything, and some services outright block or degrade VPN connectivity. Two notable examples are most banks, and 4chan.
I firmly believe 4ch is a Honeypot.
How does that work in practice (under Dutch law)?
So it's a noble cause then? Or does it have privacy implications for innocent netizens? I thought these exchanges would have been tapped in some form way before this announcement?
Surely no law enforcement would overreach when given tools like these, right? Right?
https://nos.nl/artikel/2432715-inlichtingendiensten-moeten-g...
https://www.rtlnieuws.nl/tech/artikel/5294998/aftappen-aivd-...
If you consider "to play its part in the trade war between US-China which is extending into real WW 3" as noble, then yes, it's noble.
– Milton Friedman
I assume this is going on routinely already.
Governments think they are above their own laws. Warrants? Privacy rights? Due process? Why bother?
Not that I agree with it, no, but it's not like they're acting above it.
Assume, the Chinese, Russians, North Koreans, Iranians, Americans, and everybody else gets a copy of all the bytes you send and receive. That may or may not be true depending on who or where you are and how competent their people are. But you can't rely on that not being the case so you simply shouldn't. So make sure that whatever they intercept is gibberish.
Is there any unencrypted traffic over these cables at all at this point? It's all ssl and https at this point, I would hope. There's still some intelligence to be extracted from which IP addresses are talking to which other IP addresses. But beyond that? What's really there to be intercepted that we haven't fixed yet?
The CTIVD will have supervision during and after the tab (good).
Private data can be held much longer without government approval (why?).
There is no permission needed to tap another server when a party, that is under surveillance, is moving there.
---
I have mixed feelings about this. We know Russia is trying to disrupt the Netherlands because of previous taps. So on one hand it is good that the government can quickly react to such threads. On the other hand it has huge privacy implications.
Some people in this thread think that TLS will keep us private but that is not how it works when they can listen to all traffic. For example they can see I posted a request to Hacker News on a specific time. Then it is a matter of finding all posts that were made around that timestamp to see what I wrote and what my username is.
I think this is a lot of work to do. Just ask some 3 letters agencies for some help on some malware or on some "router firmware bugs" to be exploited etc. They don't care about hacker news readers or posting comments (because this implies you must know the DNS first, etc). They care about botnets DDoS-ing your railway infrastructure, ransomware on hospitals, serious stuff that can lead the country to chaos.
Twenty years ago, the excuse was "we are restricting your freedom because of what happened in 11/9."
Then in the internet age, the excuse became "we are restricting your freedom to save the children from online abuse."
Now, Europe has unlocked the option to restrict its citizens' freedom because of the "war."
I ask my fellow computer engineers what the hell are we waiting for to pool our minds and resources towards a truly decentralised, encrypted and anonymous overnet. Something a little more practical than I2P, Tor, Freenet, etc. "Oh bad people will use it to do crime" is not a serious enough excuse to just passively accept the government tightening the noose around our digital presence, for total control by the State, all in name of safety and security. Was Bitcoin (2009) the last hurrah of the crypto-anarchist ideals of freedom of thought, freedom from the Big Brother and freedom from the ever-looming State?
https://groups.csail.mit.edu/mac/classes/6.805/articles/cryp...
I often hear this somewhat loose idea and have to say that I also have such reoccurring thoughts myself. We currently enjoy pretty great freedoms to do stuff, we have the chance to set something up, and those freedoms might be severely restricted in the future. It may be easier to develop something like that now than it will ever be in the future. The problem seems to be that there is no coordinated plan. Stuff like Tor exists, but it hasn't really caught on as much as one would hope. Also it is built upon a rather specific architecture (the internet) from what I understand, which could basically be shutdown by authorities at any moment.
For example, I can't currently safely communicate with people in my geographic area independently of the internet, even though my devices theoretically have the hardware to do so (think of radio capabilities, for example). There might be some lose projects out there capable of some of it that 99.9999% never heard about, but nothing that could actually be considered general-purpose. Why is that?
It isn't an easy problem to solve. And it isn't enough of a problem for people to actually apply themselves nearly enough. Once it is needed in a way that more people would devote their time to it, it might be too late.
I can't wait to pay ESG tax because I am breathing.
Now I look at this and all that comes to mind is that actions like this would provide a basis for tapping people closer to source.
All the p2p and e2e encryption in the world won't help if someone is reading every key you type, or in the near future, every thought that crosses your mind.
Still, I applaud your spirit.
"Nobody who speaks German can ever be evil"
- The Simpsons
Is there specific intelligence leading to this? It seems very to the point about being related to Russia.
Biden, on the other hand, renews them promptly, to bipartisan satisfaction.
Funny how that works. :p
I lived next door to someone that was busted for growing weed. The neighbor on the other side was involved at the time and then continued to harrass him then me because I complained about it for the next 10 1/2 years. The law only allows use of a civilian for a year with a contract in advance and no committing crimes. Didn't stop them. They spent more than 1 million euros in harrassing someone who was already convicted and then their neighbor because they complained.
I was told by the police that my phone had been tapped already, though I had already guessed that.
You want to listen to what they want to do before they do something to your country. This is what this thing allows you to do: every internet packet transiting through the Dutch internet exchanges will be "scanned" (largely read-only).
However:
> The powers granted to the services are broad, but also largely ‘read-only’.
Largely `read-only`, the way I read it, means that in some cases they can actually replace whatever is going through the cable.
I imagine something like:
- terrorist A and B are texting each others, and you replace some of the text that they are sending each other (before this is received over the phone, because you own the "hop"), so that you can maybe redirect them straight into the police hands.
If done properly, I believe this can prevent quite some bad damage - not the simple example above, but probably also major things like serious attacks (e.g., ransom attacks on public institutions, etc). That's my guess - how easy or realistic this is, I can't tell you.
If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
