undefined | Better HN

0 pointsxyzzy12312y ago0 comments

> that the NSA story was not a revelation, that it wasn't even news

I still disagree on this (but wouldn't downvote you for expressing that opinion).

I now design and review systems with the assumption that the GPA (global passive adversary) is real. It's not a political thing; it's an observation of technical reality.

To explain why that is a shift in thinking, note that basically every web-site password reset mechanism in the world (apart from those that employ 2FA) is broken in this scenario.

Sensible people cannot expect Tor to provide the fig-leaf of safety it seemed like it offered.

GPA was not a default assumption in threat models before.

0 comments

3 comments · 1 top-level

Daniel_Newby12y ago· 2 in thread

How recent do you think this shift is? I don't remember when I learned how juicy a target international telephony is, but it had to have bern the late 90s. Certainly defense contractor salesmen have been treating the hotel telephone with great suspicion for a long time.

vxNsr12y ago

I did't realize that anyone outside of movies even used hotel telephones anymore (except to call Housekeeping or the front desk).

About the other stuff, I only recently realized that the IRS scandal, the US spy who was caught in Russia, and Benghazi have basically disappeared from the news, while the one thing that the White House has the least control over and is the most distanced from is the one that is now most talked about.

Another thing to think about is that when the IRS story broke, a lot of new agencies were calling it a "controlled or planned leak" meaning that the white house and IRS had coordinated on how and when to break the story, timing it with new info on Benghazi for information-overload, and finally Snowden was just a freebie, while I'm sure they're not happy about the facts coming to light, nothing internally will really change, they'll continue spying on us, they'll just be more careful who they allow to access the information.

xyzzy123OP12y ago

Well, since Snowden. Name a site with secure password reset.

j / k navigate · click thread line to collapse