It's possible but I really doubt it, considering the sheer volume of message being generated every moment. It would be much easier and less likely to have hiccups like these if they just give them server access on demand, rather than having a live data feed replicated to 18 separate locations. Moreover the tweets actually show names and addresses of various internet cafes in one of the pictures. This information should not be available if the data is coming from the service provider's backend.
Contrary to popular opinion on HN and other forums in the Anglosphere, surveillance in China is a nuanced problem and tech companies are far from completely passive. Local police are often denied when they request information because technically they lack jurisdiction on companies located in a different town or province. As a result they resort to catch-all interception using devices like these makeshift DPI systems(there is no clear legal requirement, but internet cafe owners are easily coerced into installing them or risk having their business hut down over various infractions) and Stingray-like fake cell sites (a constant source of conflict with major telcos because they are often poorly installed and would interfere with normal cell sites).
These ad-hoc schemes are usually put together by the lowest bidder, so they tend to be horribly inefficient and insecure like what's been shown in this case. But to local LE it's still preferable to going dark, not to mention there is usually little accountability when their system breaks.
Or did they? The global SIGNIT capacity of the NSA has been pretty well known before Snowden. The more revealing part of the Snowden leaks was that the NSA has been spying on US soil without clear authorisation.
Personally speaking, Snowdon actually made me a lot less paranoid about the NSA: They are, like every other nation state backed blackhat, relys on having physical access and 0day exploits to do their bidding. No magical backdoor or quantum computers involved.
NSA spying on US soil was long known[1] (and of course "clear authorization" was never granted if you interpret that phrase to mean "public" and "accountable")
I'm not sure where you got the notion that they need physical access to anything either. Apart from intercepting comms on the wire, they deliberately subvert crypto standards in such a way that only they have access [2]. That is as close to a "magical backdoor" as it's possible to get.
Well, Room 641A is a form of physical access. They are not yet capable of breaking into any commpany's network from outside.
The slides in the guardian article is pretty vague. The only proven case of NSA inserting a backdoor would have been the DUAL_EC_DRBG algo, and people have been alleging that from the very beginning. IIRC, Bernstein went on further and suggested that the NIST ECC curves may be compromised, but that's far from proven.
Most real life attacks we have seen such as logjam and beast arises from longstanding vulnerabilities that are in no way exclusive to the NSA, but they are probably in a better position to analyse past interceptions once an.exploit has been found.
> They are not yet capable of breaking into any commpany's network from outside.
They can break into any company's network but they can't break into every company's network.
I believe that if the NSA targets a company, they'll almost certainly be able to infiltrate the network after some nontrivial targeted and sustained effort. Maybe someone like Google could fend off the NSA but I doubt it. The NSA only has to get lucky once, Google has to be secure 100% of the time. It's a tough battle.
But the NSA isn't currently monitoring every private corporate network, that's just crazy talk. I think.
"Internal NSA presentation slides included in the various media disclosures show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details.[2] Snowden summarized that "in general, the reality is this: if an NSA, FBI, CIA, DIA, etc. analyst has access to query raw SIGINT [signals intelligence] databases, they can enter and get results for anything they want."[13]"
That would fully qualify as a "magical backdoor" in my opinion. Companies stated as participating in the PRISM program include Microsoft, Facebook, Google, and Apple, among others.
It's rare to see comments like yours from people who know about the technical details of how the Chinese government manage the internet. Could you share some please? How often do people actually get into trouble for their internet usage?
>the technical details of how the Chinese government manage the internet
This is a very broad topic that require several books to cover, but I will try to outline the more prominent features in a short few paragraphs. Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced. In time, everyone is likely to have already committed some crime as a matter of necessity and thus nobody is safe from the law; the constant threat of law enforcement make people fear the authorities.
Every website serving users in China needs to apply and hold an ICP license[0]. Without a license, no hosting company will do business with you and your domain name run the risk of getting blacklisted if you decide to host it on a foreign server instead. If you have an established online presence, it is in your best interest to avoid anything transgressions that might result in the loss of your license, including but not limited to:
- Hosting illegal content
- Not promptly deleting content at the request of authorities
- Not complying with any of the cyber security laws
Additional permits are required if the website hosts music/video, publish games or offer money handling services. These permits are often intentionally kept scarce to make the industries more restrictive and compliant.
As for internet users, every service they use require an account tied to their real ID. This is usually done by registering a mobile phone number which is technically always tied to a real identity. Public internet access also require phone verification to access. Therefore anything posted to the internet can theoretically be traced back to its author.
>How often do people actually get into trouble for their internet usage?
This is a really tricky question. Because of all the issues I mentioned above, service providers are strongly incentivized to practice self censorship. Thus a lot of contentious stuff people say will disappear before the authorities gets involved, especially if they are on the open web. Over at the more closed platforms such as WeChat the standards are somewhat relaxed, but from time to time people do get in trouble for what they post. In any case it's hard to tell because the standards being used to judge your words are in a constant state of flux.
What happens after that really depends on where you live. In large cities, the police have more real problems to deal with and are subject to more oversight, so they tend to turn a blind eye except for the most blatantly seditious messages. And even in the latter case most people are let go after a formal warning without much consequence. Small town cops, on the other hand, are a lot more eager to seek prosecution, especially if they are corrupt or have a personal vendetta against you. Conflict zones like Xinjiang are the worst because they are under effective martial law, so anything remotely out of the line will get a follow-up.
> Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced.
as a complete sidenote, aside from your excellent comment, I'd like to point out that this is true in 'The West' too.
EDIT: Let me give a specific example in my home country (The Netherlands). Weed is 'tolerated', but not legalized. You might feel free: you can buy weed at coffeeshops, even smoke it in front of a cop but it's still illegal.
Woe is you when you smoke it with any regularity and drive a car! If for some reason you're stopped for 'erratic behavior' in traffic, you can be submitted to a saliva test. Depending on your online sources, these can tell whether you've smoked weed in at least the past 24 hours. But when the cops are not friendly, they can make you take a blood/urine test, in which use of weed can be detected for up to 3 months, chronic or otherwise, at least.
What this means is that in The Netherlands, which weirdly is often seen as a laissez-faire place to smoke, you can be caught as a 'drug user' even if you've not smoked 3 months after your last joint.
What happens next is that your license is revoked, you might be imprisoned, and for the next year or so you need to take various tests to prove that you're safe on the road, and you might have to talk to a psychiatrist. Costs very well might exceed 1000 euro for all of this.
To be clear, if you never smoke weed, and light up once, you'll be safe after about 24 hours. But any usage beyond that puts you into a murky world that potentially leads to all of the aforementioned, no nuance.
My point is that is 'authoritarian' has quite a few dimensions, and even a 'liberal', 'western' country like The Netherlands is quite authoritarian from certain perspectives. That's not to diminish what you're saying about China, but just something to keep in mind.
Thanks for the comment. Maybe I am reading it wrong, but what you described sounds rather reasonable to me. After all, marijuana does impair one's ability to drive[0]. The traffic laws may be a bit draconian but I find it hard to argue against it in principle.
To give you a related, and hopefully less political example: People who suffer from epilepsy in my country are technically disqualified from driving for 12 months after a major seizure. In that event their affliction is probably not controlled by medicine and there is a chance that they might start seizing behind the wheel.
An unintended consequence of the law is that epileptics would go to great lengths to hide the extent of their condition for the fear of losing their driving priviledge. It's not uncommon for epileptics to lie to doctors, or even refuse to go to a hospital after an ambulance has been called for them, just so an episode could remain off the book.
Some might be doing it for vain reasons, but there is also a good number of patients who cannot afford to lose their license as their job security may depend on it. The balance between public safety and personal freedom is never easy.
> Thanks for the comment. Maybe I am reading it wrong, but what you described sounds rather reasonable to me. After all, marijuana does impair one's ability to drive[0]. The traffic laws may be a bit draconian but I find it hard to argue against it in principle.
I do agree that driving while high, or shortly after, is not a good idea.
The problem is that smoking with any regularity at all is effectively illegal, regardless of how sober you are when you're stopped, and the punishment is ridiculously heavy.
I mainly used the example in response to the earlier comment ("Before I start, it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced."). Specifically when it comes to driving and weed, I'm definitely in favor of some regulation, similar to how we treat alcohol and driving.
I agree this is quite a problem, and not fair. But, what alternative do the police have? Refuse to arrest people for driving while high, because they have no test for it?
I don't mean this rhetorically: it seems that we have to err in one direction or the other until we come up with a better test. What do you think?
A saliva test is decently accurate as a first pass to detect smoking in the past 48 hours or so. A blood test is more accurate, but can have 'positive' result for chronic smokers even if they've not smoked for weeks or months.
The problem is rather that unlike alcohol, 1) there's no matter of degrees and the cut-off point for testing 'positive' is extremely low, plus the punishment is unusually high, especially when compared to alcohol which provably impairs driving significantly (and almost certainly more severely than weed). And 2), contrary to all other drugs, the 'evidence' of smoking is stored in your body's fat, which means you can test positive even if you've not smoked in a long time (and are almost certainly not driving-impaired).
> it's important to point out that in a authoritarian state like China, laws are often deliberately made very strict but only loosely enforced. In time, everyone is likely to have already committed some crime as a matter of necessity and thus nobody is safe from the law; the constant threat of law enforcement make people fear the authorities.
Expanding a little on the point mercer is making, the legal situation in the US (and other "friendly" countries) does not differ from what is described here. What's different is that people mostly don't fear the authorities so much.
But since the legal situation isn't different, it can't explain why the authorities are feared in China. I suggest that the fear is based more around "what is the government likely to do" than "what is the government allowed to do".
>I suggest that the fear is based more around "what is the government likely to do" than "what is the government allowed to do".
Government is not a monolithic being. Each branch have their own intention and goals.
In any case, due process is underdeveloped in China and the police does have a lot of arbitrary powers that will affect people's lifes. For example, the police is allowed to detain anybody at their pleasure for up to 15 days; there is no appeal and the incident stays on your record forever.
Most time they don't have any reason to mess with a random individual, but they won't be sorry about it either when it happens.
