This is a financial disaster waiting to happen. Microsoft is oblivious if it is not doing something to divorce itself from the NSA.
Apple, on the other hand, could have come out smelling like a rose, but following the death of Steve Jobs, who apparently refused to play ball with the NSA, it stupidly jumped on board to join the PRISM club.
According to the Prism slides, it really looks so:
"Dates when Prism collection began for each provider
Microsoft 9/11/07
Yahoo 3/12/08
Google 1/14/09
Facebook 6/3/09
PalTalk 12/07/09
YouTube 9/24/10
Skype 2/6/11
AOL 3/31/11
Apple (added Oct 2012)"
Steve Jobs: February 24, 1955 – October 5, 2011.
If it's true, it's one reason more to deeply admire him.
And can you just imagine how much more sales Apple would get now for not being on that list?
That reminds me of Putin a little bit. Even if you think some leader is an asshole, sometimes you need an asshole to stand up to an even bigger bully. I just imagine someone like former president Medvedev (and with no Putin in sight) would've offered Snowden to US government on a silver platter, just like France, Spain, Portugal and Italy tried to do (fortunately unsuccessfully). I remember I was very much against Putin when he fought the US' anti-rocket shield, but over the past few years I've started to understand why he would do that. No country should own the whole world.
I don't think mtgox was implying principle, just a willingness to resist, even for the wrong reasons. ("You can't imprison dissidents. That's my job.")
You might find some of what you're looking for on the wikipedia page I linked to. But courts are only very rarely the place where accusations against heads of states are examined, especially when it comes to superpowers.
Anyone who serves in a role as top leader of a country or large corporation is an asshole -- it's a job requirement.
What you're seeing in Putin is the ability to be independent. He gets to enjoy watching the Americans squirm at low cost. What's the US going to do to Russia? Our diplomats will be rude to each other, maybe we won't attend the Russian summer ball and snub the Russian ambassador, each country will declare some spies persona non grata.
At the end of the day, the areas in which the Russians and Americans cooperate are areas that they have a mutual interest to do so.
Others, like the Germans or Spain are different. They piss off the US, we cut off the faucet of intelligence, money, privileges, etc.
For those who know Formula 1, I think Bernie Ecclestone and Max Mosley are the sort of examples that might work. Of course, some would say they are and were the bullies that needed standing up to. Heh, I suppose that gets us to the terrorist / freedom fighter type debate!!!
What amazes me is that among those corporations with revenues in the tens of billions of dollars, not one of them challenged the constitutionality of the decision in court. Not one, not once.
Not that it would be necessary in an obvious case like this, but each one of Microsoft/Skype, Google/Youtube, Apple and Facebook could easily have hired the nation's best and brightest one thousand lawyers at $1,000 an hour, full time for 10 years to defend privacy. It would have been well within their means. Yet, each of them chose to back down. Each of them chose to fail their users' trust.
I don't think its due to cowardice. If these organisations cared the slightest bit they would have acted to protect their users. Not in the wildest scenario would the US government have jailed the leaders of Apple, Google or Microsoft. My best guess is they got something in return.
It's possible that there's as-yet undisclosed legal action with some of the others; the secrecy around just about any proceeding in the FISC makes it very hard to tell.
> The judicial Power of the United States shall be vested in one supreme Court, and in such inferior Courts as the Congress may from time to time ordain and establish.
Congress certainly does have the 'say so' -- at least with 'inferior Courts'. That still leaves the Supreme Court though as final arbiter.
I'd like to agree with you. I believe there is a category of societal actions that constitutes a court of justice within the framework of a civil society; secrecy doesn't fall into that category.
Not in the wildest scenario would the US government have jailed the leaders of Apple, Google or Microsoft.
That may be naive. Most people have skeletons in their closets. The government would use these to pressure those leaders to acquiesce. I suspect the most dangerous skeletons are ones which seem harmless to you, but cast in the proper light they can be used as a justification for punishment. E.g. Something which seems harmless now can retroactively be used to claim you were doing insider trading. Few people would step up to defend you, even if the charges are baseless, because recently it's been fashionable to hate capitalists, and trading stocks is the epitome of capitalism. So it'd be very much "obey us or we will litigate you into bending your knee anyway."
Jobs was immune because he was the CEO equivalent of a rockstar. To try to pull baseless charges against him would outrage the public. Yet I'd imagine the public would get grim satisfaction out of seeing Ballmer punished, even if the charges were baseless, because most people don't like him. It's shallow, but it seems true.
On one hand, the CEO of Qwest was convicted of insider trading, and he claims it was retaliation by the NSA because Qwest would not participate in warrantless wiretapping.
On the other hand, the federal government had a perfect excuse to prosecute Steve Jobs in 2006 with the options backdating scandal, but chose not to. Those would not have been baseless charges--Apple really did backdate those options. The government just concluded that Jobs was not personally culpable.
Well, PRISM seems to have been created in '07. Plus Apple didn't matter very much in '06 -- not in the same way Google mattered. Apple didn't have much user data for the government to be interested in, because iPhone didn't launch till June '07.
That's actually a perfect example of leverage that the government would have used against a technology company to pressure them into doing the government's bidding.
I remain astonished that Martha Stewart was targeted, convicted, and jailed. I don't care either way if she did some thing wrong. I care about the unequal application of justice.
In contrast, I can't imagine anyone targeting Oprah. She'd destroy (PR-wise) anyone challenging her. Recall that beef lobby's attacks.
I agree - it's what I mean when I say that I think they got something in return for not fighting the FISA requests. Could be antitrust cases that were dropped, tax hikes that were cancelled or more personal matters.
It's been my observation that revenue in the tens of billions of dollars doesn't enable a company to make bold, risky moves -- it hinders it. People become very risk-averse when there's a lot to lose. Many of these well established, high revenue companies can't even take the risks that are necessary to continue having revenue in the tens of billions of dollars, much less stand up to nation-states.
For all we know, some of them may have challenged it but they cannot make those details public because they're not even allowed to admit the NSA requested such information to begin with.
I wonder what would a Tim Cook-made iMessage look like from a security standpoint (probably a lot more like Skype/Hangouts than how it works right now).
* Apple distributes the encryption keys
* Multiple keys can be associated with an account (iPhone, Mac – and the NSA?)
* Apple can retain metadata
* Apple doesn't use certificate pinning
My understanding is that this isn't that bad. If you use iCloud, then the NSA can read your old messages. If you don't sync your iMessages with iCloud, under the assumption that not every iMessage gets encrypted to an NSA key in addition to the recipient's keys, your messages are safe until the NSA/other law enforcement explicitly targets you, and even then, they can only read new messages and not previous ones.
"And can you just imagine how much more sales Apple would get now for not being on that list?"
Barely any change at all, I'd bet. And not worth the legal hassle they could have been up against if it came to a knock-down, drag-out battle with the US Government over <spins the dial>.
I can imagine that U.S. companies wouldn't do anything, but European companies would be much more motivated for transition. As we speak, the top managers in Europe do try to find an alternative and everybody likes the easy way out. At the moment, baring some other potential compromising evidence, Apple would be such a way was it not on the Prism slide. Transitioning to big the powerful non-compromised Apple would be probably valued as less pain than transitioning to your in-company-made Linux distribution.
Seems like "Think Different" was more real than "Don't be Evil". Even with all the Apple's closed ecosystem.
This reminds everyone to look at different angles when we criticize people/companies and understand that, even now, an individual makes a lot of difference.
It's conjecture, but it's likely. Apple as a company has put a high value on user privacy, which was heavily influenced by Steve. He was also known for maintaining a high degree of personal privacy for such a public figure (for instance, refusing to put plates on his car).
This reminds me of a friend of mine who proxies all his web traffic through something which strips user agents and referrers. It's very easy for me to tell when he visits my website, because the logs show "-" for each of these fields.
>This reminds me of a friend of mine who proxies all his web traffic through something which strips user agents and referrers. It's very easy for me to tell when he visits my website, because the logs show "-" for each of these fields.
I wonder if the best strategy, then, is to figure out a very common user agent string and use that. The EFF's Panopticlick might be a good start: https://panopticlick.eff.org.
That's really interesting. It sounds like an easy way to get targeted by the people who do want to track you, though. Still -- do you have any idea what he uses for that?
Apple is a company producing consumer devices, while the others are companies offering Internet services, which is what PRISM targets. Apple has only recently had some success in the Internet services space with iCloud.
The main difference before iCloud was that you had to pay for it. I can however remember that I've had free .me account before iCloud, so even .me must have had enough users.
Well, in the NSA's eyes, that main difference is important. Free (and highly pushed by the very popular iPhone and iPad) meant people actually starting using iCloud. The cost-benefit analysis shifted tremendously from .mac/MobileMe.
It is fun to think of Steve Jobs as the lone person saying "fuck you" to the NSA. But it isn't realistic. It isn't like the other companies are run by meek people who love bending over to authorities.
I can remember that I've had a free .me account before iCloud, so I believe even .me must have had enough users: it was freely available to every iDevice user. There were millions of them fast.
How does that follow? It is not just about the cost, but the amount of utility for the NSA. There are plenty of free services that are not on the PRISM list and I am sure even Apple employees would freely admit their pre-iCloud user numbers were disappointing. They would not have bothered to rebrand the service in the first place if they had a significant userbase.
Looking at the PRISM company list, we are talking data service companies with users in the tens of millions (minus the oddball Paltalk). Apple just wasn't in that group until recently.
I find it hard to believe that the NSA didn't see one of the most valuable and popular companies in the world as a priority until 2012. I bet they were salivating as soon as the first iPhone launched.
I don't think that would effect his chances. All of our latest presidents have admitted or have been proven to do illegal drugs of some sort. Not to mention that the U.S. government has done some crazy things with drugs, especially LSD.
Having gone thru the sec clearance thing in the 90s, the third thing is if you have financial issues (like an expensive addiction with much income) and some foreign intelligence service can "help". So they're pretty interested in finances. Which wouldn't have been a problem for Jobs...
A friend in college wanted to be an FBI agent, so I got to hear alot about this.
I believed they polygraphed you about drug use, and I recall that they had a threshold number of "experimental" sessions with marijuana that were ok, as long as you disclosed them during the background check and polygraph.
I remember an Australian talking about the various levels of clearance - confidential, secret negative (anything stand out in your history), secret positive (in-depth active examination of your history). He said that the process wasn't about finding dirt on you, it was about finding out if you had any dirt that could be leveraged against you. For example, if you were gay and being outed would be a problem, then that's leverage. If you didn't care and were clearly open about it, that's not leverage.
That harmonizes with my experience. I was interviewing for a "top secret" job with the US and spent some time studying the system and looking over the appeals rulings of the clearance process.
Generally, the key things were, "are you a crook? are you liable to be bribed/coerced?".
E.g. one chap was a transvestite, but the appeals court ruled that since his wife and minister knew, it wasn't something that could be leveraged against him.
Possible but unlikely. Steve Jobs was very influencial within Apple. Jobs' opinion was almost certainly a strong factor. Apple had been a leading and popular mobile phone manufacturer for many years before 2012, why wouldn't the NSA be interested in them?
A couple of years ago at a Linux conference in Germany I had a discussion with a Microsoft employee at their booth. At that time I was a 'hardcore' linux user with no trust in Microsoft at all. The discussion with the employee went like this:
Me: "Hello. Could you tell me what Microsoft is doing at this Linux conference? I honestly want to know that."
Him: "We are here to show how our products can work well together with Linux related products."
Me: "Why would I as a Linux user use Windows or any other product from you? We all know that you spy on me - at least indirectly."
Him: "Oh no. You are misinformed. We have a lot of business customers with very sensitive data. Can you imagine what would happen to us if they found out that we spy on them? Business users are very sensitive in that area. We were screwed. And we do not spy on regular users as well. You may also know that this would be totally illegal according to German law."
Me: "So you are saying that you do not spy on businesses or other kind of users of your products?"
Him: "Yes! We were screwed otherwise!" *giggle*
He had a smile on his face for the whole discussion. Maybe because he had this discussion with those paranoid Linux users for the last couple of days of the conference. Paranoid!
Microsoft is so screwed guys.
Edit: I was not rude to this guy. We had a beer together later that day. I am sure he did not know anything about PRISM and was just doing his job.
A couple of years ago some microsoft sales employee probably didnt know about any of this. Also he is talking about mostly self-hosted MS services and i doubt the NSA really has access to that. Also found your conversation style to be quite cocky.
Yep. If someone represents company X at a conference, then consider yourself lucky if they are actually an employee - never mind an informed employee with a high standing in the organisation.
Actually im german myself and by reading the translation i immediatly realized it was someone from germany translating that ;) But its more about the general tone that comes across a bit rude..Anyway OP clarified so its fine!
Indeed the guy most certainly didn't know shit. On the other hand, rude or not, Lina turned out to be right and the MS-guy turned out to be ignorant of the type of company he was working for, as well as defending.
Additionally these so-called "paranoid" questions didn't came out of thin air either. 10-15 years ago I also was very distrusting of Microsoft and what they were doing (there was a lot of anti-trust going on ...). But somehow they starting doing a few things right, wrote some good software and OS in the mean time and they "regained my trust" to the point I'd speak out against senseless M$-bashing, and perceive it as something childish.
Well, that I am no longer going to do, lest I have to eat my words. That "trust" is completely gone, and I feel kind of foolish for believing it existed in the first place, "trust" is a kind of thing that happens between two persons, not between a person and a gigantic corporation. The latter is too volatile, there can be no build up or breakage, it's every moment again different, dependent on who is in charge and which individual personalities are involved in a decision. Rationally, one instant snapshot cannot make or break the trust of the next one.
I do feel kind of foolish. I'm typing this on Win7, planning to install Linux for a while now, but I had some crazy wild ideas for a dual-boot scenario in mind that I never got around to and everything just worked so there was no hurry.
Before next week I'll be back on Linux, maybe even sooner.
> to the point I'd speak out against senseless M$-bashing
Senseless bashing - including intentional miss-$pellings and holding one company (Microsoft) to different standards to others (Facebook, Google, Apple) is still childish.
However, not all bashing is senseless - Microsoft has a lot of explaining to do. Sure, so do Facebook, Google and Apple but that doesn't let MS off the hook. It makes the case for installing a Linux instead a lot stronger.
His job was to represent Microsoft, which involves answering questions (to the best of his ability given the access to information that he has). As long as the questions were not worded or spoken in an unnecessarily pointed/aggressive manner I really can't see any reason to call the question asker rude. "It confuses me to find you here, could you please explain so I can fill in the blanks in my knowledge about your company" seems a perfectly valid question to ask of a company representative, and raising a security concern for said rep to respond to is valid too.
You can't expect a show rep to know about anything like prism though - that information would have been "classified" and available only to those well above his pay grade.
If companies can later claim that their employees statements weren't properly informed what is to stop companies making any claims they want via their lower level employees.
The company and those with the information can still be culpable but the salesperson on the frontline isn't to blame unless they have a clue. What they say is still said by the company and the company should still be liable for harm caused by any of the untruths told on their behalf because the company does know even if the individual does not.
I keep hearing this on HN and reddit, but I think this is a mainly an echo-chamber effect. I'd say its far more likely that the vast majority of people don't actually care or realise what was happening, or they do realise and still don't care. I'd be surprised if the NSA leaks have any noticable impact on Microsoft's revenue.
Pretty much. The truth is, unless your company serves Internet security careerists or people impassioned about Internet privacy, your customers do not care.
The company I work for has absolutely no intent of dropping Microsoft products in lieu of the NSA leaks, even with large amounts of sensitive customer data. I can't imagine many large companies would. It would require such a vast amount of work it's unfathomable to even imagine most companies considering it unless they were about to lose nearly all of their customers.
Caveat: customers do not care, at this stage in the game.
And serves them only.
The other part is most corporations already have the feeling that the government is spying on them, and a public acknowledgement of the fact wont change their implementation details.
Now, if you said "Microsoft is spying on you with your direct competition." that would make them sit up and take notice.
Actually people in Europe do care and I would expect something to happen as a result. I don't expect MS to go out of business, but it wouldn't surprise me if they lost certain key projects over the next decade.
The way I read your pseudo-transcript, I assumed the kind of spying you were talking about was MS spying on other businesses to the advantage of MS. I would imagine that's the kind of corporate espionage type spying the MS rep was talking about. PRISM is MS handing over data to external agencies, not MS spying on people themselves.
Dvorak's article is a regurgitation of previous HN discussions on this topic.
I have said in the previous HN post and I will say it again here: don't pile on Microsoft alone. These spying policies make every US-based services company untrustworthy to whomever privacy is important. Come to think of it, I'm not sure whether you can rely on European services either because it seems that gov't surveillance is widespread.
On the other hand, maybe if we do pile on Microsoft, and stop using their products for this reason alone (even though Google, Apple and others are in the same boat), it will force them and their lobbyists to influence their gov't shills to put a stop to these programs.
Yahoo
Google
Facebook
PalTalk
YouTube
Skype
AOL
Apple
Who have also been mentioned as complicit in this whole scandal.
Just to be fair :-)
By the way, I actually agree with you and have been slowly switching all my home stuff to linux and trying to get away from Google Dependence (although I type this in Chrome on a Win 8 laptop... damn work computer)
If you think a company has behaved badly, why are you under any obligation to be fair to them?
It might be extremely difficult to boycott every company involved, so why not choose one to make an example of? The idea that you must boycott all or none appears irrational.
It's as though you're being bullied by two people, and when you try to deal with one of them, you're accused of being unfair because you can't deal with both!
It sounds very much as though it was the bullies who decided what was "fair" in this instance.
I didn't say it was right, I said it was different and that your reframing wasn't appropriate.
What changes? For a start, the more people that are involved, the less each knows of the situation. A single individual being bullied is aware of each incidence and what it going on at all times. A group doesn't - witness mob justice as a clear counterpoint. A group is highly susceptible to hearsay and misdirection.
As for why it's unfair - if we expect the judicial system to be fair when it acts on our collective behalves, it is dissonant to not expect other group action to also be fair in how it's meted out.
I don't see why a group being "susceptible to hearsay and misdirection" is a good reason for their ire to be directed at more companies rather than just one.
I also don't see any reason why a group fighting against the injustices they can tackle, obliges them to take on the ones they can't.
EDIT: To take your example of the justice system - if I steal from someone, it would not be a valid defence to point out that other people had not been successfully convicted of stealing, therefore I should not be prosecuted.
All areas of Ubuntu that report to Canonical/Amazon/etc can be disabled and/or uninstalled. I personally find this the optimal way from base install to get to a desktop I enjoy using but otherwise I would probably have a look at debian.
Mint seems to be popular. But honestly if you care about this sort of stuff you're going to have to get a bit technical, at which point you might as well use something really serious like OpenBSD.
Yahoo Google Facebook PalTalk YouTube Skype AOL Apple
Done and done (including Microsoft) for well over a decade; I don't get this whole "can't be trusted anymore" thing. These companies could never be trusted, and never should have been.
The problem that people like you don't seem to understand is that online communications can be secure, unless the companies owning the servers themselves cooperate and companies have to cooperate if they have to do so by law.
It's only the US that has such a huge budget for spying on people's communications and the US is also part of a select handful of countries going to such great lengths to suppress the freedom of speech about it.
If I were to start a company in Romania (which is part of EU btw), the NSA can suck my dick as there's absolutely nothing they could do to make me cooperate and keep my mouth shut while doing it.
What really bothers me about this is not the actual spying - I always assumed that governments do engage in whatever spying they can get away with.
What really bothers me about this is that U.S. companies and individuals have to keep their interactions with the NSA a secret, while obeying whatever demands the NSA has, including the installing of back-doors.
Trust is a fragile thing and we rely on trust for conducting business and for living our lives. My trust in U.S.-based companies has been shaken. Even if the affected companies (such as Google, Microsoft, Apple) want to be trustworthy for their customers, they can be coerced by law to obey whatever the NSA demands and they must also keep it a secret, with absolutely no transparency - they aren't even allowed to say "yes, the NSA demanded some things and we unfortunately complied". Even worse, they can be coerced into making public statements that are full of lies.
I can no longer trust any U.S. based company again.
For example, right now I'm using Skype. But what if the Skype client has a backdoor allowing one to open and listen to my mike any time they want (it's a proprietary blob, we'll never know). What if this backdoor gets hacked and used by people that are not part of the U.S. government? So in spite of the best intentions of the people working on Skype and the NSA; even if I've got "nothing to hide", Skype is all of a sudden a security liability and nothing (short of an open-source client that I can compile and run) can prove otherwise, because Microsoft isn't allowed to be open about it. And I can no longer rely on the fragile trust I've had for Microsoft, because Microsoft can be coerced into being untrustworthy.
See how it goes? We'll see how this unfolds over the next years, however the damage done to U.S. companies will prove to be massive.
This is the most well reasoned argument i heard - and reflect my sentiments perfectly. Its not that i am too afraid the NSA can read my email or listen to my phone convo, but that they can coerce, "lawfully", the ISP/telco to do things against my wishes, and keep it secret from me.
These gag orders are the kind of things that creep into society and they are the first weapon against would-be activists that's perceived to be against the corporate interest (or the interest of the elite). It doesn't take much for chilling effect to set in. Fight it now, or it will be too late when it has the power to threaten the laymen.
It probably already has, in lieu of current European rattling.
I don't expect that GOOG or MSFT will suffer any damage in short term. But in long term they have proved unreliable. This erodes confidence. And if it keeps eroding, it will eventually cause them to collapse.
I'll be doing my earnest to move away from any non-OS tool. And will advocate others to do so as well.
That's kind of the same argument for European businesses and governments to not use Microsoft/American products. At least if they did it within EU, they would be accountable, and the laws prohibit most of it. But the US spying is unaccountable to Europeans, so they can do whatever they want.
The only proper answer to that is to stop using American products (at least until the US government can prove with extreme oversight from Europeans and Latin Americans and others, that they aren't abusing their spying power anymore).
It was merely claimed that PRISM was designed to target foreign communications.
That was entirely a lie. From day one their system has been targeting Americans. The proof is overwhelming at this point.
There's often a critical distinction between what gets claimed and what actually occurs in government. With a government that is so undeserving of trust, that's a very important distinction to keep in mind.
This reminds me of Ken Thompson's famous Turing Award paper from 1984. In that paper, he described a malicious compiler that added security holes to properly written C programs.
The real question isn't about whether you can trust Microsoft. It's can you even trust Intel?
"The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
GNU/Linux, and Free software and hardware in general, look to be the BIG winners out of the NSA brouhaha, because all non-US governments, businesses, organizations, and individuals around the planet who need to safeguard their private or confidential information now have reason to mistrust proprietary (unauditable) software and hardware.
Free, open software and hardware are less likely to have secret 'back doors' installed or embedded in them because their innards are under constant public review by multiple eyes -- out in the open, not behind closed doors.
It would be grossly unprofessional of the three-letter agencies if they should have failed to run counter-intelligence operations upon the open source communities. Futhermore, given their resources to hire hackers and long history of infiltrating loosely affiliated organizations, it is hard to image that they have struggled to place moles deep within many critical projects.
Open source communities have no membership committee or state-funded security apparatus. Contributions are accepted based on trust and trust is established by technical merit. The means the three-letter agencies used against Microsoft and other corporations are not the only strategies they have available.
Maybe Linus doesn't have a price. I hope so and I trust him. But regardless of my trust and hope, there is no verification. My trust still acknowledges that no one is scanning Swiss accounts for activity which might be linked to him - and even if there were someone doing so, what would be my basis for trusting them?
Again, I'm not saying I don't trust in the integrity of Linus, but it's hard for me to trust everyone contributing to my Linux distro. Patriots and mercenaries can contribute to open-source just as well as anarchists and Samaritans.
Microsoft's closed source model required a more transparent method to subvert [more transparent than a black operation]. Subverting open source requires little more than a clever branch and merge with a veneer of social engineering. The fruit is so low hanging that merely singing the Open-Source Internationale, will get one street cred. Anyone who thinks they are immune, isn't. This is state level resources - put a man on the moon and bring down communism scale.
I don't think it is wise to trust any system, open or not, so I agree with your thesis.
However, the fact that Linux source is available for review does make it more secure on a relative basis. Sure, it is naive to think a zero day couldn't be buried in there, but at least there is the opportunity for review. With a closed-source OS, we don't even have the luxury of a false sense of security.
Not to get all tin foily, but I'd be more concerned about hardware exploits if you're thinking in terms of "man on the moon" resources... where are all those chips made again?
And that's what those 3 letters agencies do or at least should do. In addition of planting backdoors their job is also to make sure that their system are backdoor free.
In any case, the Microsoft is providing government with the source code of at least Windows (not sure about Office), so from a source code point of view, that is somewhat ok (minus finding people experienced enough to digest an enormous code base)
The main problem that is common with both Microsoft and OSS is actually checking the binaries. Except for China (to some extend), there is no government that is actually forking the project they use in order to create custom, controlled distro. So they are always going to have to trust their binary source. And that is the weak link.
When was the last time you reviewed the Linux kernel code looking for possible backdoors, found none and compiled your own kernel? Btw, when was the last time you reviewed the GCC code looking for possible backdoors, found none and built it from scratch? Btw, when was the last time...
Most companies and users get their pre-compiled distros and never bother because it's an impossible task so I don't see how open source is any better in this regard.
When people ask me why I switched to Gentoo, I'm going to borrow liberally from this post as justification. I know the code my system was built on now. It's trivial to do an audit of that code, as well. I didn't have that security with RHEL/Fedora or Ubuntu/Debian
If you didn't build your OS, you'd better trust the person/people that did.
I trust you audited your compiler, assembler (et al) as well then? The C library? All device drivers? Your BIOS? Firmware on everything from your mouse and keyboard to that USB stick you just used?
While free software does make it possible to gain some confidence in running TLA-free code it does not make it a simple job. Just stating that you ' know the code my system was built on now' is like stating you 'know what you eat because you read the label on the can'. There might be more in that can than the label tells you...
> I trust you audited your compiler, assembler (et al) as well then? The C library? All device drivers? Your BIOS? Firmware on everything from your mouse and keyboard to that USB stick you just used?
yes. you can very much trust that. I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.
As for any binary blobs/firmware I can't peek into, that's why I have software [1] running on the gateway to see if anything phones home. So far, nothing has. If it's not communicating with anyone, I can be reasonably sure it isn't compromising my security.
Also, your reply was almost entirely an argument from incredulity [2], a logical fallacy.
OK, not to be the devil's advocate... but why are you so sure that nothing phones home? The mere fact that nothing on your network connects to https://bigbrother.com/snoop.php?suspectname=aclevernickname... is not solid proof of nothing phoning home. There are many ways of communication over a network, are you sure you check all of them?
If your answer is 'yes'... you should check again :-)
As to you having 'audited' all code running on your network, I can flatly state I don't believe it. I don't doubt you'll have looked over the source for a part of it but there is a difference between 'looking over code' and 'auditing code'. Take the Linux kernel for an example: as of 2013, the Linux 3.10 release had 15,803,499 lines of code (source: Wikipedia:Linux_kernel). Linux for Workgroups has even more. Glibc is good for another 1,188,385 lines of code (source: http://www.ohloh.net/p/glibc). The gcc collection spans 6,242,908 lines (source: http://www.ohloh.net/p/gcc). These are only those projects you mentioned (' I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.').
Understand that an individual who claims to have audited all code on his or her network does not come across like someone who grasps the magnitude of the effort s/he claims to have conquered. This individual either has superhuman powers and unlimited time, or the individual overestimates the efficacy of his or her 'auditing' efforts.
Is there any evidence of this? Certainly there is a single hacker out there that has been approached by the gov't or contracted for them for these purposes at some point, that is also willing to talk, even anonymously.
Think of Federal employees at Fort Meade, who were hired to do the sort of work I am describing.
Think of defense contractors with nondescript offices in Fairfax who hire those same employees after they leave the government and whose employees spend their days writing and pulling and pushing and merging open-source software.
Think of $200,000 a year.
Think of Edward Snowden.
A 1000 hackers is a line item in the NSA's budget.
Or the KGB's.
Or China's.
It's asymmetric warfare. But the side without the money is disorganized and open and trusting.
> It's asymmetric warfare. But the side without the money is disorganized and open and trusting.
The Snowden leak happened (as did Manning), so the Government is not as organized as optics would suggest. They are drowning in the data deluge just like everybody else.
There is always going to be an issue of trust at some point: the linux code base is public, but almost none of us compile linux and the packages we need to build a complete OS from source. We end-up getting pre-built packages from repositories that are often distributed all around the word.
How easy/hard would it be to compromise some packages or some repositories if you are determined enough?
You certainly could not compromise a base as large as the number of Windows users, but you could target your efforts on distributions that have key infrastructure roles, like servers, routers, firewalls...
Another vector used to compromise free software is to participate in it. Paid agents can actively participate in open source projects and allow clever exploits that could pass as bugs if uncovered.
Sure, it is possible. But it is harder, and the possibility of those "patches" getting discovered some randome users are much higher. It is much easier to use proprietary tool like microsoft to spy others.
If you have some valuable secret to keep (classified documents, trade secrets, whatever), you'd be stupid if you didn't compile all the software that touch it yourself.
"We" get pre-built packages from repositories, but only because "we" don't value our privacy enough.
okay you will compile it ... but will you read all of the 10 million (or whatever the number is) lines of code that will compile to your OS and every package that you need to use ?
But at least it's harder to hide it, and at some point you know it's going to be found out. If we found out about the proprietary solutions spying on us, I think we'll find out even sooner about the open source ones.
Security vulnerabilities are found in OSS programs all the time, how do you tell the difference between negligence/incompetence/mistakes and malicious activity?
Mistrust of commercial solutions does not translate into trust for open-source ones. Have you audited the crypto code of all your packages? Would you even know how?
Exactly. Even more interesting, all of the source code can be OK and just some subtle configuration tweaks can be enough to compromise you. Or just some build flag that you don't even see in sources. Often you don't know the build flags of every binary as soon as you use binaries. You also don't know if the compiler is tweaked to do some preprocessing you don't know about (see Reflections on Trusting Trust by Ken Thompson):
For security conscious the prefect state is the OS which changes very, very slowly, fixing only security bugs and having binaries used by as many people as possible and which change so seldom that more people can even check them by disassembling them. You don't want to only check sources, you want to disassemble the binaries and decide if they match the sources.
And only then you want to be sure that all configurations are what they should be. Not easy at all.
This only works if you are building things yourself or trust the group building things, of course, but it's way easier than audit by disassembling binaries.
Disassemblers produce assembly code, not the HLL code, so they are many orders of magnitude easier to write from the scratch than modern compilers. They typically expect human involvement as soon as there's non-trivial assembly-level engineered self-modifying code. Hopefully there's no much of such code in the results of the compilers we use.
Also if you check the whole discussion you'll see I already discussed Ken's work.
Ok, I appreciate this information (and I'm trying to follow the discussion but I didn't see you talking of Ken's work).
But I'm still curious; even though you can write the disassembler by hand, how can you be sure that you're compiling it with a non-compromised compiler? Or do you mean write it in e.g. ELF format directly (and that's assuming the OS isn't involved in filtering offending code, though it seems extraordinarily unlikely that the OS could be generally modified in such away without detection)?
The more general and diverse the tools you use, the less likely they are all compromised in the same way, and the more likely any compromise will show up in other contexts. Using tools at different meta-levels may also be worthwhile (machine-code vs. interpreter).
> Mistrust of commercial solutions does not translate into trust for open-source ones.
Well, how well can you trust the commercial ones ? At least with open source, you can look into it more easily and eventually find security holes. It's a step towards trust. There is no trust to gain with commercial solutions, but at least with open source, it's at least possible.
The fact that proprietary agrees with a sound market economy makes it somehow more functional and more attractive, but when you're concerned about ethics, it's a totally other concern.
how well can you trust the commercial ones ? At least with open source, you can look into it more easily and eventually find security holes. It's a step towards trust. There is no trust to gain with commercial solutions, but at least with open source, it's at least possible.
Ever heard of reverse engineering? It turns out you'd need even that approach even with open source as soon as you use binaries you haven't compiled yourself. And you'd have to verify the compiler and your disassembler that way too. It's all possible, but requires more than it's currently being done, at least on the level of the stuff openly available.
And even if you manage to verify everything you have to check the computer. Modern computers be it servers or notebooks start to have BIOS-es that can even phone home and allow remote access without your control (having the keys which you can't control!).
"Ever heard of reverse engineering? It turns out you'd need even that approach even with open source as soon as you use binaries you haven't compiled yourself."
This is true: reverse engineering can be used for verification, but it's a whole lot more work than inspecting source.
"And you'd have to verify the compiler and your disassembler that way too."
Am I missing something: does it mean that to verify the compiler with DDC you need a trusted compiler that always produces the same binary output as an untrusted one, so to verify GCC you need a compiler that duplicates the whole GCC functionality but is trusted? What is practicality of that approach? Proving that "hello world" produces the same output doesn't prove that the crypto functions wouldn't be patched?
Please a specific example of what would be needed to prove GCC and LLVM now.
EDIT: I'm not interested in toy compiler and theoretical pie-in-the-sky examples, I want to know how practical it is for the systems in real use. GCC and LLVM as they are now please. If the proposition is "suppose that we have something that can compile gcc sources and we trust it" tell me what is that, does it exist and how hard would it be to make it. Don't talk to me about your experiment where you change one line in TTC and then prove it's changed by comparing the binaries.
The idea is to take one compiler source (S), and compile it with a diverse collection of compilers (Ck being a compiler in C0-CK), producing a diverse collection of binaries that are compilations of S: (Bk = Ck(S)). Because the different compilers are almost certainly not functionally identical, the various Bk should not be expected to be bitwise identical. However, because they are compilations of the same source, they should be functionally identical, or one of the original compilers was broken (accidentally or deliberately). So now we can compile that original source with the Bk compilers, and because these compilers are functionally identical, the results (Bk(S))should be bitwise identical. There is certainly some chance of false positive, due to bugs in the Ck compilers or exploitation of undefined behavior in S, but if you do get the same output (Bk(S)) from all of the (Bk) compilers then you can be pretty confident that there is no Trusting Trust style attack present: exceedingly so, when the various compilers have diverse histories so that it's exceedingly unlikely that all Ck compilers contain the same attack. If there are any differences, you can manually inspect them to determine what the issue is and either issue a bug report to the appropriate compiler, change the source (S) to avoid undefined behavior, or notify people of the attack present in the compiler in question, depending on what you find. This does involve some binary digging, but quite targeted compared to a full audit and it may well not be necessary at all.
Obviously, if you do have a trusted compiler, including it in the mix is great, but the technique doesn't rely on this, nor on any two compilers returning the same binary output except when they are compilations of the same source.
Please explain which exact steps and which assumptions would be needed to have a trusted GCC 4.8.1, both gcc and g++ and then keeping it trusted as the new releases appear.
I don't know enough about the details of the build dependencies for any of these projects to give exact steps. To get a known-clean build (that is, a build guaranteed to match the source) of GCC 4.8.1, plug the GCC 4.8.1 into the procedure I gave above:
In case it wasn't clear, k is used for indexing, and I use "function application" f(x) to mean compilation of x by compiler f.
"Take one compiler source (GCC 4.8.1), and compile it with a diverse collection of compilers (Ck being a compiler in { C0 = GCC 4.8.1, C2 = LLVM, C3 = icc, C4 = visual c/c++, ...}[1]), producing a diverse collection of binaries that are compilations of GCC 4.8.1: (Bk = Ck(GCC 4.8.1)). Because the different compilers are almost certainly not functionally identical, the various Bk should not be expected to be bitwise identical. However, because they are compilations of the same source, they should be functionally identical, or one of the original compilers was broken (accidentally or deliberately). So now we can compile that original source with the Bk compilers, and because these compilers are functionally identical, the results (Bk(GCC 4.8.1)) should be bitwise identical. If there are any differences, you can manually inspect them to determine what the issue is and either issue a bug report to the appropriate compiler, change the source (GCC 4.8.1) to avoid undefined behavior, or notify people of the attack present in the compiler in question, depending on what you find. This does involve some binary digging, but quite targeted compared to a full audit and it may well not be necessary at all."
Likewise for any of the others, but note that once you've got a known-clean build of any (sufficiently capable) compiler you could use it to build known-clean builds of the others.
[1] the more compilers and the more diverse the background of the compilers, the better; it may well be worth using quite slow compilers that are proven correct and/or implemented in other (possibly interpreted) languages for a high degree of confidence.
One of the most useful forms of diversity is the "my opponent does not have access to time machine" defense. e.g. use some C compiler for amiga, or 1980's DEC unix, or whatever to bootstrap gcc3 for windows, and use that to bootstrap clang for linux, etc. The odds that hardware and binaries you've had for 30 years could carry a trojan that successfully applies to a compiler that was not written yet, for an architecture that was not designed yet, inserting a trojan for yet another such pair, seem low. Feel free to follow more than one such path if paranoia dictates. When you arrive at the end (some compiler, built with itself), the binaries should all match however you got there, presuming no undefined behavior in the compiler itself. If there is something, fix it.
And better yet if this chosen starting point(s), being old, are also small and simple.
I mostly agree, although careful about cross contamination if you're intending to actually use DDC - clang bootstrapped by gcc3 is not going to be independent of gcc3.
You're not giving a useful procedure for me. Let's say that only Gcc can compile itself and its own libraries (e.g version n-1 can compile version n). How can I make trusted GCC 4.8.1 if other compilers won't compile the sources of GCC? Do you agree that I have to implement all the features of GCC used in the sources of GCC in one or more other compilers? If not, don't I have to have a trusted GCC from the start? And if I have such GCC, then I don't need other implementations anyway?
I am not sure if gcc was able to compile itself always, but if it was, you can argue that there existed a smallest kernel of gcc sometime ago that did not depend on any of the "features" of gcc that makes it impossible for other compilers to compile gcc. Now, if there existed such a thing before, it probably exists now, because the incremental "features" that make it impossible for other compilers to compile gcc, would make it impossible for gcc too. My bet would be that there exists a logical separation somewhere, and there is still a small kernel in it, that you can bootstrap with other compilers, from which point you can do what your parent says.
You do need other compilers that can compile the GCC source. These do not need to be trusted, just diverse in origin so that they are unlikely to contain the same attacks.
If GCC is in fact the only thing that can compile GCC, then you cannot use DDC to get a trusted version of GCC.
Yes, you're missing something unfortunately. The author apparently states it several times, but many people must miss it in reading.
"I say it in the ACSAC paper, and again in the dissertation, but somehow it does not sink in, so let me try again.
Both the ACSAC paper and dissertation do not assume that different compilers produce equal results. In fact, both specifically state that different compilers normally produce different results. In fact, as noted in the paper, it’s an improvement if the trusted compiler generates code for a different CPU architecture than the compiler under test (say, M68000 and 80x86). Clearly, if they’re generating code for different CPUs, the binary output of the two compilers cannot always be identical in the general case!
This approach does require that the trusted compiler be able to compile the source code of the parent of the compiler under test. You can’t use a Java compiler to directly compile C code."
Open source was thought to sweep away for hidden code, I really doubt GCC or other compilers has that special code that is reproduced each time you recompile a compiler with it.
If there was such self-reproducing code in a compiled GCC, it would be quite easy to find. There are many eyes looking at a program like GCC.
And even with such a conspiracy theory, which is still possible, open source has better margin than proprietary. It's not perfect, but it's much more transparent if you get what I mean.
True, you cannot audit msft code. Have you checked on the size of the linux kernel lately? Yes I could audit the source, but in reality only a select few will have deep knowledge of only small parts of the code
I for one have not done so and would not know how. However, I'd like to so hopefully some wise hacker will respond with recommendations here. IMHO the best thing that could come out of the Snowden leaks is a rallying cry for an explosion of crypto/privacy advances in the FOSS community.
The bug was introduced in September 2006. Discovery published May 2008. Affected: the most popular Linux distribution, all the keys generated on it in that period. Scary.
Moreover, the bug was not found by reading the source code. The keys generated by all the existing system were analyzed. If I remember, only the keys generated by mentioned Linux distros stood out (and some hardware devices using customized firmware or poor implementations). Windows and OSX weren't there.
But the odds it will be found (and publicly acknowledged) is higher than with closed-source software. Availability of the source is not a substitute for audit and care, but is helpful and you're not guaranteed audit or care with closed solutions.
The mentioned bug was not discovered by reading sources. The sources were available for one and half years and were used for the most popular Linux distributions. What can we expect for less popular ones then?
I'm not saying that it's better to have closed source, even if we can discuss that too when we consider how often the changes are introduced (for security: the less often the better provided the start is good enough) I'm saying that just believing something is secure simply because "it's open source" is pure hand waving.
Paying someone to audit source I have available to me is going to be cheaper / easier than paying 1) the one group that has access to the source to audit it (in which case I still have to trust them), or 2) paying someone to audit binaries through disassembly.
In times like these I wish Ubuntu wasn't made by a US company. It could've been a huge winner out of this, and they could've played used it to the full extent in their marketing campaigns. I'm not sure they can still do that. At least if the EU countries want to go about "standardizing" around one Linux distro (like China did), they will just pick one, and not have one for each country.
To me it looks like most of the issue is with storing information in the cloud rather than natively running programs.
Is there any indication that software running on the client is at risk? The article goes to great hyperbole but unless you're using Skydrive, I don't see how Office files are at risk with the recent revelations.
Not that they aren't, it's just that I didn't see any information that they are.
I don't think storing information in the cloud using FOSS software is going to magically protect your information.
E.g. How does using Thunderbird to access Gmail afford greater protection than using Outlook to access Gmail?
> Is there any indication that software running on the client is at risk?
Yes, Microsoft shares all of Windows vunerability with the NSA long before fixing them.
> I don't think storing information in the cloud using FOSS software is going to magically protect your information.
And you are right, it won't. Anything you send to 3rd party severs is gone.
To keep data private, you must keep it at your computers, run only audited FOSS that you compiled with a trusted compiler, encrypt it all the times it goes into a network (even your LAN), and hope that there isn't a firmware or hardware backdoor in your computer.
I think it is time to rethink everything, Not just Microsoft. Cloud computing is at risk now too. From Amazon to Google Drive, Gmail, etc. Shared hosting is not even secure any longer. Our connections from our isp can be the source of their spying.
People want the ease of computing not secure computing. The polls show it. In the US everyone but the geeks are OK with the NSA. Sad.
The system is going to have to change to federated data. Email, Social media, everything. Appliances owned by the individual. Either located in the home or small server appliances "rented" at a colocation facility and every user's info on their appliance. Any warrants are served to the individual not the "processing" or interpreting host that parses the data in their UI or service. The host, whether Facebook, Google, Yahoo, Microsoft, etc would notify the requester that that info is on a server rented solely by the user and they have no standing to grant or honor the warrant as they are the wrong party.
Please note I use voice typing due to fine motor control and this comment may contain errors.
I agree, something like this needs to be done. It will take a lot of work. I think the free software/ open-source movement is robust enough that we can turn our attention to this. Copyleft and free software licenses are social hacks that work in tandem with the free software model. We perhaps need a social hack to underpin this federated data model.
John Dvorak sounds like a tech version of those economic & political loudmouths that spread definitive and absolute truths with very little evidence (Rush Limbaugh, Bill O'Reilly, Ann Coulter). That's because their purpose is not to generate light but to generate heat; to cause controversy instead of inform. It is the journalism equivalent of the Rolling Stones and Madonna: scandal as a marketing tactic.
These people remind me of the Austrian writer Karl Kraus: "The secret of the demagogue is to make himself as stupid as his audience so that they believe they are as clever as he."
The fact is that for almost all big corporations there is so much money, training and culture involved in MS platforms that a shift away from it is just to hard to do, unfortunatelly.
Not all businesses are big corporations. There are a great number of small companies that can much more easily implement Linux for their employees to use. I think the point to be made here is that moving forward, (a) a lot of people can really do all of their computing on Linux now, and (b) an increasing amount of software is being written for the modern web so MS/IE lock-in is going away.
"Microsoft is oblivious if it is not doing something to divorce itself from the NSA"
No John, unfortunately it is not really an option to move 57,000 employees and a headquarters out of the United States. That is what would need to be done. None of the people making statements for these large corporations are lying voluntarily.
It's unfortunate that just when companies are considering bringing work on-shore again, that these reasons are starting to appear that encourage them to completely move their operations elsewhere. I am not sure where 'elsewhere' is at the moment though? Iceland?
I wonder how much pressure the NSA can and does exert on corporations that refuse to coöperate in this manner. And whether those on the list really had an actual choice in that manner. I guess a large government organisation has plenty of leverage if need be.
You mean would the NSA bring up the CEO of the company on random charges after he says no, put him in jail, and get someone more agreeable to run the company? They've done it before! Look up Qwest.
To be honest I dont blame too much on Microsoft.
Being a business they needed to survive. It is not like they have a choice and government could very well bring another antitrust trial. Microsoft refuse to play balls to US government at first and they were nearly spitted into 3 different companies. So like any big cooperation they have to pay money for lobbying to buy them safety.
And Microsoft is evil, I mean in Google's sense of evil and even Microsoft admit it.
But What about the one who claim them self do no evil and itself being so righteous. Joined Prism on 1/14/09?
And I would really love if the Movie could add bits on Prism agents coming in like some fucking retard, and Steve would tell him to Fk off.
NewsPaper and Media, intentionally or not trying to diversify the hate and focus on PRISM away from Government.
> "With that said, do you really want to buy a Microsoft product? Do you want to buy anything that gives easy access to snoops poking around at their leisure? If you'd think twice about this, then why would a foreign government rely on Microsoft Office with any confidence? Personally, if I were any foreign government or corporation, I'd stop using all Microsoft products immediately for fear of America spying on me. Nothing can be secret."
That's exactly what I'm hoping will happen. It may be the only way to actually roll back most of this shameless and abusive mass spying of everything and everyone. I'm not sure what else would stop it. Americans protesting it? I'm not holding my breath for that one, and even if they do, they'll only try to fix the spying internally, as they couldn't care less what they do to the world as long as the government keeps telling them "it's to keep them safe" (which obviously trumps everyone else' rights).
> "With that said, do you really want to buy a Microsoft product? Do you want to buy anything that gives easy access to snoops poking around at their leisure?
You know... Up until this whole NSA/PRISM thing got uncovered, Microsoft had actually rather successfully started to rebuild the perception and image of its cloud-service Azure.
It had shown the world that in less than a year, it was well on its way to catch up with Amazon Web Services. It was going from an experiment to serious business. Something the company invested in. Even more so than the traditional parts of the business.
As someone who once looked at Azure and laughed it off, I was coming around, actually considering it. I don't have any inside info on this, but I would guess/assume Azure was just about to take off. All those investments, finally about to pay off.
Then the whole NSA/PRISM thing came about. Now there's no chance in hell I'm going there. Not that I expect AWS to be any better in that regard either. I'm currently pulling out my data from Google. I trust them even less.
Hell, at this point, the only viable option privacy-vice seems to be open-source software, deployed by me, to an account I control, hosted on a service-provider outside the US's reach.
It may not be immune to unauthorized, illegal snooping, but it will be off the main grid, take a bit more effort and it wont be done automatically 24/7.
If I become paranoid enough to put in the effort, I'll just get a VPS instead and encrypt the shit out of it.
Seriously though, if you don't play ball with the NSA, they come after you, your business, and your family with the full weight of the US government. Your wealth or status means nothing against it.
Which means, as a parent, I can relate.
Yes, you and I can sit here on my keyboard and say we would have stood our ground, but when you have a children and a mortgage, suddenly things are very different. Suddenly, you think that maybe fighting this one particular fight isn't worth the damage to you and your family.
That, my HN friends, is why the whole NSA PRISM thing is so evil and why it outrages us: Even those normally beyond the law (the rich and famous) are suddenly victims like the rest of us.
Microsoft, despite denials, appears to be in bed with the NSA. Apparently all encryption and other methods to keep documents and discussions private are bypassed and accessible by the NSA and whomever it is working with.
With that said, do you really want to buy a Microsoft product?
Notice the words appears and apparently. Until there is specific evidence to take those two words away from those sentences, hardly anything will change.
I don't think native MS apps running on a local machine are a risk, I imagine (with a little nieviety) that if MS apps/OS were phoning home on a regular basis with the content of ones documents - someone would have noticed and raised a flag (or did I miss it). Nor is exchange BCC a copy to the NSA - again someone would have noticed. Cloud services excluded.
PS. It's *buntu that spins my propeller.
PPS. I'd be interested in what RMS has to say, not just about MS in this case but the whole PRISM/NSA thing in general - he has been warning us.
Windows natively has several data collecting operations on any machine with Windows installed.
Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Each update, a summery of all installed packages are collected and sent to Microsoft in order to "improve the experience".
WAT collects your hardware specification, including the serial number of your hard drive.
Each time you connect your operative system to the Internet, it calls home to a Microsoft server to check if the connect works. Its doubtful that they throw away the logs from this.
Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Microsoft word (and Outlook?) do also collect information, but it is supposed to be optional. I don't remember if its on by default, but I am rather sure it is.
Then we have semi-native application such as massager or skype. Both has messages being "scanned".
>Each time you visting a page, IE sends the URL over to be "checked" by Microsoft.
Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
The ones you mentioned about Updates is also true for Chrome updates. [1]
>Microsoft can forceable push new executable code as updates, regardless if settings has turn of updates.
Any source on this?
>Microsoft word (and Outlook?) do also collect information.
With Office 365, this is more or less a reality.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned".
Are you talking about URL scanning? So does FB, Gchat etc. Expect your messages to scanned or stored no matter what 3rd party service you use. Always use client-side encryption for secure communication.
The most important one you left out is SkyDrive. I remember installing it on my computer and then signing onto the web interface to find out I could even access files outside of my sync directory. Sure you can turn "off" the feature, but I promptly uninstalled it instead.
I don't trust Microsoft with privacy in the cloud but neither do I with any other 3rd party.
>Then we have semi-native application such as massager or skype. Both has messages being "scanned". - Are you talking about URL scanning? So does FB, Gchat etc.
The OP talked about native MS apps as being risk free. Just because FB and Gchat also do bad thing, doesn't make someone else applications less risky to use.
> Huh? Are you talking about hashes being sent for malware check similar to the ones in Chrome or Firefox? If not its a serious privacy issue.
Hashing the URLs won't give you any privacy, because the set of used URLs is public and relatively small. Also, I'm not aware of Firefox doing that, are you sure about it?
At IE and Chrome, sending that data is optional. It's neither opt-in nor opt-out. The browser makes a question at the first use, and you must select one option. IE's question is a bit biased toward a "opt-in or you'll get phished", but there is no reason to think that wording is malicious - one can even claim it's true.
Besides all that, MS sends all known vunerabilities of it's products to the NSA long before either publishing or fixing them. That's enough to give the NSA administrative priviledges on Windows machines.
I might have clicked through it. I guess I am still paranoid since you can re-enable it on the web, its not a client controlled setting. Surely someone could take advantage, not just the NSA but even a hacker breaking into your Outlook.
>Nor is exchange BCC a copy to the NSA - again someone would have noticed.
True, but what about Windows Phone vs. Android (with Google's apps, not just a FOSS build like Replicant) vs. Apple? Which is the lesser evil for your privacy?
Ah yes, well - OK I'd be thinking, given recent history, Windows Phone would be high on my list of most likely to be evil, but in the back of my mind is always, its the carrier that holds the cards there. But u have a point I had not considered - the mobile arena. What one would you consider the lesser evil?
With Google's apps? I've already mentioned Replicant (http://replicant.us/) in my original post. Replicant is a fully-FOSS Android distribution based on CyanogenMod.
But WHAT, exactly, can't we trust? I've seen NO technical detail to any of these discussions, yet there are a number of sub-systems that might be compromised:
- low-level crypto APIs (the 'DLLs' referred to obliquely in the article); these are more interesting. I imagine they could be compromised for weak session key generation or other leakage of key / plaintext, or generate the session key in such a way that the mythical 'NSAKEY' can decrypt it. Huge impact, if so, but only to certain software; AFAIK Mozilla doesn't use the Windows crypto API / certificate key store (but Chrome does).
- SSL certificate generation (built-in CA for Windows Server builds); certificates stored and replicated via Active Directory; does anyone actually use this? In fact, does anyone actually use client SSL? It is likely also used for domain peer replication, which could potentially be over an external network (but why would you not use a VPN there?)
- Encrypted File System; already contains an escrow key-recovery mechanism to allow administrators (including domain admins) to recover a lost user key. Only likely to be relevant if hard disk or backup images seized, so less impact.
- BitLocker drive encryption; similar to EFS but uses a hardware TPM and is per-machine rather than per-user. Fairly sure escrow key recovery at the domain level is possible here too. Again, only likely to be relevant if hardware or backups seized.
- Office document encryption; did anyone SERIOUSLY think this was worth using anyway? There are so many key recovery services out there for this (Elcomsoft et al)
- Communications applications (Skype et al); again, did anyone SERIOUSLY think this wasn't already being monitored, even before Skype became a Microsoft product?
- Some other OS-level 'phoning-home' behaviour. I simply don't believe that no-one has spotted this happening, if it's there - we can do traffic analysis too, and there are plenty of people running Wireshark on their own networks.
How do you know Wireshark isn't compromised? Further, MS does phone home all the time to check for updates and so on. If something extra was hidden in there would we know?
As for updates, I imagine if you set up a domain you can run your own WSUS update server, MITM the connection, etc. - and then compare the behaviour with a "regular" home PC.
The problem really is how deep the hole goes - as per Ken Thompson "Reflections on Trusting Trust", 1984.
Any serious discussion of moving US businesses off Microsoft stalls when it reaches the "non technical" departments.
I put "non technical" in quotes because many of the people in HR, Accounting, Marketing, etc. are very tech-savvy. Marketing folks, for example, would love an all-Mac office setup, but they generally have to have Windows PCs for Powerpoint, Visio, and CRMs, to name a few. HR needs their IE6 in-house apps. Accounting can't even hire anybody who wants to try getting their work done on a Mac.
I realize I'm not even talking about Linux here; I think that just underscores my point.
Does anyone have a counterexample? Because I would pay top dollar for a Linux solution to these problems, but haven't seen anything worth buying.
Your problem isn't technical, it's financial. Moving away from Windows and Office means converting all the organisation's documents to another format, re-training users in the new OS and productivity suite, re-writing VBA scripts (which often doesn't work well).
Then you'd have to de-couple the entire organisation from Active Directory. And refactor (at best) or re-write (at worst) all custom in-house apps that rely on either Windows or Active Directory.
>I realize I'm not even talking about Linux here; I think that just underscores my point.
I've seen about 10-20% Linux use and about 0% Mac use in industry (Finance - Buy and Sell side). YMMV.
Linux is incredibly popular because people claim (rightly or wrongly) that they can have a lower latency setup. R-Project is very popular with people because they can have engineers customise it in ways not possible with Mat Lab.
But at the end of the day it all falls back down to MS Excel.
Apple don't have any enterprise ready tools for managing a system of 50,000+ client PCs and 30,000+ servers. So they don't get a look in, save the few iPads that are just perks and never used for any work that I've noticed.
One wonders how tainted Linux is, if one considers systems including SELinux. Yes, I realise the point of SELinux is to make it more secure, but the association with the NSA (they created it) makes it very difficult to trust.
From Quality control section: "Some of the world's best developers will be going over your source code with a fine comb. This may be embarrassing for a few days or weeks, but in the end the code tends to work better and be more easily maintained. In some cases the upstream developers have made network and storage drivers 30% faster, making the hardware more attractive to customers."
It's definitely better then not open source, but still I'd love to know more about those "world's best" developers and who pays them.
Open source is the necessary but not the sufficient condition. It needs to be reviewed by independent people, otherwise the open source part is useless.
Sure, but all the leaks so far are about cases where your data is already going through Microsoft services. If there were any evidence that there was a backdoor in Windows itself, or in any Microsoft software, then you'd have a point.
Actually, why nobody mention anything about Intel and Cisco? I would image it would be much more effective to build backdoor to network appliances if you want to spy someone.
True, but if the network traffic between you and, say Office 365, is encrypted, the NSA would need to decrypt that. It'd be so much easier if Microsoft just handed over the actual, unencrypted, files. I can easily imagine the NSA login screen for Microsoft's PRISM interface with a "Yes, I have a proper court order" checkbox under the password field.
Uh, I might sound like a clichy old grumper but is this really any news since the 90's which is when Microsoft found the internet?
It's practically been the operative description of Microsoft for decades that they're interested in profits (and potential profits in certain circles disjoint from the end users), not the privacy or security of their users.
"So the first news I see regarding Microsoft today is that Ballmer refuses to talk about the company's wearable computing strategy. My first thought was, "This is its priority? Wearable computers? So it can spy on your day-to-day activities?" The next story I read was about how Microsoft is going to reshuffle the organization, which prompted me to wonder, "Re-org? Why? So it can put some intelligence agency folks in charge?""
Seems like Microsoft has a lot of issues to worry about. Doing a reorg when the company is struggling just to put an agency person in charge seems like a lot of work. Why not just put them in charge in a small internally announced move?
The reason is obvious in China. Google is blocked by GFW, but Bing is not. So, there must be some dirty business between Microsoft and government of China. If Microsoft can do this in China, they can do this anywhere, even in USA.
The dirty business is that Microsoft is willing to cooperate with the Chinese government and censor its search results. Google publicly pulled out of China precisely because it was unwilling to do that. Even so, China did renew Google's Internet license, and they do run ditu.google.cn (un-offsetted maps, possibly only accessible from within China).
Google is not actually blocked by the firewall. Gmail is slow, occasionally lots of dropped packets, and other passive-aggressive behavior, but not blocked. Search generally works ok, unless, say, you are a tourist searching for information about a certain popular tourist destination in the center of Beijing. Groups, Docs, and other free exchange of information services are blocked, though.
Censor its search results? You mean Microsoft cope with the government to filter the result. Great! Today they filter the results. Tomorrow they will share the user data with government.
You are right, Google is not actually blocked by GFW. If you search something the government think it's sensitive (just they think), they will block you from Google for serveal minutes. After that, you can connect to Google again. I say, what the hell is that? Fuck the government.
The fact that the url of this article ends in .asp kind of makes me laugh a little. Although I would love to see movement away from Microsoft products, its clearly much more difficult than the article makes it out to be.
I'm a fan of Steve Jobs and Bill Gates, so it's sad to see when a company's founder steps down. I feel like the ambition and drive sometimes disappear...then bottom line and dividends matter over pride.
Windows should be banned in all countries except America. Open source OS is the only way to go. I'm not saying Linux since it's not exactly the most non technical friendly OS for people requiring more than basic usage but windows definitely isn't the OS for the future and it needs to die.
>Windows should be banned in all countries except America. Open source OS is the only way to go.
That is a very close minded way to look at things. Closed Source does not always = Evil and Opensource does not always = Secure. Competition and choices should always be sought for. Without competition, stagnation is as prevalent in open-source community as in closed source. I rather have the right to choose between a Mac, Windows or a Linux variant than someone making the choice for me.
unfortunately, the inertia is too big for any single organization to stop. If you have a business selling software, it would be borderline insane to not target windows as a platform. You may target others, but you _must_ target windows, or basically, get no business. If, or when your resources are limited, you only target windows.
So the problem is perpetuated - windows is the only platform that is basically guarenteed to have a market. So as a user of software, you'd stick to windows, and as a maker of software, you'd stick to making software for windows. Other platform is almost an afterthought. Unless web based software radically changes (i need to unzip a file - what web based software will do that for me?), this will not change.
If you upload a .zip file (don't know about the other formats) to Google Docs, it can access its content.
There are probably other services/tools, because technically, there's nothing stopping you from unzipping files in the cloud, or in web based software. It's just the matter of uploading something and then downloading the content after it's been unzipped on the remote server. So it's just more expensive in terms of network traffic.
The availability of the tools that do that, other than Google Docs, is another thing. Honestly wouldn't know, don't recall ever needing it before.
I don't think any large company has any choice in the matter. And this article targeting Microsoft. Apple is doing the same exact thing, who cares if they signed on afterwards? All the major tech companies are, and no one is going to stop using any of them. Get real.
When a company does what's asked of it by a government and people are upset with the company something's seriously wrong. A company's main priority is typically to make money within the bounds of the law. A government's should be to improve the quality of life and uphold the moral values of its citizens.
I have a feeling had Apple been first on board rather than last the journalist would argue that Microsoft were evil for not complying with a government request and that Apple clearly had the vision to help the nation's security, but maybe that's just me?
Be that as it may, I cannot change your government. I can, however, stop relying on any of the companies who are complicit in spying on me.
The problem here is the divide between national government and international corporations, where the corporations' actions influence far more people than the direct actions of the national government.
I cannot exert any influence over a government that isn't mine, but I can decide which companies I support and entrust with my data and business. Your dichotomy of government vs company is therefore not correct. I can (and should) be upset about both.
Hopefully in your thinking there's some limits to what the company would do when asked of it by the gov't. For me it would be anything obviously against the spirit of the Constitution.
Agreed. My argument was that the government asking the company to do something immoral would be more of a concern to me than the company doing it, since the government is supposed to hold a position of trust with its society whilst the company is generally assumed to represent its owners and/or investors interests.
Trust or not, I'm still writing code today for the 95% of people that are running Windows and Office. The irony is that the code interfaces to PGP/GPG...
AFAIK, if you control the layer 1 fiber lines, it doesn't matter the OS, the vendor or the application in question. NSA will intercept your data while on transit. Of course, if you can have DLLs packaging everything the way you like, appending the right file extensions and cleaning all the metadata... that's more than welcome.
Apple, on the other hand, could have come out smelling like a rose, but following the death of Steve Jobs, who apparently refused to play ball with the NSA, it stupidly jumped on board to join the PRISM club.
According to the Prism slides, it really looks so:
Steve Jobs: February 24, 1955 – October 5, 2011.If it's true, it's one reason more to deeply admire him.
And can you just imagine how much more sales Apple would get now for not being on that list?