If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Ars Technica)   Google to NSA: Fark You   (arstechnica.com) divider line 83
    More: Spiffy, NSA, Google, private networks, AdWords, Picasa, Google Talk, GCHQ, user agents  
•       •       •

6166 clicks; posted to Geek » on 06 Nov 2013 at 5:22 PM (42 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



83 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

First | « | 1 | 2 | » | Last | Show all
 
2013-11-06 10:14:05 PM
MrEricSir: Amazing how Google was totally fine with handing data to spies -- until they were caught.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
2013-11-06 10:25:14 PM
Google: We can spy on everything you do, but damned if we're going to give away the info.
 
2013-11-06 10:32:09 PM

Shrugging Atlas: Everytime I see one of these leaked slides I just have to wonder how an organization like the NSA can't bring in a single unpaid intern to do a better job at making them.


Finding an unpaid intern with the necessary security clearances might be a problem.
 
2013-11-06 11:41:54 PM
"Fark" you, NSA. ;)
 
2013-11-07 12:11:15 AM
The next step is for Google and the other big tech companies to refuse court orders for data and make every request public. If the feds want to shut down these companies for doing so, good farking luck surviving the onslaught of angry internet users.
 
2013-11-07 12:14:59 AM

flondrix: Shrugging Atlas: Everytime I see one of these leaked slides I just have to wonder how an organization like the NSA can't bring in a single unpaid intern to do a better job at making them.

Finding an unpaid intern with the necessary security clearances might be a problem.


Considering Bradley Chelsea Manning was a first rank private, it's not nearly as hard as it should be. Snowden's background check was cheap/sloppy as hell, too.
 
2013-11-07 12:15:13 AM

cyberspacedout: You'd think, if they were sending unencrypted data, that the NSA would be the least of their worries.


Sending unencrypted data isn't a problem if you trust the owner of the connection between them. It's not like DC to DC traffic is going though random WiFi networks. They probably didn't care that much about spys hacking in until the Snowden leaks made them look bad.
 
2013-11-07 12:17:41 AM

Veritas: aendeuryu: Veritas: sethen320: Ah, the last bastion of privacy...Google.

*snicker*

Hah. Yeah I was thinking the same thing. NOW Google is all pro-privacy?

They're banking on the same thing the government is -- that people are too stupid to have a memory of their complicity in NSAs activity.

If recent history is any indication, this is a smart strategy.

Yep. What sucks is, it'll work.


With all the contraversy rolling out of the news cycles the NSA never shutdown their programs. Nothing has really changed and is doubtful that it will.
 
2013-11-07 12:19:43 AM

blue_2501: oryx: I'll be surprised if they say it again to the NSA when it demands Google hand over the encryption key.

This isn't LavaMail with a shiatty GoDaddy hosting service.  Google has as much influence and power as the government.  I doubt they would roll over when the NSA asks for anything.  All they have to do is broadcast a statement about what the NSA is trying to do and the media has another shiatstorm to descend on.

After all, this is the company that gets 10 to 20 different articles published about changing their Gmail icon.

Encryption key?  They would handle it over and create a new one in the same breath.  "Oh, you wanted to actually USE that key?  Frak you!"


fark, they own the biggest internet advertising platform in the world. They could make the announcement as a banner ad and let the whole world know what's going on without having to deal with the MSM shills.
 
2013-11-07 12:27:55 AM
So um let me get this straight...google is mad cuz someone is viewing their data...googles whole damn business model is about selling your data...they are just made cuz they couldn't sell it to the NSA and had to give it away for free
 
2013-11-07 01:09:03 AM
It really doesn't matter. We need to apply the 4th Amendment to digital communication.

I've been biatching about this since Carnivore:

http://en.wikipedia.org/wiki/Carnivore_%28software%29

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Add digital communication to the 4th Amendment, problem solved.
 
2013-11-07 01:24:56 AM
I'm tired of fighting. I welcome our new overlords.

I'm just a prole now. Give me some Government Cheese and an Obama Phone.

Best Regards,

Bernard Marx
 
2013-11-07 01:43:53 AM
As someone who works with data provided by google and yahoo/m$, yea. This won't last, they want money. They could care less about privacy and do care about what you do online. Hell, look at where the favorite websites you visit have analytics coming in from.

/Here you go folks.
//Should help some.
 
2013-11-07 01:52:55 AM

SearchN: As someone who works with data provided by google and yahoo/m$, yea. This won't last, they want money. They could care less about privacy and do care about what you do online. Hell, look at where the favorite websites you visit have analytics coming in from.

/Here you go folks.
//Should help some.


You're joking, right? Tor has been exposed. NSA backdoored it when it was being created. In other words,

static.comicvine.com
 
2013-11-07 01:55:41 AM
Data may be encrypted between data centers, but when google opens the door and lets them install boxes in the d.c. that really doesn't matter now does it.


//// idiots really believe this PR bullshiat?
 
2013-11-07 01:57:56 AM
ToastTheRabbit

I read that as "Google has more money than our government so they can drag them through court"
Rrrriiiight. The company with the motto "If you're not doing anything wrong, what are you afraid of" is going to dump cash to protect your privacy? Are you seriously that delusional, or did I miss the joke?
 
2013-11-07 02:05:51 AM

spyderz343: So um let me get this straight...google is mad cuz someone is viewing their data...googles whole damn business model is about selling your data...they are just made cuz they couldn't sell it to the NSA and had to give it away for free


They don't sell your data, they use it to better serve you ads that you might quick which earns them more money than simply displaying it.
 
2013-11-07 02:52:01 AM

untaken_name: SearchN: As someone who works with data provided by google and yahoo/m$, yea. This won't last, they want money. They could care less about privacy and do care about what you do online. Hell, look at where the favorite websites you visit have analytics coming in from.

/Here you go folks.
//Should help some.

You're joking, right? Tor has been exposed. NSA backdoored it when it was being created. In other words,

[static.comicvine.com image 850x478]


Please stop spreading misinformation.  You do not know what you are talking about.  Everyone always reads these "so and so busted while using TOR" articles and think they have some pronounced understanding of TOR.  Of course those articled almost always tend to do a very poor job of explaining anything at all, or themselves provide misinformation.

TOR remains secure.  Those who have been taken down have been done so by means that have nothing to do with a weakness of TOR.  Use it properly and you will be fine.  Of course that does require educating yourself on how to properly use TOR.
 
2013-11-07 03:11:43 AM

bk3k: untaken_name: SearchN: As someone who works with data provided by google and yahoo/m$, yea. This won't last, they want money. They could care less about privacy and do care about what you do online. Hell, look at where the favorite websites you visit have analytics coming in from.

/Here you go folks.
//Should help some.

You're joking, right? Tor has been exposed. NSA backdoored it when it was being created. In other words,

[static.comicvine.com image 850x478]

Please stop spreading misinformation.  You do not know what you are talking about.  Everyone always reads these "so and so busted while using TOR" articles and think they have some pronounced understanding of TOR.  Of course those articled almost always tend to do a very poor job of explaining anything at all, or themselves provide misinformation.

TOR remains secure.  Those who have been taken down have been done so by means that have nothing to do with a weakness of TOR.  Use it properly and you will be fine.  Of course that does require educating yourself on how to properly use TOR.


Sorry, Officer. I think I'll stick to sneakernet.
 
2013-11-07 03:37:18 AM
NSA to Google:  "how cute, you think you can keep us out"
 
2013-11-07 05:09:26 AM

untaken_name: bk3k: untaken_name: SearchN: As someone who works with data provided by google and yahoo/m$, yea. This won't last, they want money. They could care less about privacy and do care about what you do online. Hell, look at where the favorite websites you visit have analytics coming in from.

/Here you go folks.
//Should help some.

You're joking, right? Tor has been exposed. NSA backdoored it when it was being created. In other words,

[static.comicvine.com image 850x478]

Please stop spreading misinformation.  You do not know what you are talking about.  Everyone always reads these "so and so busted while using TOR" articles and think they have some pronounced understanding of TOR.  Of course those articled almost always tend to do a very poor job of explaining anything at all, or themselves provide misinformation.

TOR remains secure.  Those who have been taken down have been done so by means that have nothing to do with a weakness of TOR.  Use it properly and you will be fine.  Of course that does require educating yourself on how to properly use TOR.

Sorry, Officer. I think I'll stick to sneakernet.


Too bad your shoes have been embedded with GPS tracking.  Sneakernet is compromised!  LOL.

If I was an officer, I would very much deserve to get fired.  But enough about that.

I have no doubt that the NSA and several other branches of US Government would very much like the common man to believe TOR and encryption is completely useless.  It makes their jobs much easier if everyone gives up and accepts their surveillance state as inevitable and unstoppable..  Rest assured our spies still use it because when used properly it does work.

TOR works.  TrueCrypt and PGP work.

As for TOR having a backdoor - it doesn't.  If you doubt this, source code is readily available and I assure you many paranoid people check it.  The people who get caught are the ones who do not understand how it works and/or how to be secure.  As for the big mentioned bust of certain TOR users - sites was loaded with malicious code to execute a browser exploit to run Javascript which will call home outside of TOR to identify who was connecting to it.  Any regular (non TOR hidden services) site could be loaded just the same with such exploits.  The best part is - those who had javascript disabled (as any well versed TOR user would do) where not compromised even if they went to a Freedomhosting website (the hosting provider that got compromised by the NSA) after they had been compromised.  Also those who had up to date Tor Browser bundles (released a month before the exploit happened) where not vulnerable even if they foolishly had Javascript enabled.

This was in no way a flaw in TOR.  But even TOR cannot protect people from their own incompetence.
 
2013-11-07 07:01:38 AM

blue_2501: oryx: I'll be surprised if they say it again to the NSA when it demands Google hand over the encryption key.

This isn't LavaMail with a shiatty GoDaddy hosting service.  Google has as much influence and power as the government.  I doubt they would roll over when the NSA asks for anything.  All they have to do is broadcast a statement about what the NSA is trying to do and the media has another shiatstorm to descend on.

After all, this is the company that gets 10 to 20 different articles published about changing their Gmail icon.

Encryption key?  They would handle it over and create a new one in the same breath.  "Oh, you wanted to actually USE that key?  Frak you!"


Depending on how their encryption is set up they can hand over the key anyway, doesn't matter how much encrypted traffic the NSA have saved.  Considering that Google use Perfect Forward Secrecy (PFS) for their HTTPS sites to the public, it's highly likely they're using PFS for their internal enryptions.  The private keys mean bugger all for historical recorded encrypted data as the data is actually encrypted using ephemeral session keys.

HempHead: Google does not own a data center in England. They rent space. GCHQ has the data center install taps for access to a Googles servers.

Encryption between data centers is pointless.


Yes, they rent space.  They do not however run their data over the DC's networking.  When you rent DC space on a large scale, you are literally renting space, and power, hell even if you only rent 1 rack you generally have to provide your own LAN infrastructure.  They'll fill it with their own racks/servers/switches etc, especially as Google doesn't use off the shelf networking kit, they build their own switches etc.  Even if the DC is providing the external connectivity to the rented DC, all Google has to do is have their encryptors as the demarcation point of their network.

Anyway, most of Google's presence in the British Isles is in Ireland, in their own DC.
 
2013-11-07 10:28:17 AM

Pinko_Commie: blue_2501: oryx: I'll be surprised if they say it again to the NSA when it demands Google hand over the encryption key.

This isn't LavaMail with a shiatty GoDaddy hosting service.  Google has as much influence and power as the government.  I doubt they would roll over when the NSA asks for anything.  All they have to do is broadcast a statement about what the NSA is trying to do and the media has another shiatstorm to descend on.

After all, this is the company that gets 10 to 20 different articles published about changing their Gmail icon.

Encryption key?  They would handle it over and create a new one in the same breath.  "Oh, you wanted to actually USE that key?  Frak you!"

Depending on how their encryption is set up they can hand over the key anyway, doesn't matter how much encrypted traffic the NSA have saved.  Considering that Google use Perfect Forward Secrecy (PFS) for their HTTPS sites to the public, it's highly likely they're using PFS for their internal enryptions.  The private keys mean bugger all for historical recorded encrypted data as the data is actually encrypted using ephemeral session keys.

HempHead: Google does not own a data center in England. They rent space. GCHQ has the data center install taps for access to a Googles servers.

Encryption between data centers is pointless.

Yes, they rent space.  They do not however run their data over the DC's networking.  When you rent DC space on a large scale, you are literally renting space, and power, hell even if you only rent 1 rack you generally have to provide your own LAN infrastructure.  They'll fill it with their own racks/servers/switches etc, especially as Google doesn't use off the shelf networking kit, they build their own switches etc.  Even if the DC is providing the external connectivity to the rented DC, all Google has to do is have their encryptors as the demarcation point of their network.

Anyway, most of Google's presence in the British Isles is in Ireland, in their own DC.


GCHQ is the UK's version of NSA. Snowden documents show the GCHQ has installed equipment *inside* data centers.

Google DB is replicated, so the London contains a *full* copy of all user data.

Encrypting data lines is pointless, so pointless the NSA hasn't bothered to complain or compel Google to stop.
 
2013-11-07 10:56:06 AM

mcreadyblue: GCHQ is the UK's version of NSA. Snowden documents show the GCHQ has installed equipment *inside* data centers.

Google DB is replicated, so the London contains a *full* copy of all user data.

Encrypting data lines is pointless, so pointless the NSA hasn't bothered to complain or compel Google to stop.


I don't think you're getting it.  A DC is just a big building with air-con and data lines coming into it.  When you're a big organisation you are basically hiring a big secured room (or multiple rooms) with power feeds, aircon feeds, and *maybe* external data lines.  Everything that goes inside your area is your own kit.  Yes GCHQ could have taps on the DC external data lines, which belong to the DC, but all they will see is the encrypted data coming out of the Google kit.

The likelihood is that Google commission their own links into the DC (unless they have space in LINX or GlobalSwitch)

Also, I highly doubt that their London DC has a replica of everything.   These are their main worldwide DC's, there is no way on earth that Google have a major DC in central London, it would cost a fortune, that's why major DC's are built on greenfield sites in the middle of nowhere.

If they're sensible they'll encrypt anything that goes across any media that they do not own, or cannot physically inspect along the entire length.  Unless the security services are actually installing taps directly into each of Googles racks then encryption WILL work.

/unless there's actually a back-door in the encryption itself, then all bets are off.
 
2013-11-07 12:13:56 PM

cyberspacedout: cheer: cyberspacedout: You'd think, if they were sending unencrypted data, that the NSA would be the least of their worries.

They were sending the data over their internal network, not the Internet.  Most companies don't encrypt all of their data, just sensitive stuff (customer info, payment info, healthcare-related stuff, and so on).

When the article said "between its data centers," I assumed it meant different buildings that aren't on the same property. Wouldn't they transmit data from their internal network over the series of tubes that is the internet?


No.  Either they buy/lease point-to-point circuits from telecom companies, or they buy MPLS network services.  Either way, these are not Internet-based connections we're talking about.
 
2013-11-07 01:15:26 PM

fluffy2097: Google, you farking noobs.

You're not running a neighborhood network anymore. You're playing with the big boys now. World governments.

You think they're not going to tap your networks out of respect for how much money you make? They farking print money.

They're upset because they are "the greatest hackers in the world", and they have been owned for years now without any idea.

/Rude awakening.


Yeah, man. Google.com can't hold a candle to IT marvel that healthcare.gov.

/Poe's law
 
2013-11-07 02:14:08 PM

Oysterman: Yeah, man. Google.com can't hold a candle to IT marvel that healthcare.gov.


Healthcare.gov was setup by the lowest bidder, during a government shutdown, and was not actually appropriated any funding. Funds had to be pulled from other parts of department budgets to make that disaster.

A nuclear submarine however, is funded by the US navy, and has all the time in the world to float down to the bottom of the ocean and tap a fiber optic line without anyone knowing.

You forget that the military, and military intelligence is something that we spend a LOT more time and money on, then something like healing the sick or feeding the poor.
 
2013-11-07 03:32:21 PM

oryx: I'll be surprised if they say it again to the NSA when it demands Google hand over the encryption key.


There are types of encryption systems where the two ends negotiate the key on the fly without any external entity knowing what it is. Design it to destroy keys automatically when the transactions are done and to keep no record, and Google could legitimately say, "Sorry, we don't have them."
 
2013-11-07 03:37:26 PM

Pinko_Commie: mcreadyblue: GCHQ is the UK's version of NSA. Snowden documents show the GCHQ has installed equipment *inside* data centers.

Google DB is replicated, so the London contains a *full* copy of all user data.

Encrypting data lines is pointless, so pointless the NSA hasn't bothered to complain or compel Google to stop.

I don't think you're getting it.  A DC is just a big building with air-con and data lines coming into it.  When you're a big organisation you are basically hiring a big secured room (or multiple rooms) with power feeds, aircon feeds, and *maybe* external data lines.  Everything that goes inside your area is your own kit.  Yes GCHQ could have taps on the DC external data lines, which belong to the DC, but all they will see is the encrypted data coming out of the Google kit.

The likelihood is that Google commission their own links into the DC (unless they have space in LINX or GlobalSwitch)

Also, I highly doubt that their London DC has a replica of everything.   These are their main worldwide DC's, there is no way on earth that Google have a major DC in central London, it would cost a fortune, that's why major DC's are built on greenfield sites in the middle of nowhere.

If they're sensible they'll encrypt anything that goes across any media that they do not own, or cannot physically inspect along the entire length.  Unless the security services are actually installing taps directly into each of Googles racks then encryption WILL work.

/unless there's actually a back-door in the encryption itself, then all bets are off.


According to this article from 4 years ago (http://www.theguardian.com/technology/blog/2009/may/31/google-data-ce nter-building-locations) Google has a data center in London.

According to the Google data center FAQ, there isn't one in London, the nearest is Dublin.

Hmmmm.....
 
2013-11-07 03:52:17 PM
US: "Give us the keys or we'll let Ireland close the tax loophole and you'll never get an H1B visa again."
Google: "Here you go. Sorry about that. Also, we fired Downey and Hearn for you. Anything else you need, Sirs?"
 
2013-11-07 03:59:11 PM

mcreadyblue: Pinko_Commie: mcreadyblue: GCHQ is the UK's version of NSA. Snowden documents show the GCHQ has installed equipment *inside* data centers.

Google DB is replicated, so the London contains a *full* copy of all user data.

Encrypting data lines is pointless, so pointless the NSA hasn't bothered to complain or compel Google to stop.

I don't think you're getting it.  A DC is just a big building with air-con and data lines coming into it.  When you're a big organisation you are basically hiring a big secured room (or multiple rooms) with power feeds, aircon feeds, and *maybe* external data lines.  Everything that goes inside your area is your own kit.  Yes GCHQ could have taps on the DC external data lines, which belong to the DC, but all they will see is the encrypted data coming out of the Google kit.

The likelihood is that Google commission their own links into the DC (unless they have space in LINX or GlobalSwitch)

Also, I highly doubt that their London DC has a replica of everything.   These are their main worldwide DC's, there is no way on earth that Google have a major DC in central London, it would cost a fortune, that's why major DC's are built on greenfield sites in the middle of nowhere.

If they're sensible they'll encrypt anything that goes across any media that they do not own, or cannot physically inspect along the entire length.  Unless the security services are actually installing taps directly into each of Googles racks then encryption WILL work.

/unless there's actually a back-door in the encryption itself, then all bets are off.

According to this article from 4 years ago (http://www.theguardian.com/technology/blog/2009/may/31/google-data-ce nter-building-locations) Google has a data center in London.

According to the Google data center FAQ, there isn't one in London, the nearest is Dublin.

Hmmmm.....


They could move one in 4 years...
 
2013-11-07 04:58:34 PM

waterrockets: mcreadyblue: Pinko_Commie: mcreadyblue: GCHQ is the UK's version of NSA. Snowden documents show the GCHQ has installed equipment *inside* data centers.

Google DB is replicated, so the London contains a *full* copy of all user data.

Encrypting data lines is pointless, so pointless the NSA hasn't bothered to complain or compel Google to stop.

I don't think you're getting it.  A DC is just a big building with air-con and data lines coming into it.  When you're a big organisation you are basically hiring a big secured room (or multiple rooms) with power feeds, aircon feeds, and *maybe* external data lines.  Everything that goes inside your area is your own kit.  Yes GCHQ could have taps on the DC external data lines, which belong to the DC, but all they will see is the encrypted data coming out of the Google kit.

The likelihood is that Google commission their own links into the DC (unless they have space in LINX or GlobalSwitch)

Also, I highly doubt that their London DC has a replica of everything.   These are their main worldwide DC's, there is no way on earth that Google have a major DC in central London, it would cost a fortune, that's why major DC's are built on greenfield sites in the middle of nowhere.

If they're sensible they'll encrypt anything that goes across any media that they do not own, or cannot physically inspect along the entire length.  Unless the security services are actually installing taps directly into each of Googles racks then encryption WILL work.

/unless there's actually a back-door in the encryption itself, then all bets are off.

According to this article from 4 years ago (http://www.theguardian.com/technology/blog/2009/may/31/google-data-ce nter-building-locations) Google has a data center in London.

According to the Google data center FAQ, there isn't one in London, the nearest is Dublin.

Hmmmm.....

They could move one in 4 years...


I have no doubt that they have some sort of DC facility in London, but it's not going to be anywhere on the scale of the major 13 DC's.  Even Google couldn't afford the real estate to do that in Central London.  I suspect they probably have space at GlobalSwitch in Docklands where they connect into the major peering backbones, but it's all guesswork on my part.
 
2013-11-07 05:04:37 PM

jjorsett: oryx: I'll be surprised if they say it again to the NSA when it demands Google hand over the encryption key.

There are types of encryption systems where the two ends negotiate the key on the fly without any external entity knowing what it is. Design it to destroy keys automatically when the transactions are done and to keep no record, and Google could legitimately say, "Sorry, we don't have them."


(Perfect) Forward Secrecy.

Google already use it for their HTTPS traffic to their public websites.  If the session key is compromised, you cannot use it to decrypt anything else.
 
Displayed 33 of 83 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report