[HN Gopher] XKeyscore
___________________________________________________________________
XKeyscore
Author : belter
Score : 63 points
Date : 2025-12-07 20:54 UTC (2 hours ago)
(HTM) web link (en.wikipedia.org)
(TXT) w3m dump (en.wikipedia.org)
| apt-get wrote:
| How relevant is this (and the NSA's general spying capability) in
| 2025?
|
| We hear a lot about local agencies perusing the services of
| private companies to collect citizens' data in the US, whether
| that's traffic information, IoT recordings, buying information
| from FAANG, etc. What's the NSA's position in the current
| administration? (e.g. we've heard a lot of noise in the past
| about the FBI and CIA getting the cold shoulder internally. I
| wonder how this applies to the NSA.)
| monerozcash wrote:
| NSAs collection capabilities have been greatly degraded. They
| can no longer read all internet traffic, basically everything
| is encrypted now.
|
| NSA does not have magic tools to break modern encryption.
| themafia wrote:
| So instead of collecting at AT&T Room 631 you now collect at
| Google Room Whatever.
|
| The NSA has spent no small amount of time in the last decade
| obviously interfering with NIST and public encryption
| standards. The obvious reason is they _want_ to have the
| magic tools to break some modern encryption.
| monerozcash wrote:
| >So instead of collecting at AT&T Room 631 you now collect
| at Google Room Whatever.
|
| Even if true, significantly degraded. Probably not true
| though, NSA has been very leaky and such a story would be
| kind of devastating for Google. NSA lacks the legal
| capability to force Google to do so, the money to bribe
| Google to do so and also almost certainly lacks the
| political backing to put one of the biggest US companies in
| such a position.
|
| I don't doubt for a second that NSA could hack Google (or
| just bribe employees with appropriate access) and break
| into specific Gmail accounts if they wanted to. Bulk
| collection would be far more difficult to implement.
|
| >The NSA has spent no small amount of time in the last
| decade obviously interfering with NIST and public
| encryption standards. The obvious reason is they _want_ to
| have the magic tools to break some modern encryption.
|
| They do try, they just haven't been very successful at it.
| themafia wrote:
| Google, along with all other major service providers, has
| a legal portal so law enforcement can process warrant
| orders. I think all you have to do is hack that portal or
| process.
| ls612 wrote:
| It's not Google room whatever, it's Cloudflare room
| whatever. That's why you don't hear much about undermining
| encryption standards anymore, who needs that when you have
| SSL termination for 40% of the internet?
| hollow-moe wrote:
| They surely don't have any kind of access to letsencrypt root
| certs whatsoever
| notepad0x90 wrote:
| 1) They don't necessarily need to break all encryption, just
| knowing who is talking to who and then delivering a tailored
| payload is their M.O.; The Tailored Access Operations
| division exists just for this.
|
| 2) They didn't build a Yottabyte-scale datacenter for no
| reason
|
| 3) They have the capability to compromise certificate
| authorities. Pinned certs aren't universal.
|
| 4) Speculation, but, Snowden's revelations probably set off
| an "arms race" of sorts for developing this capability. Lots
| more people started using Tor, VPNs, and more, so it would
| almost be dereliction of duty on their part if they didn't
| dramatically increase their capability, because the threats
| they are there to stop didn't disappear.
|
| 5) ML/LLM/AI has been around for a while, machine learning
| analysis has been mainstream for over a decade now. All that
| immense data a human can never wade through can be processed
| by ML. I would be surprised if they aren't using an LLM to
| answer questions and query real-time and historical internet
| data.
|
| 6) You know all the concerns regarding Huawei and Tiktok
| being backdoored by the Chinese government? That's because
| we're doing it ourselves already.
|
| 7) I hope you don't think TAO is less capable than well known
| notorious spyware companies like the NSO group? dragnet
| collection is used to find patterns for follow-up tailored
| access.
| themafia wrote:
| You only need to look at a few headline "true crime" cases to
| see the obvious parallel construction that is being done.
| monerozcash wrote:
| Could you be more specific? It's really hard to have an
| useful conversation based on a comment like this, but really
| easy to have one based on a comment which links to specific
| cases and perhaps even explains how the obvious parallel
| construction appears.
| themafia wrote:
| It's a common "conspiracy theory" that this happened in the
| Luigi Mangione case even thought I don't agree he's
| "probably innocent":
|
| https://www.reddit.com/r/LateStageCapitalism/comments/1hlmq
| 3...
|
| The FBI apparently attempted to use this in the Bryan
| Kohberger case:
|
| https://www.nytimes.com/2025/02/25/us/idaho-murders-bryan-
| ko...
|
| It's hard to find solid coverage of this because obviously
| the methods are often hidden and rarely leak out to the
| press at large. The press also gets confused and thinks
| that defending our constitutional rights will lead to
| criminals being acquitted.
|
| If you spend a lot of time watching and studying these
| cases and how they evolve throughout the courts it becomes
| obvious that this is likely occurring more than most people
| realize.
| monerozcash wrote:
| I don't think the Mangione case is a particularly good
| example, you wouldn't use a 911 call by a random
| McDonald's manager to disguise parallel construction.
|
| The caller is easy to identify, how could the government
| ever trust this person to not reveal their parallel
| construction? If they were planted by the government,
| that'd be extremely difficult to hide. The government
| also likely wouldn't be able to compensate them in any
| meaningful way for telling such a lie.
|
| The Kohlberger case also does not suggest parallel
| construction, the DOJ policy isn't binding and the DOJ
| can in fact legally violate that whenever they want.
| monerozcash wrote:
| The most interesting detail about the whole XKeyscore story is
| that it was apparently not leaked by Snowden
|
| https://www.schneier.com/blog/archives/2014/07/nsa_targets_p...
|
| https://www.reuters.com/article/opinion/commentary-evidence-...
|
| https://www.theguardian.com/us-news/2014/oct/11/second-leake...
|
| It is possible that the "second source" and the shadow brokers
| are one and the same.
|
| https://www.electrospaces.net/2017/09/are-shadow-brokers-ide...
|
| https://www.emptywheel.net/2017/09/15/shadow-brokers-and-the...
|
| And here's an interesting tidbit about a _possible_ link between
| TSB and Guccifer 2.0
|
| https://www.emptywheel.net/2020/11/01/show-me-the-metadata-a...
| sdigf wrote:
| Probably a Russian agent like Snowden was.
| monerozcash wrote:
| The USG does not seem to believe that Snowden was a Russian
| agent.
| sallveburrpi wrote:
| You mean a Russian asset like Comrade Krasnov?
| themafia wrote:
| Russia feels it has an interest in informing the American
| public on the depths of illegal behavior of their own
| government?
|
| Why is this a problem?
| i80and wrote:
| I'm not aware of there being a single lick of evidence to
| suggest that kookery, but even if he _was_ a Russian agent,
| he certainly accidentally provided Americans a laudable
| service.
| sdigf wrote:
| Isn't it interesting how Snowden has been so outspoken
| about his childish views on surveillance, but has been
| remarkably quiet about the Russian government's human
| rights abuses or its own surveillance programs.
| monerozcash wrote:
| Not really, he'd be risking whats left of his life by
| doing so.
|
| There's also rather little reason for Snowden to bother
| commenting on the very widely known abuses by Russian
| government, what could he possibly have to offer on that
| topic that hasn't already been said?
| sdigf wrote:
| It demonstrates that his priorities lie with Russia and
| supporting their interests.
| codedokode wrote:
| This is a reminder why all the traffic should be encrypted and
| obfuscated (i.e. no SNI in clear text). Ideally, the traffic
| should be encrypted to resemble a random noise. If you are making
| an app, you can embed public keys and use those to completely
| encrypt traffic, without relying on CAs.
|
| For example, Telegram does this, using a homemade encryption
| protocol that has no clear-text SNI like HTTPS. As I remember,
| WeChat also uses some home-grown form of obfuscation.
|
| As a bonus, this makes it more difficult for telecoms to
| discriminate against certain sites or apps and helps enforce net
| neutrality no matter if they like it or not.
| anonymousiam wrote:
| It's also a reminder that no mater how secure you think you
| are, some third party may have access.
|
| Consider that TAO (or SSF) can probably get through your
| firewall and router, and maybe into the management engine on
| the servers with your critical data.
|
| The only thing you've got going for you is that they will
| (probably) keep your data secure (for themselves).
| jwpapi wrote:
| I mean if I create an offline private key and encrypt my
| message to be only read with my public key and I've learned
| about math and encryption. I can be assured that my receiver
| would need to be compromised.
|
| I don't like these general observation comments. This kind of
| makes it unappealing to learn about encryption, but it's
| worth it and makes you choose either a proper encrypted
| software or use a key for secret messages.
| saghm wrote:
| Isn't the whole issue with net neutrality that ISPs would be
| incentivized to prioritize their own traffic (or that of
| companies they collaborate with)? How does making it harder for
| them to identify traffic for my app/service/whatever stop them
| from doing that? As long as they can identify the traffic they
| do want to prioritize (by companies who haven't done the
| process you describe), it's not obvious to me why they wouldn't
| have trouble deprioritizing my stuff based on them at least
| knowing that it's not their own, effect if they don't know
| whose it is? "Random noise" isn't likely to look like it's
| their special favorite traffic.
|
| If everyone including the priority traffic did this, then I
| guess it would have an effect on net neutrality, then I could
| see that it would make a difference, but I don't see how that
| could be construed as "whether they like it or not" given that
| they could just as easily not implement this if they didn't
| "like it".
|
| That's not to say this isn't worth doing for the privacy and
| security benefits, but I'm struggling to see how this would
| have any real-world influence on net neutrality.
| sdigf wrote:
| A very impressive project, with considerable positive impact,
| that I'm sure many of us here would be delighted to work on.
___________________________________________________________________
(page generated 2025-12-07 23:00 UTC)