[HN Gopher] The FBI's internal guide for getting data from AT&T,... ___________________________________________________________________ The FBI's internal guide for getting data from AT&T, T-Mobile, Verizon Author : arkadiyt Score : 506 points Date : 2021-10-25 16:12 UTC (6 hours ago) (HTM) web link (www.vice.com) (TXT) w3m dump (www.vice.com) | NN88 wrote: | Anyone get the sense we're in a post-Wikileaks era? | | These leaks seem... like they would get someone indicted... | ab_testing wrote: | Reading through these charts, it looks like MetroPCS is the most | secure provider. | lotsofpulp wrote: | Metro is owned by T-Mobile, and operates using T-Mobile's | network. Why would it be any more secure than T-Mobile? | | As far as I understand, there are 3 mobile networks in the US | (Verizon, ATT, T-Mobile), and the MVNO's are just a mechanism | to price discriminate. Different customers are sliced into | various priorities and willingness/ability to pay, so the 3 | mobile networks can most accurately collect the most money | according to each individual's ability and willingness to pay | for a certain level of priority on the network. | ramesh31 wrote: | I love Metro, have used them for years. $60 for unlimited | everything with 20GB tethered 4G hotspot data, and you get free | Amazon Prime with your account. This chart has just solidified | how great they are to me. | einpoklum wrote: | And as for the NSA internal guide for getting data from AT&T, | T-Mobile and Verizon - that's a bit shorter: | | > _Do nothing, we already have this data loaded and indexed._ | fossuser wrote: | In the US people are more pro-company and anti-government so | retention policies tend to require the companies to retain the | data for a period of time so warrants can request it if | necessary. | | In the EU people are more pro-government and anti-company so the | government is more likely to have access. | | The US process for access is sometimes tied to FISA. | | I'm not an expert on this stuff, but I think I'd generally prefer | companies handling retention and government having to request | access rather than the other way around. Assuming (probably a big | assumption) that the companies do it securely and don't fuck it | up. | | The chart does make me pretty happy with T-Mobile though, and | their 5GUC speeds are wild! | https://twitter.com/zachalberico/status/1449049818857459718?... | 1970-01-01 wrote: | Why are stingrays missing from the guide? Aren't they the most | useful tool in the toolbox? | gzer0 wrote: | My claims are without evidence, but it certainly seems as if | this document was created with the intentions/hope that it | would be eventually leaked. | | The second slide seems rather suspicous in its placement of | "CAST members are not qualified to testify after reading this"; | almost as if they were not speaking to an audience of CAST | members, but rather, the public. | | Perhaps a decoy? to draw attention away from STINGRAY and other | intricacies? | Spooky23 wrote: | It's pretty obvious the audience are consumers of the | service. (ie other FBI agents) | | If you've ever had to testify as an expert, it's an art and a | science. You need a lot of training to be able to respond to | the traps attorneys will set for you. | dragonwriter wrote: | > The second slide seems rather suspicous in its placement of | "CAST members are not qualified to testify after reading | this"; almost as if they were not speaking to an audience of | CAST members, but rather, the public. | | Sounds like they are doing advance witness tampering by | trying to get CAST members to evade calls to testify on | material facts known to them should they receive such, not | lobbying the public via anticipated future leak. | | (I'm not even sure how the statement about testimony would be | expected to manipulate the public.) | gzer0 wrote: | That is a valid consideration. Touche. | fractal618 wrote: | Clearly they are ubiquitous at this point, and I bet their data | goes back to inception. | kjaftaedi wrote: | This is an interesting point. | | My guess is that this looks like training material for low- | level desk jockeys to help do all of the legwork gathering | evidence that would be presented in court cases. | | Stingrays you would think would be more of a targeted operation | and likely handled by a different group of people. | sillycross wrote: | > The slide also shows that AT&T retains "cloud storage | internet/web browsing" data for 1 year. | | I never thought before that ISPs would really keep track of every | user's browsing history, but apparently as cheap as the disks are | today, this has become true. Can't think of any use of this data | other than for mass surveillance. | pedalpete wrote: | I believe they can also sell the data, though there may be some | regulations on anonymized, or sold as a group to develop | profiles and understanding for advertising purposes. | | Perhaps that's what you mean by "mass surveillance", but I took | that to mean specifically government surveillance. | efitz wrote: | Essentially the government has built a surveillance state by | outsourcing it to private enterprise. | | I think it would be interesting to know how people really feel | about this. I would love to see a survey that actually truly | explained the trade-offs and see how people felt about it, eg | avoiding the " should government be able to subpoena records from | private business" but actually ask questions like "is it OK with | you that with a subpoena that the government can get a list every | website that you have visited?" And then present the trade offs | and abuse cases. I really think that we've allowed the | surveillance state to form without actually having a meaningful | public debate about it. | NoImmatureAdHom wrote: | I have hope that we here in the U.S. will be able to get out in | front of this one. Despite all the complaining the justice | system still mostly works and we have a libertarian streak a | mile wide. Perhaps the thing to do is show those in power that | they haven't escaped the dragnet... | m0zg wrote: | Now _this_ is a federal agency badly in need of "abolishing", not | the inner city police. | [deleted] | unixhero wrote: | It is more interesting what their procedures are for getting data | on citizens or any user for that matter, from FAANG. | | And bonus question for what they do when they need to pull put | bank statements. | jenny91 wrote: | > CASTViz has the ability to quickly plot call detail records and | tower data for lead generation and investigative purposes | | What's the arrest funnel? Do they use Salesforce to store all | their leads as well? | paxys wrote: | That seems more in Palantir's wheelhouse | A4ET8a8uTh0 wrote: | The oddly fascinating piece of trivia from all this is the | following: voicemail has more protection ( requires an actual | warrant ) than your internet searches. | flotzam wrote: | Sprint is extra chatty - from page 57 of | https://propertyofthepeople.org/document-detail/?doc-id=2108...: | | > Ping: The network sends a message to the phones internal GPS | receiver to report it's location (must see min. of 4 satellites. | GPS coordinates of device and suspected radius from tower | e-mailed(or through L-Site website) every 15 minutes for 30 days. | Can be done manually every 5 minutes. | | I wonder if this is facilitated by one of those infamous "carrier | app" backdoors included in stock OS but not e.g. in GrapheneOS: | | https://grapheneos.org/faq#cellular-tracking | | https://gist.github.com/thestinger/171b5ffdc54a50ee44497028a... | | https://github.com/dan-v/rattlesnakeos-stack/issues/69#issue... | maxo133 wrote: | this is most interesting piece of entire presentation. | | They can query location remotely using GPS and likely turn on | microphone too. | bhhaskin wrote: | Could also be an app that runs on the sim. That would make the | most sense. | flotzam wrote: | Do SIM apps really have direct access to the GPS? | ranger_danger wrote: | the baseband radio does, so, yes. also the camera and mic | in many cases. | gruez wrote: | that works even if location is turned off in the OS itself? | ranger_danger wrote: | You don't even need a traditional app backdoor to do this. The | carrier can just send the message to the baseband radio itself, | which has a direct connection to your GPS receiver, among other | things (usually) like the camera and microphone. That means | these peripherals are accessible (in theory, Snowden says it | has been done in the past) even if the main app OS is _shut | down_. | flotzam wrote: | I'm not sure this is still true (on modern devices): | https://grapheneos.org/faq#baseband-isolation | | There's Enhanced 9-1-1 but its GPS access should be mediated | by the OS? Hopefully? | numpad0 wrote: | GPS in 3G or later is integral to Baseband Processor which | is a separate ARM CPU that runs its own RTOS. If your | adversary gets to push BP patch over SMS you're probably | owned no matter what OS you run on Application Processor. | Scoundreller wrote: | So, I'm currently in North America but with a foreign SIM, so I | have that country's IP, most ads are in a language I can't | understand, and McDonalds app won't let me login unless I switch | to wifi with a local IP. | | This is all great, but does this mean that the local provider has | no access to my traffic? I guess DNS is all resolved overseas | too? How does the tunnelling work? | kccqzy wrote: | That tunneling is created generally for billing and metering | purposes (for telco's benefit). A lot of cooperation between | carriers happen in order to create that tunnel. Don't assume | it's an encrypted tunnel. | nickff wrote: | This really depends on what you mean by "my traffic"; keeping | in mind that your local provider is the ultimate man-in-the- | middle. | Scoundreller wrote: | I guess that's a part of the question: is my phone encrypting | (with whatever gsm standard) to the overseas provider and the | local provider can't really see anything, or does it go to | the local provider in the clear and they tunnel it over to | the overseas provider? | nickff wrote: | My understanding is that the A5/1 (GSM) encryption is | applied to the communication between the device and the | local service provider. The local service provider then | decrypts and routes the packets. | xxpor wrote: | Where local service provider is just the tower. | | https://www.firstnet.com/power-of-firstnet/firstnet- | advantag... | | >FirstNet is designed with a defense-in-depth security | strategy that goes well beyond standard commercial | network security measures, providing protection without | sacrificing usability. And now, we've gone farther than | anyone in the industry to secure public safety | communications. FirstNet will be the first-ever network | with comprehensive, tower-to-core encryption based on | open industry standards. | | Which implies every other network doesn't encrypt that | traffic (or does it with some proprietary scheme... which | wouldn't give me a lot of confidence) | [deleted] | gzer0 wrote: | _Sprint cannot currently translate IPV4 addresses (ex. | 152.138.17.240) to an actual phone number | | Sprint may be able to translate IPV6 addresses (ex. | 001:0db8:0000:0042:0000:8a2e:0370:7334) to a phone number._ | | Interesting, anyone know which aspect of the IPV6 protocol allows | for this? | itsthecourier wrote: | there are so many possible ipv6 public ips that absence of | overlapping on assignation is doable and thus individual client | determination | bibaheu wrote: | Probably IPv4 is on CGNAT and Sprint doesn't keep the logs of | the translation. On IPv6 there's no NAT, and there might be a | deterministic relationship between subscription and IP | glogla wrote: | That, or they don't give devices IPv4 addresses at all and | run 464XLAT - according to Wikipedia, quite a few telcos do | it that way. | keneda7 wrote: | I believe you are correct. | | https://news.ycombinator.com/item?id=16440850 | p1mrx wrote: | 464XLAT is a form of CGNAT. | | The main difference is whether the subscriber side uses an | IPv6 or private IPv4 address, but on the internet side they | are equivalent. | 1cvmask wrote: | Joseph Nacchio, the CEO of Qwest, was jailed for not complying | with the illegal requests of the surveillance state: | | https://www.businessinsider.com/the-story-of-joseph-nacchio-... | | https://www.denverpost.com/2014/03/27/former-qwest-ceo-nacch... | | https://en.wikipedia.org/wiki/Joseph_Nacchio | | And let's not forget the number of people put the jail without | the government disclosing the use of stingrays to the defense | attorneys: | | https://en.wikipedia.org/wiki/Stingray_use_in_United_States_... | | https://theintercept.com/2020/07/31/protests-surveillance-st... | LogonType10 wrote: | >jailed for not complying with the illegal requests of the | surveillance state | | From the wiki page: | | >On March 15, 2005, Nacchio and six other former Qwest | executives were sued by the U.S. Securities and Exchange | Commission. They were accused of a $3 billion financial fraud | between 1999 and 2002 and of benefiting from an inflated stock | price. | gowld wrote: | > In its case, the government stated that Nacchio continued | to tell Wall Street that Qwest would be able to achieve | aggressive revenue targets long after he knew that they could | not be achieved. | | Interesting that Nacchio was prosecuted for this but almost | no one else is. | spywaregorilla wrote: | The very same article states that he was found to have | produced false accounting records and talked up the | company's outlook despite knowing it was losing business | and selling his own shares. He got caught on the insider | trading. | | There's nothing noteworthy here. | vlovich123 wrote: | As I understand it, the explanation of the "false | accounting records" and "losing business" had to do with | expected government contracts vanishing because of | refusing to cooperate about the NSA surveillance. | spywaregorilla wrote: | Losing a contract with the NSA because they didn't play | with the NSA certainly sounds like a real thing. Telling | the markets that they would continue to see national | security contracts when he knew they would not is | another. Presenting false accounting records is entirely | unrelated and just banal fraud. Selling your own shares | while doing these things is even worse. | [deleted] | r00fus wrote: | This really closes the loop. If the Feds cancelled | contracts because of Nacchio's refusal to do business and | then indicted him on fraud because he probably could not | tell others that those contracts were cancelled (as with | other similar wiretap/NSL requests)... | | That seems like a colossal Catch-22. | spywaregorilla wrote: | That's ridiculous. There's no NDA in the world that | prevents you from disclosing the true financials of your | company. You don't need to specify who you're serving. | His charge of insider trading is because he blatantly | lied about the company doing well to inflate the price | while selling his shares knowing it was not. | r00fus wrote: | That's exactly the kind of wording that NSLs require. | It's why the idea of a "warrant canary" [1] came into | existence. | | As to the selling of shares - prima facie, that's likely | criminal (insider selling) but I don't know the details | of his case. | | [1] https://en.wikipedia.org/wiki/Warrant_canary | whoknew1122 wrote: | So if I'm piecing this together correctly, he decided he | wasn't going to help out NSA. This led to him losing | government contracts, which would lower the value of his | company. So instead of taking the stock price hit (which | would be the principled thing to do), he created false | accounting records to defraud investors. And while he was | publicly preaching that the Qwest was just fine, he was | unloading his own stock. | | And this is the guy I'm supposed to be sympathetic of? | londons_explore wrote: | It was well known why Google got rid of their "don't be | evil" tagline... except now nowhere on the internet seems | to have a record of the exact reason either... | | These kinds of stories get 'forgotten' very quickly. | spywaregorilla wrote: | what on earth is this trying to imply? That google | bleached the internet? Google got rid of the don't be | evil tagline because it didn't fit with their corporate | mission anymore, which was objectively more boring and | more profit driven. | ranger_danger wrote: | they're probably implying it was a sort of warrant canary | or that they did not comply with overreaching government | wiretap requests (the assumption being that now they do). | spywaregorilla wrote: | I find that to be a pretty charming belief. It's probably | correlated timeline wise with when such things did change | on that, but I highly doubt it was the reason for the | mission statement change. | ikiris wrote: | It was well known in telecom at the time this was due to | the nsa situation. Don't always take things at face | value. | dapids wrote: | > Don't always take things at face value. | | You are literally presenting an opinion at face value ... | ikiris wrote: | Something is not an opinion just because you don't | believe it. | spywaregorilla wrote: | He could easily have just acknowledged what happened and | not sold all of his stocks to avoid insider trading while | the nsa situation still happened. It's nice that he | refused the nsa. Doesn't absolve him of other fraud. | the-dude wrote: | Wasn't there a gag order involved? | spywaregorilla wrote: | That does not prohibit you from being honest in your | public statements about the financial health of the | company, nor does it prevent you from following the same | insider trading rules as everybody else. | swarnie wrote: | Who signs your cheques, out of interest? | [deleted] | qwertyuiop_ wrote: | "Donald Trump is really dumb to take on the intelligence | agencies. Let me tell you, you take on the intelligence | community, they have six ways from Sunday at getting back at | you," Schumer told MSNBC | snuser wrote: | he was right i wouldn't want to mess with the people behind | covid and 9/11 either | JasonFruit wrote: | Imagine the founders' reaction if they heard a prominent | senator saying that, not with regret, but exultantly, as | though he relished the idea. I can't bring myself to accept | that this was what they intended to launch into the world. | ceejayoz wrote: | Washington sent an army to squash the Whiskey Rebellion, | and John Adams signed the Alien and Sedition Acts into law. | They were quite happy to go after threats to their power. | JasonFruit wrote: | Dead on, and those are a couple excellent illustrations | of why, no matter how good a chief executive had been | before taking office, you have to watch them | relentlessly. | krrrh wrote: | It depends a lot on how you define "their". In both those | cases you could also argue that the president was still | establishing the supremacy of a democratically elected | republican government as the process for achieving change | rather than perpetual revolution. It's different then | having elected officials undermined by permanent | bureaucracies. | | I'm not defending the sedition act, but it's quite | important that it was implemented during a quasi-war and | was still barely passed. There's also a reason that two | hundred years later it's constantly held up as a paragon | of bad law and there's no way it would pass judicial | review at any point since then (it didn't at the time | either, because it expired 2 years after it was passed | and before judicial review was established). | acomar wrote: | not to mention that we're speaking of colonists who | intentionally set out to genocide the native population | on a regular basis. and most were slavers, putting the | lie to any talk of freedom. in the end, little mattered | to them in that revolution than removing English fetters | on themselves. that people identify with a group that | would almost certainly would have denied them the right | to legal personhood and look to them as guarantors of | freedom only speaks to their historical illiteracy. | enave2 wrote: | I remember often hearing pundits claim that "17 | intelligence agencies had confirmed Russian meddling in the | 2016 election" | | Now, it turned out that "meddling" amounted to buying | facebook ads. Not really a huge deal. | | But more importantly, since you brought up the founders - | what would they say about the fact that we apparently have | at least 17 federal agencies dedicated to spying. | keneda7 wrote: | I have a feeling they would want to burn all 17 to the | ground. | ceejayoz wrote: | Maybe not. | | https://www.mountvernon.org/george-washington/the- | revolution... | | > Among other honorifics, George Washington--known as | Agent 711 in the Culper Spy Ring--is often heralded as a | great "spymaster," and indeed, he was. Under Washington's | astute watch, several networks of spies operated in both | close-knit circles and far-reaching societies. | | > Washington recognized the need for an organized | approach to espionage. | | https://en.wikipedia.org/wiki/Intelligence_in_the_America | n_R... | | > The original Committee members--America's first foreign | intelligence agency--were Benjamin Franklin, Benjamin | Harrison, Thomas Johnson and subsequently included James | Lovell, who became the Congress' expert on codes and | ciphers and has been called the father of American | cryptanalysis. | | > On June 5, 1776, the Congress appointed John Adams, | Thomas Jefferson, Edward Rutledge, James Wilson, and | Robert Livingston "to consider what is proper to be done | with persons giving intelligence to the enemy or | supplying them with provisions." They were charged with | revising the Articles of War in regard to espionage | directed against the American forces. The problem was an | urgent one: Dr. Benjamin Church, chief physician of the | Continental Army, had already been seized and imprisoned | as a British agent, but there was no civilian espionage | act, and George Washington thought the existing military | law did not provide punishment severe enough to afford a | deterrent. | | That's three right from the start. | Spooky23 wrote: | The context is really key when you consider the information | that the prominent senator is aware of about the subject | that you as a random member of the public may not. | | If you look at the fate of people like Aaron Burr, I think | it's quite clear that the founders were not supermen, but | humans who dealt with similar problems that we do today. | Likewise, the post-revolution treatment of tories wasn't | exactly magnanimous either. | 5faulker wrote: | US's running some sick show behind the scene... | beckman466 wrote: | _" The slide also shows that AT&T retains "cloud storage | internet/web browsing" data for 1 year. When asked what this | detail entails exactly, such as websites visited by customers on | the AT&T network, AT&T spokesperson Margaret Boles said in an | email that "Like all companies, we are required by law to comply | with mandatory legal demands, such as warrants based on probable | cause. Our responses comply with the law." The document also | mentions that law enforcement can request records related to | wearable devices from AT&T."_ | | do you know what this "cloud storage internet/web browsing" data | looks like? | badkitty99 wrote: | beta version of social scoring system? | aendruk wrote: | Did they misread the table? I see two distinct rows: | | - Cloud Storage | | - Internet/Web Browsing | | In the big picture it's probably fine to conflate them but the | technical aspects of each are going to be very different. | gruez wrote: | probably dns/sni logs? with most sites using https that's all | they're really going to get. | beermonster wrote: | I wonder what % of https requests are using esni these days.. | JumpCrisscross wrote: | And with VPNs like Apple Private Relay being broadly pushed, | likely less than that. | dkdk8283 wrote: | Never assume- carriers can mandate data collection or | sharing. | Scoundreller wrote: | Is there any way to change dns servers on lte/3G? Odd that | iPhones let you change it for wifi, but not cellular. Can I | even find out it's using? | | What about android? | ornornor wrote: | Nextdns works on both cellular and wifi. They have a | profile you can download so it's definitely possible but | maybe not through the GUI. | ls612 wrote: | Cloudflare's 1.1.1.1 app works with both Wifi and cellular | by configuring itself as a VPN. I've been happy with it for | a few years now. | gruez wrote: | >Is there any way to change dns servers on lte/3G? | | probably doesn't matter because regular dns is performed in | the clear. There's nothing preventing them from | logging/intercepting your requests even if you changed | them. | | >Odd that iPhones let you change it for wifi, but not | cellular. | | >What about android? | | AFAIK on both changing DNS can be done by using an app that | acts like a VPN, and intercepts the DNS requests. | jakobdabo wrote: | DNSCloak does that, but it sometimes crashes, and | unfortunately there are no recent updates. | NmAmDa wrote: | AdGuard can do that on both android and iphone | ev1 wrote: | at the very least, t-mobile has static-routed public | resolvers like google's to their own in the past. | Scoundreller wrote: | Though legally speaking, there might be a difference | between logging dns packets going to ??? and dns packets | hitting the provider's dns server. | | The latter could be construed as necessary logging while | the former is spying for the sake of spying. | judge2020 wrote: | The legal aspect might change what AT&T 'has' to log, | although they likely voluntarily include other passively- | obtained port 53 traffic in their cooperation. | cmeacham98 wrote: | Android natively supports DoH, which both lets you change | the DNS server and prevent your cellular provider from | redirecting/logging DNS requests: | | Network Settings -> Advanced -> Private DNS | | Enter one.one.one.one (or substitute your favorite DoH- | supporting resolver) | specto wrote: | Until eSNI or similar is implemented across all sites, it | doesn't matter much. | [deleted] | ramesh31 wrote: | I've never understood why they try to "disguise" these things. | They always stick out like a sore thumb. How would anyone know | the difference from a normal cell tower? | miloignis wrote: | I think you've misunderstood - the disguised towers are normal | cell towers, and normal cell towers are normally disguised to | be less of an eyesore. | aetherspawn wrote: | MetroPCS looks to be the most private cell provider. | hammock wrote: | When it comes to retention periods, AT&T (who I imagine most | iPhone users here have, by default) is REALLY bad: https://video- | images.vice.com/_uncategorized/1634930279896-r...* | | They also have the longest and deepest history of working with | the government on surveillance. | slg wrote: | >AT&T (who I imagine most iPhone users here have, by default) | | AT&T lost iPhone exclusivity a decade ago. | kkirsche wrote: | Your point? Most customers in the marketplace are averse to | change across any service. It's not uncommon for users to | stay with single providers due to momentum. | slg wrote: | My point is that saying iPhone users are by default AT&T | users rests on the assumption that people have stuck with | the same decisions they made about mobile network and phone | operating system that they made over a decade ago. That | isn't even factoring in the growth of the market overall | and the people who have bought their first smartphone | within the last decade. | annoyingnoob wrote: | The churn rate for wireless carriers is around 2% per year | in the US, give or take. There are about 300M wireless | subscribers in the US. Meaning that around 6M wireless | subscribers per year switch carriers. | _jal wrote: | > They also have the longest and deepest history of working | with the government on surveillance. | | I've long considered ATT to be an extension of the US | intelligence apparatus. Ownership doesn't matter, it is who | they answer to. | travoc wrote: | You can download some of the data that Verizon retains from your | own cellular use here: https://www.verizon.com/support/download- | and-view-vpd-file/ | | When I did it, I could see they recorded IP addresses, time | stamps and data transfer volume of every web site that I visited | over their network, along with cell tower connections. It was | fascinating. | fulafel wrote: | Wow, that's invasive. | jamesfe wrote: | Is it? How do they bill you without knowing how much data you | transferred? How do they debug what went wrong with your | connection without logs? | | This stuff is barely scratching the surface of the data those | companies collect and maintain, likely for long periods of | time, just to analyze and improve customer experience. | fulafel wrote: | I interpreted this to mean they log traffic per web site: | | > data transfer volume of every web site that I visited | over their network | snuser wrote: | without net neutrality this could be useful for future | billing arrangements | unethical_ban wrote: | As if ATT gets on the line with end-users to debug site- | specific issues! | | Aggregate data usage is one thing, but retaining any kind | of detailed logs on where one goes or how much data was | used on a specific site is unnecessary for the base | provisioning of network connectivity. | LatteLazy wrote: | Actually it's very transparent. They're required to keep that | data by law, they're just making it easy for us to see that. | mikem170 wrote: | I was curious about this. I knew that logged data has to be | turned over if there is a warrant. I wasn't sure if logging | was mandated. | | I found this article [0] describing the situation in | various countries, with the following info for the United | States: | | > Data Retention Period = 1 Year for Internet metadata, | email, phone records | | > Authorization required to access the data = Various | United States agencies leverage the (voluntary) data | retention practiced by many U.S. commercial organizations | like Amazon through programs such as Prism and Muscular. | | > Status Of Data Retention Regime = No mandatory data | retention regime | | I'm guessing the above means that metdata (user ip and also | user web and email destinations) are held for a year, but | retaining actual user data (email contents, etc) is not | mandated. | | [0] https://www.privacyend.com/mandatory-data-retention/ | murat124 wrote: | Does anyone know the AT&T equivalent of this URL? | hpoe wrote: | Just out of curiosity do you use a VPN, I always browse with a | VPN on my phone for precisely that reason and am wondering if | it actually works to help protect my privacy. | aksss wrote: | Assuming your VPN isn't owned by or in cahoots with the NSA | too, you're dns lookups would be shielded from view, I guess. | travoc wrote: | Using a VPN would protect the privacy of your IP sessions | from Verizon, although your VPN provider would now be able to | see all of your session information. | | I suspect a VPN user would show up in the Verizon data file | with many large TCP sessions to a very small number of IPs. | SavantIdiot wrote: | I am my own VPN provider. EC2 micro instance on AWS running | StrongSwan. Sure, feds could dig that up, but it would be | messier. I wonder what in/out logs AWS keeps on its | VPCs.... | gtsteve wrote: | t3.micro = $0.0104 x 750 = $7.80/mo without taking your | bandwidth into consideration. | | Lightsail costs $3.50/mo with 1tb transfer bundled or | $5/mo with 2tb. | | If your setup is scripted then it probably makes sense to | switch over to save a bit of cash. Others following the | same path could save some money by using Lightsail as | opposed to EC2. | SavantIdiot wrote: | Yeah, but I wanted full control... | zzyzxd wrote: | > EC2 micro instance on AWS running StrongSwan | | Just curious, how many captchas do you solve with this | setup daily? Or even IP bans? | | I did exactly the same thing once and it was so annoying. | beermonster wrote: | You can always use Privacy Pass as quite often you're | dealing with CloudFlare protected sites. | | That said, if you're using your own EC2/lightsail | instance you won't see as many CAPTCHAs as, say, using a | commodity VPN service. | | Given you can't detect a VPN per-se (if configured | properly) usually the way it works is that the | destination node knows you're coming from a source IP | from a known VPN-supplier's well-known IP-block. | | If you go for this kind of setup (running your own VPN on | AWS) you're simply changing your ISP to Amazon. They | still might (and probably will) be monitoring egress | traffic at the very least to perform any kind of incident | analysis. | SavantIdiot wrote: | None? I've had this for a long time with no issues. | That's weird. I'm on it now listening to spotify, reading | WaPo and browsing HN. What sites complain? I'll try it? | bklyn11201 wrote: | Why pay AWS $0.09 a GB tax to listen to Spotify? | SavantIdiot wrote: | Yes. Spotify. Ahem. That's why I use my VPN... cough | cough. | gzer0 wrote: | I suspect that the effort required to succesfully produce | viable evidence from a VPN provider such as Mullvad are | significantly higher than the effort we see here from ATT, | T-mobile, Sprint, and Verizon. | travoc wrote: | That is probably true in most cases. Choose your poison. | mrtksn wrote: | Wouldn't that kind of data be massive? Any idea on what kind of | infrastructure they use? | adolph wrote: | Prolly just "borrow" NSAs. | OneLeggedCat wrote: | Prolly just being indirectly paid by NSA to run it | themselves. | fouc wrote: | 120 million verizon customers * 100 daily entries (on | average) of "ip address, website, total_data, time_stamp, | cell_tower_connections" | | 4.4 trillion database entries in a year | danuker wrote: | I guess that is part of why Internet is so expensive in the | US. | mldonahue wrote: | For anyone who wants to know more about how companies can more | ethically, and transparently, engage with law | enforcement/governments: | https://news.ycombinator.com/item?id=28156465 | | Establishing a best practice for public/private sector | communication keeps the govt in check and helps companies ensure | compliance & transparency. | einpoklum wrote: | That's neither ethical nor transparent. And the guy writing | that post is ex-FBI. | | An ethical and transparent way to handle such subpoenas would | include: | | 1. If possible, not being a US company so you might be able to | avoid the subpoena in the first place. | | 2. Have a policy of not keeping user data at all, or keeping it | with a third party that is not legally bound by US government | subpoenas, so that it can't (?) be subpoenaed. | | 3. Publish any subpoena you get from the government. | | 4. Moreover, arrange it so that subpoenas are published before | being read, so that if you get a National Security Letter, you | would not be able to comply with the non-disclosure | requirement. Another way to go about this may be to only open | subpoenas in a public forum, preferably with journalists | present. Try to consult ACLU/EFF lawyers about this particular | issue. | | 5. If the government somehow gets its hands on user data, | inform the users immediately. ___________________________________________________________________ (page generated 2021-10-25 23:00 UTC)