Puts this in an entirely different light, doesn't it:
Even when ostensibly not functioning, the Xbox One can run in a low-powered state, ready to be snapped on at a moment's notice. That's something Microsoft was showing off last week as an asset. The only on-switch Microsoft showed for waking the machine from its low-power state was a voice command... "Xbox On." The Xbox One could only hear that if the Kinect was already, always listening. The idea that the Kinect might always be listening got people reaching for their tin foil or vowing to not let an Xbox One into their home.
Microsoft is now seeking to calm concerns that the new Kinect might spy. "We are designing the new Kinect with simple, easy methods to customize privacy settings, provide clear notifications and meaningful privacy choices for how data will be used, stored and shared," the Microsoft rep told me.
"We know our customers want and expect strong privacy protections to be built into our products, devices and services, and for companies to be responsible stewards of their data. Microsoft has more than ten years of experience making privacy a top priority. Kinect for Xbox 360 was designed and built with strong privacy protections in place and the new Kinect will continue this commitment. We’ll share more details later."
Since the Xbox camera is connected to the console via a cable, you can verify whether data going over the wire. If the Xbox is off, you shouldn't see traffic. It's a /bunch/ different from traffic in a data center, which is essentially untraceable and can be cloned at many points.
Frankly I'd be more concerned about the microphones contained in ubiquitous and nearly unexaminable devices such as cell phones, and to a lesser degree laptops. (I imagine that many laptop mics are USB devices, so their traffic should be visible to drivers, the drawback being that once the traffic is on the mainboard, where it goes is less traceable).
In addition to what was stated by RexRollman it can easily store video/audio to be sent only at the next start of the xbox. "Downloading update" or "Syncing savegames" and no-one is going to notice the encrypted few megabytes of MP3 compressed audio.
I would expect, if this was even possible, that it wouldn't be turned on by default but only when requested. Otherwise, it would be too east to catch for the reasons you mention.
Not quite. You activate the xbox using a voice command. Unless the kinect has a speech processor in it (which is incredibly unlikely), then it is very probably sending the sound to the xbox.
So you will [again, this is speculation] be seeing constant traffic flowing across the USB cable.
Easy workaround would be to put it on a power strip or similar, and just switch it hard off whenever you're not using it. No amount of cleverness is going to make it able to spy on you without electricity (assuming any battery would be rapidly spotted by teardowns). As a bonus, you'll save a little electricity too.
In addition to that, you can purchase smart power strips that detect the drop/increase in power on one plug and turn off/on the other plugs.
I've been using one of these for several years now for our entertainment center. You just have to be sure you turn off any devices you don't want the power hard cut from before you turn off the television.
I wonder if there's a market for a power strip of this type that also presents a standard serial/USB UPS interface to the hardware, giving it a grace period to shutdown before the hard kill.
The photons look about the same to me. At the other end of the data hose, someone is using information about me for their benefit. Governments are one form of enterprise by which individuals may strive to accumulate and express power, corporations are another.
I am ambivalent in regards to ranking one over the other because I cannot file a FOI request with Microsoft or Google or Apple or HP or Yahoo, etc.
Microsoft just makes great headlines, particularly in the tech community where people such as myself, who very likely never planned on purchasing an Xbox One can express outrage over its design. I thought the architecture was crap from the beginning.
On the bright side, the government might actually start taking the NSA concerns seriously if it starts having a detectable effect on the profitability of one of the country's most important growth industries. It seems like it's already becoming a reality in terms of foreign markets, but a reasonably large domestic boycott of a marquee next generation console would be bigger.
This is probably the most important point in the whole thread. Honestly, the debate about whether the new X-box will spy on you or not is irrelevant. In fact, it would be even better if there were a massive boycott and Microsoft weren't even guilty. They'd be in the position of knowing it isn't true and having no way to prove it. I'm sure they'd have a very large interest in getting things like PRISM shut down at that point.
As long as you control the device, there's nothing to fear.
Grab the source, build it and install it yourself. If your device doesn't support it, buy one that does. If you can't do it yourself, get used to be screwed in this brave new Orwelian world.
It's a low level, hardware only capability. It'll even work when the Xbox isnt connected to the internet. You're making an unfounded statement that simply because the XO can listen for an "on" command while hibernating that it's being used to listen and transmit everything it sees and hears. This is explicitly not true and again, just your personal unfounded fear-mongering assertion.
Why mod the parent down? There is no proof that it won't, is there?
If Microsoft come out with a clear statement (no doublespeak), then I'll believe them. Until then, burden of proof required from Microsoft.
As of today, I trust none of the big players, and your venacular of "scare mongering" won't change the burden of proof either.
How can you call it a "fear-mongering assertion" given everything that's been revealed recently? It's certainly well within the realm of possibility even if some might find it unlikely.
I feel so stupid and so ashamed of myself for all the time I have thought of everything Richard Stallman had to say about privacy and security concern as a "neck-beard, tin-foil hat, nutjob".
He was right all along, it was us who didn't care enough to understand what he was saying and its importance.
No need to feel bad, I used to get a lot of snarking for being a Stallman fan.
It is a basic principle of security to assume that any power an adversary has, will be used against one's interests. People misunderstand this; I have seen it called a fallacy. But it's not a claim that it's always true, rather that it's what one must assume in order to have the best practicable assurance of security /privacy.
I also used to get arguments like "MS/GOogle/$_BIG_TECH_CO wouldn't use their power against customers, it would be bad for business" or "...it would be illegal" or similar. The correct answer is that prudence dictates assuming the worst. Well, maybe I was too cynical, but it's hard to keep up with how bad things really are.
He was was some might call an extremist in his views. It is slowly becoming common sense. I guess that's why we see him as a visionary. He discarded many chances at fortunes to do what he believed to be right.
Not many like that left. I know I sold out already.
This whole thing makes me very suspicious of Apple's and Microsoft's whole disk encryption technologies. I can't help but wonder if back doors have been inserted into the products.
2) If you opt-in to store a recovery key with Apple
3) If attacker has physical access to machine, and machine is powered on (direct memory access via Thunderbolt or Firewire) (Edit: seems like this is not the case, see below)
3) If attacker has physical access to machine, and
machine is powered on (direct memory access via
Thunderbolt or Firewire)
This may have changed, but turning on FileVault used to disable DMA in many situations (laptop had been suspended being a key one) until the user logged back in. Not that this isn't a vector, but it's actually a very narrow one; you basically need the person to already be logged in at the time you want to steal the keys.
Take a look at Alex Ionescu's "Ninja's and Harry Potter" talk from NoSuchCon this year [1].
He specifically mentions he could access the FileVault key of a machine by having physical access, and discovered two secret keys (KPPW and KPST) one of which is enabled when the input buffer is "SpecialisRevelio" [2].
Why not just a backdoor in the OS? I mean...if we're seriously considering that apple would put a backdoor into FileVault, why not just put one in the OS proper?
FileVault could be some hypothetical magic uncrackable encryption with a keyspace bigger than the known universe...and it would never matter if there was a backdoor in the OS.
It seems that only protects against "pre-launch software" and BIOS level stuff. The scenario in question is for a live system where the disk is mounted and decrypted, with the OS running.
Of course there are back doors, like the well known NSAKEY one [1] in Windows. Apple also seem to have backdoors into encryption on both Mac and iOS [2].
If you want your data to be reasonably secure against someone who casually steals it then they're fine but if you want to be secure against government employees, or even well connected corporations, then Apple & Microsoft solutions are not very useful.
Regarding [2], it's not clear yet what Apple does here: it looks like they bruteforce the iPhones when requested by the relevant authorities (possibly using a custom bootrom) and specifically not via a backdoor. If there was a backdoor, presumably Apple wouldn't have a backlog of requests[3]. Though no one really knows, and presumably it's always possible Apple will intentionally compromise their security in future if they get tired of having to bruteforce all these phones.
This reminds me about something one of my teacher (a very stallman-like guy in his views) told us about encase. It's an (apparently) fairly common suite of tools used by law enforcement agencies around the world for forensic analysis. In the description of their decryption module (http://www.guidancesoftware.com/encase-forensic.htm#tab=2) they claim to be able to decrypt quite a few whole-disk encryption schemes. Now it's hard to imagine that they would put an outright lie on their website but there could be several explanations for that. I think the consensus among the students was that they were exaggerating quite a bit, and were only capable to do it upon some specific circumstances (weak passwords, setup errors, various cryptographic edge cases, etc). However the other obvious explanation was that some kind of backdoors were built among those schemes (you can notice the absence of common open source stuff like luks or truecrypt in the list) and that there's accords between some vendors and governmental agencies (via this software) to allow for access into their encryption schemes. I was fairly skeptical back then, but now I'm not so sure... There might be a combination of the two explanations. Someone well-versed into cryptography might be able to tell if some of those products have well-known vulnerabilities.
I have come across COFFEE before, its just a forensic tool. It doesn't do anything more than what 3rd party tools can do. It looks like a toolkit put together for investigators. Do you have any source to support that it can decrypt/bypass Bitlocker encryption? I couldn't find any information online.
1) That's probably a perfectly reasonable option for my grandma. *
2) It provides Apple a fallback when some idiot loses 6 figures worth of IP. “We understand sir, you see, if you had chosen to backup your recovery key with us we would be able to help you”
* or would be, if the NSA wasn't spying on everything.
This is fine, since you have the option to decide. For most people it's okay to store the key on Apples servers. You are still protected if your computer is lost/stolen, for example.
And if you want to be safe from the government, just select "No".
However, the Patriot Act, introduced to protect US national security, can require that any US company (wherever data is held) must disclose data on demand to the US Government without the knowledge of the owner of the data, which is contrary to the UK Data Protection Act. Microsoft has been up-front in acknowledging that they cannot give that guarantee and this applies to data held in all their hosted solutions. As a result, in December 2011, BAE ditched plans to adopt Office365 because Microsoft could not guarantee the company’s data would not leave Europe, in spite of operating a data centre in Dublin.
The sad thing about all of this is that Microsoft were pretty much forced into this position (so we're told) by the authorities.
In the process these leaks have just destroyed pretty much any credibility Microsoft's online services had, which form large parts of their strategy (according to the recent Ballmer memo).
It also makes you wonder about the OS and other software they produce, which isn't a good place for MS to be in.
I'm not sure why you're picking on Microsoft. The credibility of pretty much every large US-based tech services company is probably destroyed. The fact that we only saw the big service providers (MS, Google, etc...) on those slides doesn't mean that the other companies are free from the hands of the NSA.
Do you think that the NSA has no access to Dropbox?
One of the key facets of the the Xbox One is the Kinect as an always on device. As another poster pointed out, Microsoft has been quick to answer the privacy related questions that have been asked about this situation with the claim that the system has been built with privacy as a focus. As such, the reliability of those claims in light of this new leak appears to be relevant.
For example, given a court order, would Microsoft be required to:
1.) Provide law enforcement with Kinect data. (everything from as simple as "there were two people in the room" to "here is a live stream of the room"
2.) Be bound by gag orders not allowing Microsoft to reveal the existence of item 1.
3.) Be forced/coerced/enticed to provide bulk "wiretapping" of Kinect data.
Additionally, there is the question of "expectation of privacy". Many of the current privacy laws are based on this concept. However, could the courts decide that there is no expectation of privacy when a video and audio recording device has been placed in a private area, with full knowledge of the owner, also with knowledge that the data will be sent to a third party?
While these items might seem fringe (and before these leaks, I may have agreed), the scope of the current leaks seems to imply that these questions should at least be considered (even if a person chooses ultimately to accept the risk).
Enterprise relies on companies such as RedHat and Oracle to some extent in lieu of conducting code analysis and to certain types of security testing.
It would be rather surprising if they were not at least approached by Federal agencies such as NSA and FBI.
To put it another way, because Microsoft has a closed source model, the intelligence agencies took the approach described in the article. From that, it may be a mistake to conclude that the strategy pursued with Microsoft was the only strategy pursued. It just happens to be one that would pass across the desk of an analyst, rather than someone on the operations side.
Viewed as an intelligence operation, it would be grossly unprofessional of such agencies not to have placed moles within the open source community, or for those moles to be seen as highly skilled contributors on open source projects. The three letter agencies have decades of experience infiltrating both commercial organizations and those motivated by something other than money.
I suspect it is easier to turn an open source hacker than a diplomat - not just ideologically but because the open source community lacks a state funded organized counter-intelligence apperatus.
If there were backdoors in the distributed Redhat code, how many people would even be able to know this? And that's if the code were blatantly obvious if you were allowed to see what was actually compiled. If the compiler itself is compromised then it would be possible that no one at Redhat would know.
On what legal grounds was Microsoft "forced" to provide access to unencrypted data before encryption (effectively nullifying the security that they promised to their customers)? So how were they forced? Legally? Illegally/blackmail?
CALEA seems to say that companies don't have to decrypt data for authorities. I guess it's very convenient that they give it to them before they encrypt it then:
And this seems to be a "team sport", and that implies willing collaboration, not being forced to do it. More like something "fun" they're doing together.
A company doesn't have to decrypt to meet their CALEA obligations. If CALEA is the sole legal authority for a particular communications interception, that would be the end of it. However, I've seen nothing that indicates that CALEA is the legal authority behind the NSA interceptions.
I think it's wrong to say Microsoft was "forced" into this. In a sense, they made their own bed. I have to believe that the majority of Microsoft's money is based off of serving governments and huge corporations (Windows + Office). It just makes sense that they'll want to keep those relationships.
It's not in Microsoft's interest to function as defacto agents of the US government. They are compelled by law to do what the Feds want -- just like would would be if you we're providing a service.
Think about the impact of the NSA leaks on Microsoft's business. Globally, every customer or potential customer of Microsoft needs to ask whether they can trust Micrsoft as a business partner. Not a good place to be on for a software company transitioning to a cloud services company.
Good. Big companies are the only thing in the US with even the remotest of hopes of stopping or slowing this down. And they're not going to bother unless it's actually costing them money.
So I hope it hurts them, I hope it makes them and all the other companies bleed until they do something.
Then I start thinking about when Microsoft were being dragged through the competition and monopolies commission in the US, was this the US Government showing Microsoft what would happen if they didn't cooperate.
Maybe I'm missing the source, but where's the source? These people keep writing stories about what's being revealed and "according to secret documents" this and that is shown. So where are these leaked documents?
If these media outlets are holding on to them to dribble and drab them out to make a buck, there's a huge problem with that. Everything should be out on a torrent or wikileaks for all to see.
What do they mean by bypass encryption? If I use outlook.com (or gmail.com or whatever) over https, then it's encrypted over the wire, but it's obviously decrypted on their servers. It's the only way that search could work. I assume if you are PGP encrypting your messages or something equivalent, it's still unbreakable.
could there be a case where the parties in a conversation are legitimate suspects? in such a case, why does it matter if it's Microsoft or some other private company that the NSA hires to break encryption?
it seems that the article is presenting the Microsoft / NSA relationship, and later states “If you look at what happened when Bush, Cheney and General Hayden – who was head of the NSA at the time – deliberately violated the law to eavesdrop on Americans without a warrant" which hints at a vague conclusion that Microsoft is helping to spy on citizens without a warrant.
possibly i missed something, so is the point that Microsoft (or any private company) should not do any work for NSA, or that it should not do it without a warrant, or that we can't trust it with anything because it did some work for the NSA? Or is that the details are still not disclosed so it's pure speculation?
It is important for me as a customer of Microsoft. This means I will end all future contracts with them, because I'm not a US citizen.
NSA needs no warrant to wiretap me as a European and I'm not going to send my money to Microsoft so they can use that money to help a foreign government agency , that I or any of my fellow citizens have no oversight over, to spy on me.
Of course. If you are a legitimate suspect, any local police department can get a warrant to go inside your house and put your underpants in plastic bags and take them away. For that matter, they can cuff you and put you in jail. The question is what is the NSA doing without a warrant or rubber-stamped, secret, blanket warrants.
correct. i'm just having a hard time with the point (or lack there of) in this post.. as far as i can tell it's something like: NSA = PRISM, therefore any company doing work for NSA = evil.
The point is that Microsoft opened up their services for the NSA, i.e. they was not just doing some contracting work on encryption in general, they were misleading their customers on privacy, something they should go to court for.
The NSA is skating on very thin constitutional ice, but honestly they haven't really done anything that even qualifies as evil. The KGB did this kind of spying, but they did for the express purpose of sending dissenters to gulag. I haven't seen so much as a credible accusation that the NSA are doing anything other than their duly authorized mission.
"...honestly they haven't really done anything that even qualifies as evil."
Firstly, how can we be certain?
Suppose, for a moment, I had the data that the NSA has. To whom could I sell that data? If I could prove to questioners that I had such data, to what ends might they go to get it from me(Ans. there are entities that would take it by force and then kill me and my family to remove the traces)?
NSA is sitting on a goldmine. Many, if not most, large corporations, businessmen, academics, organized crime members, politicians, or bureaucrats would sell their home (and possibly their family into slavery) to obtain that information. How can the NSA possibly ensure that it is safe ? How can they ensure that their employees do not pass some of that data to the above? What if a significant chunk of that data is copied and enters the black market? How could it possibly be recaptured?
Snowden has, by example, shown that all the above can and indeed did occur.
As we speak there are undoubtedly hundreds, if not thousands, of individuals who are attempting to gain access to the NSA's treasure vaults. Some groups are smarter and better organized than the NSA. It's merely a matter of time before huge leaks occur. They may or may not be leaked publicly.
They're not skating on thin ice, they fell through some time ago. I'd also call the way they claim to bypass checks and balances by "storing" instead of "reading" data (assuming that's even true which seems unlikely).
And the NSA might not have sent anyone to the gulag but the Obama administration has gone after whistle-blowers at an unprecedented level. Hard to imagine the NSA wasn't helping them out some.
This is the same as the British Stamp Act from the American Revolutionary War. If the Stamp Act was an argument for revolution because it was evil, this is too.
The difference is that the colonists had no recourse. "No taxation without representation" and all that. Without sending delegates to parliament, they had no channels to complain through, so rebellion was the only option. We could end the NSA completely by voting for candidates who support that.
>could there be a case where the parties in a conversation are legitimate suspects?
It doesn't matter if they are. No one expects coffee shops to put microphones at every table on the off chance that a terrorist plot is planned there (how many mob hits could have been prevented back in the day).
We shouldn't accept the government listening in on digital communication just because it's easy.
That's what you got from what I said? I'm saying that people think because communication is digital, and digital is easy to listen in on that we should be listening in on it. I say fuck that. Today it would be easy to listen in on anyone anywhere with a little hardware. Easy is not a justification for doing something.
Google personalizes results quite extensively these days, largely based on your location. Google believes based on that, and probably your previous searching and browsing habits, that those .co.uk sites are more relevant to your interests. After all, this is the company that has patented and is developing the idea of "Parameterless Searches", where they assume what you want to know before you even ask... (more info http://www.seobythesea.com/2013/07/google-parameterless-sear...)
Are your google account settings localized to the UK? This issue used to regularly drive me crazy.
Fortunately they now have a worldwide setting. At one point you could select only 5 (or was it 7?) languages for which Google would show you results. They fortunately fixed that.
I mean, who would want to search _all_ the internet?
Why does the NSA have full access to your servers?
Even if they manually wiretap your server it would require manual intervention, and is thus a good protection against blanket surveillance.
What? Open source in a cloud service stack means that if the NSA thugs show up and order you to insert intercepts into your software on pain of being "disappeared", it's far EASIER to change the source and recompile than it is with proprietary software.
rimantas is referring to using open source in a cloud service, not authoring and distributing it.
What are you talking about? Open-source doesn't protect against backdoors even theoretically. Think about it. Have you read every line of every piece of software you run? Would you understand it all if you did? Even if you read the source code, did you actually compile it all from scratch or did you use a binary (like virtually every single OSS user on earth)? Are you certain that the compiler you used wasn't compromised? How exactly?
You're missing the point completely. You would at least know when someone is "poking around your data".
By law they would have to get a warrant... ie: actually obtain some real proof that you are up to no good. A lot better than this current blanket case scenario.
That's nothing more than the illusion of security. Nearly anyone using open source is using a distro. Do you imagine distro maintainers would willingly go to jail rather than putting in backdoors in the binaries they release?
Even when ostensibly not functioning, the Xbox One can run in a low-powered state, ready to be snapped on at a moment's notice. That's something Microsoft was showing off last week as an asset. The only on-switch Microsoft showed for waking the machine from its low-power state was a voice command... "Xbox On." The Xbox One could only hear that if the Kinect was already, always listening. The idea that the Kinect might always be listening got people reaching for their tin foil or vowing to not let an Xbox One into their home.
Microsoft is now seeking to calm concerns that the new Kinect might spy. "We are designing the new Kinect with simple, easy methods to customize privacy settings, provide clear notifications and meaningful privacy choices for how data will be used, stored and shared," the Microsoft rep told me.
"We know our customers want and expect strong privacy protections to be built into our products, devices and services, and for companies to be responsible stewards of their data. Microsoft has more than ten years of experience making privacy a top priority. Kinect for Xbox 360 was designed and built with strong privacy protections in place and the new Kinect will continue this commitment. We’ll share more details later."
http://kotaku.com/xbox-ones-kinect-can-turn-off-microsoft-sa...
Not sure I'd want the Xbox One in my house after this fiasco.