Basically All Big Tech Companies Deny Scanning Communications For NSA Like Yahoo Is Doing

from the getting-more-interesting dept

So, the big story yesterday was clearly the report that Yahoo had secretly agreed to scan all email accounts for a certain character string as sent to them by the NSA (or possibly the FBI). There has been lots of parsing of the Reuters report (and every little word can make a difference), but there are still lots of really big questions about what is actually going on. One big one, of course, is whether or not other tech companies received and/or complied with similar demands. So it seems worth nothing that they've basically all issued pretty direct and strenuous denials to doing anything like what Yahoo has been accused of doing.

Twitter initially gave a "federal law prohibits us from answering your question" answer -- and a reference to Twitter's well documented lawsuit against the US government over its desire to reveal more details about government requests for info. However, it later clarified that it too was not doing what Yahoo was doing and had never received such a request. Microsoft's response was interesting in that it says it's not doing what Yahoo is, but refused to say if it had ever received a demand to do so. Google said it had never received such a request and would refuse to comply if it had. Facebook has also denied receiving such a request, and, like Google, says it would fight against complying. This still leaves lots of unanswered questions about why Yahoo gave in. Again, historically, Yahoo had been known to fight against these kinds of requests, which makes you wonder what exactly was going on here.

Former GCHQ infosecurity guy Matt Tait has one of the more more interesting threads about this news, arguing (in some ways) that it's both less and more than everyone is making it out to be. His basic argument is that this is an expansion of the PRISM program to include "about" targets. This has been discussed in the past, but under PRISM, the NSA could give tech companies "selectors" in the form of specific addresses and the companies were compelled to hand over emails "to" or "from" them -- but according to the PCLOB's report on the Section 702 program it did not include anyone emailing "about" the selector. Upstream collections (i.e., tapping the backbones from folks like AT&T) did include "about" selectors (and this information also flowed into other areas, enabling so called backdoor searches. And, as I speculated yesterday, Tait says that this latest news appears to be Yahoo now agreeing to use "about" selectors on its emails, which means that it's still part of PRISM, with a massive expansion.

Tait then notes that if James Clapper wants to clear this up, he should state publicly whether or not "about" collection is a part of PRISM. And if that's the case, he should also explain when and why PRISM was expanded to include this. But, of course, Clapper and the Intelligence Community tend not to want to explain very much of anything, leaving lots of people in the dark.

And, frankly, that's stupid. The Intelligence Community thinks that this keeps "bad guys" on edge, not knowing what's safe and what's not. But that's dumb. They mostly know to use more encrypted/secret means of communication when they need to. Instead, what you end up with is keeping the public on edge and not trusting services. I can almost guarantee that one of the early comments on this post will be some of you insisting that all the companies denying doing this are flat out lying. I don't agree with that, because the companies don't have a history of outright lying on things like this, but the way the NSA and other parts of the US government have repeatedly tried to pressure them and gag them, it's much tougher to take anything at face value any more. And that's not good for anyone.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: about collection, about selectors, mass surveillance, nsa, prism, section 702, upstream
Companies: facebook, google, microsoft, twitter, yahoo


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That Anonymous Coward (profile), 5 Oct 2016 @ 3:46am

    "This still leaves lots of unanswered questions about why Yahoo gave in."

    My guess is $$$$.

    They were unwilling to pay for even basic security upgrades & had another department create the software and deploy it without letting the security team know.

    But hey, the upside is pretty much everyone (except Congressmen) will migrate off of yahoo to something more secure... like Aol.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 4:31am

      Re:

      It also leaves unanswered the question of what will they do when all the other countries in the world come calling. It will be much harder for them to refuse now that it is known that they have done it once.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 4:09am

    when wording matters

    "Basically All Big Tech Companies Deny Scanning Communications For NSA Like Yahoo Is Doing"

    Absolutely, they're doing it differently.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 4:14am

    Prove it

    I don't agree with that, because the companies don't have a history of outright lying on things like this

    How exactly would you know if a company is lying about this or not? Have you seen their code?

    Look, if Obama asks Zuckerberg to scan Facebook communications, he is going to do it with glee.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 4:39am

      Re: Prove it

      In case the author has forgotten about the Snowden documents, here's a quick reminder:

      https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Oct 2016 @ 6:33am

        Re: Re: Prove it

        Just what I was thinking of. Microsoft was already shown (thanks to Snowden) to have given the NSA unrestricted pre-encryption access to all Hotmail, Outlook.com and Skype communications (probably without a secret order, since they're "friends").

        So that's Microsoft and Yahoo! so far, it really only leaves Google with the much bigger cache of communications - obviously the U.S. government wasn't going to leave that honeypot just sitting there. What secret orders has Google had to follow so far?

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Oct 2016 @ 6:42am

          Re: Re: Re: Prove it

          "it really only leaves Google with the much bigger cache of communications - obviously the U.S. government wasn't going to leave that honeypot just sitting there. What secret orders has Google had to follow so far?"

          Google *already* scans all gmail, so all Google has to provide is a search interface.

          So Google can deny with a straight face, while Eric Schmidt becomes the next Secretary of Defense (i.e., de facto heead of the NSA).

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Oct 2016 @ 6:53am

          Re: Re: Re: Prove it

          The thing with Google is that it employs quite a large cadre of Kernel and other free software hackers, and they are unlikely to stay silent if they find evidence of NSA or other agency access without a specific warrant.

          link to this | view in chronology ]

          • identicon
            I.T. Guy, 5 Oct 2016 @ 7:34am

            Re: Re: Re: Re: Prove it

            A sweet paycheck keeps lips tight. PPL will ignore a lot of stuff when they have a mortgage and children to think of.

            Surely one of the doctors in the Tuskegee experiment would have blown the whistle over the 40 years it took place right?

            MKUltra - Again not a peep
            https://www.youtube.com/watch?v=KRTOB8JPwa8

            Surely there was an honest journalist that got approached to participate in Operation Mockingbird that would have said something.

            Sorry but I cannot buy into that line of thought. There are too many historical examples of atrocities that have taken place where nobody said a thing.

            link to this | view in chronology ]

  • icon
    Violynne (profile), 5 Oct 2016 @ 4:36am

    I can almost guarantee that one of the early comments on this post will be some of you insisting that all the companies denying doing this are flat out lying. I don't agree with that...
    Back in the early 2000s, there was a staggering report released which showed the NSA and FBI had access to the internet in ways people couldn't imagine. This was the "first" the public heard about the snooping.

    And just like this article does with the statement above, people instantly ignored it because they didn't believe it.

    Fast forward nearly two fucking decades when a person walks out with powerpoint presentations that the world finally believed.

    Here's the thing: Has anyone ever questioned how the original report in 2000 came to be?

    At the time, the world's operating system was Windows.

    Perhaps ask Microsoft how the information from the NSA was leaked.

    As I said many times, what's the point in trying to address these issues when the very first thing people do is say "No way. A company wouldn't do that."

    It was even said when Snowden leaked the documents.

    Denial is not a river in Egypt.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 5:43am

      Re:

      As I recall AT&T and Verizon also lied about not wiretapping during the Bush-era. We need to stop seeing internet tech companies as somehow different than the old guard they replaced.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Oct 2016 @ 6:27am

        Re: Re:

        Exactly. The billion dollar valuations turned them into the old guard over night. Money has a way of doing that.

        link to this | view in chronology ]

        • identicon
          David, 5 Oct 2016 @ 9:30am

          Re: Re: Re:

          Well, they are not like Lavabit. They can't just close shop because they'd have to screw over their customers otherwise: they'd be liable to their shareholders and employees. I mean, most of those companies would have to close shop if they were forced to stop screwing over their customers anyway. So why throw away everything you have because the government wants you to do a bit more of what you are doing anyway?

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 10:37am

      Re:

      Frankly, no one cares that you are prone to insidious thoughts - they're lying through their damn teeth.

      link to this | view in chronology ]

    • icon
      Mangoepistle (profile), 5 Oct 2016 @ 10:55am

      Re: Violynne comment re Report on NSA/FBI in 2000s

      @Violynne: Do you know where I might find the "staggering report" in the 2000s about the NSA and FBI's access to the internet? Thanks.

      link to this | view in chronology ]

  • icon
    OldGeezer (profile), 5 Oct 2016 @ 4:37am

    James Clapper statement??

    How would James Clapper issuing a statement clear anything up? He perjured himself to congress. When confronted he said he gave the "least untrue" answer that he could. He committed a felony and was never charged and he kept his job. No one will ever believe another word out of his mouth. In fact because of him every denial and explanation from any of the three letter agencies will be called into question.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 6:28am

      Re: James Clapper statement??

      He committed a felony and was never charged

      That seems to happen a lot under the current administration. I have a feeling it will continue to happen if Hillary gets into office.

      link to this | view in chronology ]

      • icon
        OldGeezer (profile), 5 Oct 2016 @ 6:31am

        Re: Re: James Clapper statement??

        It will continue regardless of who is elected. Both candidates are shitty choices. I just can't decide which on is shittier.

        link to this | view in chronology ]

        • icon
          JBDragon (profile), 5 Oct 2016 @ 7:40am

          Re: Re: Re: James Clapper statement??

          We already know what we'll get with a Clinton back in office! No thanks!!! I'm not a big fan of Trump either. He's not a Republican. Just another big RINO. At least he's run things unlike Obama. Your husband being president doesn't qualify YOU to be president.

          Hillary is just a big fat criminal liar. Trump is clearly no politician and says whatever is on the top of his head. There hasn't been a good Republican option in YEARS. It's been RINO's and the country has being going more and more left.

          link to this | view in chronology ]

          • icon
            OldGeezer (profile), 5 Oct 2016 @ 8:19am

            Re: Re: Re: Re: James Clapper statement??

            Yes, Hillary is a criminal liar. Trump is a liar and a complete fraud. I guess the only thing Hilary has over Trump is she doesn't sound like an insane nut job off his meds. Hilary belongs in prison, not the white house. Trump belongs in a padded room and heavily sedated. Maybe I should start checking into countries to emigrate to unless one of them drops out and someone qualified gets elected. Unless that happens this country is going straight down the shitter.

            link to this | view in chronology ]

            • icon
              Wendy Cockcroft (profile), 6 Oct 2016 @ 5:43am

              Re: Re: Re: Re: Re: James Clapper statement??

              So what you're saying is, "We have a choice between Mad or Bad."

              Oh, dear.

              link to this | view in chronology ]

              • icon
                OldGeezer (profile), 6 Oct 2016 @ 3:48pm

                Re: Re: Re: Re: Re: Re: James Clapper statement??

                Both sides have a small minority of staunch supporters but for most voters I think it will come down to who you hate the least. They are both unqualified frauds. Whoever wins, brace for years of scandals that will make Watergate and slick Willie's BJs pale in comparison.

                link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Oct 2016 @ 6:33am

        Re: Re: James Clapper statement??

        Yes, because any and all members of the other party would never do anything even remotely similar to that - uh huh - sure. Hypocrites.

        link to this | view in chronology ]

        • icon
          OldGeezer (profile), 5 Oct 2016 @ 6:47am

          Re: Re: Re: James Clapper statement??

          A lot of this began under Clinton (Democrat), Was greatly expanded under Bush (Republican) and Obama (Democrat) let it go on and even tried to defend it for a while after the Snowden leaks. Obama has a special hard on for whistleblowers. Now tell me it matters who is elected.

          link to this | view in chronology ]

        • identicon
          I.T. Guy, 5 Oct 2016 @ 7:37am

          Re: Re: Re: James Clapper statement??

          Ha ha ha. "Other party." That a good one. Thanks.

          link to this | view in chronology ]

          • icon
            JBDragon (profile), 5 Oct 2016 @ 7:42am

            Re: Re: Re: Re: James Clapper statement??

            Ya, Republican choices keep ending up with RINO's. Just a wing of the Democrat party. There's really no much of a choice. It's Left or more left.

            link to this | view in chronology ]

            • identicon
              Teka, 5 Oct 2016 @ 9:50am

              Re: Re: Re: Re: Re: James Clapper statement??

              It is funny that you think of the Democrats as a "Left" party. The so-called Right Wing has flown so far right that anything nearer to the center gets called radical communist Marxist socialism.

              There is no Left. There is Right or less right.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 5 Oct 2016 @ 11:19am

                Re: Re: Re: Re: Re: Re: James Clapper statement??

                Sorry, but the Dems are anything but near the center. THey have taken over education. They are taking over healthcare. They are looking at childcare now. The produce tons and tons of regulation. Soon they will have control over nearly every aspect of your life and before you know it you have a totalitarian regime. Time for the frog to jump out of the pot.

                link to this | view in chronology ]

                • identicon
                  Thad, 5 Oct 2016 @ 11:39am

                  Re: Re: Re: Re: Re: Re: Re: James Clapper statement??

                  They are taking over healthcare.

                  If by "taking over healthcare" you mean "passed a requirement that every person in the country become a consumer of private health insurance or pay a fine, as originally proposed by the Heritage Foundation and previously supported by Republican Party leaders including Newt Gingrich, Bob Dole, and Mitt Romney," then yes, the Democrats definitely did that.

                  link to this | view in chronology ]

                  • icon
                    Wendy Cockcroft (profile), 6 Oct 2016 @ 5:45am

                    Re: Re: Re: Re: Re: Re: Re: Re: James Clapper statement??

                    You do all know that the whole left V right trope is all about keeping us divided, don't you?

                    https://medium.com/@wendycockcroft/authoritarianism-is-everybodys-problem-3d9c12d29694#.lq9v31sq 0

                    link to this | view in chronology ]

                    • identicon
                      Thad, 6 Oct 2016 @ 11:40am

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: James Clapper statement??

                      Of course. There's a lot more common ground between the Tea Party and the Occupy movement than either side is willing to admit, and it's in the major parties' and their donors' best interests to emphasize the differences rather than the similarities.

                      I think my analysis of the ACA is on point: it was a Republican idea until the Democrats started supporting it, at which point Republicans immediately declared it to be socialism and refused to support it. It's not about the content of the law (which, for the record, I believe is deeply flawed but superior to the system we had before), it's about a two-party system defining itself in terms of "we stand for what they don't stand for."

                      It was a compromise bill. It should have meant compromise. But the only side that was compromising was the Democratic side. That's not how compromise works.

                      But we're pretty far off-topic at this point. Unfortunately, both major parties largely favor the type of surveillance the article is talking about.

                      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 4:51am

    And I'm quite certain this "special access" Yahoo provided has nothing to do with the recent revelations regarding the Yahoo email account hacks.

    Uh huh .. sure.

    link to this | view in chronology ]

  • icon
    Ninja (profile), 5 Oct 2016 @ 5:05am

    I don't agree with that, because the companies don't have a history of outright lying on things like this, but the way the NSA and other parts of the US government have repeatedly tried to pressure them and gag them, it's much tougher to take anything at face value any more. And that's not good for anyone.

    I said it yesterday and people much smarter than me have been pointing this since Snowden. The best comment yesterday was something like: assume everything is compromised and act accordingly. And I'm already doing it by encrypting whatever I find sensitive but can't remain in an offline storage for some reason.

    Ironically this may push towards these services using open source, end-to-end encryption to have a good marketing point. So we may actually emerge in a better state after all this surveillance is scaled back (hoping it will).

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 8:24am

      Re:

      I tried to call the author out on this but my post was block for moderation. I has been a few hours and its not posted.

      TD is getting more frequent with its posting filters pre-blocking things. Not sure about objectivity around here anymore these days!

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 5:23am

    "I don't agree with that, because the companies don't have a history of outright lying on things like this"
    Take Yahoo... Oh, wait!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 5:39am

    Companies: We're totally not doing this! Not wittingly. *rubs forehead*

    link to this | view in chronology ]

  • icon
    roebling (profile), 5 Oct 2016 @ 5:45am

    One legal, easy way to protect customers' cloud data would be to serve the data, RAID-like, from multiple countries. In a RAID-2 system of three or more drives, bits are stored sequentially across all the drives save the final one. The final drive merely records a bit that indicates whether the sum of the other bits is even or odd, failure-proofing the other drives.
    With RAID drives located in multiple jurisdictions, subpoenaing one country would only recover info of a single RAID drive, useless jibberish.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 5:54am

      Re:

      Not seeing how that would work. If companies have access to all drives in order to provide a service to a customer, they can be compelled to service a government.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 6:19am

      Re:

      "One legal, easy way to protect customers' cloud data would be to serve the data, RAID-like, from multiple countries. In a RAID-2 system of three or more drives, bits are stored sequentially across all the drives save the final one. The final drive merely records a bit that indicates whether the sum of the other bits is even or odd, failure-proofing the other drives.
      With RAID drives located in multiple jurisdictions, subpoenaing one country would only recover info of a single RAID drive, useless jibberish."

      Good, but not good enough, due to "3rd party doctrine".

      You now have to "stripe" across multiple vendors -- e.g. Box, Dropbox, etc.

      Also, erasure coding might be more appropriate.

      link to this | view in chronology ]

      • identicon
        I.T. Guy, 5 Oct 2016 @ 7:55am

        Re: Re:

        Sorry but any cloud solution is compromised.

        link to this | view in chronology ]

        • identicon
          Thad, 5 Oct 2016 @ 10:59am

          Re: Re: Re:

          I suppose it depends on how the key exchange is handled. If your data is encrypted end-to-end, and transmitted through a separate source from your encryption keys, then that should mitigate the problem of MITM attacks etc.

          link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 5 Oct 2016 @ 8:17am

      Re:

      Except rule 41 changes now state that jurisdictions are meaningless. Techdirt covered this.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Oct 2016 @ 10:31am

        Re: Re:

        It's not in effect yet, nimble-nards, - and possibly may never be in effect.

        link to this | view in chronology ]

  • icon
    jilocasin (profile), 5 Oct 2016 @ 5:46am

    They are just not doing it for the government....

    When Google says that they have never and would never build such a system for the government they aren't strictly speaking lying.

    They wouldn't have had to as they already have one. What do you think scans all of your GMail as part of their advertising operations?

    Now I'm not saying that Google has been re-purposing their exiting software to serve the NSA or other LEO's, but it wouldn't be the first time government actors piggybacked on existing advertising infrastructure. Some of the documents released by Snowden outlined the NSA doing just that.

    Perhaps Yahoo just found a way to get the government to pay for building the software to let them do with their email what Google's been doing with GMail all along.

    link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 5 Oct 2016 @ 8:07am

      Re: They are just not doing it for the government....

      Except, passively scannig email and assigning ads to it, while similar, would require different software from the type yahoo is described as using. Funny thing, software can only do what its designed to do, and Google's ad matching algorithim likely doesn't include include the kind of frontend needed to produce emails for the government based on keyword selection. While yes, the could modify the software to do it, it would require google to build such a system for that purpose. Google's adwords software doesn't require it, so the build would be for the government.

      link to this | view in chronology ]

  • icon
    xebikr (profile), 5 Oct 2016 @ 5:49am

    Typo?

    'it seems worth nothing' or 'it seems worth noting'? With all the secrecy, their denials might be considered worth nothing, but I think you meant the latter.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 6:18am

    Re: We aren't doing what they're doing.

    That leaves quite a lot on the table. Really any distinction in implementation or architecture is sufficient to validate that statement.

    Which means it is almost certainly true. Their surveillance infrastructure is probably quite a bit more sophisticated than Yahoo's was.

    link to this | view in chronology ]

  • icon
    Lord Lidl of Cheem (profile), 5 Oct 2016 @ 6:23am

    So turns out the only thing that has really 'gone dark' is the NSA...

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 6:46am

    Mike Masnick

    Your head is in the sand! I sometimes wonder if you should be reporting on technology because you have some willful blind spots regarding a few things.

    In my opinion, given the things I have already seen... there is just no way to square away the following comment with sanity!

    I can almost guarantee that one of the early comments on this post will be some of you insisting that all the companies denying doing this are flat out lying. I don't agree with that, because the companies don't have a history of outright lying on things like this, but the way the NSA and other parts of the US government have repeatedly tried to pressure them and gag them, it's much tougher to take anything at face value any more. And that's not good for anyone.

    Not ONLY do these companies have a history just outright lying, they have a history of outright lying ON THESE THINGS!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 7:08am

    They didn't say they're not doing it.
    They just said they're not doing it like Yahoo is doing it.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Oct 2016 @ 10:29am

      Re:

      Ikr, but he's a fan-boy (and possibly still on the payroll) so he's going to believe it like a dip-shit anyway.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 8:21am

    Speaking untruthfully without lying

    These are big companies. I think it entirely possible that the company could have some employees who are knowingly complying with this type of thing, and yet issue a denial that the spokesperson issuing it believes to be true. Yahoo itself provides an example of this. Per the article, the security group initially thought that they had found malware left by an intruder. It was only later that they discovered that colleagues from another division in the company had installed that malware, under orders and approval from the top. Given that, it seems very plausible that the spokespeople who issue these denials could be unaware of what was done behind closed doors in another division, especially since, almost by definition, the malware division is intentionally secretive. There is no monthly meeting where the company tells everyone what every division is doing at a detail level sufficient for this type of misconduct to come to light.

    link to this | view in chronology ]

  • identicon
    Jim B., 5 Oct 2016 @ 10:26am

    It's why I implemented by own email servers.

    It isn't hard. It didn't take more than a day. There's a pretty good guide. Once it is up and running it is pretty much service free. It is no harder to do updates than it is to do them on a computer. Try windows 7 updates these days. Can take days to update. A simple command in Linux set up as your email server and you can update. Using SSH you can even do it remotely.

    If this revelation bothers you give it a try. Don't get bogged down in the imaginary barriers professed by others.

    Most guides cover spam, security, malware scanning, etc., so you aren't left hanging out there wondering.

    The guide: https://www.exratione.com/2016/05/a-mailserver-on-ubuntu-16-04-postfix-dovecot-mysql/

    link to this | view in chronology ]

    • identicon
      Thad, 5 Oct 2016 @ 11:05am

      Re: It's why I implemented by own email servers.

      So you're concerned that you can't use your ISP for E-Mail because it might let the government monitor your inbox, and you think the solution to this problem is to set up a home server that sends and receives E-Mail *through that same ISP*?

      link to this | view in chronology ]

      • icon
        Adrian Cochrane (profile), 5 Oct 2016 @ 2:54pm

        Re: Re: It's why I implemented by own email servers.

        Hey, if he configured it with proper encryption the ISP isn't a concern. Instead it's the services he's sending eMails to.

        link to this | view in chronology ]

        • identicon
          Thad, 5 Oct 2016 @ 3:30pm

          Re: Re: Re: It's why I implemented by own email servers.

          SMTP/STARTTLS doesn't prevent your ISP (or any other relay between you and the recipient) from intercepting the content of your E-Mail in transit.

          It's true that "if he configured it with proper encryption the ISP isn't a concern" -- but in this instance "proper encryption" means a client-side solution like PGP. In which case it's irrelevant whether he's using his own server, his ISP's, Yahoo's, or anybody else's.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 10:26am

    Yeah, of course... and they're lying through their teeth.

    "hur dur - big companies deny wrongdoing"

    Of course they do, Mike, and they're absolutely lying through their teeth when they do so. They've lied about it in the past, and they're lying about it now (especially Google)... So the question is not "why did yahoo give in", it's "why did they all give in and lie through their teeth later (including Google)". And secondly, "why do fan-boys of said companies go out of their way to believe the false denials (including those of Google)?"

    link to this | view in chronology ]

    • icon
      Adrian Cochrane (profile), 5 Oct 2016 @ 11:00am

      Re: Yeah, of course... and they're lying through their teeth.

      To be clear, all the companies mentioned in the PRISM (who are many of the same companies) denied it then too.

      And as Christopher Soghoian of the ACLU said in response to that, either the companies are lying through their teeth OR the government has cracked into their server farms. That is if you believe the PRISM leak, like the author of this article does.

      link to this | view in chronology ]

      • icon
        Mike Masnick (profile), 5 Oct 2016 @ 11:32am

        Re: Re: Yeah, of course... and they're lying through their teeth.

        To be clear, all the companies mentioned in the PRISM (who are many of the same companies) denied it then too.

        No. This is wrong. They denied what the initial Guardian & WaPo reports said -- that PRISM gave the NSA unfettered access to their backend systems. That turned out to be WRONG. The tech companies were correct and the original reporting was incorrect.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 5 Oct 2016 @ 1:49pm

          Re: Re: Re: Yeah, of course... and they're lying through their teeth.

          "The tech companies were correct and the original reporting was incorrect."

          As evidenced by what, exactly? Their say so isn't exactly evidence to the contrary.

          link to this | view in chronology ]

          • icon
            Adrian Cochrane (profile), 5 Oct 2016 @ 2:56pm

            Re: Re: Re: Re: Yeah, of course... and they're lying through their teeth.

            O.K., I'll take back my certainty. But I still don't trust these companies.

            link to this | view in chronology ]

            • icon
              Adrian Cochrane (profile), 5 Oct 2016 @ 3:34pm

              Re: Re: Re: Re: Re: Yeah, of course... and they're lying through their teeth.

              To be clear I don't trust anything (at least when it comes to computers) that I can't verify for myself. Privacy is too important for anything less than paranoia. I can't verify what code Yahoo, et al are running on their computers so I don't trust what they say about it. What I would trust is if Yahoo let native clients encrypt messages in a way (say using DIME) that they couldn't do this scanning.

              All I really know about the Snowdon leaks is that they are far too possible.

              That said today we sometimes have to trust a company's assertions, but it's my goal in life to get away from that. Plus I've found prettier software this way, and the only inconvenience I'm facing is telling people I'm not on Facebook.

              link to this | view in chronology ]

              • identicon
                Thad, 6 Oct 2016 @ 1:24pm

                Re: Re: Re: Re: Re: Re: Yeah, of course... and they're lying through their teeth.

                To be clear I don't trust anything (at least when it comes to computers) that I can't verify for myself.

                But as Ken Thompson demonstrated, such verification is never truly possible; unless you not only audit the source of every program you use but actually write the bootstrap compiler yourself, at some level in the stack you have to trust somebody else when they assure you that there's no malware being injected into the program at compile time.

                (For this we have the wisdom of crowds; if GCC, LLVM, et al were injecting malware at compile time, somebody would have noticed by now.)

                Paranoia is a good default mode to be in. You should naturally assume that every website you go to is logging everything you do, and every E-Mail you send is accessible to malicious actors including governments. It's good to push back on this stuff, and to take precautions where appropriate (VPN's if you want to conceal the source of traffic, PGP if you want to send E-Mail that can't be observed by a third party, etc.). But somewhere in the chain you have to trust somebody other than yourself.

                link to this | view in chronology ]

                • icon
                  Adrian Cochrane (profile), 6 Oct 2016 @ 4:12pm

                  Re: Re: Re: Re: Re: Re: Re: Yeah, of course... and they're lying through their teeth.

                  Absolutely agree.

                  link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 10:43am

    " I don't agree with that, because the companies don't have a history of outright lying on things like this"

    Did that hurt when you pulled that one out of your ass? THEY HAVE A LONG LEGENDARY HISTORY OF LYING ABOUT THINGS LIKE THIS!

    link to this | view in chronology ]

  • identicon
    techdirtReader, 5 Oct 2016 @ 11:22am

    blow back

    Call me gullible, but I think that the blow back from the Snowden leaks have dissuaded most tech companies from willingly going along with these kinds of measures. Sure, they will ultimately comply with a national security letter, but not without first making a legal attempt to fight it.

    Yahoo's poor finances might have motivated them to acquiesce. Facebook and Google don't have such burdens.

    link to this | view in chronology ]

  • identicon
    John Mayor, 5 Oct 2016 @ 4:34pm

    No Such Animal

    Well!... when the kiddies at the NSA open their mouths, I've got a bag of salt at the ready!... and a wooden stake, and wooden cross!
    .
    Please!... no emails!

    link to this | view in chronology ]

  • icon
    bgmcb (profile), 5 Oct 2016 @ 7:29pm

    Verizon likely heard of Yahoo bending over for the government and said "wow we have a lot in common".

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 9:08pm

    This is something I've heard Bruce Schneier point out at a talk I went to. This was one of the biggest threats he talked about, if not the biggest.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2016 @ 9:10pm

    The last sentence is something I've heard Bruce Schneier point out at a talk I went to. This was one of the biggest threats he talked about, if not the biggest to the field of security.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2016 @ 3:48pm

    Well... They do it, just differently.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.